<?php include 'session.php'; include 'header.php'; if (!logged_in_as_admin()) { die("Must be logged in as an admin to access this page"); } $query = "SELECT u1.* FROM users AS u1 JOIN (SELECT email FROM users\n GROUP BY email HAVING COUNT(*) > 1\n ) AS u2 ON u1.email = u2.email WHERE password != ''\n ORDER BY email, user_id"; $result = mysql_query($query); if (!$result) { echo "Could not query database"; } else { $num_accounts = mysql_num_rows($result); echo <<<EOT <h3>Found {$num_accounts} accounts using duplicate email addresses</h3> <table class="leaderboard"> <thead><tr> <th>ID</th><th>User</th><th>Email</th><th>Activated</th</tr> </thead><tbody> EOT; for ($i = 1; $row = mysql_fetch_assoc($result); $i += 1) { $tr_class = $i % 2 ? "even" : "odd"; $user_id = $row['user_id']; $username = $row['username']; $email = $row['email']; $activated = $row['activated']; echo <<<EOT <tr class="{$tr_class}"> <td><a href="profile.php?user_id={$user_id}">{$user_id}</a></td> <td><a href="profile.php?user_id={$user_id}">{$username}</a></td> <td>{$email}</td><td>{$activated}</td>
<?php include 'session.php'; function safe_str($str) { return mysql_real_escape_string(stripslashes($str)); } if (!(logged_in_with_valid_credentials() && logged_in_as_admin())) { die("Forget it, you must be logged in as admin."); } if (!isset($_POST['user_id']) || !isset($_POST['reason'])) { die("Did not receive user_id or reason"); } $user_id = safe_str($_POST['user_id']); $reason = $_POST['reason']; $query = "SELECT * from users where user_id=" . $user_id; $result = mysql_query($query); if (!result || mysql_num_rows($result) != 1) { die("Could not find the user account"); } $user = mysql_fetch_assoc($result); if ($user['password'] == "") { die("This account is already disabled"); } $admin = current_username(); $bio = safe_str($user['bio'] . " - " . $reason . " by " . $admin); $email = safe_str($user['email'] . " disabled"); $query = "UPDATE users SET email='{$email}', bio = '{$bio}', password = ''\n WHERE user_id={$user_id}"; mysql_query($query); $query = "UPDATE submissions SET latest=0 WHERE user_id={$user_id}"; mysql_query($query);