File: /home/httpd/html/baretube.com/admin/users.php
<?php
require "header.php";
$users_processed = 0;
$content_processed = 0;
$messages = array();
$errors = array();
if (isset($_POST['list']) && count($_POST['list']) > 0) {
if ($_POST['action'] === 'delete' && $_POST['content_action'] === 'assign_user') {
if (trim($_POST['assign_user__username']) === '') {
$errors[] = 'Fill-in username to re-assign content of deleted members!';
} else {
$new_user = dbQuery("SELECT * FROM `users` WHERE `username` = '" . mysqli_real_escape_string($dbconn, $_POST['assign_user__username']) . "'", false);
$new_user = $new_user[0];
if (!is_numeric($new_user['record_num'])) {
$errors[] = 'Username to re-assign content of deleted members not found!';
}
}
}
}
if (count($errors) === 0 && isset($_POST['list']) && count($_POST['list']) > 0) {
foreach ($_POST['list'] as $i) {
if (is_numeric($i)) {
$user = dbQuery("SELECT `record_num`, `username` FROM `users` WHERE `record_num` = '$i'", false);
$user = $user[0];
if (is_numeric($user['record_num'])) {
switch ($_POST['action']) {
case 'delete':
if ($_POST['content_action'] == 'assign_anonymous') {
dbQuery("UPDATE `content` SET `submitter` = 0 WHERE `submitter` = '$i'");
$content_processed += (int) mysqli_affected_rows($dbconn);
} else if ($_POST['content_action'] == 'unpublish') {
dbQuery("UPDATE `content` SET `enabled` = 0 WHERE `submitter` = '$i'");
$content_processed += (int) mysqli_affected_rows($dbconn);
} else if ($_POST['content_action'] == 'assign_user') {
dbQuery("UPDATE `content` SET `submitter` = '" . (int) $new_user['record_num'] . "' WHERE `submitter` = '$i'");
$content_processed += (int) mysqli_affected_rows($dbconn);
} else if ($_POST['content_action'] == 'delete') {
$content_collection = dbQuery("SELECT * FROM `content` WHERE `submitter` = '$i'", false);
if (is_array($content_collection)) {
foreach ($content_collection as $row) {
dbQuery("INSERT INTO `content_deleted` SET `content` = '$row[record_num]', `date` = NOW(), `data` = '" . mysqli_real_escape_string($dbconn, serialize($row)) . "'");
dbQuery("DELETE FROM `content_views` WHERE `content` = '$row[record_num]'");
dbQuery("DELETE FROM `content_niches` WHERE `content` = '$row[record_num]'");
dbQuery("DELETE FROM `content_pornstars` WHERE `content` = '$row[record_num]'");
dbQuery("DELETE FROM `comments` WHERE `content` = '$row[record_num]' AND `type` = 0");
dbQuery("DELETE FROM `images` WHERE `gallery` = '$row[record_num]'");
$subdir = $row['filename'][0] . '/' . $row['filename'][1] . '/' . $row['filename'][2] . '/' . $row['filename'][3] . '/' . $row['filename'][4];
unlink("$video_path/$subdir/$row[filename]");
if ($row['mobile'] && file_exists("$video_path/$subdir/$row[mobile]")) {
unlink("$video_path/$subdir/$row[mobile]");
}
if ($row['trailer_filename'] && file_exists("$video_path/$subdir/$row[trailer_filename]")) {
unlink("$video_path/$subdir/$row[trailer_filename]");
}
if (!$row['embed'] && $row['photos'] == 0 && $row['orig_filename']) {
$dirname = str_replace('.flv', '', $row['orig_filename']);
delete_folder("$thumb_path/$subdir/$dirname");
}
dbQuery("DELETE FROM `content` WHERE `record_num` = '$row[record_num]'");
$content_processed += (int) mysqli_affected_rows($dbconn);
}
}
}
dbQuery("DELETE FROM `user_logins` WHERE `user` = '" . mysqli_real_escape_string($dbconn, $user['username']) . "'");
dbQuery("DELETE FROM `users` WHERE `record_num` = '$i'");
dbQuery("DELETE FROM `users_notifications` WHERE `user_id` = '$i'");
dbQuery("DELETE FROM `comments` WHERE `userid` = '$i'");
dbQuery("DELETE FROM `comments` WHERE `content` = '$i' AND `type` = 2");
$users_processed++;
break;
case 'block':
dbQuery("UPDATE `users` SET `enabled` = 0 WHERE `record_num` = '$i'");
$users_processed++;
break;
case 'unblock':
dbQuery("UPDATE `users` SET `enabled` = 1 WHERE `record_num` = '$i'");
$users_processed++;
break;
case 'verify':
dbQuery("UPDATE `users` SET `enabled` = 1, `validate` = '', `email_verified` = 1 WHERE `record_num` = '$i'");
$users_processed++;
break;
}
} else {
$errors[] = "User width ID: $i not found!";
}
}
}
}
if (isset($_POST['action']) && $users_processed > 0) {
if ($_POST['action'] === 'delete') {
$messages[] = "<div>$users_processed users deleted</div>";
if ($_POST['content_action'] == 'assign_anonymous') {
$messages[] = "<div>$content_processed content entries assigned to Anonymous User</div>";
} else if ($_POST['content_action'] == 'assign_user') {
$messages[] = "<div>$content_processed content entries assigned to <em>$new_user[username]</em></div>";
} else if ($_POST['content_action'] == 'unpublish') {
$messages[] = "<div>$content_processed content entries unpublished</div>";
} else if ($_POST['content_action'] == 'delete') {
$messages[] = "<div>$content_processed content entries deleted</div>";
}
} else if ($_POST['action'] === 'block') {
$messages[] = "<div>$users_processed users blocked</div>";
} else if ($_POST['action'] === 'unblock') {
$messages[] = "<div>$users_processed users unblocked</div>";
} else if ($_POST['action'] === 'verify') {
$messages[] = "<div>$users_processed users verified</div>";
}
}
$page = (isset($_GET['page']) && is_numeric($_GET['page'])) ? (int) $_GET['page'] : 1;
$max_results = (isset($_GET['setmax']) && $_GET['setmax'] > 0) ? (int) $_GET['setmax'] : 100;
$from = ($page * $max_results) - $max_results;
?>
<div class="content-page">
<div class="header-area">
<div class="breadcrumbs">
<a href="index.php">Admin Home</a>
<?php
$usersTitle = "Users";
$usersLink = "";
if ($_GET['level'] && $_GET['level'] == 2) {
$usersTitle = "Partners";
$usersLink = "?level=2";
}
?>
<span><a href="users.php<?php echo $usersLink; ?>">Manage <?php echo $usersTitle; ?></a></span>
</div>
</div>
<div class="content-outer">
<h2>Manage<strong>Users</strong></h2>
<div class="notification info">To find the user you are looking for faster, you can enter either a whole or partial username or email address into the search box below.</div>
<?php if (count($errors) > 0) { ?>
<div class="notification error"><?php echo implode('<br>', $errors); ?></div>
<?php } ?>
<?php if (count($messages) > 0) { ?>
<div class="notification success"><?php echo implode('<br>', $messages); ?></div>
<?php } ?>
<?php echo getMessages(); ?>
<div class="content-inner">
<form method="POST" action="" class="form" novalidate autocomplete="off">
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Search Users</th>
</tr>
</thead>
<tbody>
<tr>
<td>Username/Email</td>
<td><input type="text" name="q" /></td>
</tr>
<tr class="item submit">
<td colspan="2">
<button type="submit" class="btn action-search">Search</button>
</td>
</tr>
</tbody>
</table>
</form>
<form method="POST" action="" class="form" novalidate autocomplete="off">
<table class="pagetable">
<thead>
<tr>
<th class="thumb">Avatar</th>
<th>Username</th>
<th>Email Address</th>
<th>Content amount</th>
<th></th>
<th style="width:50px">
<label for="check-select-all-1" class="checkbox">
<input type="checkbox" name="select_all" value="1" data-items="list[]" id="check-select-all-1">
<i></i>
</label>
</th>
</tr>
</thead>
<?php
$where = '';
if ($_POST['q'] != "") {
$q = mysqli_real_escape_string($dbconn, $_POST['q']);
$where .= "AND (`users`.`username` LIKE '%$q%' OR `users`.`email` LIKE '%$q%')";
}
if (is_numeric($_GET['level']) && $_GET['level'] != 3) {
$where .= "AND `users`.`user_level` = '" . (int) $_GET['level'] . "'";
} else if (is_numeric($_GET['level']) && $_GET['level'] == 3) {
$where .= "AND `users`.`is_admin` = 1";
} else {
$where .= "AND `users`.`user_level` = 0";
}
$result = dbQuery("SELECT *, (SELECT COUNT(*) FROM `content` WHERE `submitter` = `users`.`record_num`) AS `content__amount` FROM `users` WHERE 1=1 $where ORDER BY `users`.`username` ASC LIMIT $from,$max_results", false);
$total_results = dbValue("SELECT COUNT(*) AS `count` FROM users WHERE 1=1 $where", 'count');
$total_pages = ceil($total_results / $max_results);
?>
<tbody>
<?php if (count($result) == 0) { ?>
<tr><td colspan="6"><div class="notification alert">No users found</div></td></tr>
<?php } else { ?>
<?php foreach ($result as $row) { ?>
<tr>
<td class="thumb">
<?php if ($row['avatar'] && file_exists($misc_path . "/" . $row['avatar'])) { ?>
<img src='<?php echo $misc_url; ?>/<?php echo $row['avatar']; ?>' />
<?php } else { ?>
<img src='<?php echo $basehttp; ?>/admin/icons/noavatar.png' />
<?php } ?>
</td>
<td><?php echo $row['username']; ?></td>
<td><?php echo $row['email']; ?></td>
<td><?php echo $row['content__amount'] > 0 ? '<a href="' . $basehttp . '/admin/existing_content.php?searchSubmit=1&user=' . (int) $row['record_num'] . '" class="btn btn-xs btn-seablue"><i class="ion ion-eye"></i> ' . $row['content__amount'] . ($row['content__amount'] > 1 ? ' entries' : ' entry') . '</a>' : 0; ?></td>
<td class="options">
<a href='takeoverUser.php?id=<?php echo $row['record_num']; ?>' title="Login As User" class="btn btn-xs btn-success"><i class="ion ion-key icon-login-as"></i></a>
<a href='existing_content.php?searchSubmit=1&channel=&pornstar=&paysite=&type=&keywords=&user=<?php echo $row[record_num]; ?>' title="User Media" class="btn btn-xs btn-seablue"><i class="ion ion-cube icon-media"></i></a>
<a href='user_comments.php?id=<?php echo $row['record_num']; ?>' title="User Comments" class="btn btn-xs btn-seablue"><i class="ion ion-chatbox icon-comments"></i></a>
<a href='login_log.php?q=<?php echo $row['username']; ?>' title="User Login History" class="btn btn-xs btn-seablue"><i class="ion ion-calendar"></i></a>
<a href="edit_user.php?id=<?php echo $row['record_num']; ?>" title="Edit" class="btn btn-xs btn-orange"><i class="ion ion-edit icon-edit"></i></a>
</td>
<td>
<label class="checkbox">
<input type="checkbox" name="list[]" value="<?php echo $row['record_num']; ?>" id="ids-<?php echo $row['record_num']; ?>"><i></i>
</label>
</td>
</tr>
<?php } ?>
<?php } ?>
<tr class="item submit">
<td colspan="6">
<?php if (count($result) > 0) { ?>
<div class="processing-option short">
<select name="action" data-items="list[]" data-select-toggle="action-submit" class="processing-option short">
<option value="delete">Delete</option>
<option value="block">Block</option>
<option value="unblock">Unblock</option>
<option value="verify">Verify</option>
</select>
</div>
<div class="processing-option" data-action-submit="delete" style="display:none">
<select name="content_action" data-select-toggle="delete-action-submit">
<option value="">Do nothing with user content</option>
<option value="assign_anonymous">Assign content to Anynomous</option>
<option value="assign_user">Assign content to User</option>
<option value="delete">Delete user content</option>
<option value="unpublish">Unpublish user content</option>
</select>
</div>
<div class="processing-option" data-delete-action-submit="assign_user" style="display:none">
<input type="text" name="assign_user__username" id="changeUserAutocomplete" value="" placeholder="Start typing username..." />
<script>
$().ready(function () {
$("#changeUserAutocomplete").autocomplete({
source: "<?php echo $basehttp; ?>/admin/search_content.php?type=2",
minLength: 2
});
});
</script>
</div>
<button type="submit" class="btn action-process">Process Selected</button>
<?php } ?>
</td>
</tr>
</tbody>
</table>
</form>
<div id="adminPagination"><?php echo showAdminPagination($total_pages); ?></div>
</div>
</div>
</div>
<?php require "footer.php"; ?>