<?php if( !preg_match( "/index.php/i", $_SERVER['PHP_SELF'] ) ) { die();

1. <?php
2.  
3. if( !preg_match( "/index.php/i", $_SERVER['PHP_SELF'] ) ) { die(); }
4.  
5. if( $_GET['id'] ) {
6.  
7. $id = $core->clean( $_GET['id'] );
8.  
9. $query = $db->query( "SELECT * FROM users WHERE id = '{$id}'" );
10. $data = $db->assoc( $query );
11.  
12. $data['ugroups'] = explode( ",", $data['usergroups'] );
13.  
14. $editid = $data['id'];
15.  
16. }
17.  
18. ?>
19. <form action="" method="post" id="addUser">
20.  
21. <div class="box">
22.  
23. <div class="square title">
24. <strong>Add user</strong>
25. </div>
26.  
27. <?php
28.  
29. if( $_POST['submit'] ) {
30.  
31. try {
32.  
33. $username = $core->clean( $_POST['username'] );
34. $password = $core->clean( $_POST['password'] );
35. $email = $core->clean( $_POST['email'] );
36. $habbo = $core->clean( $_POST['habbo'] );
37. $dgroup = $core->clean( $_POST['dgroup'] );
38. $banned = $core->clean( $_POST['banned'] );
39. $warnings = $core->clean( $_POST['totalWarnings'] );
40. $infractions = $core->clean( $_POST['totalInfractions'] );
41.  
42. $query = $db->query( "SELECT * FROM usergroups" );
43.  
44. while( $array = $db->assoc( $query ) ) {
45.  
46. if( $_POST['ugroup-' . $array['id']] ) {
47.  
48. $ugroups .= $array['id'] . ",";
49.  
50. }
51.  
52. }
53.  
54. $password_enc = $core->encrypt( $password );
55.  
56. if( !$username or ( !$password and !$editid ) or !$dgroup or !$ugroups ) {
57.  
58. throw new Exception( "All fields are required." );
59.  
60. }
61. else {
62.  
63. if( $editid ) {
64.  
65. if( $password ) {
66.  
67. $password = ", password = '{$password_enc}'";
68.  
69. }
70. else {
71.  
72. unset( $password );
73.  
74. }
75.  
76. $db->query( "UPDATE users SET username = '{$username}'{$password}, email = '{$email}', habbo = '{$habbo}', displaygroup = '{$dgroup}', usergroups = '{$ugroups}', banned = '{$banned}', totalInfractions = '{$infractions}', totalWarnings = '{$warnings}' WHERE id = '{$editid}'" );
77.  
78.  
79. }
80. else {
81.  
82. $db->query( "INSERT INTO users VALUES (NULL, '{$username}', '{$password_enc}', '{$email}', '{$habbo}', '{$dgroup}', '{$ugroups}', '{$banned}', '{$infractions}', '{$warnings}');" );
83.  
84. }
85.  
86. echo "<div class=\"square good\">";
87. echo "<strong>Success</strong>";
88. echo "<br />";
89. echo "User added!";
90. echo "</div>";
91.  
92. }
93.  
94. }
95. catch( Exception $e ) {
96.  
97. echo "<div class=\"square bad\">";
98. echo "<strong>Error</strong>";
99. echo "<br />";
100. echo $e->getMessage();
101. echo "</div>";
102.  
103. }
104.  
105. }
106.  
107. ?>
108.  
109. <table width="100%" cellpadding="3" cellspacing="0">
110. <?php
111. if ($data['banned'] == "1") {
112. ?>
113. <div style="background: red; border: 1px solid black; padding: 5px;"><strong>User is currently banned!</strong></div>
114. <?php
115. }
116.  
117. // Here, we check if the user is part of management, but not an administrator!
118. if( $user->hasGroup( '4' ) AND !$user->hasGroup( '5' ) ) {
119.  
120. // The user is a member of the management group, and as such, we get all usergroups apart from administrator
121. $query = $db->query( "SELECT * FROM usergroups WHERE id != '5'" );
122.  
123. }
124.  
125. else {
126.  
127. // Otherwise, they can select them all ;)
128. $query = $db->query( "SELECT * FROM usergroups" );
129.  
130. }
131.  
132. while( $array = $db->assoc( $query ) ) {
133.  
134. if( in_array( $array['id'], $data['ugroups'] ) ) {
135.  
136. $groups[$array['id'] . '_active'] = $array['name'];
137.  
138. }
139. else {
140.  
141. $groups[$array['id']] = $array['name'];
142.  
143. }
144.  
145. if( $array['id'] == $data['displaygroup'] ) {
146.  
147. $dgroups[$array['id'] . '_active'] = $array['name'];
148.  
149. }
150. else {
151.  
152. $dgroups[$array['id']] = $array['name'];
153.  
154. }
155.  
156. }
157.  
158. $opt_banned = Array (
159. "0" => "Active",
160. "1" => "Banned"
161. );
162.  
163. echo $core->buildField( "text",
164. "required",
165. "username",
166. "Username",
167. "The new username.",
168. $data['username'] );
169.  
170. echo $core->buildField( "password",
171. "<?php if( !$editid ) { ?>required<?php } ?>",
172. "password",
173. "Password",
174. "The new password." );
175.  
176. echo $core->buildField( "text",
177. "",
178. "email",
179. "Email",
180. "The new email (optional).",
181. $data['email'] );
182.  
183. echo $core->buildField( "text",
184. "",
185. "totalInfractions",
186. "Infractions",
187. "Number of infractions the user has",
188. $data['totalInfractions'] );
189.  
190. echo $core->buildField( "text",
191. "",
192. "totalWarnings",
193. "Warnings",
194. "Number of warnings the user has",
195. $data['totalWarnings'] );
196.  
197. echo $core->buildField( "text",
198. "",
199. "habbo",
200. "Habbo name",
201. "The new Habbo name (optional).",
202. $data['habbo'] );
203.  
204. echo $core->buildField( "select",
205. "",
206. "banned",
207. "Banned",
208. "To ban a user, enter 1, thus restricting them from logging in or 0 to not ban.",
209. $opt_banned );
210.  
211. echo $core->buildField( "select",
212. "required",
213. "dgroup",
214. "Display group",
215. "The user's display group.",
216. $dgroups );
217.  
218. echo $core->buildField( "checkbox",
219. "required",
220. "ugroup",
221. "Active usergroups",
222. "The user's active groups.",
223. $groups );
224.  
225. ?>
226. </table>
227.  
228. </div>
229.  
230. <div class="box" align="right">
231.  
232. <input class="button" type="submit" name="submit" value="Submit" />
233.  
234. </div>
235.  
236. </form>
237.  
238. <?php
239. echo $core->buildFormJS('addUser');
240.  
241. ?>