Hey MWG, I am here with a big request which is for someone to re-code the script for me. Much secure and efficient.
I tried re-coding it myself however, I am failing with many errors. And it looks like a complete mess.
Error at the moment -
QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Query was SELECT * FROM `users` WHERE `userid` =
<?php
require_once('sglobals.php');
echo "<h3><u>Edit User</u></h3>";
$_POST['userid'] =
array_key_exists('userid', $_POST) && ctype_digit($_POST['userid'])
? $_POST['userid'] : '';
$_POST['ID'] =
array_key_exists('ID', $_POST) && ctype_digit($_POST['ID'])
? $_POST['ID'] : '';
$_GET['ID'] =
array_key_exists('ID', $_GET) && ctype_digit($_GET['ID'])
? $_GET['ID'] : '';
if(!isset($_POST['ID'])) {
foreach($_POST as $k => $v) {
$db->query("UPDATE `users` SET " . $k . " = '" . $v . "' WHERE `userid` = " . $_POST['userid']);
}
stafflog_add("Edited {$_POST['userid']}");
confirmation("Edited {$_POST['userid']}");
}
if(!$_GET['ID'] AND !$_POST['userid']) {
echo "Please select the user you wish to edit below.<br/>Some of the edit fields have been disabled and hidden to protect certain details about the user.
<table width = '70%' class = 'table' cellpadding = '5' cellspacing = '1'>
<tr>
<th width = '50%'>Userid</th>
<th width = '50%'>Username</th>
</tr>
<tr>
<td style = 'text-align: center;'>
<form action = '" . basename($_SERVER['SCRIPT_FILENAME']) . "' method = 'GET'>
<input type = 'text' name = 'ID'>
<input type = 'submit' value = 'Edit'>
</form>
</td>
<td style = 'text-align: center;'>
<form action = '" . basename($_SERVER['SCRIPT_FILENAME']) . "' method = 'GET'>
" . user_dropdown($c, 'ID') . "
<input type = 'submit' value = 'edit'>
</form>
</td>
</tr>
</table>";
}
function showTable($variable) {
if ($variable === true) {
return 'true';
} else if ($variable === false) {
return 'false';
} else if ($variable === null) {
return 'null';
} else if (is_array($variable)) {
$html = "<table width = '80%' class = 'table' cellpadding = '5' cellspacing = '1' style = 'text-align: left;'>
<tr><th colspan = '2'>Currently editing user " . $variable['username'] . " [" . $_GET['ID'] . "] <div style = 'float: right;'><a href ='staff_edituser.php'>>Go Back</a></div></th></tr>
<tr><th width = '20%' style = 'text-align: left;'>Field</th><th style = 'text-align: left;'>Value</th></tr>";
foreach ($variable as $key => $value) {
$value = showTable($value);
$hide = array('userpass','pass_salt','profile_signature','user_notepad','forums_signature','user_level','login_name');
if(!in_array($key, $hide)) {
$html .= "<tr><td style='text-align: left;'>" . ucfirst($key) . "</td>
<td style='text-align: left;'>
<input type='text' name='".$key."' value='".$value."' size='70'>
</td></tr>";
}
}
return $html;
} else {
return strval($variable);
}
}
$ro = $db->query("SELECT * FROM `users` WHERE `userid` = " . $_GET['ID']);
if(!$db->num_rows($ro)) {
error("No users found");
}
$r = $db->fetch_row($ro);
echo "<form action='staff_edituser.php' method='post'>";
echo showTable($r);
echo "<tr><td colspan = '2'><input type='submit' value='Save new settings'></td></tr></form>
</table>";
$h->endpage();
?>