. */ function ListAdmins() { global $db; $result = $db->Query("SELECT `user_id`, `username`, `level` FROM `bayonet_users` ORDER BY `level` DESC, `username` ASC"); $admins = $db->fetch($result); $num = 1; OpenTable("300px"); echo "UsernameLevel"; foreach($admins as $admin) { if($admin['level'] != $level){ $level = $admin['level']; echo "

"; } echo "{$num}.{$admin['username']}{$admin['level']}"; $num++; } CloseTable(); } function NewAdmin() { global $db; $maxLevel = $_SESSION['level']; if(isset($_POST['processed'])){ $username = addslashes($_POST['username']); $email = addslashes($_POST['email']); $first = addslashes($_POST['first']); $last = addslashes($_POST['last']); $level = $_POST['level']; $all = $_POST['all']; $squadleader = $_POST['squadleader']; $adjutant = $_POST['adjutant']; $quartermaster = $_POST['quartermaster']; $level = (int)$level; $all = (int)$all; $squadleader = (int)$squadleader; $adjutant = (int)$adjutant; $quartermaster = (int)$quartermaster; $password = GeneratePassword(8); $cryptpassword = crypt(md5($password),'iamnotadirtywhorebitch'); if(empty($username)) { ReportError("This user must have a username to continue."); return; } $result = $db->Query("SELECT `level` FROM `bayonet_users` WHERE `username` = '$username' OR `email` = '$email'"); if($db->Rows($result) > 0){ ReportError("The email and or username you entered is already in use."); return; } $Name = "Rocky the Marne Dog"; $subject = "3rd ID Admin Password"; $header = "From: ". $Name . " < DO NOT RESPOND >\r\n"; //optional headerfields $mail_body = "Do not respond to this email.\n\n------------------------------\nUsername: ".$username."\nPassword: ".$password."\n------------------------------\n\nTo login click on this link. http://testbed.3rd-infantry-division.org/cms/admin/ \n\nIt is recommended that you change your password once you login. To do so, click on Account Settings>Change Password."; $sent = mail($email, $subject, $mail_body, $header); if(!$sent){ ReportError("Error validating email. This user was not saved."); return; } $db->Query("INSERT INTO `bayonet_users` (`user_id` ,`username` ,`password` ,`lastname` ,`firstname` ,`email` ,`joined` ,`level` ,`all` ,`squadleader` ,`adjutant` ,`quartermaster`) VALUES (NULL, '$username', '$cryptpassword', '$last', '$first', '$email', CURRENT_TIMESTAMP, $level, $all, $squadleader, $adjutant, $quartermaster)"); echo "Admin, '$username' level '$level' has been added. An email has been sent to him with his username and password.\n

Please wait while you are redirected.

Click here if you don't feel like waiting."; // 3 second redirect to go back to the edit page PageRedirect(2, "?op=admins"); return; } ?>

Cancel

Username:	*
First Name:
Last Name:
Email Address:	*
Level:

Everything else	Squad Leader	Adjutant	Quartermaster
"; else echo ""; ?>	"; else echo ""; ?>	"; else echo ""; ?>	"; else echo ""; ?>

Show/Hide Permissions

Query("UPDATE `bayonet_users` SET `username` = '$username', `level` = '$level', `all` = '$all', `squadleader` = '$squadleader', `adjutant` = '$adjutant', `quartermaster` = '$quartermaster' WHERE `user_id` = '$user_id' LIMIT 1"); echo "Admin, '$username' level '$level' has been edited.\n

Please wait while you are redirected.

Click here if you don't feel like waiting."; // 3 second redirect to go back to the edit page PageRedirect(2, "?op=admins&edit={$user_id}"); return; } $result = $db->Query("SELECT * FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1"); $admin = $db->FetchRow($result); if($maxLevel < $admin['level']){ ReportError("You do not have permission to access this user."); return; } ?> Edit the attributes of this administrator.

Username:
Level:

Query("SELECT `username` FROM `bayonet_users` WHERE `user_id` = '$user_id'"); $admin = $db->Fetch($result); if(isset($_POST['proceed'])) { echo "Admin '{$admin['username']}', was deleted."; $db->Query("DELETE FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1"); PageRedirect(3,"?op=admins"); return; } if(isset($_POST['cancel'])) { echo "User cancelled deletion of admin: '{$admin['username']}'"; PageRedirect(1,"?op=admins"); return; } ?>