164 lines
6.5 KiB
PHP
164 lines
6.5 KiB
PHP
<?php
|
|
require("function.php");
|
|
require("layout.php");
|
|
|
|
//GET doesn't carry over through POST, so I do it this way
|
|
$fid = $_GET['id'];
|
|
if(!$_GET[id]) $fid=$_POST[fid];
|
|
|
|
|
|
//User to edit
|
|
$users=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id=$fid"));
|
|
|
|
//Does the user exist?
|
|
if(!$users[name] and !$users[password]){
|
|
die('User does not exist');
|
|
}
|
|
|
|
|
|
|
|
|
|
//User editing
|
|
$eusers=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id=$loguserid"));
|
|
|
|
|
|
|
|
|
|
//Gotta be logged in
|
|
if (!$loguserid) {
|
|
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
$tccell1 You are not logged it!</table></td></table>$footer";
|
|
die('');
|
|
|
|
}
|
|
|
|
|
|
|
|
//Do we have permission to edit?
|
|
//Until permissions are finished, checks is user is a "debug" user
|
|
if (!$eusers[debug]) {
|
|
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
$tccell1 You do not have permission to edit this user!</table></td></table>$footer";
|
|
die('');
|
|
}
|
|
|
|
|
|
//Don't edit yourself!
|
|
if ($loguserid==$fid) {
|
|
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
$tccell1 Please use <a href=editprofile.php>editprofile.php</a> to edit yourself.</table></td></table>$footer";
|
|
die('');
|
|
|
|
}
|
|
|
|
|
|
|
|
$tccellha="<td bgcolor=$tableheadbg";
|
|
$tccellhb="><center>$fonthead";
|
|
print $header;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if($users[sex]==0){ $check1="checked=1"; }
|
|
elseif($users[sex]==1){ $check2="checked=1"; }
|
|
elseif($users[sex]==2){ $check3="checked=1"; }
|
|
$sexlist="<INPUT type=radio NAME=sex value=0 $check1> Male ";
|
|
$sexlist.="<INPUT type=radio NAME=sex value=1 $check2> Female ";
|
|
$sexlist.="<INPUT type=radio NAME=sex value=2 $check3> N/A ";
|
|
if ($_POST[action]=="" and $logpassword!="") {
|
|
print " <table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<FORM ACTION=\"edituser.php\" NAME=\"REPLIER\" METHOD=\"POST\">
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
$replytable="$tccellha width=150$tccellhb"." </font></td>";
|
|
$replytable.="$tccellh"." </td><tr>";
|
|
$replytable.="$tccell1"."<b>User name:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"username\" VALUE=\"".$users[name]."\" SIZE=25 MAXLENGTH=25></td><tr>";
|
|
$replytable.="$tccell1"."<b>Password:<br></b>$smallfont (Not required)</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=PASSWORD NAME=\"password\" SIZE=13 MAXLENGTH=13></td><tr>";
|
|
$replytable.="$tccell1"."<b>Custom title:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"usertitle\" VALUE=\"".$users[title]."\" SIZE=60 MAXLENGTH=100></td><tr>";
|
|
$replytable.="$tccell1"."<b>User picture:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"picture\" VALUE=\"".$users[picture]."\" SIZE=60 MAXLENGTH=100></td><tr>";
|
|
$replytable.="$tccell1"."<b>Email address:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"email\" VALUE=\"".$users[email]."\" SIZE=60 MAXLENGTH=60></td><tr>";
|
|
$replytable.="$tccell1"."<b>Homepage:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"homepage\" VALUE=\"".$users[homepagename]."\" SIZE=60 MAXLENGTH=80></td><tr>";
|
|
$replytable.="$tccell1"."<b>Homepage:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"homepageurl\" VALUE=\"".$users[homepageurl]."\" SIZE=60 MAXLENGTH=80></td><tr>";
|
|
|
|
$replytable.="$tccell1"."<b>ICQ number:</td>";
|
|
$replytable.="$tccell2"."</center><INPUT TYPE=NUMBER NAME=\"icq\" VALUE=\"".$users[icq]."\" SIZE=10 MAXLENGTH=10></td><tr>";
|
|
$replytable.="$tccell1"."<b>Sex:</td>";
|
|
$replytable.="$tccell2"."</center>$sexlist</td><tr>";
|
|
$replytable.="$tccell1"."<b>Post Header:</td>";
|
|
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"postheader\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
|
|
",$users[postheader])."</TEXTAREA></td><tr>";
|
|
$replytable.="$tccell1"."<b>Signature:</td>";
|
|
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"signature\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
|
|
",$users[signature])."</TEXTAREA></td><tr>";
|
|
$replytable.="$tccell1"."<b>Bio:</td>";
|
|
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"bio\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
|
|
",$users[bio])."</TEXTAREA></td><tr>";
|
|
$replytable.="$tccell1"." </td>";
|
|
$replytable.="$tccell2"."</center>
|
|
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"saveprofile\">
|
|
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
|
|
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Edit profile\"></td></FORM>";
|
|
print "$replytable
|
|
</td>
|
|
</table>
|
|
";
|
|
print "
|
|
</td>
|
|
</table>
|
|
";
|
|
}
|
|
if ($_POST[action]=="saveprofile") {
|
|
print "
|
|
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
|
|
<td>
|
|
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
|
|
";
|
|
|
|
$signature=str_replace("
|
|
","<br>",$_POST[signature]);
|
|
$bio=str_replace("
|
|
","<br>",$_POST[bio]);
|
|
$postheader=str_replace("
|
|
","<br>",$_POST[postheader]);
|
|
if (!$_POST[password]) $password=$users[password];
|
|
else {
|
|
$password=password_hash("$_POST[password]", PASSWORD_BCRYPT);
|
|
}
|
|
|
|
$sql = "UPDATE users SET name = ?, title = ?, password = ?, sex = ?, picture = ?, email = ?, icq = ?, signature = ?, bio = ?, homepageurl = ?, homepagename = ?, postheader = ? WHERE id = $_POST[fid]";
|
|
if($stmt = mysqli_prepare($con, $sql)){
|
|
|
|
mysqli_stmt_bind_param($stmt,"ssssssssssss", $_POST[username], $_POST[usertitle], $password, $_POST[sex], $_POST[picture], $_POST[email], $_POST[icq], $signature, $bio, $_POST[homepageurl], $_POST[homepage], $postheader) or mysqli_error($con);
|
|
mysqli_stmt_execute($stmt) or mysqli_error($con);
|
|
print "$tccell1"."Thank you, ".$eusers[name].", for editing this user.".
|
|
"<br>Click <a href=index.php>here</a> to return to the board.</td></table>";
|
|
}
|
|
|
|
else {
|
|
print "$tccell1"."Failed!";
|
|
print "<br>Click <a href=index.php>here</a> to return to the board.";
|
|
}
|
|
print "
|
|
</td>
|
|
</table>
|
|
";
|
|
}
|
|
print $footer;
|
|
?>
|