This repository has been archived by the owner on Jun 8, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadminprocess.php
192 lines (178 loc) · 6.12 KB
/
adminprocess.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
<?
/**
* AdminProcess.php
*
* The AdminProcess class is meant to simplify the task of processing
* admin submitted forms from the admin Centre, these deal with
* member system adjustments.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 15, 2004
*/
require_once ("session.php");
class AdminProcess
{
/* Class constructor */
function AdminProcess(){
global $session;
/* Make sure administrator is accessing page */
if(!$session->isAdmin()){
header("Location: index.php");
return;
}
/* Admin submitted update user level form */
if(isset($_POST['subupdlevel'])){
$this->procUpdateLevel();
}
/* Admin submitted delete user form */
else if(isset($_POST['subdeluser'])){
$this->procDeleteUser();
}
/* Admin submitted delete inactive users form */
else if(isset($_POST['subdelinact'])){
$this->procDeleteInactive();
}
/* Admin submitted ban user form */
else if(isset($_POST['subbanuser'])){
$this->procBanUser();
}
/* Admin submitted delete banned user form */
else if(isset($_POST['subdelbanned'])){
$this->procDeleteBannedUser();
}
/* Should not get here, redirect to home page */
else{
header("Location: index.php");
}
}
/**
* procUpdateLevel - If the submitted username is correct,
* their user level is updated according to the admin's
* request.
*/
function procUpdateLevel(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("upduser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Update user level */
else{
$database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteUser - If the submitted username is correct,
* the user is deleted from the database.
*/
function procDeleteUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("deluser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Delete user from database */
else{
$q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteInactive - All inactive users are deleted from
* the database, not including administrators. Inactivity
* is defined by the number of days specified that have
* gone by that the user has not logged in.
*/
function procDeleteInactive(){
global $session, $database;
$inact_time = $session->time - $_POST['inactdays']*24*60*60;
$q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time "
."AND userlevel != ".ADMIN_LEVEL;
$database->query($q);
header("Location: ".$session->referrer);
}
/**
* procBanUser - If the submitted username is correct,
* the user is banned from the member system, which entails
* removing the username from the users table and adding
* it to the banned users table.
*/
function procBanUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("banuser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Ban user from member system */
else{
$q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
$database->query($q);
$q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteBannedUser - If the submitted username is correct,
* the user is deleted from the banned users table, which
* enables someone to register with that username again.
*/
function procDeleteBannedUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("delbanuser", true);
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Delete user from database */
else{
$q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* checkUsername - Helper function for the above processing,
* it makes sure the submitted username is valid, if not,
* it adds the appropritate error to the form.
*/
function checkUsername($uname, $ban=false){
global $database, $form;
/* Username error checking */
$subuser = $_POST[$uname];
$field = $uname; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$ban && !$database->usernameTaken($subuser))){
$form->setError($field, "* Username does not exist<br>");
}
}
return $subuser;
}
};
/* Initialize process */
$adminprocess = new AdminProcess;
?>