Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
mnt
/
volume_sfo2_01
/
50mmla
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
/mnt/volume_sfo2_01/50mmla/admin/userEdit.php
<? include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); include_once('includes/static/util.php'); include_once('includes/appTop.php'); $page_id = str_replace(".php","",basename($_SERVER['PHP_SELF'])); if(!has_permission($page_id)){ die("You don't have permission to view this page!"); } ?> <? $uid = 0; if(isset($_REQUEST['userId'])){ $uid = $_REQUEST['userId']; } $html = ""; if(isset($_REQUEST['update'])){ $email = $_REQUEST['email']; $url = $_REQUEST['website']; $uname = $_REQUEST['username']; $password = $_REQUEST['password']; $profile = $_REQUEST['profile']; $user_type = $_REQUEST['userType']; $banned = $_REQUEST['banned']; $cur_file = $_FILES['file']['name']; $cur_temp = $_FILES['file']['tmp_name']; $cur_mime = $_FILES['file']['type']; $cur_size = $_FILES['file']['size']; $cur_error = $_FILES['file']['error']; //first check for unique name $sql = "SELECT user_id FROM 50mm_users WHERE username ='$uname'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $update = false; $id_row = $db->sql_fetchrow($result); //check for uniquenes if( $db->sql_numrows($result) < 1){ $update = true; }else if(($id_row['user_id'] == $uid) && ($db->sql_numrows($result) == 1)){ //updating your username $update = true; } if($update){ //store profile image on the server $unique_name = ""; $valid = validate_content($cur_error,$cur_mime,$cur_size,$cur_file,PROFILE_MAX_KB); if($valid['result']){ $type = explode("/",$cur_mime); $cur_type = trim($type[0]); $unique_name = get_unique_filename($cur_file); $image_info = getimagesize($cur_temp); //check to see if image needs resizing if(($image_info[0] > PROFILE_IMG_WIDTH) || ($image_info[1] > PROFILE_IMG_HEIGHT)){ //create image res $gd = new gd_img($cur_mime,$cur_temp); if(!$gd->img_id){ die($gd->gd_error);} //scale image $id = $gd->gd_scale_img(PROFILE_IMG_WIDTH,PROFILE_IMG_WIDTH,IMG_QUALITY); if(!$id){ die($gd->gd_error);} //create image $res = $gd->gd_create_img($id,ROOT_DIR.PROFILE_IMG_DIR.$unique_name); if(!$res){ die($gd->gd_error);} }else{ if (!copy($cur_temp, ROOT_DIR.PROFILE_IMG_DIR.$unique_name)) { die("Failed Image Upload"); } } //delete old image from disk. if(!empty($row['image'])){ unlink(ROOT_DIR.PROFILE_IMG_DIR.$row['image']); } //update table $sql = "UPDATE 50mm_users SET email='$email',username='$uname',password='$password',image='$unique_name',profile='$profile',url='$url',user_type='$user_type',banned = '$banned' WHERE user_id='$uid'"; }else{ //no image being uploaded or image is too large $html.= "<div class=\"error\">".$valid['error']."</div>"; $sql = "UPDATE 50mm_users SET email='$email',username='$uname',password='$password',profile='$profile',url='$url',user_type='$user_type',banned = '$banned' WHERE user_id='$uid'"; } if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $html.= "<div class=\"hilite\">operation successful</div>\n"; }else{ $html.= "<div class=\"error\">username is not unique</div>"; } } $sql="SELECT username,email,profile,image,url,user_type,banned,password FROM 50mm_users WHERE user_id = '$uid'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); include_once('includes/header.php'); ?> <?echo $html;?> <script>registerDivs = new Array('email','username','password');</script> <table cellspacing="0" cellpadding="0" border="0"> <tr valign="top"> <td> <form action="<?echo $_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,registerDivs,'errorUpdate');"> <table cellspacing="0" cellpadding="4" border="0"> <tr> <td><span class="title">Modify Profile</span></td> </tr> <tr> <td>Ban User: <br> <?if($row['banned']){?> Yes <input name="banned" type="radio" value="1" checked> No <input name="banned" type="radio" value="0"> <?}else{?> Yes <input name="banned" type="radio" value="1"> No <input name="banned" type="radio" value="0" checked> <?}?> </td> </tr> <tr> <td> <? $menu ="<select name=\"userType\">"; if($row['user_type'] == "WEB"){ $menu.="<option value=\"WEB\" selected>WEB</option>\n"; $menu.="<option value=\"EDITOR\">EDITOR</option>\n"; $menu.="<option value=\"ADMIN\">ADMIN</option>\n"; }elseif($row['user_type'] == "EDITOR"){ $menu.="<option value=\"WEB\">WEB</option>\n"; $menu.="<option value=\"EDITOR\" selected>EDITOR</option>\n"; $menu.="<option value=\"ADMIN\">ADMIN</option>\n"; }elseif($row['user_type'] == "ADMIN"){ $menu.="<option value=\"WEB\">WEB</option>\n"; $menu.="<option value=\"EDITOR\">EDITOR</option>\n"; $menu.="<option value=\"ADMIN\" selected>ADMIN</option>\n"; } $menu.="</select>"; echo $menu; ?> </td> </tr> <tr> <td>Email<span id="erremail" class="error" style="visibility:hidden;"> *</span> <br> <input type="text" name="email" value="<?echo $row['email']?>" class="field" maxlength="120"> </td> </tr> <tr> <td>Username<span id="errusername" class="error" style="visibility:hidden;"> *</span> <br> <input type="text" name="username" value="<?echo $row['username']?>" class="field" maxlength="30"> </td> </tr> <tr> <td>Password<span id="errpassword" class="error" style="visibility:hidden;"> *</span> <br> <input type="text" name="password" value="<?echo $row['password']?>" class="field" maxlength="30"> </td> </tr> <tr> <td>Website <br> <input type="text" name="website" value="<?echo $row['url']?>" class="field"> </td> </tr> <tr valign="top"> <td> <? if(!empty($row['image'])){ echo '<img src="'.PROFILE_IMG_DIR.$row['image'].'">'; } ?> <br> Replace Profile Image <br> <input type="file" name="file" class="field"> </td> </tr> <tr valign="top"> <td>Profile Text <br> <textarea class="body" name="profile" style="width: 400px; height: 200px;"><?echo $row['profile']?></textarea> </td> </tr> <tr> <td> <input name="update" type="submit" class="button" value="Save Changes"><br> <?echo $html?> <input type="hidden" name="userId" value="<?echo $uid?>"> <div id="errorUpdate" class="error" style="visibility:hidden;">Please correct the fields marked by *</div> </td> </tr> </table> </form> </td> <td width="30"> </td> <td> <? // show permisisions and handle update if($row['user_type'] != "WEB"){ if( isset($_REQUEST['permissionOn']) ){ //first turn off all permissions ************************************** $sql = "SELECT * FROM 50mm_permissions LIMIT 1"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); unset($row['user_id']); $keys = array_keys($row); $sql_update = "UPDATE 50mm_permissions SET "; for($i=0;$i<count($keys);$i++){ if($i>0){ $sql_update.= " , ".$keys[$i]." = 0"; }else{ $sql_update.= $keys[$i]." = 0"; } } $sql_update.= " WHERE user_id='$uid'"; if( !($result = $db->sql_query($sql_update)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } //turn on all permissions that have been selected ************************************ $i = 0; $sql_update = "UPDATE 50mm_permissions SET "; while(list($key,$value) = each($_REQUEST)){ if (preg_match("/permission_/i",$key)){ $priv_cols = explode("_",$key); if($i>0){ $sql_update.= " , ".$priv_cols[1]." = 1"; }else{ $sql_update.= $priv_cols[1]." = 1"; } $i++; } } $sql_update.= " WHERE user_id='$uid'"; //execute query if($i>0){ if( !($result = $db->sql_query($sql_update)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } echo "<div class=\"hilite\">operation successful</div><script>top.leftFrame.location.reload();</script>"; } $form = "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\" enctype=\"multipart/form-data\">\n"; $sql = "SELECT user_id FROM 50mm_permissions WHERE user_id = '$uid'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($db->sql_numrows($result) == 0 ){ //we must insert user id into the permissions table because we've changed permissions $sql = "INSERT INTO 50mm_permissions (user_id) VALUES ('$uid')"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } $sql = "SELECT * FROM 50mm_permissions WHERE user_id = '$uid'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); unset($row['user_id']); $keys = array_keys($row); $form.= "<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\">\n"; for($i=0;$i<count($keys);$i++){ $evenodd = $i % 2; if($evenodd){ $form.="<tr class=\"dark\" onMouseOver=\"swapClass(this,'over');\" onMouseOut=\"swapClass(this,'dark');\" >\n"; }else{ $form.="<tr class=\"light\" onMouseOver=\"swapClass(this,'over');\" onMouseOut=\"swapClass(this,'light');\" >\n"; } $form.="<td>".$keys[$i]."</td>"; $form.="<td width=\"10\"> </td>"; if($row[$keys[$i]]){ $form.="<td><input type=\"checkbox\" name=\"permission_".$keys[$i]."\" value=\"\" checked></td>\n"; }else{ $form.="<td><input type=\"checkbox\" name=\"permission_".$keys[$i]."\" value=\"\"></td>\n"; } $form.="</tr>\n"; } $form.="</table>\n"; $form.="<input type=\"checkbox\" name=\"selectAll\" onClick=\"return checkUncheckAll(this.form);\"> Select/Deselect All<br>\n"; $form.="<input type=\"submit\" name=\"permissionOn\" value=\"Turn On Selected\" class=\"button\">\n"; $form.="<input type=\"hidden\" name=\"userId\" value=\"".$uid."\">\n"; $form.="</form>"; echo $form; }else{//this is a web user so make sure that they don't have any permissions $sql = "DELETE FROM 50mm_permissions WHERE user_id = '$uid'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } } ?> </td> </tr> </table> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?>