# Simple User Search - Updated by djhowarth (21-11-2011) #======================================================================# if ($action == "users") { if ($CURUSER['delete_users'] == 'no' || $CURUSER['delete_torrents'] == 'no') { autolink("admincp.php", "You do not have permission to be here."); } if ($do == "del") { if (!@count($_POST["users"])) { show_error_msg(T_("ERROR"), "Nothing Selected.", 1); } $ids = array_map("intval", $_POST["users"]); $ids = implode(", ", $ids); $res = SQL_Query_exec("SELECT `id`, `username` FROM `users` WHERE `id` IN ({$ids})"); while ($row = mysql_fetch_row($res)) { write_log("Account '{$row['1']}' (ID: {$row['0']}) was deleted by {$CURUSER['username']}"); deleteaccount($row[0]); } if ($_POST['inc']) { $res = SQL_Query_exec("SELECT `id`, `name` FROM `torrents` WHERE `owner` IN ({$ids})"); while ($row = mysql_fetch_row($res)) { write_log("Torrent '{$row['1']}' (ID: {$row['0']}) was deleted by {$CURUSER['username']}"); deletetorrent($row["id"]); } } autolink("admincp.php?action=users", "Entries Deleted"); } $where = null; if (!empty($_GET['search'])) { $search = sqlesc('%' . $_GET['search'] . '%'); $where = "AND username LIKE " . $search . " OR email LIKE " . $search . "\n OR ip LIKE " . $search; }
$ret = SQL_Query_exec("INSERT INTO warnings (userid, reason, added, expiry, warnedby, type) VALUES ('{$userid}','{$reason}','{$timenow}','{$expiretime}','" . $CURUSER['id'] . "','{$type}')"); $ret = SQL_Query_exec("UPDATE users SET warned='yes' WHERE id='{$userid}'"); $msg = sqlesc("You have been warned by " . $CURUSER["username"] . " - Reason: " . $reason . " - Expiry: " . $expiretime . ""); $added = sqlesc(get_date_time()); @SQL_Query_exec("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, {$userid}, {$msg}, {$added})"); write_log($CURUSER['username'] . " has added a warning for user: <a href='account-details.php?id={$userid}'>{$userid}</a>"); header("Location: account-details.php?id={$userid}"); die; } if ($action == "deleteaccount") { if ($CURUSER["delete_users"] != "yes") { //only allow admins to delete users show_error_msg(T_("ERROR"), T_("TASK_ADMIN"), 1); } $userid = (int) $_POST["userid"]; $username = sqlesc($_POST["username"]); $delreason = sqlesc($_POST["delreason"]); if (!is_valid_id($userid)) { show_error_msg(T_("FAILED"), T_("INVALID_USERID"), 1); } if ($CURUSER["id"] == $userid) { show_error_msg(T_("ERROR"), "You cannot delete yourself.", 1); } if (!$delreason) { show_error_msg(T_("ERROR"), T_("MISSING_FORM_DATA"), 1); } deleteaccount($userid); write_log($CURUSER['username'] . " has deleted account: {$username}"); show_error_msg(T_("COMPLETED"), T_("USER_DELETE"), 1); die; }