Ето го кода
Код:
<?php
$down_one = "yes";
require_once('../database/db.php');
if ($row_User['Rank'] != 'Admin' && $row_User['Rank'] != 'Power User') {
die('Access Denied. Suspected hacking attempt.');
}
$title = "Update User";
$colname_Users = "1";
mysql_select_db($database_Customer_Database, $Customer_Database);
$query_Users = sprintf("SELECT * FROM custumerbase WHERE id = '".$_GET['user']."'", $colname_Users);
$Users = mysql_query($query_Users, $Customer_Database) or die(mysql_error());
$row_Users = mysql_fetch_assoc($Users);
$totalRows_Users = mysql_num_rows($Users);
$colname_Packages = "1";
mysql_select_db($database_Customer_Database, $Customer_Database);
$query_Packages = sprintf("SELECT * FROM packages", $colname_Packages);
$Packages = mysql_query($query_Packages, $Customer_Database) or die(mysql_error());
$row_Packages = mysql_fetch_assoc($Packages);
$totalRows_Packages = mysql_num_rows($Packages);
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1") && ($_POST['ftppass'] != '')) {
$updateSQL = sprintf("UPDATE custumerbase SET servicename=%s, name=%s, Rank=%s, email=%s, adminemail=%s, ftppass=%s, address=%s, city=%s, zip=%s, state=%s, phone=%s, webservice=%s, status=%s, homedir=%s, notes=%s, PaidTill=%s, url=%s WHERE id=%s",
GetSQLValueString($_POST['servicename'], "text"),
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['Rank'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['adminemail'], "text"),
GetSQLValueString(md5($_POST['ftppass']), 'text'),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['zip'], "text"),
GetSQLValueString($_POST['state'], "text"),
GetSQLValueString($_POST['phone'], "text"),
GetSQLValueString($_POST['webservice'], "text"),
GetSQLValueString($_POST['status'], "text"),
GetSQLValueString($_POST['homedir'], "text"),
GetSQLValueString($_POST['notes'], "text"),
GetSQLValueString($_POST['PaidTill'], "text"),
GetSQLValueString($_POST['url'], "text"),
GetSQLValueString($_POST['id'], "text"));
mysql_select_db($database_Customer_Database, $Customer_Database);
$Result1 = mysql_query($updateSQL, $Customer_Database) or die(mysql_error());
echo ("<script language=javascript>alert ('User Updated!')</script>");
echo ("<script language=javascript>window.close()</script>");
exit;
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE custumerbase SET servicename=%s, name=%s, Rank=%s, email=%s, adminemail=%s, address=%s, city=%s, zip=%s, state=%s, phone=%s, webservice=%s, status=%s, homedir=%s, notes=%s, PaidTill=%s, url=%s WHERE id=%s",
GetSQLValueString($_POST['servicename'], "text"),
GetSQLValueString($_POST['name'], "text"),
GetSQLValueString($_POST['Rank'], "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['adminemail'], "text"),
GetSQLValueString($_POST['address'], "text"),
GetSQLValueString($_POST['city'], "text"),
GetSQLValueString($_POST['zip'], "text"),
GetSQLValueString($_POST['state'], "text"),
GetSQLValueString($_POST['phone'], "text"),
GetSQLValueString($_POST['webservice'], "text"),
GetSQLValueString($_POST['status'], "text"),
GetSQLValueString($_POST['homedir'], "text"),
GetSQLValueString($_POST['notes'], "text"),
GetSQLValueString($_POST['PaidTill'], "text"),
GetSQLValueString($_POST['url'], "text"),
GetSQLValueString($_POST['id'], "text"));
mysql_select_db($database_Customer_Database, $Customer_Database);
$Result1 = mysql_query($updateSQL, $Customer_Database) or die(mysql_error());
echo ("<script language=javascript>alert ('User Updated!')</script>");
echo ("<script language=javascript>document.location.href = '?page=usermanagement'</script>");
exit;
}
if (!isset($_SESSION['username'])) {
echo ("<script language=javascript>document.location.href = '../index.php'</script>");
}
?><html>
<head>
<title><?php echo $lang_btnupdateuser; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="62%" height="50"><div align="right"><font color="#FF0000"><img src="images/header-usermanagement.gif" width="500" height="50"></font></div></td>
</tr>
<tr>
<td height="18"><strong><font size="1"><?php echo $lang_btnupdateuser; ?></font></strong></td>
</tr>
</table>
<table width="570" height="168" border="0" align="left" cellpadding="0" cellspacing="0">
<tr>
<td height="168" align="left" valign="top">
<form name="form1" method="post" action="<?php echo $editFormAction; ?>">
<table width="533" border="0" align="center" cellpadding="4" cellspacing="0">
<tr align="left" valign="middle">
<td width="78" height="42" valign="middle"><font size="2"><strong><?php echo $lang_servicename; ?>:</strong> <br>
</font></td>
<td width="255"><font size="2">
<input name="servicename" type="text" id="servicename" value="<?php echo $row_Users['servicename']; ?>">
</font></td>
<td width="176"><font size="2"><strong><?php echo $lang_rank; ?>:</strong>
<select name="Rank" id="select">
<?php if ($_SESSION['Rank'] == 'Admin') { ?>
<option<?php if ($row_Users['Rank'] == "Admin") { echo ' selected'; } ?>>Admin</option>
<option<?php if ($row_Users['Rank'] == "Power User") { echo ' selected'; } ?>>Power User</option>
<? } ?>
<option<?php if ($row_Users['Rank'] == "Rep") { echo ' selected'; } ?>>Rep</option>
<option<?php if ($row_Users['Rank'] == "User") { echo ' selected'; } ?>>User</option>
</select>
</font></td>
</tr>
<tr align="left" valign="middle">
<td height="59" valign="middle"><font size="2"><strong><?php echo $lang_password; ?>:</strong>
</font></td>
<td><font size="2">
<input name="ftppass" type="text" id="ftppass">
<br>
<font size="1">- Enter a new password to change it </font></font></td>
<td><font size="2"><strong><?php echo $lang_webpackage; ?>:</strong>
<select name="webservice" id="webservice">
<?php do { ?>
<option<?php if ($row_Packages['package_name'] == $row_Users['webservice']) { echo ' selected'; } ?>><?php echo $row_Packages['package_name']; ?></option>
<?php } while ($row_Packages = mysql_fetch_assoc($Packages)); ?>
</select>
</font></td>
</tr>
<tr align="left" valign="middle">
<td height="54" valign="middle"><font size="2"><strong><?php echo $lang_name; ?>: </strong>
</font></td>
<td><font size="2">
<input name="name" type="text" id="name3" value="<?php echo $row_Users['name']; ?>">
<br>
<font size="1">(ex. Demo User) </font></font></td>
<td rowspan="2" valign="top"><font size="2"><strong><?php echo $lang_status; ?>:</strong> <br>
<select name="status" id="status">
<option<?php if ($row_Users['status'] == 'Active') { echo ' selected'; } ?>>Active</option>
<option<?php if ($row_Users['status'] == 'Suspended') { echo ' selected'; } ?>>Suspended</option>
<option<?php if ($row_Users['status'] == 'Marked For Deletion') { echo ' selected'; } ?>>Marked For Deletion</option>
</select>
</font></td>
</tr>
<tr align="left" valign="middle">
<td height="73" valign="middle"><font size="2"><strong><?php echo $lang_youremail; ?>:</strong>
</font></td>
<td><font size="2">
<input name="email" type="text" id="email2" value="<?php echo $row_Users['email']; ?>">
<br>
<font size="1">-the client's main e-mail address (ex. demo)</font></font></td>
</tr>
<tr align="left" valign="middle">
<td height="75" colspan="3" valign="middle"><font size="2"><strong><?php echo $lang_url; ?>: </strong>
<input name="url" type="text" id="name" value="<?php echo $row_Users['url']; ?>" size="60">
<br>
<font size="1">(examples: http://demo.zee-way.com OR http://www.zee-way.com/hosted/demo)
*DO NOT PUT A TRAILING SLASH / *</font></font><font size="2"> </font></td>
</tr>
<tr align="left" valign="middle">
<td height="54" valign="middle"><font size="2"><strong><?php echo $lang_adminemails; ?>:</strong></font></td>
<td colspan="2"><font size="2">
<input name="adminemail" type="text" id="adminemail" value="<?php echo $row_Users['adminemail']; ?>" size="30">
<br>
<font size="1">- e-mail addresses allowed to make changes to this
account with your tech support. Seperate by commas. (ex. demo)</font></font></td>
</tr>
<tr align="left" valign="middle">
<td height="42" valign="middle"><font size="2"><strong><?php echo $lang_homedir; ?>:</strong></font></td>
<td colspan="2"><font size="2">
<input name="homedir" type="text" id="homedir" value="<?php echo $row_Users['homedir']; ?>" size="30">
<br>
<font size="1"> (ex. c:/wwwroot/zpanel/hosted/user) * DO NOT PUT
A TRAILING SLASH / *</font></font></td>
</tr>
<tr align="left" valign="middle">
<td valign="middle"><font size="2"><strong><?php echo $lang_paidtill; ?>:</strong> </font></td>
<td colspan="2"><font size="2">
<input name="PaidTill" type="text" id="PaidTill" value="<?php echo $row_Users['PaidTill']; ?>" size="30">
<br>
<font size="1">-format: YYYY-MM-DD (ex.2004-01-12)</font> </font></td>
</tr>
</table>
<hr>
<table width="543" border="0" align="center" cellpadding="4" cellspacing="0">
<tr align="left" valign="top">
<td width="273"><font size="2"><strong>Address:</strong>
<input name="address" type="text" id="servicename3" value="<?php echo $row_Users['address']; ?>">
</font></td>
<td width="317"><font size="2"><strong>State:</strong>
<input name="state" type="text" id="state" value="<?php echo $row_Users['state']; ?>" size="3">
<strong>Zip Code:</strong>
<input name="zip" type="text" id="address3" value="<?php echo $row_Users['zip']; ?>" size="10">
</font></td>
</tr>
<tr align="left" valign="top">
<td height="30"><font size="2"><strong>City:</strong>
<input name="city" type="text" id="address" value="<?php echo $row_Users['city']; ?>">
</font></td>
<td><font size="2"><strong>Phone:</strong>
<input name="phone" type="text" id="address4" value="<?php echo $row_Users['phone']; ?>">
</font></td>
</tr>
</table>
<hr>
<table width="543" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="117"><strong><?php echo $lang_accountnotes; ?>:</strong></td>
<td width="473"><textarea name="notes" cols="45" rows="5" wrap="VIRTUAL" id="notes"><?php echo $row_Users['notes']; ?></textarea>
</td>
</tr>
</table>
<p align="right"><font size="2">< <a href="?page=usermanagement">Cancel</a> >
<input name="id" type="hidden" id="id" value="<?php echo $row_Users['id']; ?>">
<input name="MM_update" type="hidden" value="form1">
<input type="submit" name="Submit" value="<?php echo $lang_update; ?>">
</font></p>
</form></td>
</tr>
</table>
<div align="left"></div>
</body>
</html>