PHP Classes

File: admin_user.php

Recommend this page to a friend!
  Classes of Olaf Lederer   Access user Class   ???   Download  
File: ???
Role: Application script
Content type: text/plain
Description: Admin script to change important user data
Class: Access user Class
Site user registration and page access restriction
Author: By
Last change: fixed a small bug inside the update_user_by_admin() method
Date: 19 years ago
Size: 6,732 bytes
 

Contents

Class file image Download
<?php
include($_SERVER['DOCUMENT_ROOT']."/classes/access_user/access_user_class.php");

class Admin_user extends Access_user {
   
    var $user_found = false;
    var $user_id;
    var $user_name;
    var $old_user_email;
    var $user_access_level;
    var $activation;

    function get_userdata($for_user, $type = "login") {
        if ($type == "login") {
            $sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE login = '%s'", $this->table_name, trim($for_user));
        } else {
            $sql = sprintf("SELECT id, login, email, access_level, active FROM %s WHERE id = %d", $this->table_name, intval($for_user));
        }
        $result = mysql_query($sql);
        if (mysql_num_rows($result) == 1) {
            $obj = mysql_fetch_object($result);
            $this->user_id = $obj->id;
            $this->user_name = $obj->login;
            $this->old_user_email = $obj->email;
            $this->user_access_level = $obj->access_level;
            $this->activation = $obj->active;
            if ($this->user_name != $_SESSION['user']) {
                $this->user_found = true;
            } else {
                $this->user_found = false;
                $this->the_msg = "It's not allowed to change your own data!";
            }
            mysql_free_result($result);
        } else {
            $this->the_msg = "Sorry, no data for this loginname!";
        }
    }
    function update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no") {
        $this->user_found = true;
        $this->user_access_level = $new_level;
        if ($def_pass != "" && strlen($def_pass) < 4) {
            $this->the_msg = "Password is to short use the min. of 4 chars.";
        } else {
            if ($this->check_email($new_email)) {
                $sql = "UPDATE %s SET access_level = %d, email = '%s', active = '%s'";
                $sql .= ($def_pass != "") ? sprintf(", pw = '%s'", md5($def_pass)) : "";
                $sql .= " WHERE id = %d";
                $sql_compl = sprintf($sql, $this->table_name, $new_level, $new_email, $active, $user_id);
                if (mysql_query($sql_compl)) {
                    $this->the_msg = "Data is modified for user with id#<b>".$user_id."</b>";
                    if ($confirmation == "yes") {
                        if ($this->send_confirmation($user_id)) {
                            $this->the_msg .= "<br>...a confirmation mail is send to the user.";
                        } else {
                            $this->the_msg .= "<br>...ERROR no confirmation mail is send to the user.";
                        }
                    }
                } else {
                    $this->the_msg = "Database error, please try again!";
                }
            } else {
                $this->the_msg = "The e-mail address is invalid!";
            }
        }
    }
    function access_level_menu($curr_level, $element_name = "level") {
        $menu = "<select name=\"".$element_name."\">\n";
        for ($i = MIN_ACCESS_LEVEL; $i <= MAX_ACCESS_LEVEL; $i++) {
            $menu .= " <option value=\"".$i."\"";
            $menu .= ($curr_level == $i) ? " selected>" : ">";
            $menu .= $i."</option>\n";
        }
        $menu .= "</select>\n";
        return $menu;
    }
    function activation_switch($formelement = "activation") {
        $radio_group = "<label for=\"".$formelement."\">Active?</label>\n";
        $first = ($this->activation == "y") ? " checked" : "";
        $second = ($first == " checked") ? "" : " checked";
        $radio_group .= "<input name=\"".$formelement."\" type=\"radio\" value=\"y\"".$first.">yes\n";
        $radio_group .= "<input name=\"".$formelement."\" type=\"radio\" value=\"n\"".$second.">no\n";
        return $radio_group;
    }
}
$admin_update = new Admin_user;
$admin_update->access_page($_SERVER['PHP_SELF'], $_SERVER['QUERY_STRING'], DEFAULT_ADMIN_LEVEL); // check the level inside the config file

if (isset($_POST['Submit'])) {
    if ($_POST['Submit'] == "Update") {
        $conf_str = (isset($_POST['send_confirmation'])) ? $_POST['send_confirmation'] : ""; // the checkbox value to send a confirmation mail
        $admin_update->update_user_by_admin($_POST['level'], $_POST['user_id'], $_POST['password'], $_POST['email'], $_POST['activation'], $conf_str);
        $admin_update->get_userdata($_POST['login_name']); // this is needed to get the modified data after update
    } elseif ($_POST['Submit'] == "Search") {
        $admin_update->get_userdata($_POST['login_name']);
    }
} elseif (isset($_GET['login_id']) && intval($_GET['login_id']) > 0) {
        $admin_update->get_userdata($_GET['login_id'], "is_id");
}
$error = $admin_update->the_msg; // error message

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Admin page example</title>
<style type="text/css">
<!--
label {
    display: block;
    float: left;
    width: 140px;
}
-->
</style>
</head>

<body>
<h2>Admin page (user data)</h2>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <?php if ($admin_update->user_found) { ?>
<p>Use this form to change the access level or replace the user's email and/or password.</p>
  <label for="login">User name :</label>
  <b><?php echo $admin_update->user_name; ?></b><br>
  <label for="level">(new) Access level</label>
  <?php echo $admin_update->access_level_menu($admin_update->user_access_level); ?>
<br>
  <label for="password">Password:</label>
  <input type="password" name="password" size="4" value="<?php echo (isset($_POST['password'])) ? $_POST['password'] : ""; ?>">
  (min. 4 chars.) <br>
  <label for="email">E-mail:</label>
  <input type="text" name="email" size="25" value="<?php echo (isset($_POST['email'])) ? $_POST['email'] : $admin_update->old_user_email; ?>">
  <br>
  <?php echo $admin_update->activation_switch(); ?><br>
  <label for="send_confirmation">Confirmation mail?</label>
  <input name="send_confirmation" type="checkbox" value="yes"><br>
  <input type="hidden" name="user_id" value="<?php echo (isset($_POST['user_id'])) ? $_POST['user_id'] : $admin_update->user_id; ?>">
  <input type="hidden" name="login_name" value="<?php echo $admin_update->user_name; ?>">
  <input type="submit" name="Submit" value="Update">
  <p style="margin-top:50px;"><a href="<?php echo $_SERVER['PHP_SELF']; ?>">search next user...</a></p>
  <?php } else { ?>
<p>Enter the login name from the user where the modifications has to be done:</p>
  <?php // the next element name (login_name) is used inside the class don't use a different name ?>
<input type="text" name="login_name" value="<?php echo (isset($_POST['login_name'])) ? $_POST['login_name'] : ""; ?>">
  <input type="submit" name="Submit" value="Search">
  <?php } // end if / else show update search form ?>
</form>
<p><b><?php echo (isset($error)) ? $error : "&nbsp;"; ?></b></p>
<p>&nbsp;</p>
<!-- Notice! you have to change this links here, if the files are not in the same folder -->
<p><a href="<?php echo $admin_update->main_page; ?>">Main</a></p>
</body>
</html>