Working suspend and unsuspend functions on admin/users.php

hcuk94 · Sep 27, 2012 · c3c908e · c3c908e
1 parent 3a00bd7
commit c3c908e
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 18 deletions.
diff --git a/admin/login.php b/admin/login.php
@@ -39,7 +39,7 @@
 		}
 	} else {
 		$password = hashPassword($password);
-		$db_result = mysql_query("SELECT id,uname,email FROM ".DB_PREFIX."users WHERE `uname`='".$uname."' AND `password`='".$password."';");
+		$db_result = mysql_query("SELECT id,uname,email,suspended FROM ".DB_PREFIX."users WHERE `uname`='".$uname."' AND `password`='".$password."';");
 		if ($db_result != false && mysql_num_rows($db_result) == 1) {
 			$db_row = mysql_fetch_assoc($db_result);
 			if ($db_row['suspended'] != 1) {

diff --git a/admin/users.php b/admin/users.php
@@ -17,8 +17,54 @@
 } else {
         die ("<h2>Could not load theme</h2>");
 }
+?>
+<?php
+
+if (isset($_GET['suspend'])) {
+	$sId = mysql_real_escape_string(trim($_GET['suspend']));
+	if ($sId == $_USER['id']) {
+		$_ERROR[] = "You can't suspend yourself!<br />";
+	} else {
+		$db_result = mysql_query("SELECT id,type FROM ".DB_PREFIX."users WHERE id='".$sId."'");
+		if (mysql_num_rows($db_result) != 1) {
+			$_ERROR[] = "Users not found.<br />";
+		} else {
+			$db_row = mysql_fetch_assoc($db_result);
+			if ($db_row['type'] == "a") {
+				$_ERROR[] = "User is of type admin!<br />";
+			} else {
+				$_ERROR[] = "User suspened<br />";
+				mysql_query("UPDATE ".DB_PREFIX."users SET suspended='1' WHERE id='".$sId."'");
+				mysql_query("DELETE FROM ".DB_PREFIX."session WHERE uId='".$sId."'");
+			}
+		}
+	}
+} elseif (isset($_GET['unsuspend'])) {
+	$sId = mysql_real_escape_string(trim($_GET['unsuspend']));
+	if ($sId == $_USER['id']) {
+		$_ERROR[] = "You can't unsuspend yourself! Please dont do these hacks! If you were suspended, you wouldn't be logged in!<br />";
+	} else {
+		$db_result = mysql_query("SELECT id,type FROM ".DB_PREFIX."users WHERE id='".$sId."'");
+		if (mysql_num_rows($db_result) != 1) {
+			$_ERROR[] = "Users not found.<br />";
+		} else {
+			$db_row = mysql_fetch_assoc($db_result);
+			if ($db_row['type'] == "a") {
+				$_ERROR[] = "User is of type admin!<br />";
+			} else {
+				$_ERROR[] = "User unsuspened<br />";
+				mysql_query("UPDATE ".DB_PREFIX."users SET suspended='0' WHERE id='".$sId."'");
+			}
+		}
+	}
+}
+
+
 ?>
 <div id="panel">
+<?php
+print_errors();
+?>
 <h3>Listing all users</h3>
 <table>
 <tr>
@@ -48,23 +94,25 @@
 $db_result = mysql_query("SELECT * FROM ".DB_PREFIX."users ORDER BY id ASC LIMIT $db_start, 25");
 while ($row = mysql_fetch_assoc($db_result)) {
 if ($row['id'] != 1) {
-echo "<tr>";
-echo "<td>".$row['id']."</td>\n";
-echo "<td>".$row['uname']."</td>\n";
-echo "<td>".$row['fname']."</td>\n";
-echo "<td>".$row['lname']."</td>\n";
-echo "<td>".$row['apiKey']."</td>\n";
-if ($row['type'] == "a") {
-echo "<td>Admin</td>\n";
-} else {
-echo "<td>Normal</td>\n";
-}
-if ($row['id'] != $_USER['id']) {
-echo "<td><a href=\"#\">Suspend account</a></td>\n";
-} else {
-echo "<td></td>\n";
-}
-echo "</tr>";
+	echo "<tr>";
+	echo "<td>".$row['id']."</td>\n";
+	echo "<td>".$row['uname']."</td>\n";
+	echo "<td>".$row['fname']."</td>\n";
+	echo "<td>".$row['lname']."</td>\n";
+	echo "<td>".$row['apiKey']."</td>\n";
+	if ($row['type'] == "a") {
+		echo "<td>Admin</td>\n";
+	} else {
+		echo "<td>Normal</td>\n";
+	}
+	if ($row['id'] != $_USER['id'] && $row['suspended'] == 0) {
+		echo "<td><a href=\"admin/users.php?suspend=".$row['id']."\">Suspend account</a></td>\n";
+	} elseif ($row['id'] != $_USER['id'] && $row['suspended'] == 1) {
+		echo "<td><a href=\"admin/users.php?unsuspend=".$row['id']."\">Un-Suspend</a></td>\n";
+	} else {
+		echo "<td></td>\n";
+	}
+	echo "</tr>";
 }
 }