Viewing file:  users.inc (12.81 KB) -rw-rw-r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
function disp_table($conn, $table)
{
global $PHP_SELF, $HTTP_GET_VARS;
$query = "select ";
switch ($HTTP_GET_VARS[mode]) {
case 8:
$query.= "* FROM users WHERE lower(name) IN (SELECT lower(name) FROM users m2 GROUP BY lower(name) HAVING COUNT(*) > 1) ORDER BY name, date, registered";
break;
case 7:
$query.= "* FROM users WHERE (email) IN (SELECT email FROM users m2 GROUP BY email HAVING COUNT(*) > 1) ORDER BY email, name, registered, date";
break;
case 6:
$query.= "* from users where email~* '". addslashes(trim($HTTP_GET_VARS[searchemail])) ."' order by registered, enabled, date desc";
break;
case 5:
$query.= "* from users where name~* '". addslashes(trim($HTTP_GET_VARS[searchname])) ."' order by registered, enabled, date desc";
break;
case 4:
$query.= "profiles.gender, users.* FROM users, profiles WHERE (lower(profiles.gender) CONTAINS 'f') or (lower(profiles.gender) CONTAINS 'w') ORDER BY registered, enabled, name";
break;
case 3:
$query.= "users.* FROM users, profiles WHERE users.name = profiles.name ORDER BY registered, enabled, name";
break;
case 2:
$query.= "* from users order by registered, enabled, date desc";
break;
case 1:
$query.="* from users order by ip,enabled,date desc";
break;
default:
$query.="* from users where not registered order by registered, enabled, date desc";
break;
};
$result = pg_Exec($conn, $query.";");
$rows=pg_numrows($result);
echo "<FORM method=post>";
echo "<TABLE border=1>\n";
echo "<CAPTION style='text-align:left'>".$query."<br>result: ".$rows." row(s)</CAPTION>\n";
echo "<TR><TH><input type=submit name=action value=new>"; // "<input type=submit name=action value=preferences>";
echo "<input type=submit name=action value=\"edit\">";
echo "<input type=submit name=action value=\"delete\">";
echo "<br>\n";
echo "<input type=submit name=action value=\"approve\">";
echo "<input type=submit name=action value=\"disapprove\">";
echo "<br>\n";
echo "<input type=submit name=action value=\"enable\">";
echo "<input type=submit name=action value=\"disable\">";
echo "<br>\n";
echo "<input type=submit name=action value=\"send account info\">\n";
echo "<br>\n";
echo "<input type=submit name=action value=\"is_fighter\">\n";
echo "<input type=submit name=action value=\"is_not_fighter\">\n";
echo "<br>\n";
echo "<input type=submit name=action value=\"is_trainer\">\n";
echo "<input type=submit name=action value=\"is_not_trainer\">\n";
for($field=1;$field<pg_numfields($result);$field++) {
$fieldname=pg_fieldname($result,$field);
echo "<TH>".$fieldname."\n";
}
for($row=0;$row<$rows;$row++) {
$obj=pg_Fetch_Row($result,$row);
echo "<TR";
if ($obj[3]=='f' or $obj[4]=='f') {
// echo " bgcolor=#ffff80";
echo " bgcolor=#00669";
}
echo "><TD>";
echo "<input type=checkbox name=name[] value=\"".htmlspecialchars($obj[0])."\">";
foreach($obj as $key=>$val) $obj[$key]=nl2br(htmlspecialchars($val));
$obj[0].=
' <a href="msgboard2topix.phtml?mode=1&searchname='.htmlspecialchars(urlencode($obj[0])).'">(topics)</a>'.
' <a href="msgboard2.phtml?mode=1&searchname='.htmlspecialchars(urlencode($obj[0])).'">(messages)</a>';
echo implode($obj, "<TD nowrap>");
echo "</TR>\n";
}
/*
echo '<FORM method=post>';
echo "\n<TR>";
for($field=0;$field<pg_numfields($result);$field++) {
$fieldname=pg_fieldname($result,$field);
echo "<TD><input type=text name=\"",$fieldname,"\" value=\"",$HTTP_POST_VARS[$fieldname],"\">\n";
}
*/
echo("</TABLE>");
echo("</FORM>");
}
function edit_dialog($result,$name) {
$obj=pg_fetch_row($result,0);
echo "<form method=post>\n";
echo "<input type=hidden name=name[] value=\"".htmlspecialchars(current($name))."\">\n";
echo "<table border cellpadding=0 cellspacing=0>\n";
for($field=0;$field<pg_numfields($result);$field++) {
echo "<tr><th align=right>".pg_fieldname($result,$field).":";
echo "<td>";
if (strchr($obj[$field],"\n") || strchr($obj[$field],"\r") || pg_fieldname($result,$field)=='comment') {
echo "<textarea name=\"fields[".pg_fieldname($result,$field)."]\" rows=10 cols=80>\n";
echo htmlentities($obj[$field]);
echo "</textarea>";
} else {
echo "<input type=text size=".strlen($obj[$field])." name=\"fields[".pg_fieldname($result,$field)."]\"";
echo " value=\"".htmlentities($obj[$field])."\">";
}
echo "</tr>\n";
}
echo "<tr><td><th style=\"text-align: left;\"><input type=submit name=action value=update> <input type=submit name=action value=cancel>";
echo "</table>\n";
echo "</form>\n";
}
function new_dialog($result) {
echo "<form method=post>\n";
echo "<table border>\n";
for($field=0;$field<pg_numfields($result);$field++) {
echo "<tr><th align=right>".pg_fieldname($result,$field).":";
echo "<td><input type=text size=40 name=\"fields[".pg_fieldname($result,$field)."]\"></tr>\n";
}
echo "<tr><td><th><input type=submit name=action value=insert> <input type=submit name=action value=cancel>";
echo "</table>\n";
echo "</form>\n";
}
function email_url_change($conn)
{
global $HTTP_POST_VARS;
$result=pg_exec($conn,"select * from users;");
$rows=pg_numrows($result);
for ($row=0;$row<$rows;$row++) {
$obj=pg_fetch_array($result,$row);
mail($obj[email],"AX is moving!","Welcome ".$obj['name'].",\n\nWe are glad to announce, that we have our own domain now! This means, that you probably were not able to reach the board in the last couple of days. We apologize for that. Here is the new internet address you can reach us at:\n\nhttp://www.axkickboxing.com/\nThere isn't much content there for now, but that should change in the near future. Our message board has also moved to a new address: http://message.axkickboxing.com/ - hopefully that will be easier to remember than the previous address. However, the address change also means that the cookies with your settings on the old message board (your name, password and time zone) became invalid, and you will have to reenter that information on the new board. We apologize for any inconvenience this might cause, and send this email with your account info to you to help reenter your name and password.\n\nShould you have any questions or problems, please email us at our regular address axcontact@yahoo.com.\n\nWe apologize once again.\n\nRegards,\nBrian & Andras\nfrom the AX Team\n\nPS: Here is your account information as a reminder.\n\nYour login name is: '".$obj['name']."'\nBe careful to type it exactly as it appears between the quotes when posting to allow the board to recognize you.\nYour password for the ax message board is: ".$obj[password]."\nYour registration is ".($obj[registered]=='t'?"":"not ")."approved.\nYour account is currently ".($obj[enabled]=='t'?"enabled":"disabled").".\n\nYou can reach the board at http://message.axkickboxing.com/\n\nThank you,\nThe AX Team","From: server@axkickboxing.com\nReply-To: axcontact@yahoo.com");
}
}
function email_account_status($conn)
{
global $HTTP_POST_VARS;
$result=pg_exec($conn,"select * from users where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');");
$rows=pg_numrows($result);
for ($row=0;$row<$rows;$row++) {
$obj=pg_fetch_array($result,$row);
// mail($obj[email],"Your account on the AX discussion board","Welcome ".$obj['name'].",\n\nYour login name is: '".$obj['name']."'\nBe careful to type it exactly as it appears between the quotes when posting to allow the board to recognize you.\nYour password for the AX message board is: ".$obj[password]."\nYour registration has ".($obj[registered]=='t'?"":"not yet ")."been approved.\nYour account is currently ".($obj[enabled]=='t'?"enabled":"disabled").".\n\nYou can reach the board at http://message.axkickboxing.com/\n\nThank you,\nThe AX Team","From: server@axkickboxing.com\nReply-To: axcontact@yahoo.com");
mail($obj[email],"Your account on the AX discussion board","Welcome ".$obj['name'].",\n\nYour login name is: '".$obj['name']."'\nBe careful to type it exactly as it appears between the quotes (but don't type the quotes themselves) when posting to allow the board to recognize you.\nYour password for the AX message board is: ".$obj[password]."\nYour registration has ".($obj[registered]=='t'?"":"not yet ")."been approved.\nYour account is currently ".($obj[enabled]=='t'?"enabled":"disabled").".\n\nYou can reach the board at http://message.axkickboxing.com/\n\n".($obj[registered]=='t'?"We suggest to begin with filling out your profile at http://message.axkickboxing.com/profiles if you want others to be able to learn more about you.\n\n":"")."Thank you,\nThe AX Team","From: server@axkickboxing.com\nReply-To: support@axkickboxing.com");
}
}
function handle_table($conn,$table) {
global $HTTP_POST_VARS;
if (isset($HTTP_POST_VARS[action])) {
if ($p=strpos($HTTP_POST_VARS[action]," ")) {
$HTTP_POST_VARS['name'][]=substr($HTTP_POST_VARS[action],$p+1);
$HTTP_POST_VARS[action]=substr($HTTP_POST_VARS[action],0,$p);
}
switch ($HTTP_POST_VARS[action]) {
case "delete":
if(pg_exec($conn,"delete from ".$table." where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"))
disp_table($conn,$table);
break;
/* case "email":
email_url_change($conn);
echo "everyone has been emailed about the change.\n";
break; */
case "send":
email_account_status($conn);
disp_table($conn,$table);
break;
case "enable":
if(pg_exec($conn,"update ".$table." set enabled='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "disable":
if(pg_exec($conn,"update ".$table." set enabled='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "approve":
$names=array();
foreach($HTTP_POST_VARS['name'] as $name) {
$names[]="'".addslashes($name)."'";
}
$query="update ".$table." set registered='t',enabled='t',date='now' where name in (".join(",",$names).");";
echo "<p>".htmlspecialchars($query)."</p>";
if(pg_exec($conn,$query)) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "disapprove":
if(pg_exec($conn,"update ".$table." set registered='f',enabled='f',date='now' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "edit":
if ($result=pg_exec($conn,"select * from ".$table." where name='".addslashes(current($HTTP_POST_VARS['name']))."';"))
edit_dialog($result,$HTTP_POST_VARS['name']);
break;
case "new":
$result=pg_exec($conn,"select * from ".$table." where name='';");
new_dialog($result);
break;
case "insert":
unset($k);
unset($v);
while ($a=each($HTTP_POST_VARS[fields])) {
if ($a[value]!="") {
$k[]=$a[key];
$v[]="'".addslashes($a[value])."'";
}
}
if (sizeof($k)==0) {
echo "Empty form - not inserting.";
exit();
}
if (pg_exec($conn,"insert into ".$table." (".join($k,", ").") VALUES (".join($v,", ").");")) {
// $result=pg_exec($conn,"select * from ".$table." where name=1;");
// new_dialog($result);
disp_table($conn,$table);
}
break;
case "update":
unset($q);
while (list($key, $value)=each($HTTP_POST_VARS['fields'])) {
if ($value=="")
$q[]="\"".$key."\" = null";
else
$q[]="\"".$key."\" = '".addslashes($value)."'";
}
if (pg_exec($conn,"update ".$table." set ".join($q,", ")." where name='".addslashes(current($HTTP_POST_VARS['name']))."';")) {
email_account_status($conn);
disp_table($conn,$table);
echo "update ".$table." set ".join($q,", ")." where name='".addslashes(current($HTTP_POST_VARS['name']))."';";
}
break;
case "is_fighter":
if(pg_exec($conn,"update ".$table." set is_fighter='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "is_not_fighter":
if(pg_exec($conn,"update ".$table." set is_fighter='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "is_trainer":
if(pg_exec($conn,"update ".$table." set is_trainer='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
case "is_not_trainer":
if(pg_exec($conn,"update ".$table." set is_trainer='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) {
email_account_status($conn);
disp_table($conn,$table);
}
break;
default:
disp_table($conn,$table);
}
} else
disp_table($conn,$table);
}
?>
|