"); } switch ($key) { case "create": // Create a new user if (!$perm->have_perm("admin")) { // Do we have permission to do so? my_error("You do not have permission to create users."); break; } if (empty($username) || empty($password)) { // Do we have all necessary data? my_error("Please fill out Username and Password!"); break; } /* Does the user already exist? NOTE: This should be a transaction, but it isn't... */ $db->query("select * from auth_user where username='$username'"); if ($db->nf()>0) { my_error("User $username already exists!"); break; } // Create a uid and insert the user... $u_id=md5(uniqid($hash_secret)); $permlist = addslashes(implode($perms,",")); $query = "insert into auth_user values('$u_id','$username','$password','$permlist')"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" created.
"); break; case "u_edit": // Change user parameters if($debug == 1) printf("u_edit, u_id +%s+
", $u_id); if (!$perm->have_perm("admin")) { // user is not admin if($auth->auth["uid"] == $u_id) { // user changes his own account $query = "update auth_user set password='$password' where user_id='$u_id'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("Password of ". $auth->auth["uname"] ." changed.
"); } else { my_error("You do not have permission to change users."); } } else { // user is admin if (empty($username) || empty($password)) { // Do we have all necessary data? my_error("Please fill out Username and Password!"); break; } // Update user information. $permlist = addslashes(implode($perms,",")); $query = "update auth_user set username='$username', password='$password', perms='$permlist' where user_id='$u_id'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" changed.
"); } break; case "u_kill": // Do we have permission to do so? if (!$perm->have_perm("admin")) { my_error("You do not have permission to delete users."); break; } // Delete that user. $query = "delete from auth_user where user_id='$u_id' and username='$username'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" deleted.
"); break; default: if($debug == 1) printf("default switch: u_id: .$u_id.
"); break; } } ?> <?php print $headtitle ?>
You are auth["uname"] ?>
have_perm("admin")){ ?> query("select * from auth_user order by username"); ?> next_record()){ ?> have_perm("admin")){ ?> auth["uname"] == $db->f("username")){ ?>
Username Password Level Action
perm_sel("perms","user");?>
"> "> perm_sel("perms", $db->f("perms")) ?> "> p("username") ?> "> p("perms") ?> "> p("username") ?> ********** p("perms") ?>