Untitled

<?php
require ("./includes/userfunctions.php");
$data = mysql_query("SELECT * FROM users WHERE `username`='" . $_SESSION['username'] . "'")
or die(mysql_error());
$info = mysql_fetch_array( $data );  	// puts the "users" info into the $info array

if (isset ($_SESSION['username']) && $info['membertype'] == 'Channel Op') {

    if ($_GET['user'] == '' | $_GET['user'] == NULL) {
        echo '
				<div id="biobox" style="width: 765px; padding: 5px;">
					<h2 style="margin-left: 5px;">5709 Admin Control Panel</h2>

					<div id="bioboxcontent">
						<div class="personlist" style="width: 593px; margin: 0 auto; margin-bottom: 10px;">
							<p>Please Select A User To Edit.</p>
							<ul>
							';
        ACPgetMember('username ASC');
        echo '
							</ul>
						</div>
					</div>
				</div>
			';
    }

    else {
        $escape_user = mysql_real_escape_string($_GET['user']); //lets sanitise the username to prevent mysql injection
        $data = mysql_query("SELECT * FROM users WHERE `userid`='" . $escape_user . "'")
            or die(mysql_error());


        $info = mysql_fetch_array( $data );  	// puts the "users" info into the $info array

        if ($info['banned'] == '1') {
            $bannedcheck = 'checked = "yes"';
        }

        else {
            $bannedcheck = '';
        }
        echo '
			<div id="biobox" style="width: 765px; padding: 5px;">
			 <p><a href="index.php?page=admincp">Admin CP</a> > <a href="index.php?page=admincp&user=' . $info['userid'] . '">' . $info['username'] . '</a></p>
				<h2 style="margin-left:5px;">Edit User ' . $info['username'] . '</h2>
				<div id="bioboxcontent" style="padding: 5px;">
					<form id="acpform" action="index.php?page=admincp&user=' . $info['userid'] . '" method="post">
						<p>Username: <br /><input type="text" name="username" value="' . $info['username'] . '" /></p>
						<p>Member Type: <br /><input type="text" name="membertype" value="' . $info['membertype'] . '" /></p>
						<p>Avatar URL: <br/><input type="text" name="avatarURL" value="' . $info['avatarURL'] . '" /></p>
						<p>E-Mail Address: <br /><input type="text" name="email" value="' . $info['email'] . '" /></p>
						<p>Website: <br/><input type="text" name="websiteurl"  value="' . $info['websiteurl'] . '"/></p>
						<p>Password: <br/><input type="password" name="password" /></p>
						<p>Banned? <br /><input type="checkbox" name="banned" style="width: 40px;" ' . $bannedcheck . '/></p>
						<input style="width: 100px;" type="submit" value = "Submit" />
						<textarea  style="float: right; margin-top: -429px;" type="text" name="biography">' . $info['biography'] . '</textarea>
					</form>
				</div>
			</div>';

        $username = mysql_real_escape_string($_POST['username']);
        $membertype = mysql_real_escape_string($_POST['membertype']);
        $avatarURL = mysql_real_escape_string($_POST['avatarURL']);
        $email = mysql_real_escape_string($_POST['email']);
        $websiteurl = mysql_real_escape_string($_POST['websiteurl']);
        $bannedcheck = $_POST['banned'];
        $biography = mysql_real_escape_string($_POST['biography']);

		if ($_POST['password'] == '' | $_POST['password'] == NULL){
			mysql_query("UPDATE users SET username='" . $username . "', membertype='" . $membertype . "', avatarURL='" . $avatarURL . "', email='" . $email . "', websiteurl='" . $websiteurl . "', banned='" . $bannedcheck . "', biography='" . $biography . "'  WHERE username='" . $info['username'] . "'")
			or die(mysql_error());
		}

		else{
			$password = $_POST['password'];
			mysql_query("UPDATE users SET username='" . $username . "', membertype='" . $membertype . "', avatarURL='" . $avatarURL . "', email='" . $email . "', websiteurl='" . $websiteurl . "', banned='" . $bannedcheck . "', biography='" . $biography . "'  WHERE username='" . $info['username'] . "'")
			or die(mysql_error());
		}

    }

}

else {
    echo '<p>You do not have the required permissions to access this page</p>';
}

?>