");
}
switch ($key) {
case "create": // Create a new user
if (!$perm->have_perm("admin")) {
// Do we have permission to do so?
my_error("You do not have permission to create users.");
break;
}
if (empty($username) || empty($password)) {
// Do we have all necessary data?
my_error("Please fill out Username and Password!");
break;
}
/* Does the user already exist?
NOTE: This should be a transaction, but it isn't... */
$db->query("select * from auth_user where username='$username'");
if ($db->nf()>0) {
my_error("User $username already exists!");
break;
}
// Create a uid and insert the user...
$u_id=md5(uniqid($hash_secret));
$permlist = addslashes(implode($perms,","));
$query = "insert into auth_user values('$u_id','$username','$password','$permlist')";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" created.
");
break;
case "u_edit": // Change user parameters
if($debug == 1)
printf("u_edit, u_id +%s+
", $u_id);
if (!$perm->have_perm("admin")) {
// user is not admin
if($auth->auth["uid"] == $u_id) {
// user changes his own account
$query = "update auth_user set password='$password' where user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("Password of ". $auth->auth["uname"] ." changed.
");
} else {
my_error("You do not have permission to change users.");
}
} else {
// user is admin
if (empty($username) || empty($password)) {
// Do we have all necessary data?
my_error("Please fill out Username and Password!");
break;
}
// Update user information.
$permlist = addslashes(implode($perms,","));
$query = "update auth_user set username='$username', password='$password', perms='$permlist' where user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" changed.
");
}
break;
case "u_kill": // Do we have permission to do so?
if (!$perm->have_perm("admin")) {
my_error("You do not have permission to delete users.");
break;
}
// Delete that user.
$query = "delete from auth_user where user_id='$u_id' and username='$username'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" deleted.
");
break;
default:
if($debug == 1)
printf("default switch: u_id: .$u_id.
");
break;
}
} ?>
Username | Password | Level | Action |
---|