<?php
/*
 ########################################################################
#                                                                        #
#           Version 4       /                        /   /               #
#          -----------__---/__---__------__----__---/---/-               #
#           | /| /  /___) /   ) (_ `   /   ) /___) /   /                 #
#          _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___               #
#                       Free Content / Management System                 #
#                                   /                                    #
#                                                                        #
#                                                                        #
#   Copyright 2005-2006 by webspell.org                                  #
#                                                                        #
#   visit webSPELL.org, webspell.info to get webSPELL for free           #
#   - Script runs under the GNU GENERAL PUBLIC LICENSE                   #
#   - It's NOT allowed to remove this copyright-tag                      #
#   -- http://www.fsf.org/licensing/licenses/gpl.html                    #
#                                                                        #
#   Code based on WebSPELL Clanpackage (Michael Gruber - webspell.at),   #
#   Far Development by Development Team - webspell.org                   #
#                                                                        #
#   visit webspell.org                                                   #
#                                                                        #
 ########################################################################
*/

if(!isuseradmin($userID) OR substr(basename($_SERVER[REQUEST_URI]),0,15) != "admincenter.php") die('Access denied.');

if($_POST['add']) {
   $anz = mysql_num_rows(safe_query("SELECT userID FROM ".PREFIX."squads_members WHERE squadID='".$_POST['squad']."' AND userID='".$_POST['id']."'"));
   if(!$anz) safe_query("INSERT INTO ".PREFIX."squads_members (squadID, userID, position, activity, sort) values('".$_POST['squad']."', '".$_POST['id']."', '".$_POST['position']."', '".$_POST['activity']."', '1')");
   else echo "User already exists.";
}
elseif($_POST['edit']) {

  	safe_query("UPDATE ".PREFIX."user SET nickname='".mysql_escape_string($_POST['nickname'])."',
	                             email='".mysql_escape_string($_POST['email'])."',
								 firstname='".mysql_escape_string($_POST['firstname'])."',
								 lastname='".mysql_escape_string($_POST['lastname'])."',
								 town='".mysql_escape_string($_POST['town'])."',
								 icq='".mysql_escape_string($_POST['icq'])."',
								 usertext='".mysql_escape_string($_POST['usertext'])."',
								 clantag='".mysql_escape_string($_POST['clantag'])."',
								 clanname='".mysql_escape_string($_POST['clanname'])."',
								 clanhp='".mysql_escape_string($_POST['clanhp'])."',
								 clanirc='".mysql_escape_string($_POST['clanirc'])."',
								 clanhistory='".mysql_escape_string($_POST['clanhistory'])."',
								 cpu='".mysql_escape_string($_POST['cpu'])."',
								 mainboard='".mysql_escape_string($_POST['mainboard'])."',
								 ram='".mysql_escape_string($_POST['ram'])."',
								 monitor='".mysql_escape_string($_POST['monitor'])."',
								 graphiccard='".mysql_escape_string($_POST['graphiccard'])."',
								 soundcard='".mysql_escape_string($_POST['soundcard'])."',
								 verbindung='".mysql_escape_string($_POST['connection'])."',
								 keyboard='".mysql_escape_string($_POST['keyboard'])."',
								 mouse='".mysql_escape_string($_POST['mouse'])."',
 								 mousepad='".mysql_escape_string($_POST['mousepad'])."',
								 homepage='".mysql_escape_string($_POST['homepage'])."',
								 about='".mysql_escape_string($_POST['about'])."' WHERE userID='".$_POST['id']."' ");

    if($_POST['avatar']) {
  	 safe_query("UPDATE ".PREFIX."user SET avatar='' WHERE userID='".$_POST['id']."'");
  	 @unlink('../images/avatars/'.$_POST['id'].'.jpg');
  	 @unlink('../images/avatars/'.$_POST['id'].'.gif');
    }
    if($_POST['userpic']) {
  	 safe_query("UPDATE ".PREFIX."user SET userpic='' WHERE userID='".$_POST['id']."'");
  	 @unlink('../images/userpics/'.$_POST['id'].'.jpg');
  	 @unlink('../images/userpics/'.$_POST['id'].'.gif');
  	}
}
elseif($_GET['banish']) {
    $id = $_GET['id'];
    safe_query("UPDATE ".PREFIX."user SET banned='1' WHERE userID='$id'");
}
elseif($_GET['unbanish']) {
    $id = $_GET['id'];
    safe_query("UPDATE ".PREFIX."user SET banned='0' WHERE userID='$id'");
}
elseif($_GET['action']=="activate") {
    $id = $_GET['id'];
    safe_query("UPDATE ".PREFIX."user SET activated='1' WHERE userID='$id'");
}
elseif($_POST['newuser']) {
    $anz = mysql_num_rows(safe_query("SELECT userID FROM ".PREFIX."user WHERE username='".$_POST['username']."'"));
    if(!$anz) safe_query("INSERT INTO ".PREFIX."user ( username, nickname, password, registerdate) VALUES( '".$_POST['username']."', '".$_POST['username']."', '".md5($_POST['pass'])."', '".time()."') ");
}
elseif($_GET['delete']) {
  $id = $_GET['id'];
  if(!issuperadmin($id) OR (issuperadmin($id) AND issuperadmin($userID))) {
		safe_query("DELETE FROM ".PREFIX."forum_moderators WHERE userID='$id'");
		safe_query("DELETE FROM ".PREFIX."messenger WHERE touser='$id'");
		safe_query("DELETE FROM ".PREFIX."squads_members WHERE userID='$id'");
		safe_query("DELETE FROM ".PREFIX."upcoming_announce WHERE userID='$id'");
		safe_query("DELETE FROM ".PREFIX."user WHERE userID='$id'");
		safe_query("DELETE FROM ".PREFIX."user_groups WHERE userID='$id'");
	}
}

if($_GET['action']=="addtoclan") {
  echo'<h2>add to clan</h2>';
  $id = $_GET['id'];
  $nickname=getnickname($id);
	$squads=getsquads();
	echo'<form method="post" action="admincenter.php?site=users&page='.$_GET['page'].'&type='.$_GET['type'].'&sort='.$_GET['sort'].'">
	     <table cellpadding="4" cellspacing="0">
		   <tr><td>Nickname:</td><td><b>'.$nickname.'</b></td></tr>
		   <tr><td>Squad:</td><td><select name="squad">'.$squads.'</select></td></tr>
		   <tr><td>Position:</td><td><input type="text" name="position" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'"></td></tr>
		   <tr><td>Activity:</td><td><input class="input" type="radio" name="activity" value="1" checked>active <input class="input" type="radio" name="activity" value="0">inactive </td></tr>
		   <tr><td><input type="hidden" name="id" value="'.$id.'"></td><td><input type="submit" name="add" value="add to clan"></td></tr>
		 </table>
		 </form>';
}
elseif($_GET['action']=="adduser") {

	echo'<form method="post" action="admincenter.php?site=users">
       <b>New User</b><br>
	     <table cellpadding="4" cellspacing="0">
		   <tr><td>Username:</td><td><input type="text" name="username" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'"></td></tr>
		   <tr><td>Password:</td><td><input type="password" name="pass" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'"></td></tr>
		   <tr><td></td><td><input type="submit" name="newuser" value="add"></td></tr>
		 </table>
		 </form>';

}
elseif($_GET['action']=="profile") {
  echo'<h2>Edit profile</h2>';
  $id = $_GET['id'];
  $ds = mysql_fetch_array(safe_query("SELECT * FROM ".PREFIX."user WHERE userID='$id'"));

	echo'<form method="post" action="admincenter.php?site=users&page='.$_GET['page'].'&type='.$_GET['type'].'&sort='.$_GET['sort'].'">
	     <table cellpadding="4" cellspacing="0">
		   <tr><td>User-ID:</td><td><b>'.$ds[userID].'</b></td></tr>
		   <tr><td><i><br>General</i></td></tr>
		   <tr><td>Nickname:</td><td><input type="text" name="nickname" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[nickname].'"></td></tr>
		   <tr><td>E-Mail:</td><td><input type="text" name="email" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[email].'"></td></tr>
		   <tr><td><i><br>Personal</i></td></tr>
		   <tr><td>Firstname:</td><td><input type="text" name="firstname" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[firstname].'"></tr>
		   <tr><td>Lastname:</td><td><input type="text" name="lastname" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[lastname].'"></td></tr>
		   <tr><td>Town:</td><td><input type="text" name="town" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[town].'"></td></tr>
		   <tr><td>ICQ:</td><td><input type="text" name="icq" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[icq].'"></td></tr>
		   <tr><td>Homepage:</td><td><input type="text" name="homepage" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[homepage].'"></td></tr>
		   <tr><td>Signatur:</td><td><textarea cols="70" rows="2" name="usertext" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'">'.$ds[usertext].'</textarea></td></tr>
		   <tr><td>About:</td><td><textarea cols="70" rows="8" name="about" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'">'.$ds[about].'</textarea></tr>
		   <tr><td><i><br>Various</i></td></tr>
		   <tr><td>Clantag:</td><td><input type="text" name="clantag" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[clantag].'"></td></tr>
		   <tr><td>Clanname:</td><td><input type="text" name="clanname" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[clanname].'"></td></tr>
		   <tr><td>Clan-HP:</td><td><input type="text" name="clanhp" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[clanhp].'"></td></tr>
		   <tr><td>Clan-IRC:</td><td><input type="text" name="clanirc" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[clanirc].'"></td></tr>
		   <tr><td>Clan-History:</td><td><input type="text" name="clanhistory" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[clanhistory].'"></td></tr>
		   <tr><td>CPU:</td><td><input type="text" name="cpu" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[cpu].'"></td></tr>
		   <tr><td>Mainboard:</td><td><input type="text" name="mainboard" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[mainboard].'"></td></tr>
		   <tr><td>RAM:</td><td><input type="text" name="ram" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[ram].'"></td></tr>
		   <tr><td>Monitor:</td><td><input type="text" name="monitor" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[monitor].'"></td></tr>
		   <tr><td>Graphic:</td><td><input type="text" name="graphiccard" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[graphiccard].'"></td></tr>
		   <tr><td>Sound:</td><td><input type="text" name="soundcard" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[soundcard].'"></td></tr>
		   <tr><td>Connection:</td><td><input type="text" name="connection" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[verbindung].'"></td></tr>
		   <tr><td>Keyboard:</td><td><input type="text" name="keyboard" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[keyboard].'"></td></tr>
		   <tr><td>Mouse:</td><td><input type="text" name="mouse" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[mouse].'"></td></tr>
		   <tr><td>Mousepad:</td><td><input type="text" name="mousepad" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'" value="'.$ds[mousepad].'"></td></tr>
		   <tr><td>&nbsp;</td><td><input type="checkbox" name="avatar" value="1"> Delete Avatar</td></tr>
		   <tr><td>&nbsp;</td><td><input type="checkbox" name="userpic" value="1"> Delete Userpic</td></tr>
		   <tr><td><input type="hidden" name="id" value="'.$id.'"></td><td><input type="submit" name="edit" value="Save"></td></tr>
		 </table>
		 </form>';
}
else {
  $search = $_POST['search'];
  $page = $_GET['page'];
  $type = $_GET['type'];
  $sort = $_GET['sort'];
	if($search) $alle = safe_query("SELECT userID FROM ".PREFIX."user WHERE nickname LIKE '$search'");
	else $alle = safe_query("SELECT userID FROM ".PREFIX."user");
	$gesamt = mysql_num_rows($alle);
	$pages=1;
	if(!isset($page)) $page = 1;
	if(!isset($sort)) $sort="nickname";
	if(!isset($type)) $type = "DESC";
	
	$max=$maxusers;
			
	for ($n=$max; $n<=$gesamt; $n+=$max) {
	   	if($gesamt>$n) $pages++;
	}
		 	
	if($pages>1) {
		$page_link = makepagelink("admincenter.php?site=users&sort=$sort&type=$type&search=$search", $page, $pages);
		$page_link = str_replace('images/', '../images/', $page_link);
	}

	if ($page == "1") {
		if($search) $ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE nickname LIKE '$search' ORDER BY $sort $type LIMIT 0,$max");
		else $ergebnis = safe_query("SELECT * FROM ".PREFIX."user ORDER BY $sort $type LIMIT 0,$max");
		if($type=="DESC") $n=$gesamt;
		else $n=1;
	}
	else {
		$start=$page*$max-$max;
		if($search) $ergebnis = safe_query("SELECT * FROM ".PREFIX."user WHERE nickname LIKE '$search' ORDER BY $sort $type LIMIT $start,$max");
		else $ergebnis = safe_query("SELECT * FROM ".PREFIX."user ORDER BY $sort $type LIMIT $start,$max");
		if($type=="DESC") $n = ($gesamt)-$page*$max+$max;
		else $n = ($gesamt+1)-$page*$max+$max;
	}

	echo'<h2>users</h2>';
	
	$anz=mysql_num_rows($ergebnis);
	if($anz) {
	    if($type=="ASC") 
			$sorter='<a href="admincenter.php?site=users&page='.$page.'&sort='.$sort.'&type=DESC&search='.$search.'">Sort:</a> <img src="../images/icons/asc.gif" width="9" height="7" border="0">&nbsp;&nbsp;&nbsp;';
		else 
		    $sorter='<a href="admincenter.php?site=users&page='.$page.'&sort='.$sort.'&type=ASC&search='.$search.'">Sort:</a> <img src="../images/icons/desc.gif" width="9" height="7" border="0">&nbsp;&nbsp;&nbsp;';
	    	
		echo'<table width="100%" border="0" cellspacing="0" cellpadding="0">
	  		<tr><form method="post" action="admincenter.php?site=users">
	    		<td>'.$sorter.' '.$page_link.'</td>
	    		<td align="right">Nickname: <input type="text" name="search" size="15" class="form_off" onFocus="this.className=\'form_on\'" onBlur="this.className=\'form_off\'"> <input type="submit" value="search"> <b>us</b>% will find <b>us</b>er<br></td></form>
	  		</tr>
	  		<tr>
         <td colspan="2"><i>'.$gesamt.' users selected</i></td>
        </tr>
			</table>';
	
		echo'<br>
		     <table width="100%" border="0" cellspacing="1" cellpadding="4" bgcolor="#999999">
	              <tr bgcolor="#CCCCCC"> 
			     <td class="title" align="center"><a class="titlelink" href="admincenter.php?site=users&type='.$type.'&sort=registerdate&page='.$page.'&type='.$type.'&search='.$search.'">Registered since:</a></td>
	             <td class="title" align="center"><a class="titlelink" href="admincenter.php?site=users&type='.$type.'&sort=nickname&page='.$page.'&type='.$type.'&search='.$search.'">Nickname:</a></td>
	                <td class="title" align="center">Status:</td>
				 <td class="title" align="center">Banned:</td>
	                <td class="title" align="center" colspan="2">Actions:</td>
	             </tr>
	             <tr><td colspan="6" bgcolor="#EEEEEE"></td></tr>';
		
		$n=1;
		while($ds=mysql_fetch_array($ergebnis)) {
			$id=$ds[userID];
			$nickname=getnickname($ds[userID]);
			$replaced_search=str_replace("%", "", $search);
			$nickname=str_replace($replaced_search, '<b>'.$replaced_search.'</b>', $nickname);
			$nickname='<a href="../index.php?site=profile&id='.$ds[userID].'">'.$nickname.'</a>';
			if(isclanmember($ds[userID])) $status='<b>Clanmember</b>';	
			else $status='';
			$registered=date("d.m.Y - H:i", $ds[registerdate]);
			
			if(isbanned($ds[userID])) $banned='<input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&page='.$page.'&type='.$type.'&sort='.$sort.'&search='.$search.'&unbanish=true&id='.$ds[userID].'\');return document.MM_returnValue" value="undo Ban">';
		    else $banned='<input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&page='.$page.'&type='.$type.'&sort='.$sort.'&search='.$search.'&banish=true&id='.$ds[userID].'\');return document.MM_returnValue" value="banish">';
		    
		  if($ds['activated']=="1") $actions = '<input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&page='.$page.'&type='.$type.'&sort='.$sort.'&search='.$search.'&action=addtoclan&id='.$ds[userID].'\');return document.MM_returnValue" value="to Clan"> <input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=members&action=edit&id='.$ds[userID].'\');return document.MM_returnValue" value="rights"> <input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&action=profile&page='.$page.'&type='.$type.'&sort='.$sort.'&search='.$search.'&id='.$ds['userID'].'\');return document.MM_returnValue" value="profile">';
		  else $actions = '<input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&action=activate&id='.$ds['userID'].'\');return document.MM_returnValue" value="activate">';
	
			echo'<tr> 
			       <td bgcolor="#FFFFFF" align="center">'.$registered.'</td>
				   <td bgcolor="#FFFFFF" align="center">'.$nickname.'</td>
				   <td bgcolor="#FFFFFF" align="center">'.$status.'</td>
				   <td bgcolor="#FFFFFF" align="center">'.$banned.'</td>
				   <td bgcolor="#FFFFFF" align="right">'.$actions.'</td>
				   <td bgcolor="#FFFFFF" align="center"><input type="button" class="button" onClick="MM_goToURL(\'parent\',\'admincenter.php?site=users&page='.$page.'&type='.$type.'&sort='.$sort.'&search='.$search.'&delete=true&id='.$ds[userID].'\');return document.MM_returnValue" value="del"></td>
	             </tr>';
		}
		echo'</table><br><a href="admincenter.php?site=users&action=adduser">Add user</a>';
	}
	else echo'no users found';
}
?>