BossBey File Manager

Editing: indexadmin_incl.php

<?php
defined ('head') or die("�������� ������ ������");

include_once("auth_incl.php");
include_once("db_connect_incl.php");
include_once("settings_incl.php");

//******************* UNAUTHORIZED *******************
if ($rez==0) {
    echo ("<br><br><strong>���������� ����������� :(</strong>");
}
//***************** END UNAUTHORIZED *****************

$action=$_POST['action'];
if ($action=="") {$action=$_GET['action'];};

echo ("<br>");

if ($rez>0) {
if (($action!='edit_pictures')&&($action!='edit_sections')&&($action!='edit_subsections')&&($action!='edit_documents')) {	
if ($rez==100) {
    if ($action=='change_user') {
//**************** ADMIN CHANGE USER SCRIPT ****************
//==== get vars ====
$delete=$_POST['delete_x'];
$save=$_POST['save_x'];
$ch_pass=$_POST['ch_pass_x'];
if (!isset($ch_pass)) {$ch_pass=$_POST['ch_pass'];};
$add_user=$_POST['add_user_x'];
$id=$_POST['id'];
//== end get vars ==
if (isset($delete)) {
	$confirm_delete=$_POST["confirm_delete"];
	if ($confirm_delete==1) {
	   	$sql_query="delete from users where id=$id;";
    	mysql_query($sql_query);	
	}
	else {
		echo ("
        <form action=index.php?section=admin$add method=post>
        <input type=hidden name=action value=change_user>
        <input type=hidden name=confirm_delete value=1>
        <input type=hidden name=id value=$id>
        <input type=submit name=delete_x value='����������� ��������'><br><br>
        </form>
        ");
	}
}
if (isset($save)) {
    $name=$_POST["name"];
    $access=$_POST["access"];
    $sql_query="update users set name='$name', access='$access' where id=$id;";
    mysql_query($sql_query);
}
if (isset($ch_pass)) {
    $new_pass=$_POST['new_pass'];
    $new_pass_confirm=$_POST['new_pass_confirm'];
    if ($new_pass!=$new_pass_confirm) {
        $new_pass='';
        echo ("��������� ������ �� ���������:(");
    }
    if ($new_pass=='') {
        echo ("
        <form action=$secprefix://$domain/index.php?section=admin$add method=post>
        <input type=hidden name=action value=change_user>
        <input type=hidden name=id value=$id>
        <input type=hidden name=name value=$name>
        ����� ������: <input type=password name=new_pass size=20><br>
        �������������: <input type=password name=new_pass_confirm size=20><br>
        <input type=submit name=ch_pass value='�������� ������'><br><br>
        </form>
        ");
    }
    else {
        $username=$_POST["name"];
        $cryp=$username.$new_pass;
        $uid=md5($cryp);
        $sql_query="update users set sid='$uid' where id=$id;";
        mysql_query($sql_query);
    }
}
if (isset($add_user)) {
    $new_user_name=$_POST["name"];
    $new_user_access=$_POST["access"];
    $new_user_pass=$_POST['new_user_pass'];
    $new_user_pass_confirm=$_POST['new_user_pass_confirm'];
    if ($new_user_pass!=$new_user_pass_confirm) {
        echo ("��������� ������ �� ���������:(");
    }
    else {
        $cryp=$new_user_name.$new_user_pass;
        $uid=md5($cryp);
        $sql_query="insert into users values (NULL, '$new_user_name', '$uid', '$new_user_access');";
        mysql_query($sql_query);
        $new_user_name='';
        $new_user_access='';
    }
}

//************** END ADMIN CHANGE USER SCRIPT **************
    }
          
//***************** ADMIN CHANGE USER FORM *****************
$sql_query="select * from users;";
$result=mysql_query($sql_query);
$n=mysql_numrows($result);
for ($i=1; $i<=$n; $i++) {
    $row=$i-1;
    ${'name'.$i}=mysql_result($result,$row,name);
    ${'access'.$i}=mysql_result($result,$row,access);
    ${'id'.$i}=mysql_result($result,$row,id);
}
echo("
    <table width=450 cellspacing=1 bgcolor=00aa00>
     <form>
     <tr>
      <td align=center width=100 bgcolor=FAF0E6>
       ��� ������������
      </td>
      <td align=center width=150 bgcolor=FAF0E6>
       ������� �������
      </td>
      <td align=center width=200 bgcolor=FAF0E6>
       ��������
");
for ($i=1; $i<=$n; $i++) {
    echo ("
      </td>
     </tr>
      </form>
      <form action=index.php?section=admin$add method=post>
      <input type=hidden name=action value=change_user>
      <input type=hidden name=id value=${'id'.$i}>
     <tr>
      <td align=center width=100 bgcolor=FAF0E6>
       <input type=text name=name value=${'name'.$i} size=10>
      </td>
      <td align=center width=200 bgcolor=FAF0E6>
       <select name=access>
	");
    if (${'access'.$i}==50) {
    	echo("<option selected value=50>��������</option>");
    }
    else {
    	echo("<option value=50>��������</option>");
    }
    if (${'access'.$i}==100) {
    	echo("<option selected value=100>�������������</option>");
    }
    else {
    	echo("<option value=100>�������������</option>");
    }
	echo ("
	   </select>
      </td>
      <td align=center width=200 bgcolor=FAF0E6>
       <input type=image src=images/config/save.gif name=save alt='��������� ���������'> <input type=image name=delete src=images/config/delete.gif alt='������� ������������'> <input type=image src=images/config/ch_pass.gif name=ch_pass alt='�������� ������'>
    ");
}
echo ("
      </td>
      </form>
     </tr>
     <form action=http://$domain/index.php?section=admin$add method=post>
     <input type=hidden name=action value=change_user> 
     <tr>
      <td align=center width=100 bgcolor=FAF0E6>
       <input type=text name=name size=10 value=$new_user_name>
      </td>
      <td align=center width=200 bgcolor=FAF0E6>
       <select name=access>
");
if ($new_user_access==50) {
	echo("<option selected value=50>��������</option>");
}
else {
   	echo("<option value=50>��������</option>");
}
if ($new_user_access==100) {
   	echo("<option selected value=100>�������������</option>");
}
else {
   	echo("<option value=100>�������������</option>");
}
echo ("
   </select>
      </td>
      <td align=center width=200 bgcolor=FAF0E6>
       <table width=200 cellspacing=1 bgcolor=00aa00>
        <tr>
         <td align=center width=150 bgcolor=FAF0E6>
          ������: <input type=password name=new_user_pass size=10>
         </td>
         <td align=center width=50 bgcolor=FAF0E6 rowspan=2>
          <input type=image src=images/config/add.gif name=add_user alt='�������� ������������' size=20>
         </td>
        </tr>
        <tr>
         <td align=center width=150 bgcolor=FAF0E6>
          ��� ���: <input type=password name=new_user_pass_confirm size=10>
         </td>
        </tr>
       </table>
      </td>
     </tr>
     </form>
    </table>

");
//*************** END ADMIN CHANGE USER FORM ***************
}

if ($rez>0) {
	
$ch_pass_result=$_GET['ch_pass_result'];
if ($ch_pass_result=='ok') {echo("������ ������� �������!");}
elseif ($ch_pass_result=='noagreement') {echo("��������� ������ �� ���������");}
elseif ($ch_pass_result=='invalidoldpass') {echo("������ ������ �������");}
}

if ($rez>0) {	
//******************** CHANGE USER FORM ********************
	echo ("
<form action=$secprefix://$domain/change_password.php?sid=$sid&login=$login method=post>
<input type=hidden name=action value=change_user>
<table width=450 cellspacing=1 cellpadding=1 bgcolor=00aa00>
<tr height=30><th align=center bgcolor=FAF0E6>����� ������</th></tr>
<tr height=120><td align=center bgcolor=FAF0E6>
<table width=446 cellspacing=1 bgcolor=00aa00>
 <tr height=30>
  <td width=50% align=right bgcolor=FAF0E6>
   ������ ������:&nbsp;
  </td>
  <td width=50% align=left bgcolor=FAF0E6>
   &nbsp;<input type=password name=oldpass>
  </td>
 </tr>
 <tr height=30>
  <td width=50% align=right bgcolor=FAF0E6>
   ����� ������:&nbsp;
  </td>
  <td width=50% align=left bgcolor=FAF0E6>
   &nbsp;<input type=password name=newpass>
  </td>
 </tr>
 <tr height=30>
  <td width=50% align=right bgcolor=FAF0E6>
   �������������:&nbsp;
  </td>
  <td width=50% align=left bgcolor=FAF0E6>
   &nbsp;<input type=password name=newpassconf>
  </td>
 </tr>
 <tr height=30>
  <td width=100% align=center colspan=2 bgcolor=FAF0E6>
   <input type=submit value='������� ������'>
  </td>
 </tr>
</table>
</td></tr></table>
</form>
	");
//****************** END CHANGE USER FORM ******************
}

if ($rez>0) {
	echo ("<a href=index.php?action=edit_sections&section=admin$add class=link onclick=\"submit()\">������������� ������ ��������</a><br>"); 
	echo ("<a href=index.php?action=edit_documents&section=admin$add class=link onclick=\"submit()\">������������� ����� ����������</a><br>");
}
}

elseif ($action=='edit_documents') {
//******************* EDIT DOCUMENTS FORM *******************
include("file_manager_incl.php");
//***************** END EDIT DOCUMENTS FORM *****************
}

elseif ($action=='edit_sections') {
//******************* EDIT SECTIONS FORM *******************
include("section_manager_incl.php");   
//***************** END EDIT SUBSECTIONS FORM *****************
}
}
?>

Cancel