This repository has been archived by the owner on May 31, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
edituser.php
127 lines (122 loc) · 4.17 KB
/
edituser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
include 'includes/header.php';
require 'includes/config.php';
?>
<body>
<?php
if($_SESSION['status'] == "admin")
{
?>
<div class="container">
<?php
$page='usermanager';
include 'includes/navbar.php';
include 'includes/file-nav.php';
?>
<div class="sub-page-main">
<div class="display-menu">
<!-- Or delete just the button if no buttons on the page -->
</div>
<?php
$sqlGetMember = "SELECT * FROM Users WHERE id=".$_SESSION['editableUser'];
$resultGetMember = mysqli_query($conn, $sqlGetMember);
$doesUserExist = false;
$userID = null;
$oldNick = null;
$oldHashedPassword = null;
while($row = mysqli_fetch_assoc($resultGetMember))
{
$doesUserExist = true;
$userID = $row['id'];
$oldNick = $row['nick'];
$oldHashedPassword = $row['password'];
echo '<div class="changebox">';
echo "<form method='POST'>";
echo "ID: ".$row['id']."<br>";
echo "<input name='nick' placeholder='nickname' value=".$row['nick']."></input><br>";
echo "<input name='email' placeholder='Email' value=".$row['email']."></input><br>";
echo "<input type='password' name='password' placeholder='password'></input> If not changed, password will stay the same<br>";
echo "<select name='status'>";
echo "<option value='user'>User</option>";
if($row['status'] == "user")
echo "<option value='admin'>Admin</option>";
else
echo "<option value='admin' selected>Admin</option>";
echo "</select><br>";
echo "<select name='suspended'>";
if($row['suspended'] == "0")
{
echo "<option value='0'>Not suspended</option>";
echo "<option value='1'>Suspended</option>";
}
else
{
echo "<option value='0'>Not suspended</option>";
echo "<option value='1' selected>Suspended</option>";
}
echo "</select><br>";
echo "<button class='butonas' style='margin-top:15px;' name='edit-user-submit' >Edit</button><br>";
echo "</form>";
}
if(!$doesUserExist)
{
echo "ERROR. User does not exist!<br>"; //klaida kurios neturetu buti niekada, bet del viso pikto
}
if(isset($_POST['edit-user-submit']))
{
// echo $userID."<br>";
// echo $_POST['nick']."<br>";
// echo $_POST['password']."<br>";
// echo $_POST['suspended']."<br>";
$newNick = mysqli_real_escape_string($conn, $_POST['nick']);
$newPassword = mysqli_real_escape_string($conn, $_POST['password']);
$newSuspension = mysqli_real_escape_string($conn, $_POST['suspended']);
$newStatus = mysqli_real_escape_string($conn, $_POST['status']);
$newEmail = mysqli_real_escape_string($conn, $_POST['email']);
$hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT); //encryptinimas
//VALIDACIJA
$validationAccepted = true;
// reiskia naudojam sena slaptazodi
if(strlen($newPassword) == 0)
{
$hashedPassword = $oldHashedPassword;
}
//Jeigu yra keiciamas userio nick, butina patikrinti ar kitokiu tokiu nera
if($oldNick != $newNick)
{
$sqlGetUsersForValidation = "SELECT * FROM Users WHERE nick='".$newNick."'";
$resultsUsersForValidation = mysqli_query($conn, $sqlGetUsersForValidation);
if(mysqli_num_rows($resultsUsersForValidation) > 0)
{
//tai reiskia kad egzistuoja daugiau nei 0 useriu su pasirinktu nicku, todel tai draudziama
$validationAccepted = false;
}
}
// ----- VALIDACIJOS PABAIGA
if($validationAccepted)
{
$sqlUpdate = "UPDATE Users SET nick='$newNick', password='$hashedPassword', status='$newStatus', suspended='$newSuspension', email='$newEmail' WHERE id='$userID'";
if(mysqli_query($conn, $sqlUpdate))
{
rename("./files/".$oldNick, "./files/".$newNick);
echo "User has been succesfully edited!<br>";
UploadLog("User ".$newNick." was edited!");
}
}
else
{
echo "<font color='red'>VALIDATION ERROR!</font><br>";
}
}
echo '</div>';
}
else
{
echo '<meta http-equiv="refresh" content="0; url=./errorAuthorization.shtml" />';
echo "You are not authorised to view this page!<br>";
}
?>
</div>
</div>
</body>
</html>