nincollin
/
AcmlmboardZero
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
This repository has been archived on 2023-09-19. You can view files and clone it, but cannot push or open issues or pull requests.
AcmlmboardZero/edituser.php

164 lines
6.5 KiB
PHP
Raw Permalink Blame History

<?php
require("function.php");
require("layout.php");
//GET doesn't carry over through POST, so I do it this way
$fid = $_GET['id'];
if(!$_GET[id]) $fid=$_POST[fid];
//User to edit
$users=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id=$fid"));
//Does the user exist?
if(!$users[name] and !$users[password]){
die('User does not exist');
}
//User editing
$eusers=mysqli_fetch_array(mysqli_query($con,"SELECT * FROM users WHERE id=$loguserid"));
//Gotta be logged in
if (!$loguserid) {
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
$tccell1 You are not logged it!</table></td></table>$footer";
die('');
}
//Do we have permission to edit?
//Until permissions are finished, checks is user is a "debug" user
if (!$eusers[debug]) {
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
$tccell1 You do not have permission to edit this user!</table></td></table>$footer";
die('');
}
//Don't edit yourself!
if ($loguserid==$fid) {
print "$header<br><table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
$tccell1 Please use <a href=editprofile.php>editprofile.php</a> to edit yourself.</table></td></table>$footer";
die('');
}
$tccellha="<td bgcolor=$tableheadbg";
$tccellhb="><center>$fonthead";
print $header;
if($users[sex]==0){ $check1="checked=1"; }
elseif($users[sex]==1){ $check2="checked=1"; }
elseif($users[sex]==2){ $check3="checked=1"; }
$sexlist="<INPUT type=radio NAME=sex value=0 $check1> Male&nbsp;&nbsp;&nbsp;";
$sexlist.="<INPUT type=radio NAME=sex value=1 $check2> Female&nbsp;&nbsp;&nbsp;";
$sexlist.="<INPUT type=radio NAME=sex value=2 $check3> N/A&nbsp;&nbsp;&nbsp;";
if ($_POST[action]=="" and $logpassword!="") {
print " <table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<FORM ACTION=\"edituser.php\" NAME=\"REPLIER\" METHOD=\"POST\">
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
";
$replytable="$tccellha width=150$tccellhb"."&nbsp;</font></td>";
$replytable.="$tccellh"."&nbsp;</td><tr>";
$replytable.="$tccell1"."<b>User name:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"username\" VALUE=\"".$users[name]."\" SIZE=25 MAXLENGTH=25></td><tr>";
$replytable.="$tccell1"."<b>Password:<br></b>$smallfont (Not required)</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=PASSWORD NAME=\"password\" SIZE=13 MAXLENGTH=13></td><tr>";
$replytable.="$tccell1"."<b>Custom title:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"usertitle\" VALUE=\"".$users[title]."\" SIZE=60 MAXLENGTH=100></td><tr>";
$replytable.="$tccell1"."<b>User picture:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"picture\" VALUE=\"".$users[picture]."\" SIZE=60 MAXLENGTH=100></td><tr>";
$replytable.="$tccell1"."<b>Email address:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"email\" VALUE=\"".$users[email]."\" SIZE=60 MAXLENGTH=60></td><tr>";
$replytable.="$tccell1"."<b>Homepage:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"homepage\" VALUE=\"".$users[homepagename]."\" SIZE=60 MAXLENGTH=80></td><tr>";
$replytable.="$tccell1"."<b>Homepage:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=TEXT NAME=\"homepageurl\" VALUE=\"".$users[homepageurl]."\" SIZE=60 MAXLENGTH=80></td><tr>";
$replytable.="$tccell1"."<b>ICQ number:</td>";
$replytable.="$tccell2"."</center><INPUT TYPE=NUMBER NAME=\"icq\" VALUE=\"".$users[icq]."\" SIZE=10 MAXLENGTH=10></td><tr>";
$replytable.="$tccell1"."<b>Sex:</td>";
$replytable.="$tccell2"."</center>$sexlist</td><tr>";
$replytable.="$tccell1"."<b>Post Header:</td>";
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"postheader\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
",$users[postheader])."</TEXTAREA></td><tr>";
$replytable.="$tccell1"."<b>Signature:</td>";
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"signature\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
",$users[signature])."</TEXTAREA></td><tr>";
$replytable.="$tccell1"."<b>Bio:</td>";
$replytable.="$tccell2"."</center><TEXTAREA NAME=\"bio\" ROWS=5 COLS=60 WRAP=VIRTUAL>".str_replace("<br>","
",$users[bio])."</TEXTAREA></td><tr>";
$replytable.="$tccell1"."&nbsp;</td>";
$replytable.="$tccell2"."</center>
<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"saveprofile\">
<INPUT TYPE=HIDDEN NAME=\"fid\" VALUE=\"$fid\">
<INPUT TYPE=Submit NAME=\"submit\" VALUE=\"Edit profile\"></td></FORM>";
print "$replytable
</td>
</table>
";
print "
</td>
</table>
";
}
if ($_POST[action]=="saveprofile") {
print "
<table border=0 bgcolor=$tableborder width=$tablewidth align=center cellpadding=0 cellspacing=0>
<td>
<table border=0 cellpadding=2 cellspacing=1 width=100% bgcolor=$tableborder>
";
$signature=str_replace("
","<br>",$_POST[signature]);
$bio=str_replace("
","<br>",$_POST[bio]);
$postheader=str_replace("
","<br>",$_POST[postheader]);
if (!$_POST[password]) $password=$users[password];
else {
$password=password_hash("$_POST[password]", PASSWORD_BCRYPT);
}
$sql = "UPDATE users SET name = ?, title = ?, password = ?, sex = ?, picture = ?, email = ?, icq = ?, signature = ?, bio = ?, homepageurl = ?, homepagename = ?, postheader = ? WHERE id = $_POST[fid]";
if($stmt = mysqli_prepare($con, $sql)){
mysqli_stmt_bind_param($stmt,"ssssssssssss", $_POST[username], $_POST[usertitle], $password, $_POST[sex], $_POST[picture], $_POST[email], $_POST[icq], $signature, $bio, $_POST[homepageurl], $_POST[homepage], $postheader) or mysqli_error($con);
mysqli_stmt_execute($stmt) or mysqli_error($con);
print "$tccell1"."Thank you, ".$eusers[name].", for editing this user.".
"<br>Click <a href=index.php>here</a> to return to the board.</td></table>";
}
else {
print "$tccell1"."Failed!";
print "<br>Click <a href=index.php>here</a> to return to the board.";
}
print "
</td>
</table>
";
}
print $footer;
?>
Reference in New Issue View Git Blame Copy Permalink