| [ PHPXref.com ] | [ Generated: Sun Jul 20 19:04:52 2008 ] | [ OneCMS 2.3 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 include ("config.php"); 3 if ($ipbancheck3 == "0") {if ($numv == "0"){ 4 if ($warn == $naum) { 5 echo "You are banned from the Admin CP...now go away!"; 6 } else { 7 8 if(!isset($_GET['page'])){ 9 $page = 1; 10 } else { 11 $page = $_GET['page']; 12 } 13 14 $from = (($page * $max_results) - $max_results);echo '<SCRIPT LANGUAGE="JavaScript">var checkflag = "false";function check(field) {if (checkflag == "false") {for (i = 0; i < field.length; i++) {field[i].checked = true;}checkflag = "true";return "Uncheck All"; }else {for (i = 0; i < field.length; i++) {field[i].checked = false; }checkflag = "false";return "Check All"; }}</script>'; 15 16 if ((($userlevel == "3") or ($userlevel == "4") or ($userlevel == "5"))) { 17 echo "Sorry ".$_COOKIE[username].", but you do not have permission to manage users. You are only a $level."; 18 } else { 19 20 if ($_GET['view'] == "search") { 21 22 echo "<title>OneCMS - www.insanevisions.com/onecms > Users > Search</title>"; 23 24 echo "<form action='a_users.php?view=search' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td>Search for user</td><td><input type='text' name='search'></td><td><input type='submit' name='Submit' value='Search'></td></tr></table></form>"; 25 26 echo "<form action='a_users.php?view=manage' name='form1' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td><b>Username</b></td><td><b><b>Edit</b></td><td><b>Delete</b></td></tr><center><div align=\"center\">"; 27 28 $query="SELECT * FROM onecms_users WHERE username LIKE '%" . $search . "%' ORDER BY `id` DESC LIMIT $from, $max_results"; 29 $result=mysql_query($query); 30 while($row = mysql_fetch_array($result)) { 31 $id = "$row[id]"; 32 $Username2 = "$row[username]"; 33 $Username = stripslashes($Username2); 34 echo "<tr><td><a href='elite.php?user=".$row[id]."' target='popup'>$Username</a></td><td><input type=\"checkbox\" name=\"id[]\" value=\"$id\"></td><td><input type=\"checkbox\" name=\"delete[]\" value=\"$id\"></td></tr>"; 35 } 36 37 echo "<tr><td><div align='right'><input type='submit' name='submit' value='Submit'></td><td><input type=button value='Check All' onClick='this.value=check(this.form)'></td><td><a href=\"a_users.php?view=add\">Add user</a></td><td><a href='a_users.php?view=manage&change=1'>Change Passwords</a></td></tr></form></table><br><br>"; 38 39 $total_results = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM onecms_users WHERE username LIKE '%" . $search . "%'"),0); 40 41 $total_pages = ceil($total_results / $max_results); 42 43 echo "<center>Select a Page<br>"; 44 45 // Build Previous Link 46 if($page > 1){ 47 $prev = ($page - 1); 48 echo "<a href=\"a_users.php?view=search&page=$prev\"><<Previous</a> "; 49 } 50 51 for($i = 1; $i <= $total_pages; $i++){ 52 if(($page) == $i){ 53 echo "$i "; 54 } else { 55 echo "<a href=\"a_users.php?view=search&page=$i\">$i</a> ";if (($i/25) == (int)($i/25)) {echo "<br>";} 56 } 57 } 58 59 // Build Next Link 60 if($page < $total_pages){ 61 $next = ($page + 1); 62 echo "<a href=\"a_users.php?view=search&page=$next\">Next>></a>"; 63 } 64 echo "</center>"; 65 66 } 67 68 if ($_GET['view'] == "") { 69 70 echo "<title>OneCMS - www.insanevisions.com/onecms > Manage Users</title>"; 71 72 echo "<form action='a_users.php?view=search' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td>Search for user</td><td><input type='text' name='search'></td><td><input type='submit' name='Submit' value='Search'></td></tr></table></form>"; 73 74 echo "<form action='a_users.php?view=manage' name='form1' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td><b>Username</b></td><td><b><b>Edit</b></td><td><b>Delete</b></td></tr>"; 75 76 $query="SELECT * FROM onecms_users ORDER BY `id` DESC LIMIT $from, $max_results"; 77 $result=mysql_query($query); 78 while($row = mysql_fetch_array($result)) { 79 $id = "$row[id]"; 80 $Username2 = "$row[username]"; 81 $Username = stripslashes($Username2); 82 echo "<tr><td><a href='elite.php?user=".$row[id]."' target='popup'>$Username</a></td><td><input type=\"checkbox\" name=\"id[]\" value=\"$id\"></td><td><input type=\"checkbox\" name=\"delete[]\" value=\"$id\"></td></tr>"; 83 } 84 85 echo "<tr><td><div align='right'><input type='submit' name='submit' value='Submit'></td><td><input type=button value='Check All' onClick='this.value=check(this.form)'></td><td><a href=\"a_users.php?view=add\">Add user</a></td><td><a href='a_users.php?view=manage&change=1'>Change Passwords</a></td></tr></form></table><br><br>"; 86 $total_results = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM onecms_users"),0); 87 88 $total_pages = ceil($total_results / $max_results); 89 90 echo "<center>Select a Page<br>"; 91 92 // Build Previous Link 93 if($page > 1){ 94 $prev = ($page - 1); 95 echo "<a href=\"a_users.php?page=$prev\"><<Previous</a> "; 96 } 97 98 for($i = 1; $i <= $total_pages; $i++){ 99 if(($page) == $i){ 100 echo "$i "; 101 } else { 102 echo "<a href=\"a_users.php?page=$i\">$i</a> ";if (($i/25) == (int)($i/25)) {echo "<br>";} 103 } 104 } 105 106 // Build Next Link 107 if($page < $total_pages){ 108 $next = ($page + 1); 109 echo "<a href=\"a_users.php?page=$next\">Next>></a>"; 110 } 111 echo "</center>"; 112 113 } 114 115 if (($_GET['view'] == "manage") && ($_POST['delete']) && ($_GET['confirm'] == "")) { 116 117 echo "<form action='a_users.php?view=manage&confirm=yes' method='post'>Are you sure you want to delete these user(s)?<br><input type='submit' name='de' value='Yes'>"; 118 119 while (list(, $value) = each ($_POST['delete'])) { 120 echo "<input type=\"hidden\" name=\"delete[]\" value=\"$value\">"; 121 } 122 123 echo "</form>"; 124 } 125 126 if ((($_GET['view'] == "manage") && ($_POST['id']) && ($_GET['update'] == ""))) { 127 128 echo "<form action='a_users.php?view=manage&update=yes' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\">"; 129 130 while (list(, $val) = each ($_POST['id'])) { 131 132 $query="SELECT * FROM onecms_users WHERE id = '$val'"; 133 $result=mysql_query($query); 134 while($row = mysql_fetch_array($result)) { 135 136 echo "<input type=\"hidden\" name=\"id[]\" value=\"$val\"><tr><td><b><center>User #".$val."</b></center></td></tr><tr><td>Username</td><td><input type=\"text\" name=\"name_$val\" value=\"$row[username]\"><input type=\"hidden\" name=\"name2_$val\" value=\"$row[username]\"></td></tr><tr><td>Email</td><td><input type=\"text\" name=\"email_$val\" value=\"$row[email]\"></td></tr><tr><td>User Level</td><td><select name=\"level_$val\" multiple><option value=\"$row[level]\" selected>-- $row[level] --</option>"; 137 } 138 139 $query2="SELECT * FROM onecms_userlevels"; 140 $result2=mysql_query($query2); 141 while($row2 = mysql_fetch_array($result2)) { 142 echo "<option value=\"$row2[name]\">$row2[name]</option>"; 143 } 144 echo "</select></td></tr><tr><td>List this user on <a href='".$siteurl."/staff.php'>staff</a> page?</td><td><input type='checkbox' name='slist_".$val."' value='Yes'"; 145 146 $find = mysql_query("SELECT slist FROM onecms_users WHERE id = '".$val."'"); 147 $fetch = mysql_fetch_row($find); 148 149 if ($fetch[0] == "Yes") { 150 echo "checked"; 151 } 152 echo "></td></tr>"; 153 } 154 echo "<tr><td><input type='submit' name='editcon' value='Submit'></td></tr></table></form>"; 155 } 156 157 if (($_GET['view'] == "manage") && ($_GET['change'] == "1")) { 158 echo "<form action='a_users.php?view=manage&change=2' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td>Username</td><td><select name=\"b\">"; 159 $query="SELECT * FROM onecms_users"; 160 $result=mysql_query($query); 161 while($row = mysql_fetch_array($result)) { 162 echo "<option value=\"$row[username]\">$row[username]</option>"; 163 } 164 165 echo "</select></td></tr><tr><td>New Password</td><td><input type=\"password\" name=\"pass\"></td></tr><tr><td>Sent this user a PM with there new password?</td><td><input type='checkbox' name='send'></td></tr><tr><td><input type='submit' name='editcon' value='Submit'></td></tr></table></form>"; 166 } 167 168 if (($_GET['view'] == "manage") && ($_GET['change'] == "2")) { 169 $pass = md5($_POST['pass']); 170 $r = mysql_query("UPDATE onecms_users SET password = '$pass' WHERE username = '".$_POST['b']."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$r."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 171 if ($_POST['send'] == "") { 172 } else { 173 $sent = mysql_query("INSERT INTO onecms_pm VALUES ('null', '1', 'You have a new password, ".$_POST['b']."', '$username has changed your password. You can find the new password below:<br><br>".$_POST['pass']."<br><br>Please keep this password in your records. Thank you.', '$username', '".$_POST['b']."', '".time()."', 'inbox')") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$sent."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 174 } 175 if ($r == TRUE) { 176 echo re_direct("1500", "a_users.php"); 177 echo "The user <b>".$_POST['b']."</b> now has a new password. <a href=\"a_users.php\">Return to User Manager Home</a>"; 178 } 179 } 180 181 if (($_GET['view'] == "manage") && ($_GET['update'] == "yes")) { 182 183 while (list(, $val) = each ($_POST['id'])) { 184 $sql = mysql_query("SELECT * FROM onecms_users WHERE username = '".$_POST["name_$val"]."'"); 185 $num = mysql_num_rows($sql); 186 187 if ($num > "1") { 188 echo "Sorry, but the username <b>".$_POST["name_$val"]."</b> is already in use. Go back and choose another name.<br><br>"; 189 } else { 190 191 $upd = "UPDATE onecms_users SET username = '".$_POST["name_$val"]."', email = '".$_POST["email_$val"]."', level = '".$_POST["level_$val"]."'"; 192 193 if ($_POST["slist_$val"]) { 194 $upd .= ", slist = 'Yes'"; 195 } 196 197 $upd .= "WHERE id = '$val'"; 198 $r = mysql_query($upd) or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$upd."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 199 $s = mysql_query("UPDATE onecms_permissions SET username = '".$_POST["name_$val"]."' WHERE username = '".$_POST["name2_$val"]."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$s."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 200 } 201 if (($s == TRUE) && ($r == TRUE)) { 202 echo re_direct("1500", "a_users.php"); 203 echo "The users have been updated. <a href=\"a_users.php\">Return to User Manager Home</a>"; 204 } 205 } 206 } 207 208 209 if (($_GET['view'] == "manage") && ($_GET['confirm'] == "yes")) { 210 211 while (list(, $val) = each ($_POST['delete'])) { 212 213 $sql = @mysql_fetch_row(mysql_query("SELECT username FROM onecms_users WHERE id = '$val'")); 214 215 $delete2 = mysql_query("DELETE FROM onecms_permissions WHERE username = '".$sql[0]."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$delete2."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 216 217 $delete3 = mysql_query("DELETE FROM onecms_profile WHERE username = '".$sql[0]."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$delete3."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 218 219 $delete = mysql_query("DELETE FROM onecms_users WHERE id = '$val'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$delete."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 220 } 221 if ($delete == TRUE) { 222 echo re_direct("1500", "a_users.php"); 223 echo "The user(s) have been deleted. <a href=\"a_users.php\">Return to Manage user Home</a>"; 224 } 225 } 226 227 if (((($_GET['view'] == "levels") && ($_GET['add'] == "") && ($_GET['edit'] == "") && ($_GET['delete'] == "")))) { 228 229 echo "<form action='a_users.php?view=levels&delete=1' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td><b>Name</b></td><td><b>Level</b></td><td><b><b>Edit</b></td><td><b>Delete</b></td></tr>"; 230 231 $query="SELECT * FROM onecms_userlevels ORDER BY `id` DESC LIMIT $from, $max_results"; 232 $result=mysql_query($query); 233 while($row = mysql_fetch_array($result)) { 234 $id = "$row[id]"; 235 $name2 = "$row[name]"; 236 $level = "$row[level]"; 237 $name = stripslashes($name2); 238 echo "<tr><td>$name</td><td>$level</td><td><a href='a_users.php?view=levels&edit=1&id=$id'>Edit</a></td><td><input type=\"checkbox\" name=\"del[]\" value=\"$id\"></td></tr>"; 239 } 240 echo "<tr><td><input type=\"submit\" name=\"delete\" value=\"Delete Levels\"></td><td><a href='a_users.php?view=levels&add=1'>Add Levels</a></td></tr></form></table>"; 241 $total_results = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM onecms_userlevels"),0); 242 243 $total_pages = ceil($total_results / $max_results); 244 245 echo "<center>Select a Page<br />"; 246 247 // Build Previous Link 248 if($page > 1){ 249 $prev = ($page - 1); 250 echo "<a href=\"a_users.php?view=levels&page=$prev\"><<Previous</a> "; 251 } 252 253 for($i = 1; $i <= $total_pages; $i++){ 254 if(($page) == $i){ 255 echo "$i "; 256 } else { 257 echo "<a href=\"a_users.php?view=levels&page=$i\">$i</a> "; 258 } 259 } 260 261 // Build Next Link 262 if($page < $total_pages){ 263 $next = ($page + 1); 264 echo "<a href=\"a_users.php?view=levels&page=$next\">Next>></a>"; 265 } 266 echo "</center>"; 267 268 } 269 if (($_GET['view'] == "levels") && ($_GET['delete'] == "1")) { 270 271 echo '<SCRIPT LANGUAGE="JavaScript"> 272 var agree=confirm("Confirm Deletion?"); 273 if (agree) 274 document.write(""); 275 else 276 history.go(-1); 277 </SCRIPT>'; 278 279 while (list(, $val) = each ($_POST['del'])) { 280 $delete = mysql_query("DELETE FROM onecms_userlevels WHERE id = '$val'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$delete."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 281 } 282 if ($delete == TRUE) { 283 echo re_direct("1500", "a_users.php?view=levels"); 284 echo "The userlevel(s) have been deleted. <a href=\"a_users.php?view=levels\">Return to User Levels Home</a>"; 285 } 286 } 287 288 289 if (($_GET['view'] == "levels") && ($_GET['edit'] == "1")) { 290 291 echo "<form action='a_users.php?view=levels&edit=2' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\">"; 292 293 $query="SELECT * FROM onecms_userlevels WHERE id = '".intval($_GET['id'])."'"; 294 $result=mysql_query($query); 295 while($row = mysql_fetch_array($result)) { 296 $title2 = "$row[name]"; 297 $level = "$row[level]"; 298 echo "<tr><td>Title</td><td><input type=\"text\" name=\"name\" value=\"$title2\"><input type=\"hidden\" name=\"name2\" value=\"$title2\"></td></tr><tr><td>Level</td><td><select name='level'><option value='$level'>-- $level --</option><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option></select><input type='hidden' name='id' value='".intval($_GET['id'])."'></td></tr>"; 299 } 300 301 echo "<tr><td><input type=\"submit\" name=\"edit\" value=\"Submit Changes\"></td></tr></form></table>"; 302 } 303 304 if (($_GET['view'] == "levels") && ($_GET['edit'] == "2")) { 305 $r = mysql_query("UPDATE onecms_userlevels SET name = '".$_POST["name"]."', level = '".$_POST["level"]."' WHERE id = '".$_POST['id']."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$r."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 306 307 $s = mysql_query("UPDATE onecms_users SET level = '".$_POST["name"]."' WHERE level = '".$_POST['name2']."'") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$s."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 308 309 if (($r == TRUE) && ($s == TRUE)) { 310 echo re_direct("1500", "a_users.php?view=levels"); 311 echo "User Levels have been update. <a href='a_users.php?view=levels'>Return back to User Levels Management</a>"; 312 } 313 } 314 315 if (($_GET['view'] == "levels") && ($_GET['add'] == "1")) { 316 317 echo "<form action=\"a_users.php?view=levels&add=1\" method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td>How many levels to add?</td><td><input type='text' name='search'></td><td><input type='submit' name='addd' value='Submit'></td></tr></table></form>"; 318 319 echo "<form action='a_users.php?view=levels&add=2' method='post'><table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"left\">"; 320 321 if ($_POST['search']) { 322 for($i = 0; $i < $_POST['search']; $i = $i+1) 323 echo "<tr><td>Name</td><td><input type=\"text\" name='name_".$i."'></td><td>Level</td><td><select name='level_".$i."'><option value='1'>1</option><option value='2'>2</option><option value='3'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option></select></td></tr>"; 324 } 325 echo "<input type=\"hidden\" name=\"s\" value='".$_POST['search']."'>"; 326 echo "<tr><td><input type=\"submit\" name=\"Add\" value=\"Add\"></td></tr></form></table>"; 327 } 328 329 if (($_GET['view'] == "levels") && ($_GET['add'] == "2")) { 330 for($i = 0; $i < $_POST['s']; $i = $i+1) { 331 $r = mysql_query("INSERT INTO onecms_userlevels VALUES ('null', '".$_POST["name_$i"]."', '".$_POST["level_$i"]."')") or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$r."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 332 } 333 if ($r == TRUE) { 334 echo re_direct("1500", "a_users.php?view=levels"); 335 echo "The user levels have been created. <a href=\"a_users.php?view=levels\">Return to User Levels Manage</a>"; 336 } 337 } 338 if (((($_GET['view'] == "permissions") && ($_GET['add'] == "") && ($_GET['edit'] == "") && ($_GET['delete'] == "")))) { 339 340 echo "<table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td><b>Username</b></td><td><b><b>Edit</b></td></tr>"; 341 342 $query="SELECT * FROM onecms_permissions ORDER BY `id` DESC LIMIT $from, $max_results"; 343 $result=mysql_query($query); 344 while($row = mysql_fetch_array($result)) { 345 $id2 = mysql_fetch_row(mysql_query("SELECT id FROM onecms_users WHERE username = '".$row[username]."'")); 346 $id = "$row[id]"; 347 $name2 = "$row[username]"; 348 $name = stripslashes($name2); 349 echo "<tr><td><a href='elite.php?user=".$id2[0]."' target='popup'>$name</a></td><td><input type=checkbox onclick=\"window.location='a_users.php?view=permissions&edit=1&id=$id'; return true;\"></td></tr>"; 350 } 351 echo "</form></table>"; 352 $total_results = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM onecms_permissions"),0); 353 354 $total_pages = ceil($total_results / $max_results); 355 356 echo "<br><center>Select a Page<br>"; 357 358 // Build Previous Link 359 if($page > 1){ 360 $prev = ($page - 1); 361 echo "<a href=\"a_users.php?view=permissions&page=$prev\"><<Previous</a> "; 362 } 363 364 for($i = 1; $i <= $total_pages; $i++){ 365 if(($page) == $i){ 366 echo "$i "; 367 } else { 368 echo "<a href=\"a_users.php?view=permissions&page=$i\">$i</a> "; 369 } 370 } 371 372 // Build Next Link 373 if($page < $total_pages){ 374 $next = ($page + 1); 375 echo "<a href=\"a_users.php?view=permissions&page=$next\">Next>></a>"; 376 } 377 echo "</center>"; 378 379 } 380 381 if (($_GET['view'] == "permissions") && ($_GET['edit'] == "1")) { 382 383 echo "<form action='a_users.php?view=permissions&edit=2' method='post'><table cellspacing=\"0\" cellpadding=\"0\" border=\"0\">"; 384 385 $query="SELECT * FROM onecms_permissions WHERE id = '".intval($_GET['id'])."'"; 386 $result=mysql_query($query); 387 while($r = mysql_fetch_array($result)) { 388 389 echo "<input type=\"hidden\" name=\"id\" value=\"".intval($_GET['id'])."\"><input type=\"hidden\" name=\"username\" value=\"$r[username]\"><tr><td><b>Username</b></td><td>$r[username]</td></tr><tr><td><b>Force Validation?</b></td><td><input type='checkbox' name='ver' value='yes'"; 390 391 if ($r[ver] == "yes") { 392 echo " checked"; 393 } 394 echo "></td></tr><tr><td><b>Games</b></td><td><input type='checkbox' name='games' value='yes'"; 395 396 if ($r[games] == "yes") { 397 echo " checked"; 398 } 399 echo "></td></tr>"; 400 401 $query="SELECT * FROM onecms_cat"; 402 $result=mysql_query($query); 403 while($z = mysql_fetch_array($result)) { 404 $name = "$z[name]"; 405 406 echo "<tr><td><b>$z[name]</b></td><td><input type='checkbox' name='".$name."' value='yes'"; 407 408 if ($r["$name"] == "yes") { 409 echo " checked"; 410 } 411 echo "></td></tr>"; 412 } 413 } 414 echo "<tr><td><input type=\"submit\" name=\"Add\" value=\"Add\"></td></tr></form></table>"; 415 } 416 417 if (($_GET['view'] == "permissions") && ($_GET['edit'] == "2")) { 418 419 $upd = "UPDATE onecms_permissions SET ver = '".$_POST['ver']."', games = '".$_POST['games']."'"; 420 $result = mysql_query("SELECT * FROM `onecms_cat`"); 421 $count = 0; 422 while ($row = mysql_fetch_array($result)) { 423 $name = $row['name']; 424 $upd .= ", " . $name . " = '" . $_POST["$name"] . "'"; // Part 2 425 } 426 $upd .= " WHERE id = '" . $_POST['id'] . "'"; 427 $r = mysql_query($upd) or die("<font color='red'><b>A fatal MySQL error occured</b></font>.<br><br><b>Query:</b> ".$r."<br><b>Error:</b> (".mysql_errno().")".mysql_error()); 428 429 if ($r == TRUE) { 430 echo re_direct("1500", "a_users.php?view=permissions"); 431 echo "The user permissions have been updated. <a href=\"a_users.php?view=permissions\">Return to User Permissons Manage</a>"; 432 } 433 } 434 435 if (($_GET['view'] == "ban") && ($_GET['edit'] == "")) { 436 437 echo "<table cellspacing=\"0\" cellpadding=\"3\" border=\"0\" align=\"center\"><tr><td><b>Username</b></td><td><b>Site Ban?</b></td><td><b>CP Ban?</b></td><td><b><b>Edit</b></td></tr>"; 438 439 $query="SELECT * FROM onecms_users ORDER BY `id` DESC LIMIT $from, $max_results"; 440