Viewing file: users.inc (18.06 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php function disp_table($conn, $table) { global $PHP_SELF, $HTTP_GET_VARS; $offset=$HTTP_GET_VARS['offset']+0; $query = "select "; switch ($HTTP_GET_VARS[mode]) { case 9: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment FROM users WHERE registered = 't' and enabled = 'f' ORDER BY date desc offset ".$offset." limit 76"; break; case 8: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment FROM users WHERE lower(name) IN (SELECT lower(name) FROM users m2 GROUP BY lower(name) HAVING COUNT(*) > 1) ORDER BY name, date, registered offset ".$offset." limit 76"; break; case 7: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment FROM users WHERE (email) IN (SELECT email FROM users m2 GROUP BY email HAVING COUNT(*) > 1) ORDER BY email, name, registered, date offset ".$offset." limit 76"; break; case 6: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment from users where email~* '". addslashes(trim($HTTP_GET_VARS[searchemail])) ."' order by registered, enabled, date desc offset ".$offset." limit 76"; break; case 5: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment from users where name~* '". addslashes(trim($HTTP_GET_VARS[searchname])) ."' order by registered, enabled, date desc offset ".$offset." limit 76"; break; case 4: $query.= "profiles.gender, users.* FROM users, profiles WHERE (lower(profiles.gender) CONTAINS 'f') or (lower(profiles.gender) CONTAINS 'w') ORDER BY registered, enabled, name offset ".$offset." limit 76"; break; case 3: $query.= "users.userid, users.name, users.messages_posted, users.password, users.email, users.registered, users.enabled, users.onhold, users.ip, users.date, users.muted, users.dupname, users.dupemail, users.chat_allowed, users.comment FROM users, profiles WHERE users.name = profiles.name ORDER BY registered, enabled, name offset ".$offset." limit 76"; break; case 2: $query.= "userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment from users order by registered, enabled, date desc offset ".$offset." limit 76"; break; case 1: $query.="userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment from users order by ip,enabled,date desc offset ".$offset." limit 76"; break; default: $query.="userid, name, messages_posted, password, email, registered, enabled, onhold, ip, date, muted, dupname, dupemail, chat_allowed, comment from users where not registered order by registered, enabled, date desc offset ".$offset." limit 76"; break; }; $result = pg_Exec($conn, $query.";");
$rows=pg_numrows($result);
echo "<div id=\"queryView\"><b>SQL:</b> ".$query."</div>\n"; echo "<div id=\"queryDetails\"><b>Results:</b> ".$rows." row(s)</div>\n"; echo "<div class=\"pagination\">\n"; if ($offset>0) { $_GET['offset'] = $offset - 75; echo " <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Previous 75</a>"; } if ($rows>75) { $_GET['offset'] = $offset + 75; echo " <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Next 75</a>"; } echo "</div>\n"; echo "<form method=\"post\">\n"; echo " <div id=\"userActions\">\n"; echo " <input id=\"newButton\" type=\"submit\" name=\"action\" value=\"new\" />\n"; // "<input type=submit name=action value=preferences>"; echo " <input id=\"editButton\" type=\"submit\" name=\"action\" value=\"edit\" />\n"; echo " <input id=\"deleteButton\" type=\"submit\" name=\"action\" value=\"delete\" />\n"; echo " <input id=\"approveButton\" type=\"submit\" name=\"action\" value=\"approve\" />\n"; echo " <input id=\"onholdButton\" type=\"submit\" name=\"action\" value=\"onhold\" />\n"; echo " <input id=\"rejectButton\" type=\"submit\" name=\"action\" value=\"reject\" />\n"; echo " <input id=\"enableButton\" type=\"submit\" name=\"action\" value=\"enable\" />\n"; echo " <input id=\"disableButton\" type=\"submit\" name=\"action\" value=\"disable\" />\n"; echo " <input id=\"sendInfoButton\" type=\"submit\" name=\"action\" value=\"send account info\" />\n"; /* echo " <input id=\"fighterButton\" type=\"submit\" name=\"action\" value=\"is_fighter\" />\n"; echo " <input id=\"notFighterButton\" type=\"submit\" name=\"action\" value=\"is_not_fighter\" />\n"; echo " <input id=\"trainerButton\" type=\"submit\" name=\"action\" value=\"is_trainer\" />\n"; echo " <input id=\"notTrainerButton\" type=\"submit\" name=\"action\" value=\"is_not_trainer\" />\n"; */ echo " </div>\n"; echo " <table id=\"userTable\" cellspacing=\"0\" cellpadding=\"0\">\n"; echo " <tr>\n"; echo " <th>Select</th>\n"; echo " <th>Topics/Posts</th>\n"; for($field=0;$field<pg_numfields($result);$field++) { $fieldname=pg_fieldname($result,$field); echo " <th>".$fieldname."</th>\n"; } echo " </tr>\n"; for($row=0;$row<$rows;$row++) { $obj=pg_Fetch_Row($result,$row); echo " <tr"; if ($obj[7]=='t') { echo " class=\"onHold\" "; } elseif ($obj[5]=='f') { echo " class=\"notRegistered\" "; } elseif ($obj[6]=='f') { echo " class=\"notEnabled\" "; } echo ">\n"; echo " <td class=\"col1\">\n"; echo " <input type=\"checkbox\" name=\"name[]\" value=\"".htmlspecialchars($obj[1])."\" />\n"; echo " </td>\n"; echo " <td class=\"col2\">\n"; echo " <a href=\"topics?mode=1&searchtopicuser1=".htmlspecialchars(urlencode($obj[1]))."\">topics</a> | \n"; echo " <a href=\"posts?mode=1&searchname=".htmlspecialchars(urlencode($obj[1]))."\">posts</a>\n"; echo " </td>\n"; foreach($obj as $key=>$val) $obj[$key]=nl2br(htmlspecialchars($val)); foreach($obj as $key=>$val) { echo " <td class=\"col".($key+3)."\">\n"; if ($key == 8) { echo " ".substr($obj[$key],0,16)."\n"; } else { echo " ".$obj[$key]."\n"; } echo " </td>\n"; } echo " </tr>\n"; }
/* echo '<FORM method=post>';
echo "\n<TR>";
for($field=0;$field<pg_numfields($result);$field++) { $fieldname=pg_fieldname($result,$field); echo "<TD><input type=text name=\"",$fieldname,"\" value=\"",$HTTP_POST_VARS[$fieldname],"\">\n"; } */ echo(" </table>"); echo("</form>"); $rows=pg_numrows($result);
echo "<div class=\"pagination\">\n"; if ($offset>0) { $_GET['offset']-=75; echo " <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Previous 75</a>"; } if ($rows>75) { $_GET['offset']+=75; echo " <a href=\"".htmlentities($PHP_SELF."?".join('&',array_map(create_function('$a,$b','return urlencode($a)."=".urlencode($b);'),array_keys($_GET),array_values($_GET))))."\">Next 75</a>"; $rows=75; } echo "<br /><br /></div>\n"; }
function edit_dialog($result,$name) { $obj=pg_fetch_row($result,0); echo "<form method=post>\n"; echo "<input type=hidden name=name[] value=\"".htmlspecialchars(current($name))."\">\n"; echo "<table border cellpadding=0 cellspacing=0>\n"; for($field=0;$field<pg_numfields($result);$field++) { echo "<tr><th align=right>".pg_fieldname($result,$field).":"; echo "<td>"; if (strchr($obj[$field],"\n") || strchr($obj[$field],"\r") || pg_fieldname($result,$field)=='comment') { echo "<textarea name=\"fields[".pg_fieldname($result,$field)."]\" rows=10 cols=80>\n"; echo htmlentities($obj[$field]); echo "</textarea>"; } else { echo "<input type=text size=".strlen($obj[$field])." name=\"fields[".pg_fieldname($result,$field)."]\""; echo " value=\"".htmlentities($obj[$field])."\">"; } echo "</tr>\n"; } echo "<tr><td><th style=\"text-align: left;\"><input type=submit name=action value=update> <input type=submit name=action value=cancel>"; echo "</table>\n"; echo "</form>\n"; }
function new_dialog($result) { echo "<form method=post>\n"; echo "<table border>\n"; for($field=0;$field<pg_numfields($result);$field++) { echo "<tr><th align=right>".pg_fieldname($result,$field).":"; echo "<td><input type=text size=40 name=\"fields[".pg_fieldname($result,$field)."]\"></tr>\n"; } echo "<tr><td><th><input type=submit name=action value=insert> <input type=submit name=action value=cancel>"; echo "</table>\n"; echo "</form>\n"; }
function email_account_status($conn) { global $HTTP_POST_VARS; echo "$HTTP_POST_VARS[action] : ".$HTTP_POST_VARS[action]; switch ($HTTP_POST_VARS[action]) { case "disable": $mail_subject = "Your account on the AX Forum"; $action_message = "Your account has been suspended.\n"; break; case "enable": $mail_subject = "Your account on the AX Forum"; $action_message = "Your account is no longer suspended.\n"; break; case "approve": $mail_subject = "Your account on the AX Forum"; $action_message = "Your account registration has been accepted.\n"; break; case "reject": $mail_subject = "Your account on the AX Forum"; $action_message = "Your account registration has been rejected.\n"; break; default: $mail_subject = "Your account on the AX Forum"; $action_message = "Your account info is below"; } $result=pg_exec($conn,"select * from users where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"); $rows=pg_numrows($result); for ($row=0;$row<$rows;$row++) { $obj=pg_fetch_array($result,$row); // mail($obj[email],"Your account on the AX discussion board","Welcome ".$obj['name'].",\n\nYour login name is: '".$obj['name']."'\nBe careful to type it exactly as it appears between the quotes when posting to allow the board to recognize you.\nYour password for the AX message board is: ".$obj[password]."\nYour registration has ".($obj[registered]=='t'?"":"not yet ")."been approved.\nYour account is currently ".($obj[enabled]=='t'?"enabled":"disabled").".\n\nYou can reach the board at http://message.axkickboxing.com/\n\nThank you,\nThe AX Team","From: server@axkickboxing.com\nReply-To: axcontact@yahoo.com"); mail($obj[email],$mail_subject,"Welcome ".$obj['name'].",\n".$action_message."\n----------------------------\nYour login name is: '".$obj['name']."'\nBe careful to type it exactly as it appears between the quotes (but don't type the quotes themselves) when posting to allow the board to recognize you.\nYour password for the AX message board is: ".$obj[password]."\nYour registration has ".($obj[registered]=='t'?"":"not yet ")."been approved.\nYour account is currently ".($obj[enabled]=='t'?"enabled":"disabled").".\n\nYou can reach the board at http://message.axkickboxing.com/\n\n".($obj[registered]=='t'?"We suggest to begin with filling out your profile at http://message.axkickboxing.com/profiles if you want others to be able to learn more about you.\n\n":"")."Thank you,\nThe AX Team","From: Ax Forum Moderation <moderation@axkickboxing.com>\nReply-To: Ax Forum Moderation <moderation@axkickboxing.com>"); } }
function handle_table($conn,$table) { global $HTTP_POST_VARS;
if (isset($HTTP_POST_VARS[action])) {
if ($p=strpos($HTTP_POST_VARS[action]," ")) { $HTTP_POST_VARS['name'][]=substr($HTTP_POST_VARS[action],$p+1); $HTTP_POST_VARS[action]=substr($HTTP_POST_VARS[action],0,$p); }
switch ($HTTP_POST_VARS[action]) { case "delete": $query="delete from ".$table." where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."')"; echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; if(pg_exec($conn,$query)) echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; disp_table($conn,$table); break; /* case "email": email_url_change($conn); echo "everyone has been emailed about the change.\n"; break; */ case "send": echo "<div id=\"completedQuery\"><b>Completed Action:</b> Account info sent.</div>"; email_account_status($conn); disp_table($conn,$table); break; case "enable": $query = "update ".$table." set enabled='t',onhold='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"; if(pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; email_account_status($conn); disp_table($conn,$table); } break; case "onhold": if(pg_exec($conn,"update ".$table." set onhold='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) { //email_account_status($conn); $query="update ".$table." set onhold='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"; echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; disp_table($conn,$table); } break; case "disable": $query = "update ".$table." set enabled='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"; if(pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; email_account_status($conn); disp_table($conn,$table); } break; case "approve": $names=array(); foreach($HTTP_POST_VARS['name'] as $name) { $names[]="'".addslashes($name)."'"; } $query = "update ".$table." set registered='t',enabled='t',onhold='f',date='now' where name in (".join(",",$names).");"; if(pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; email_account_status($conn); disp_table($conn,$table); } break; case "reject": $query = "update ".$table." set registered='f',enabled='f',date='now' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');"; if ($result=pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; email_account_status($conn); disp_table($conn,$table); } break; case "edit": $query = "select * from ".$table." where name='".addslashes(current($HTTP_POST_VARS['name']))."';"; if ($result=pg_exec($conn,$query)) { //echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; edit_dialog($result,$HTTP_POST_VARS['name']); } break; case "new": $result=pg_exec($conn,"select * from ".$table." where name='';"); new_dialog($result); break; case "insert": unset($k); unset($v); while ($a=each($HTTP_POST_VARS[fields])) { if ($a[value]!="") { $k[]=$a[key]; $v[]="'".addslashes($a[value])."'"; } } if (sizeof($k)==0) { echo "Empty form - not inserting."; exit(); } $query = "insert into ".$table." (".join($k,", ").") VALUES (".join($v,", ").");"; if (pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; disp_table($conn,$table); } break; case "update": unset($q); while (list($key, $value)=each($HTTP_POST_VARS['fields'])) { if ($value=="") $q[]="\"".$key."\" = null"; else $q[]="\"".$key."\" = '".addslashes($value)."'"; } $query = "update ".$table." set ".join($q,", ")." where name='".addslashes(current($HTTP_POST_VARS['name']))."';"; if (pg_exec($conn,$query)) { echo "<div id=\"completedQuery\"><b>Completed Action:</b> ".htmlspecialchars($query)."</div>"; //email_account_status($conn); disp_table($conn,$table); } break;
case "is_fighter": if(pg_exec($conn,"update ".$table." set is_fighter='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) { email_account_status($conn); disp_table($conn,$table); } break;
case "is_not_fighter": if(pg_exec($conn,"update ".$table." set is_fighter='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) { email_account_status($conn); disp_table($conn,$table); } break;
case "is_trainer": if(pg_exec($conn,"update ".$table." set is_trainer='t' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) { email_account_status($conn); disp_table($conn,$table); } break;
case "is_not_trainer": if(pg_exec($conn,"update ".$table." set is_trainer='f' where name in ('".join("', '",array_map('addslashes',$HTTP_POST_VARS['name']))."');")) { email_account_status($conn); disp_table($conn,$table); } break; default: disp_table($conn,$table); }
} else disp_table($conn,$table); } ?>
|