. **/ try{ if(isset($_GET['list'])){ $filter="WHERE id<>1"; $filter_array=array(); if(isset($_POST['filter'])){ if(isset($_POST['f_search'])){ if($_POST['f_search']!=""){ $filter.=" and (username LIKE ? or fullname LIKE ? or class LIKE ?)"; array_push($filter_array, "%".$_POST['f_search']."%", "%".$_POST['f_search']."%", "%".$_POST['f_search']."%"); } } if(isset($_POST['f_class'])){ for($i=0; $iprepare("SELECT id, username, fullname, accesslevel, class, perm_message FROM users ".$filter." ORDER BY class ASC, fullname ASC, accesslevel ASC"); $sql->execute($filter_array); echo " "; while($row=$sql->fetch(PDO::FETCH_ASSOC)){ echo " "; } echo "
".$lang['id']." ".$lang['username']." ".$lang['fullname']." ".$lang['accesslevel']." ".$lang['class']." ".$lang['perm_message']." ".$lang['tools']."
".$row['id']." ".$row['username']." ".$row['fullname']." ".$row['accesslevel']." ".$row['class']." ".($row['perm_message']?$lang['ryes']:$lang['rno'])."
"; } if(isset($_POST['new'])){ if($_POST['username']!=""){ $sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE username=:uname"); $sql->execute(array(":uname"=>$_POST['username'])); $res=$sql->fetch(PDO::FETCH_ASSOC); if($res['count']>0){ functions::setError(5); } } $password; if($_POST['password']=="0"){ $password=functions::randomString(6); } else{ $password=$_POST['password']; } $pm=isset($_POST['perm_message']); $sql=$db->prepare("INSERT INTO users (username, fullname, accesslevel, class, password, perm_message) VALUES (:uname, :fname, :al, :class, :passwd, :pm)"); $sql->execute(array(":uname"=>$_POST['username'], ":fname"=>$_POST['fullname'], ":al"=>$_POST['accesslevel'], ":class"=>$_POST['class'], ":passwd"=>PasswordStorage::create_hash($_POST['password']), ":pm"=>$pm)); $res=$sql->rowCount(); if($res>0){ functions::setMessage(3); } else{ functions::setError(4); } } if(isset($_GET['getdata'])){ $sql=$db->prepare("SELECT COUNT(id) AS count, id, username, fullname, accesslevel, class, perm_message FROM users WHERE id=:id"); $sql->execute(array(":id"=>$_GET['getdata'])); $res=$sql->fetch(PDO::FETCH_ASSOC); if($res['count']<1){ functions::setError(6); } else{ echo json_encode($res); } } if(isset($_POST['edit'])){ $sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id"); $sql->execute(array(":id"=>$_POST['edit'])); $res=$sql->fetch(PDO::FETCH_ASSOC); $pm=isset($_POST['perm_message']); if($res['count']<1){ functions::setError(6); } else{ $sql=$db->prepare("UPDATE users SET username=:uname, fullname=:fname, accesslevel=:al, class=:class, perm_message=:pm WHERE id=:id"); $sql->execute(array(":uname"=>$_POST['username'], ":fname"=>$_POST['fullname'], ":al"=>$_POST['accesslevel'], ":class"=>$_POST['class'], ":pm"=>$pm, ":id"=>$_POST['edit'])); $res1=$sql->rowCount(); //check if password needs update if($_POST['password']==""){ $res2=true; } else{ $password; if($_POST['password']=="0"){ $password=functions::randomString(6); } else{ $password=$_POST['password']; } $sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id"); $sql->execute(array(":passwd"=>PasswordStorage::create_hash($password), ":id"=>$_POST['edit'])); $res2=$sql->rowCount(); } if($res1 && $res2){ functions::setMessage(5); } else{ functions::setError(4); } } } if(isset($_POST['delete'])){ $sql=$db->prepare("DELETE FROM users WHERE id=:id"); $sql->execute(array(":id"=>$_POST['delete'])); $res=$sql->rowCount(); if($res>0){ functions::setMessage(4); } else{ functions::setError(4); } } } catch(Exception $e){ functions::setError(500); error_log($e); }