File: /home/httpd/html/baretube.com.new/admin/edit_user.php
<?php
require "db.php";
if (!is_numeric($_GET['id'])) {
exit();
}
$id = (int) $_GET['id'];
$row = dbRow("SELECT * FROM `users` WHERE `record_num` = '$id'");
if (!is_array($row)) {
setMessage("User ID $id does not exist!", 'error');
pageNotFound(true);
}
if (isset($_POST['formSubmit'])) {
$_POST = array_map_array('trim', $_POST);
$_POST = array_map_array('strip_tags', $_POST, array('description', 'freeform'));
if ($_POST['username'] == '') {
setMessage('Username is required!', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `username` = '" . mysqli_real_escape_string($dbconn, $_POST['username']) . "' AND `record_num` != '$id'", false))) {
setMessage('This username is already taken!', 'error');
}
if ($_POST['email'] == '') {
setMessage('E-mail is required!', 'error');
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage('Invalid e-mail address', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "' AND `record_num` != '$id'", false))) {
setMessage('This e-mail is not available!', 'error');
}
if ($_FILES['file']['tmp_name']) {
if (filesize($_FILES['file']['tmp_name']) > $config['max_avatar_size'] * 1024) {
setMessage('Avatar is too big. It can be a maximum of %sizekB in GIF, JPG, or PNG format.', array('%size' => $config['max_avatar_size']), 'error');
} else {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Avatar"', 'error');
}
}
}
if ($_POST['user_level'] == 2 && $_FILES['banner']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['banner']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Banner"', 'error');
}
}
if (!getMessages(false, 'error')) {
$_POST['is_admin'] = (int)$_POST['is_admin'];
$profile = array(
'username' => $_POST['username'],
'is_admin' => (int) $_POST['is_admin'],
'email' => $_POST['email'],
'is_admin' => $_POST['is_admin'],
'user_level' => (int) $_POST['user_level'],
'location' => $_POST['location'],
'age' => $_POST['age'],
'gender' => $_POST['gender'],
'description' => strip_tags($_POST['description']),
'name' => $_POST['name'],
'phone' => $_POST['phone'],
'im' => $_POST['im'],
'im_type' => $_POST['im_type'],
'backlink' => $_POST['backlink'],
'program_name' => $_POST['program_name'],
'program_url' => $_POST['program_url'],
'premium' => (int) $_POST['premium'],
'freeform' => strip_tags($_POST['freeform']),
'custom' => serialize($_POST['custom']),
'enabled' => (int) $_POST['enabled'],
'session_reload' => 1,
'record_num' => $id,
);
if ($_POST['change_password'] != '') {
$profile['password'] = md5($_POST['change_password'] . dbValue("SELECT `salt` FROM `users` WHERE `record_num` = '$id'", 'salt'));
}
dbUpdate('users', $profile);
dbQuery("INSERT INTO users_tokens SET user = $id, tokens = ".(int)$_POST['tokens']." ON DUPLICATE KEY UPDATE tokens = ".(int)$_POST['tokens']);
if ($_FILES['file']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
$filename = uniqid() . '.' . $ext[0];
$target = "$misc_path/$filename";
$target_big = "$misc_path/big-$filename";
move_uploaded_file($_FILES['file']['tmp_name'], $target_big);
makeImageThumbnail($target_big, $target, 800, 600, 'mogrify');
makeImageThumbnail($target_big, $target, 170, 130);
dbQuery("UPDATE `users` SET `avatar` = '$filename' WHERE `record_num` = '$id'", false);
}
if ($_POST['user_level'] == 2 && $_FILES['banner']['tmp_name']) {
$filename = uniqid() . trim($_FILES['banner']['name']);
$target = "$misc_path/$filename";
move_uploaded_file($_FILES['banner']['tmp_name'], $target);
dbQuery("UPDATE `users` SET `banner` = '$filename' WHERE `record_num` = '$id'");
}
if ($_POST['user_level'] == 3) {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php?level=3"><b>Click here to return to Admins List</b></a>');
} elseif ($_POST['user_level'] == 2) {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php?level=2"><b>Click here to return to Partners List</b></a>');
} else {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php"><b>Click here to return to Users List</b></a>');
}
header("Location: $_SERVER[REQUEST_URI]");
exit;
}
}
$row['custom'] = unserialize($row['custom']);
$_POST += $row;
entities_walk($_POST);
?>
<? require "header.php"; ?>
<div class="content-page">
<div class="header-area">
<div class="breadcrumbs">
<a href="index.php">Admin Home</a>
<span><a href="users.php">Manage Users</a></span>
</div>
</div>
<div class="content-outer">
<h2>Edit<strong>User</strong></h2>
<div class="content-inner">
<? echo getMessages(); ?>
<form method="POST" action="" enctype="multipart/form-data" class="form" novalidate autocomplete="off">
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Edit User - <? echo $_POST['username']; ?></th>
</tr>
</thead>
<tr>
<td>Username</td>
<td><input name="username" type="text" value="<? echo $_POST['username']; ?>" required data-min-length="3" data-max-length="20" /></td>
</tr>
<tr>
<td>Change Password</td>
<td><input name="change_password" type="text" value="" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" type="email" value="<? echo $_POST['email']; ?>" required /></td>
</tr>
<tr>
<td>Admin Account</td>
<td>
<select name="is_admin">
<option<?php echo ($row['is_admin'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<?php echo ($row['is_admin'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Location</td>
<td><input name="location" type="text" value="<? echo $_POST['location']; ?>" /></td>
</tr>
<tr>
<td>Age</td>
<td><input name="age" type="number" value="<? echo $_POST['age']; ?>" min="0" class="short" /></td>
</tr>
<tr>
<td>Gender</td>
<td>
<select name="gender">
<option<? echo ($_POST['gender'] == 'Male') ? ' selected' : ''; ?> value="Male">Male</option>
<option<? echo ($_POST['gender'] == 'Female') ? ' selected' : ''; ?> value="Female">Female</option>
</select>
</td>
</tr>
<tr>
<td>Description</td>
<td>
<textarea name="description" cols="45" rows="8"><? echo $_POST['description']; ?></textarea>
<div class="hint">Allowed HTML tags: <b>, <i>, <em>, <strong>, <a>, <img></div>
</td>
</tr>
<tr>
<td>Email Validation</td>
<td>
<input name="validate" type="text" value="<? echo $_POST['validate']; ?>" />
<p class="hint">(Verified user = empty field)</p>
</td>
</tr>
<tr>
<td>User Type</td>
<td>
<select name="user_level">
<option<? echo ($_POST['user_level'] == 0) ? ' selected' : ''; ?> value="0">Normal</option>
<option<? echo ($_POST['user_level'] == 2) ? ' selected' : ''; ?> value="2">Partner</option>
</select>
</td>
</tr>
<? if ($_POST['user_level'] == 2) { ?>
<tr>
<td>Backlink URL</td>
<td><input name="backlink" type="text" value="<? echo $_POST['backlink']; ?>" /></td>
</tr>
<tr>
<td>Backlink Banner</td>
<td><input type="file" name="banner" /></td>
</tr>
<? if ($_POST['banner']) { ?>
<tr>
<td>Current Banner</td>
<td><img src='http://<? echo $mediadomain; ?>/misc/<? echo $_POST['banner']; ?>'></td>
</tr>
<? } ?>
<tr>
<td>Contact Name</td>
<td><input name="name" type="text" value="<? echo $_POST['name']; ?>" /></td>
</tr>
<tr>
<td>Contact Phone</td>
<td><input name="phone" type="text" value="<? echo $_POST['phone']; ?>" /></td>
</tr>
<tr>
<td>IM</td>
<td><input name="im" type="text" value="<? echo $_POST['im']; ?>" /></td>
</tr>
<tr>
<td>IM Type</td>
<td>
<select name="im_type">
<option<? echo ($_POST['im_type'] == 'ICQ') ? ' selected' : ''; ?>>ICQ</option>
<option<? echo ($_POST['im_type'] == 'AIM') ? ' selected' : ''; ?>>AIM</option>
<option<? echo ($_POST['im_type'] == 'MSN') ? ' selected' : ''; ?>>MSN</option>
<option<? echo ($_POST['im_type'] == 'Y!M') ? ' selected' : ''; ?>>Y!M</option>
</select>
</td>
</tr>
<tr>
<td>Site Name</td>
<td><input name="program_name" type="text" value="<? echo $_POST['program_name']; ?>" /></td>
</tr>
<tr>
<td>Site URL</td>
<td><input name="program_url" type="text" value="<? echo $_POST['program_url']; ?>" /></td>
</tr>
<tr>
<td>Comments/Info</td>
<td>
<textarea name="freeform" cols="45" rows="8"><? echo $_POST['freeform']; ?></textarea>
<div class="hint">Allowed HTML tags: <b>, <i>, <em>, <strong>, <a>, <img></div>
</td>
</tr>
<? } ?>
<tr>
<td>Premium</td>
<td>
<select name="premium">
<option<? echo ($_POST['premium'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<? echo ($_POST['premium'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Tokens</td>
<td><input name="tokens" type="number" value="<? echo dbValue("SELECT `tokens` FROM `users_tokens` WHERE `user` = '$id'", 'tokens'); ?>" min="0" class="short" /></td>
</tr>
<tr>
<td>Account Enabled</td>
<td>
<select name="enabled">
<option<? echo ($_POST['enabled'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<? echo ($_POST['enabled'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Avatar</td>
<td><input type="file" name="file" /></td>
</tr>
<?php if (!empty($_POST['avatar']) && file_exists("$misc_path/{$_POST['avatar']}")) { ?>
<tr>
<td>Current Avatar</td>
<td>
<img src="<?php echo "$misc_url/{$_POST['avatar']}?time=" . time(); ?>" />
</td>
</tr>
<?php } ?>
<? foreach ($custom_user_fields as $k => $v) { ?>
<tr>
<td><? echo $k; ?></td>
<td>
<? if (is_array($v)) { ?>
<select name="custom[<? echo $k; ?>]">
<? foreach ($v as $i) { ?>
<option<? echo ($custom[$k] == $i) ? ' selected' : ''; ?>><? echo $i; ?></option>
<? } ?>
</select>
<? } else { ?>
<input type="text" name="custom[<? echo $k; ?>]" value="<? echo $_POST['custom'][$k]; ?>" />
<? } ?>
</td>
</tr>
<? } ?>
<tr class="item submit">
<td colspan="2">
<input type="hidden" name="id" value="<? echo $id; ?>">
<input type="hidden" name="formSubmit" value="1">
<button type="submit" class="btn action-save">Save</button>
</td>
</tr>
</table>
</form>
</div>
</div>
</div>
<? require "footer.php"; ?>