mhmcr /admin/users.php

Language PHP Lines 139
MD5 Hash 1d84608d792e033286874b90d6f2ac66 Estimated Cost $3,120 (why?)
Repository https://bitbucket.org/mhell/mhmcr.git View Raw File View Project SPDX
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
	
	/*
	* MhMCR r01
	* based on WebMCR 1.5
	* by MineHell.ru developers
	*/

	if (!defined('mhmcr'))
		die('');
	
	switch (@$_GET['act']) {
		case 'search': {
			$what = @$_GET['what'];
			if (!@$_GET['query']) {
				include('template/usersearch.html');
				break;
			} else {
				if (array_key_exists($_GET['what'],$db['users'])) 
					$field = $db['users'][$_GET['what']];
				else
					$field = $db['users']['username'];
				$qi = mysql_query("SELECT * FROM ".$db['tables']['users']." WHERE ".$field." LIKE '%".mysql_real_escape_string($_GET['query'])."%' ORDER BY ".$db['users']['username']." ASC;");
				$users = array();
				while ($entry = mysql_fetch_assoc($qi)) {
					$users[] = $entry;
				}
				$usercount = count($users);
				$pagecount = ceil($usercount/20);
				$userblocks = array();
				for ($i=0; $i<$pagecount; $i++) {
					$block = array();
					for ($j=0; $j<=19; $j++) {
						$ind = ($i*20)+$j;
						if (array_key_exists($ind,$users))
							$block[]=$users[$ind];
					}
					$userblocks[] = $block;
				}
				include('template/usersearch.html');
				break;
			}
		}
		case 'ban': {
			if (!@$_POST) {
				$userentry = new User(intval($_GET['id']),$db['users']['id']);
				if (!$userentry->id()) {
					Header('Location: ?page=users');
					die('');
				}
				include('template/userban.html');
				break;
			} else { 
				$userentry = new User(intval($_GET['id']),$db['users']['id']);
				if (!$userentry->id()) {
					Header('Location: ?page=users');
					die('');
				}
				if ($_POST['banip']) {
					$days = intval($_POST['days']);
					mysql_query("DELETE FROM ".$db['tables']['ipban']." WHERE IP='".$userentry->ip()."'");
					mysql_query("INSERT INTO ".$db['tables']['ipban']." (IP,time_start,ban_until) VALUES ('".$userentry->ip()."',NOW(),NOW()+INTERVAL ".$days." DAY);");
				}
				if ($_POST['banuser']) {
					$userentry->changeLvl(0);
				}
				Header('Location: ?page=users');
			}
			break;
		}
		case 'edit': {
			if (!@$_POST) {
				$userentry = mysql_fetch_assoc(mysql_query("SELECT * FROM ".$db['tables']['users']." WHERE ".$db['users']['id']."='".intval($_GET['id'])."' LIMIT 1;"));
				include('template/useredit.html');
				break;
			} else {
				//POSTED!
				$userentry = new User(intval($_GET['id']),$db['users']['id']);
				if (!$userentry->id()) {
					Header('Location: ?page=users');
					die('');
				}
				if (!empty($_POST['username']))
					$userentry->changeName($_POST['username']);
				if (!empty($_POST['email']))
					$userentry->changeEmail($_POST['email']);
				if (!empty($_POST['password']))
					$userentry->changePassword($_POST['password']);
				if (isset($_POST['level'])) 
					$userentry->changeLvl((int) $_POST['level']);
				if (empty($_FILES['skin']['tmp_name']) and !empty($_POST['delskin'])) 
					$userentry->deleteSkin();
				if (empty($_FILES['cloak']['tmp_name']) and !empty($_POST['delcloak']))
					$userentry->deleteCloak();
				if (!empty($_FILES['skin']['tmp_name']))
					if (POSTGood('skin')) 
						POSTUpload('skin', $userentry->getSkinFName(), 64, 2);
				if (!empty($_FILES['cloak']['tmp_name']))
					if (POSTGood('cloak')) 
						POSTUpload('cloak', $userentry->getCloakFName(), 22, 1.29);
				Header('Location: ?page=users');
				break;
			}
		}
		case 'del': {
			$id = intval($_GET['id']);
			$userentry = new User($id,$db['users']['id']);
			if (!$userentry->id()) {
				Header('Location: ?page=users');
				die('');
			}
			$userentry->deleteSkin();
			$userentry->deleteCloak();
			mysql_query("DELETE FROM ".$db['tables']['users']." WHERE ".$db['users']['id']."='".$id."' LIMIT 1;");
			Header('Location: ?page=users');
			break;
		}
		default: {
			$qi = mysql_query("SELECT * FROM ".$db['tables']['users']." ORDER BY ".$db['users']['username']." ASC;");
			$users = array();
			while ($entry = mysql_fetch_assoc($qi)) {
				$users[] = $entry;
			}
			$usercount = count($users);
			$pagecount = ceil($usercount/20);
			$userblocks = array();
			for ($i=0; $i<$pagecount; $i++) {
				$block = array();
				for ($j=0; $j<=19; $j++) {
					$ind = ($i*20)+$j;
					if (array_key_exists($ind,$users))
						$block[]=$users[$ind];
				}
				$userblocks[] = $block;
			}
			include('template/users.html');
			break;
		}
	}
Back to Top