} if (isset($_SESSION['superadmin']) || isset($_SESSION['admin']) && 2 > intval(getUserDataByID($id)['status'])) { disableAcc($id); } else { die("error"); } } if (isset($_POST['theme']) && isset($_POST['themename'])) { $themename = mysql_html($_POST['themename']); writeStyleToPreferences($_SESSION['uid'], $themename); } if (isset($_POST['sidebar']) && isset($_POST['collapse']) && isset($_POST['sfloat']) && isset($_POST['hover']) && isset($_POST['scrollbar'])) { $collapse = mysql_html($_POST['collapse']); $sfloat = mysql_html($_POST['sfloat']); $hover = mysql_html($_POST['hover']); $scrollbar = mysql_html($_POST['scrollbar']); writeSidebarToPreferences($_SESSION['uid'], $collapse, $sfloat, $hover, $scrollbar); } if (isset($_POST['editUser']) && isset($_POST['id']) && isset($_POST['origin']) && isset($_POST['status'])) { editUserData(); } function editUserData() { $id = intval($_POST['id']); if ($id == 0) { die("error"); } $origin = intval($_POST['origin']); $status = intval($_POST['status']); $getmail = $_POST['getmail'] === "true" ? 1 : 0; if (isset($_SESSION['superadmin']) || isset($_SESSION['admin']) && getUserStatus($id) < 2 && $status < 2) {
function editUser($id, $origin, $status, $username = null, $password = null, $email = null, $fullname = null, $getmail = 1) { global $mysql; if ($origin == 1) { $query = "UPDATE 1fx_users SET status={$status}, prefer_email={$getmail} WHERE user_id={$id} AND origin={$origin}"; mysqli_query($mysql, $query); } else { $username = mysql_html($username); $fullname = mysql_html($fullname); $email = mysql_html($email); $query = ""; if (strlen(trim($password)) == 0) { $query = "UPDATE 1fx_users SET prefer_email={$getmail}, username='******', fullname='{$fullname}', email='{$email}', status={$status} WHERE user_id={$id} AND origin={$origin}"; } else { $password = password_hash(mysql_html($password), PASSWORD_DEFAULT); $query = "UPDATE 1fx_users SET prefer_email={$getmail}, username='******', password='******', fullname='{$fullname}', email='{$email}', status={$status} WHERE user_id={$id} AND origin={$origin}"; } $result = mysqli_query($mysql, $query); if (!$result) { die("error"); } } }