function iUsers($iname, $ipass, $imail)
{
global $admin_file, $CURUSER;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error');
} else {
$updateset = array();
if (!empty($ipass)) {
$secret = mksecret();
$hash = md5($secret . $ipass . $secret);
$updateset[] = "secret = " . sqlesc($secret);
$updateset[] = "passhash = " . sqlesc($hash);
}
if (!empty($imail) && validemail($imail)) {
$updateset[] = "email = " . sqlesc($imail);
}
if (count($updateset)) {
$res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error");
} else {
stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : ""));
}
}
} else {
echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>";
}
}
<?php
function mysql_modified_rows($conn)
{
$info_str = mysql_info($conn);
$a_rows = mysql_affected_rows();
ereg("Rows matched: ([0-9]*)", $info_str, $r_matched);
return $a_rows < 1 ? $r_matched[1] ? $r_matched[1] : 0 : $a_rows;
}
if (mysql_modified_rows($conn) > 0) {
mysql_close();
}
function user_session()
{
global $CURUSER, $use_sessions;
if (!$use_sessions) {
return;
}
$ip = getip();
$url = getenv("REQUEST_URI");
if (!$CURUSER) {
$uid = -1;
$username = '';
$class = -1;
} else {
$uid = $CURUSER['id'];
$username = $CURUSER['username'];
$class = $CURUSER['class'];
}
$past = time() - 300;
$sid = session_id();
$where = array();
$updateset = array();
if ($sid) {
$where[] = "sid = " . sqlesc($sid);
} elseif ($uid) {
$where[] = "uid = {$uid}";
} else {
$where[] = "ip = " . sqlesc($ip);
}
//sql_query("DELETE FROM sessions WHERE ".implode(" AND ", $where));
$ctime = time();
$agent = $_SERVER["HTTP_USER_AGENT"];
$updateset[] = "sid = " . sqlesc($sid);
$updateset[] = "uid = " . sqlesc($uid);
$updateset[] = "username = "******"class = " . sqlesc($class);
$updateset[] = "ip = " . sqlesc($ip);
$updateset[] = "time = " . sqlesc($ctime);
$updateset[] = "url = " . sqlesc($url);
$updateset[] = "useragent = " . sqlesc($agent);
session_write_close();
if (count($updateset)) {
sql_query("UPDATE sessions SET " . implode(", ", $updateset) . " WHERE " . implode(" AND ", $where)) or sqlerr(__FILE__, __LINE__);
}
if (mysql_modified_rows() < 1) {
sql_query("INSERT INTO sessions (sid, uid, username, class, ip, time, url, useragent) VALUES (" . implode(", ", array_map("sqlesc", array($sid, $uid, $username, $class, $ip, $ctime, $url, $agent))) . ")") or sqlerr(__FILE__, __LINE__);
}
}
