File: /home/httpd/html/xdudes.com/admin/edit_user.php
<?php
require "db.php";
if (!is_numeric($_GET['id'])) {
exit();
}
$id = (int) $_GET['id'];
$row = dbRow("SELECT * FROM `users` WHERE `record_num` = '$id'");
if (!is_array($row)) {
setMessage("User ID $id does not exist!", 'error');
pageNotFound(true);
}
if (isset($_POST['formSubmit'])) {
$_POST = array_map_array('trim', $_POST);
$_POST = array_map_array('strip_tags', $_POST, array('description', 'freeform'));
if ($_POST['username'] == '') {
setMessage('Username is required!', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `username` = '" . mysqli_real_escape_string($dbconn, $_POST['username']) . "' AND `record_num` != '$id'", false))) {
setMessage('This username is already taken!', 'error');
}
if ($_POST['email'] == '') {
setMessage('E-mail is required!', 'error');
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
setMessage('Invalid e-mail address', 'error');
} else if (is_array(dbQuery("SELECT `record_num` FROM `users` WHERE `email` = '" . mysqli_real_escape_string($dbconn, $_POST['email']) . "' AND `record_num` != '$id'", false))) {
setMessage('This e-mail is not available!', 'error');
}
if ($_FILES['file']['tmp_name']) {
if (filesize($_FILES['file']['tmp_name']) > $config['max_avatar_size'] * 1024) {
setMessage('Avatar is too big. It can be a maximum of %sizekB in GIF, JPG, or PNG format.', array('%size' => $config['max_avatar_size']), 'error');
} else {
$ext = explode(".", strtolower($_FILES['file']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Avatar"', 'error');
}
}
}
if ($_POST['user_level'] == 2 && $_FILES['banner']['tmp_name']) {
$ext = explode(".", strtolower($_FILES['banner']['name']));
$ext = array_reverse($ext);
if (!in_array($ext[0], array('jpg', 'jpeg', 'png', 'gif'))) {
setMessage('You may only upload image files for "Banner"', 'error');
}
}
if (!getMessages(false, 'error')) {
$_POST['is_admin'] = (int)$_POST['is_admin'];
$profile = array(
'username' => $_POST['username'],
'is_admin' => (int) $_POST['is_admin'],
'email' => $_POST['email'],
'is_admin' => $_POST['is_admin'],
'freeform' => strip_tags($_POST['freeform']),
'custom' => serialize($_POST['custom']),
'enabled' => (int) $_POST['enabled'],
'session_reload' => 1,
'record_num' => $id,
);
if ($_POST['change_password'] != '') {
$profile['password'] = md5($_POST['change_password'] . dbValue("SELECT `salt` FROM `users` WHERE `record_num` = '$id'", 'salt'));
}
dbUpdate('users', $profile);
if ($_POST['user_level'] == 3) {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php?level=3"><b>Click here to return to Admins List</b></a>');
} elseif ($_POST['user_level'] == 2) {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php?level=2"><b>Click here to return to Partners List</b></a>');
} else {
setMessage('User updated. <a href="' . $basehttp . '/admin/users.php"><b>Click here to return to Users List</b></a>');
}
header("Location: ".$_SERVER['REQUEST_URI']);
exit;
}
}
$row['custom'] = unserialize($row['custom']);
$_POST += $row;
entities_walk($_POST);
?>
<? require "header.php"; ?>
<div class="content-page">
<div class="header-area">
<div class="breadcrumbs">
<a href="index.php">Admin Home</a>
<span><a href="users.php">Manage Users</a></span>
</div>
</div>
<div class="content-outer">
<h2>Edit<strong>User</strong></h2>
<div class="content-inner">
<? echo getMessages(); ?>
<form method="POST" action="" enctype="multipart/form-data" class="form" novalidate autocomplete="off">
<table class="pagetable">
<thead>
<tr>
<th colspan="2">Edit User - <? echo $_POST['username']; ?></th>
</tr>
</thead>
<tr>
<td>Username</td>
<td><input name="username" type="text" value="<? echo $_POST['username']; ?>" required data-min-length="3" data-max-length="20" /></td>
</tr>
<tr>
<td>Change Password</td>
<td><input name="change_password" type="text" value="" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" type="email" value="<? echo $_POST['email']; ?>" required /></td>
</tr>
<tr>
<td>Admin Account</td>
<td>
<select name="is_admin">
<option<?php echo ($row['is_admin'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<?php echo ($row['is_admin'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr>
<td>Account Enabled</td>
<td>
<select name="enabled">
<option<? echo ($_POST['enabled'] == '0') ? ' selected' : ''; ?> value="0">No</option>
<option<? echo ($_POST['enabled'] == '1') ? ' selected' : ''; ?> value="1">Yes</option>
</select>
</td>
</tr>
<tr class="item submit">
<td colspan="2">
<input type="hidden" name="id" value="<? echo $id; ?>">
<input type="hidden" name="formSubmit" value="1">
<button type="submit" class="btn action-save">Save</button>
</td>
</tr>
</table>
</form>
</div>
</div>
</div>
<? require "footer.php"; ?>