Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require ("./includes/userfunctions.php");
- $data = mysql_query("SELECT * FROM users WHERE `username`='" . $_SESSION['username'] . "'")
- or die(mysql_error());
- $info = mysql_fetch_array( $data ); // puts the "users" info into the $info array
- if (isset ($_SESSION['username']) && $info['membertype'] == 'Channel Op') {
- if ($_GET['user'] == '' | $_GET['user'] == NULL) {
- echo '
- <div id="biobox" style="width: 765px; padding: 5px;">
- <h2 style="margin-left: 5px;">5709 Admin Control Panel</h2>
- <div id="bioboxcontent">
- <div class="personlist" style="width: 593px; margin: 0 auto; margin-bottom: 10px;">
- <p>Please Select A User To Edit.</p>
- <ul>
- ';
- ACPgetMember('username ASC');
- echo '
- </ul>
- </div>
- </div>
- </div>
- ';
- }
- else {
- $escape_user = mysql_real_escape_string($_GET['user']); //lets sanitise the username to prevent mysql injection
- $data = mysql_query("SELECT * FROM users WHERE `userid`='" . $escape_user . "'")
- or die(mysql_error());
- $info = mysql_fetch_array( $data ); // puts the "users" info into the $info array
- if ($info['banned'] == '1') {
- $bannedcheck = 'checked = "yes"';
- }
- else {
- $bannedcheck = '';
- }
- echo '
- <div id="biobox" style="width: 765px; padding: 5px;">
- <p><a href="index.php?page=admincp">Admin CP</a> > <a href="index.php?page=admincp&user=' . $info['userid'] . '">' . $info['username'] . '</a></p>
- <h2 style="margin-left:5px;">Edit User ' . $info['username'] . '</h2>
- <div id="bioboxcontent" style="padding: 5px;">
- <form id="acpform" action="index.php?page=admincp&user=' . $info['userid'] . '" method="post">
- <p>Username: <br /><input type="text" name="username" value="' . $info['username'] . '" /></p>
- <p>Member Type: <br /><input type="text" name="membertype" value="' . $info['membertype'] . '" /></p>
- <p>Avatar URL: <br/><input type="text" name="avatarURL" value="' . $info['avatarURL'] . '" /></p>
- <p>E-Mail Address: <br /><input type="text" name="email" value="' . $info['email'] . '" /></p>
- <p>Website: <br/><input type="text" name="websiteurl" value="' . $info['websiteurl'] . '"/></p>
- <p>Password: <br/><input type="password" name="password" /></p>
- <p>Banned? <br /><input type="checkbox" name="banned" style="width: 40px;" ' . $bannedcheck . '/></p>
- <input style="width: 100px;" type="submit" value = "Submit" />
- <textarea style="float: right; margin-top: -429px;" type="text" name="biography">' . $info['biography'] . '</textarea>
- </form>
- </div>
- </div>';
- $username = mysql_real_escape_string($_POST['username']);
- $membertype = mysql_real_escape_string($_POST['membertype']);
- $avatarURL = mysql_real_escape_string($_POST['avatarURL']);
- $email = mysql_real_escape_string($_POST['email']);
- $websiteurl = mysql_real_escape_string($_POST['websiteurl']);
- $bannedcheck = $_POST['banned'];
- $biography = mysql_real_escape_string($_POST['biography']);
- if ($_POST['password'] == '' | $_POST['password'] == NULL){
- mysql_query("UPDATE users SET username='" . $username . "', membertype='" . $membertype . "', avatarURL='" . $avatarURL . "', email='" . $email . "', websiteurl='" . $websiteurl . "', banned='" . $bannedcheck . "', biography='" . $biography . "' WHERE username='" . $info['username'] . "'")
- or die(mysql_error());
- }
- else{
- $password = $_POST['password'];
- mysql_query("UPDATE users SET username='" . $username . "', membertype='" . $membertype . "', avatarURL='" . $avatarURL . "', email='" . $email . "', websiteurl='" . $websiteurl . "', banned='" . $bannedcheck . "', biography='" . $biography . "' WHERE username='" . $info['username'] . "'")
- or die(mysql_error());
- }
- }
- }
- else {
- echo '<p>You do not have the required permissions to access this page</p>';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement