SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Threaded View

  1. #1
    SitePoint Enthusiast cpeat's Avatar
    Join Date
    Sep 2001
    Location
    England ( UK )
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    !!! Script needing to be cut down. !!!

    Hey everyone. I have this user manager script but i want to cut it down so only users can edit there own records or information eg. name, password, profiles dec, aim, picture.

    But the only problem is i need to cut down this script below to do it. Can anyone help me out and correct this for me thanks - Chris

    =======================
    User Manager Script
    =======================
    PHP Code:
    <?php
    //userman.php

    include "../common_db.inc.php";

    $link_id db_connect();
    mysql_select_db("sample_db");
    mysql_close($link_id);


    function 
    user_message($msg$url='') {
      
    html_header();
      
      if(empty(
    $url)) 
           echo 
    "<SCRIPT>alert(\"$msg\");history.go(-1)</SCRIPT>";
      else echo 
    "<SCRIPT>alert(\"$msg\");self.location.href='$url'</SCRIPT>";
      
      
    html_footer();
      exit;
    }

    ?>
    <DIV ALIGN="CENTER">
    <TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
       <TR>
          <TH WIDTH="25%" NOWRAP>
             <A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=usernumber"?>">
             User Number
             </A>
          </TH>
          <TH WIDTH="25%" NOWRAP>
             <A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=userid"?>">
             User ID
             </A>
          </TH>
          <TH WIDTH="25%" NOWRAP>
             <A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=username"?>">
                User Name
             </A>
          </TH>
          <TH WIDTH="25%" NOWRAP>Action</TH>
       </TR>
    <?php
       
    while($query_data mysql_fetch_array($result)) {
          
    $usernumber $query_data["usernumber"];
          
    $userid $query_data["userid"];
          
    $username $query_data["username"];
          echo 
    "<TR>\n";
          echo 
    "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$usernumber</TD>\n";
          echo 
    "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$userid</TD>\n";
          echo 
    "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$username</TD>\n";
          echo 
    "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">
                <A HREF=\"javascript:open_window('
    $PHP_SELF?action=view_record&userid=$userid');\">View</A>    
                <A HREF=\"
    $PHP_SELF?action=delete_record&userid=$userid\" onClick=\"return confirm('Are you sure?');\">Delete</A></TD>\n";
          echo 
    "</TR>\n";
       }
    ?>
    </TABLE>
    </DIV>
    <?php      
       
    echo "<BR>\n";
       echo 
    "<STRONG><CENTER>";
       if(
    $page_num 1) {
          
    $prev_page $cur_page 1;

          echo 
    "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=0\">[Top]</A>";

          echo 
    "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$prev_page\">[Prev]</A>";
       }
       if(
    $page_num <  $total_num_page) {
          
    $next_page $cur_page 1;
          
    $last_page $total_num_page 1;

          echo 
    "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$next_page\">[Next]</A>";

          echo 
    "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$last_page\">[Bottom]</A>";
       }

       echo 
    "</STRONG></CENTER>"
       
    html_footer();
    }

    function 
    delete_record() {
      global 
    $default_dbname$user_tablename$access_log_tablename;
      global 
    $userid;

      if(empty(
    $userid)) error_message('Empty User ID!');
      
      
    $link_id db_connect($default_dbname);
      if(!
    $link_iderror_message(sql_error());
      
      
    $query "DELETE FROM $user_tablename WHERE userid = '$userid'";
      
    $result mysql_query($query);
      if(!
    $resulterror_message(sql_error());

      
    $num_rows mysql_affected_rows($link_id);
      if(
    $num_rows != 1error_message("No such user: $userid");
      
    $query "DELETE FROM $access_log_tablename WHERE userid = '$userid'";
      
    $result mysql_query($query);
      
      
    user_message("All records regarding $userid have been trashed!");
    }

    function 
    edit_record() {
      global 
    $default_dbname$user_tablename$access_log_tablename;
      global 
    $userid$new_userid$userid$username$userpassword,
              
    $useremail$useraim$userphoto$userprofile$registerdate,
             
    $lastaccesstime;

      if(empty(
    $userid)) error_message('Empty User ID!');
      
      
    $link_id db_connect($default_dbname);
      if(!
    $link_iderror_message(sql_error());
      
      
    $field_str '';
      if(
    $userid != $new_userid$field_str " userid = '$new_userid', ";
      if(!empty(
    $userpassword)) {
        
    $field_str .= " userpassword = password('$userpassword'), ";
      }
      if (!empty(
    $useraim)) {
        
    $field_str .= " useraim = '$useraim', ";
      }
      if (!empty(
    $userphoto)) {
        
    $field_str .= "userphoto = '$userphoto', ";
      }
      
    $field_str .= " username = '$username', ";
      
    $field_str .= " useremail = '$useremail', ";
      
    $field_str .= " userprofile = '$userprofile', ";
      
    $field_str .= " registerdate = '$registerdate', ";
      
    $field_str .= " lastaccesstime = '$lastaccesstime' ";
      
      
    $query "UPDATE $user_tablename SET $field_str WHERE userid = '$userid'";
      
      
    $result mysql_query($query);
      if(!
    $resulterror_message(sql_error());

      
    $num_rows mysql_affected_rows($link_id);
      if(!
    $num_rowserror_message("Nothing changed!");
      if(
    $userid != $new_userid) {
        
    $query "UPDATE $access_log_tablename SET userid = '$new_userid
                                               WHERE userid = '
    $userid'";
        
    $result mysql_query($query);
        if(!
    $resulterror_message(sql_error());

        
    user_message("All records regarding $userid have been changed!"
                     
    "$PHP_SELF?action=view_record&userid=$new_userid");
      }
      else {
        
    user_message("All records regarding $userid have been changed!");
      }
    }

    function 
    edit_log_record() {
      global 
    $default_dbname$access_log_tablename;
      global 
    $userid$org_page$new_page$visitcount$accessdate;

      if(empty(
    $userid)) error_message('Empty User ID!');
      
      
    $link_id db_connect($default_dbname);
      if(!
    $link_iderror_message(sql_error());
      
      
    $field_str '';
        
      
    $field_str .= " page = '$new_page', ";
      
    $field_str .= " visitcount = $visitcount, ";
      
    $field_str .= " accessdate = '$accessdate' ";
      
    $query "UPDATE $access_log_tablename SET $field_str 
                                             WHERE userid = '
    $userid'
                                             AND page = '
    $org_page'";
      
    $result mysql_query($query);
      if(!
    $resulterror_message(sql_error());
      
    $num_rows mysql_affected_rows($link_id);
      if(!
    $num_rowserror_message("Nothing changed!");

      
    user_message("All records regarding $userid have been changed!");
    }

    function 
    view_record() {

      global 
    $default_dbname$user_tablename$access_log_tablename;
      global 
    $userid;
      global 
    $PHP_SELF;
      
      if(empty(
    $userid)) error_message('Empty User ID!');
      
      
    $link_id db_connect($default_dbname);
      
      if(!
    $link_iderror_message(sql_error());
      
    $query "SELECT usernumber, userid, username,
                       useremail, useraim, userphoto, userprofile, registerdate,
                       date_format(registerdate, '%M, %e, %Y') 
                         as formatted_registerdate,
                       lastaccesstime, date_format(lastaccesstime, '%M, %e, %Y')
                         as formatted_lastaccesstime
                       FROM 
    $user_tablename WHERE userid = '$userid'";
      
    $result mysql_query($query);
      
      if(!
    $resulterror_message(sql_error());
      
    $query_data mysql_fetch_array($result);
      
    $usernumber $query_data["usernumber"];
      
    $userid $query_data["userid"];
      
    $username $query_data["username"];
      
    $useremail $query_data["useremail"];
      
    $useraim $query_data["useraim"];
      
    $userphoto $query_data["userphoto"];
      
    $userprofile $query_data["userprofile"];
      
    $registerdate $query_data["registerdate"];
      
    $formatted_registerdate $query_data["formatted_registerdate"];
      
    $lastaccesstime $query_data["lastaccesstime"];
      
    $formatted_lastaccesstime $query_data["formatted_lastaccesstime"];
      
      
    html_header();
      echo 
    "<CENTER><H3>
            Record for User No.
    $usernumber - $userid($username)
            </H3></CENTER>"
    ;
    ?>

    <FORM METHOD="POST" ACTION="<?php echo $PHP_SELF?>">
    <INPUT TYPE="HIDDEN" NAME="action" VALUE="edit_record">
    <INPUT TYPE="HIDDEN" NAME="userid" VALUE="<? echo $userid?>">
    <DIV ALIGN="CENTER"><CENTER>
    <TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
        <TR>
          <TH WIDTH="30%" NOWRAP>User ID</TH>
          <TD WIDTH="70%">
          <INPUT TYPE="TEXT" NAME="new_userid" 
                             VALUE="<?php echo $userid?>
                             SIZE="8" MAXLENGTH="8"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>User Password</TH>
          <TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="userpassword" SIZE="15"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>Full Name</TH>
          <TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="username" 
                                 VALUE="<?php echo $username?>" SIZE="20"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>Email</TH>
          <TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="useremail" SIZE="20"
                                 VALUE="<?php echo $useremail?>"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>AIM Handle</TH>
          <TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="useraim" SIZE="30"
                                 VALUE="<?php echo $useraim?>"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>Photo URL</TH>
          <TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="userphoto" SIZE="50"
                                 VALUE="<?php echo $userphoto?>"></TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>Profile</TH>
          <TD WIDTH="70%">
            <TEXTAREA ROWS="5" COLS="40" NAME="userprofile">
              <?php echo htmlspecialchars($userprofile); ?>
            </TEXTAREA>
          </TD>
        </TR>
        <TR>
          <TH WIDTH="30%" NOWRAP>Register Date</TH>
          <TD WIDTH="70%">
            <INPUT TYPE="TEXT" NAME="registerdate" SIZE="10" MAXLENGTH="10" 
                               VALUE="<?php echo $registerdate?>">
            <?php echo $formatted_registerdate;?>
          </TD>
        </TR>    
        <TR>
          <TH WIDTH="30%" NOWRAP>Last Access Time</TH>
          <TD WIDTH="70%">
            <INPUT TYPE="TEXT" NAME="lastaccesstime" SIZE="14" MAXLENGTH="14" 
                   VALUE="<?php echo $lastaccesstime?>">
            <?php echo $formatted_lastaccesstime?>
          </TD>
        </TR>    
        <TR>
          <TH WIDTH="100%" COLSPAN="2" NOWRAP>
            <INPUT TYPE="SUBMIT" VALUE="Change User Record">
            <INPUT TYPE="RESET" VALUE="Reset">
          </TH>
        </TR>
      </TABLE>
      </CENTER></DIV>
    </FORM>
    <?php 
      
    echo "<HR SIZE=\"2\" WIDTH=\"90%\">\n";
      
    $query "SELECT page, visitcount, accessdate,
                date_format(accessdate, '%M, %e, %Y') as formatted_accessdate 
                FROM 
    $access_log_tablename WHERE userid = '$userid'";
      
    $result mysql_query($query);
      
      if(!
    $resulterror_message(sql_error());
      if(!
    mysql_num_rows($result))
        echo 
    "<CENTER>No access log record for $userid ($username).</CENTER>";
      else {
        echo 
    "<CENTER>Access log record(s) for $userid ($username).</CENTER>";
    ?>
    <DIV ALIGN="CENTER"><CENTER>
    <TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
      <TR>
        <TH WIDTH="20%" NOWRAP>Page</TH>
        <TH WIDTH="20%" NOWRAP>Hits</TH>
        <TH WIDTH="30%" NOWRAP>Last Access</TH>
        <TH WIDTH="30%" NOWRAP>Action</TH>
      </TR>
    <?php    
        
    while($query_data mysql_fetch_array($result)) {
          
    $page $query_data["page"];
          
    $visitcount $query_data["visitcount"];
          
    $accessdate $query_data["accessdate"];
          
    $formatted_accessdate $query_data["formatted_accessdate"];
          
          echo 
    "<FORM METHOD=\"POST\" ACTION=\$PHP_SELF\">";
          echo 
    "<INPUT TYPE=\"HIDDEN\" NAME=\"action\"
                                       VALUE=\"edit_log_record\">"
    ;
          echo 
    "<INPUT TYPE=\"HIDDEN\" NAME=\"userid\" VALUE=\"$userid\">";
          echo 
    "<INPUT TYPE=\"HIDDEN\" NAME=\"org_page\" VALUE=\"$page\">";
          echo 
    "<TR>\n";
          echo 
    "<TD WIDTH=\"20%\"><INPUT TYPE=\"TEXT\"
                    NAME=\"new_page\" SIZE=\"30\" VALUE=\"
    $page\"></TD>\n";
          echo 
    "<TD WIDTH=\"20%\" ALIGN=\"CENTER\">
                  <INPUT TYPE=\"TEXT\" NAME=\"visitcount\" SIZE=\"3\" 
                                       VALUE=\"
    $visitcount\"></TD>\n";
          echo 
    "<TD WIDTH=\"30%\" ALIGN=\"CENTER\">
                  <INPUT TYPE=\"TEXT\" NAME=\"accessdate\" SIZE=\"14\" 
                         MAXLENGTH=\"14\" VALUE=\"
    $accessdate\">
                <BR>
    $formatted_accessdate</TD>\n";
          echo 
    "<TD WIDTH=\"30%\" ALIGN=\"CENTER\">
                  <INPUT TYPE=\"SUBMIT\" VALUE=\"Change\">
                  <INPUT TYPE=\"RESET\" VALUE=\"Reset\"></TD>\n"
    ;
          echo 
    "</TR>\n";
          echo 
    "</FORM>\n";
        }
    ?>
      </TR>
    </TABLE>
    </CENTER></DIV>
    <?php  
      
    }
      
    html_footer();
    }

    switch(
    $action) {
      case 
    "edit_record":
        
    edit_record();
      break;
      case 
    "edit_log_record":
        
    edit_log_record();
      break;
      case 
    "delete_record":
        
    delete_record();
      break;
      case 
    "view_record":
        
    view_record();
      break;
      default: 
        
    list_records();
      break;

    }
    ?>
    Last edited by freakysid; Dec 14, 2001 at 15:45.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •