-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprocess_adminUserEdit.php
98 lines (89 loc) · 3.6 KB
/
process_adminUserEdit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
session_start();
if (empty($_POST)) header("Location /adlogin"); // users should not be able to access this file
require_once 'include/functions.inc.php';
include_once 'include/dbcon.inc.php';
turnOnErrorReport();
$username = $userAction = $suspendDuration = "";
$userMsg = " has been ";
$userUpdateSuccess = "true";
function getAndValidateInputs() {
global $username, $userAction, $suspendDuration, $userMsg, $userUpdateSuccess;
if (empty($_POST["mng-username"])) {
$userMsg = "Please enter a username or userID";
$userUpdateSuccess = "false";
} else if ($_POST["mng-user-action"] !== "suspend" && $_POST["mng-user-action"] !== "unsuspend" && $_POST["mng-user-action"] !== "delete") {
$userMsg = "1Command not found";
$userUpdateSuccess = "false";
} else if ($_POST["mng-user-action"] == "suspend" && empty($_POST["mng-suspend-duration"])) {
$userMsg = "Please enter the number of days to suspend the user";
$userUpdateSuccess = "false";
}
$username = sanitize_input($_POST["mng-username"]);
$userAction = sanitize_input($_POST["mng-user-action"]);
$suspendDays = sanitize_input($_POST["mng-suspend-duration"]);
// Changing days to date format
$currentDate = date('Y-m-d H:i:s');
$suspendDuration = date('Y-m-d H:i:s', strtotime($currentDate . " + {$suspendDays} days"));
}
function updateUser() {
global $conn, $username, $userAction, $suspendDuration, $userMsg, $userUpdateSuccess;
$pQuery = $conn -> prepare("SELECT * FROM admins WHERE token=?");
$pQuery -> bind_param("s", $_SESSION["admin-token"]);
$pQuery -> execute();
$pResult = $pQuery -> get_result();
if ($pResult->num_rows > 0) {
$pRow = $pResult -> fetch_assoc();
$dbToken = $pRow["privilegelevel"];
}
if ($dbToken == 1) {
$userMsg = "You do not have the privileges required to perform this operation.";
$userUpdateSuccess = "false";
return;
}
if ($conn->connect_error) {
$userMsg = "Connection error. Please try again later";
$userUpdateSuccess = "false";
} else {
if (ctype_digit($username)) {
$query = $conn->prepare("SELECT * FROM users WHERE userID=?");
$query->bind_param("i", $username);
} else {
$query = $conn->prepare("SELECT * FROM users WHERE username=?");
$query->bind_param("s", $username);
}
$query->execute();
$result = $query->get_result();
if ($result->num_rows > 0) {
$userID = $result->fetch_assoc()["userID"];
if ($userAction === "suspend") {
$suspendQuery = $conn->prepare("UPDATE users SET banned=1,banExpiry=? WHERE userID=?");
$suspendQuery->bind_param("si", $suspendDuration, $userID);
$suspendQuery->execute();
$suspendQuery->close();
} else if ($userAction === "unsuspend") {
$unsuspendQuery = $conn->prepare("UPDATE users SET banned=0,banExpiry=NULL WHERE userID=?");
$unsuspendQuery->bind_param("i", $userID);
$unsuspendQuery->execute();
$unsuspendQuery->close();
} else if ($userAction === "delete") {
$deleteQuery = $conn->prepare("DELETE FROM users WHERE userID=?");
$deleteQuery->bind_param("i", $userID);
$deleteQuery->execute();
$deleteQuery->close();
} else {
$userMsg = "Command not found";
$userUpdateSuccess = "false";
}
} else {
$userMsg = "User not found";
$userUpdateSuccess = "false";
}
}
}
getAndValidateInputs();
if ($userUpdateSuccess === "true") {
updateUser();
if ($userUpdateSuccess === "true") $userMsg = $username . $userMsg . $userAction . "ed";
}
header("Location: /admin?mngUserSuccess={$userUpdateSuccess}&mngUserMsg={$userMsg}");