actions.php
上传用户:gzy2002
上传日期:2010-02-11
资源大小:1785k
文件大小:6k
- <?php
- // +-------------------------------------------------------------+
- // | DeskPRO v [2.0.1 Production]
- // | Copyright (C) 2001 - 2004 Headstart Solutions Limited
- // | Supplied by WTN-WDYL
- // | Nullified by WTN-WDYL
- // | Distribution via WebForum, ForumRU and associated file dumps
- // +-------------------------------------------------------------+
- // | DESKPRO IS NOT FREE SOFTWARE
- // +-------------------------------------------------------------+
- // | License ID : Full Enterprise License =) ...
- // | License Owner : WTN-WDYL Team
- // +-------------------------------------------------------------+
- // | $RCSfile: actions.php,v $
- // | $Date: 2004/02/12 21:16:57 $
- // | $Revision: 1.36 $
- // +-------------------------------------------------------------+
- // | File Details:
- // | - User action handler.
- // +-------------------------------------------------------------+
- error_reporting(E_ALL ^ E_NOTICE);
- include "./../global.php";
- // default do
- $_REQUEST['do'] = trim($_REQUEST['do']);
- if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
- $_REQUEST['do'] = "navigate";
- }
- ############################################# UPDATE USER #############################################
- if ($_REQUEST['do'] == 'update_fields') {
- if ($user['p_edit_users']) {
-
- // change email
- if (!validate_email($_REQUEST['email'])) {
- mistake("Invalid e-mail address specified ('$_REQUEST[email]').");
- }
-
- // if we are changing username or email address we need to email it
- $user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
- if (($_REQUEST['email'] != $user_details['email']) OR ($_REQUEST['username'] != $user_details['username'])) {
- $mail = 1;
- }
- // get changed custom fields
- $db->query("SELECT * FROM user_def WHERE tech_viewable");
- $terms = array();
- while ($res = $db->row_array()) {
- if ($_REQUEST[custom_fields]["extra$res[name]"]) {
- $data = field_def_val($res, $_REQUEST['custom_fields'][$res['name']], $_REQUEST['custom_fields']["extra$res[name]"]);
- } else {
- $data = field_def_val($res, $_REQUEST['custom_fields'][$res['name']]);
- }
- $terms[] = "$res[name] = '" . mysql_escape_string($data) . "'";
- }
- if (count($terms)) {
- $terms = ', ' . join(', ',$terms);
- } else {
- $terms = '';
- }
- // are we changing the user expiration
- if ($user['p_user_expire']) {
- $expire = "
- expire_date = '" . mysql_escape_string(strtotime("$_REQUEST[yexpire_date]-$_REQUEST[mexpire_date]-$_REQUEST[dexpire_date]")) . "',
- expire_tickets = '" . mysql_escape_string($_REQUEST['expire_tickets']) . "',
- ";
- } else {
- $expire = NULL;
- }
-
- // run query change
- $disabled = xss_check($_REQUEST['disabled'], 'tech');
- $db->query("
- UPDATE user SET
- name = '" . mysql_escape_string($_REQUEST['name']) . "',
- username = '" . mysql_escape_string($_REQUEST['username']) . "',
- email = '" . mysql_escape_string($_REQUEST['email']) . "',
- disabled = '" . mysql_escape_string($disabled) . "',
- $expire
- autoresponds = '" . mysql_escape_string($_REQUEST['autoresponds']) . "',
- timezone = '" . mysql_escape_string($_REQUEST['timezone']) . "',
- timezone_dst = '" . mysql_escape_string($_REQUEST['timezone_dst']) . "'
- $terms
- WHERE id = '$_REQUEST[id]'
- ");
- $user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
-
- // are we sending email?
- if ($mail) {
- $password = $user_details['password'];
- $passtech = 1;
- $user_details = update_user_details($user_details);
- eval(makeemaileval('message', 'BODY_newpass', $subject));
- dp_mail($user_details['email'], $subject, $message);
- }
- jump("view.php?id=$_REQUEST[id]", 'User updated.');
- } else {
- mistake("You do not have permission to edit users");
- }
- }
- ############################################ NEW PASSWORD #############################################
- if ($_REQUEST['do'] == 'newpass' AND $user['p_edit_users']) {
- $user_details = $db->query_return("SELECT * FROM user WHERE id = '$_REQUEST[id]'");
- if (!$db->num_rows()) {
- mistake('The user could not be found, or no user was specified.');
- }
- $password1 = make_pass(8);
- $password_cookie = md5($session[sessionid] . $password1 . uniqid(rand(),1));
- $password_url = md5($session[sessionid] . $password1 . uniqid(rand(),1));
- $password_cookie = mysql_escape_string(substr($password_cookie, 0, 8));
- $password_url = mysql_escape_string(substr($password_url, 0, 8));
- $password1 = mysql_escape_string($password1);
- $db->query("
- UPDATE user SET
- password = '$password1',
- password_url = '$password_url',
- password_cookie = '$password_cookie'
- WHERE id = '$_REQUEST[id]'
- ");
- $passtech = true;
- $password = $password1;
- $user_details = update_user_details($user_details);
- eval(makeemaileval('message', 'BODY_newpass', $subject));
- dp_mail($user_details['email'], $subject, $message);
- jump("view.php?id=$_REQUEST[id]", 'New password generated.');
- }
- ############################################# DELETE USER #############################################
- if ($_REQUEST['do'] == 'delete') {
- if ((int)$_REQUEST['id']) {
- $res = user_delete($_REQUEST['id']);
- if ($res > 0) {
- jump('search.php', 'User deleted.');
- } elseif ($res == -1) {
- tech_nav('users');
- mistake('<B>Error:</B> You do not have permission to delete users.</P>');
- } elseif ($res == 0) {
- tech_nav('users');
- mistake('<B>Error:</B> The specified user does not exist.</P>');
- }
- } else {
- tech_nav('users');
- mistake('<B>Error:</B> A user ID must be specified.</P>');
- }
- }
English
