} break; // DELETE A USER (admin only) // DELETE A USER (admin only) case "deleteuser": checkForLogin("admin"); // Check to see if a user was given if (empty($_GET['id'])) { ReportScriptError($lang['ERR_USERNAME_NONE']); break; } // Check to see if user exists in the database $sql = "SELECT username, usertype FROM " . TABLE_USERS . " WHERE id=" . $_GET['id'] . " LIMIT 1"; $deluser = mysql_query($sql, $db_link) or die(ReportSQLError($sql)); if (mysql_num_rows($deluser) < 1) { ReportScriptError($lang['ERR_USERNAME_NON_EXIST']); break; } // Get the username and type $deluser = mysql_fetch_array($deluser); $deluserType = $deluser['usertype']; $deluserName = $deluser['username']; // Check to see if user is last remaining admin if ($deluserType == "admin") { $sql = "SELECT usertype FROM " . TABLE_USERS . " WHERE usertype='admin'"; $isLastAdmin = mysql_query($sql, $db_link) or die(ReportSQLError($sql)); if (mysql_num_rows($isLastAdmin) <= 1) { $actionMsg = $lang['ERR_USER_LAST_ADMIN']; break; } }
} } else { $actionMsg = "Username is blank or contains non-alphanumeric characters."; } break; // Delete a user (admin only) // Delete a user (admin only) case "deleteuser": checkForLogin("admin"); if (empty($_GET['id'])) { ReportScriptError("There is no user specified for deletion."); } $sql = "SELECT username FROM " . TABLE_USERS . " WHERE id=" . $_GET['id'] . " LIMIT 1"; $deluserName = mysql_query($sql, $db_link) or die(ReportSQLError($sql)); if (mysql_num_rows($deluserName) < 1) { ReportScriptError("The user you tried to delete does not exist."); } $deluserName = mysql_fetch_array($deluserName); $deluserName = $deluserName['username']; $sql = "DELETE FROM " . TABLE_USERS . " WHERE id=" . $_GET['id'] . " LIMIT 1"; mysql_query($sql, $db_link) or die(ReportSQLError($sql)); $actionMsg = "User '{$deluserName}' has been deleted."; break; // Change password (all users) // Change password (all users) case "changepass": // Check to see if password and confirmation matches if ($_POST['passwordNew'] == $_POST['passwordNewRetype']) { // SQL query checks to make sure username and old password is corrrect. $sql = "UPDATE " . TABLE_USERS . " SET password=MD5('" . $_POST['passwordNew'] . "') WHERE username='******'username'] . "' AND password=MD5('" . $_POST['passwordOld'] . "') LIMIT 1"; $updatePassword = mysql_query($sql, $db_link) or die(ReportSQLError($sql));