// Access level restriction Authentication::accessLevelController(8, ">"); // Deal with usr_ban form if (isset($_GET['action'])) { if ($_GET['action'] == 'ban' && isset($_POST['user'])) { Authentication::suspendUser($_POST['user']); $successAlert = 1; } // Deal with unban form if ($_GET['action'] == 'unban' && isset($_POST['unbanID'])) { Authentication::reinstateUser($_POST['unbanID']); $successAlert = 1; } if ($_GET['action'] == 'deactivate' && isset($_POST['uid'])) { Authentication::deactivateUser($_POST['uid']); $successAlert = 1; } } $sqlSuspend = "SELECT * FROM `users` WHERE `suspended` = '0'"; $resultSuspend = openRailwayCore::dbQuery($sqlSuspend); $sqlReinstate = "SELECT * FROM `users` WHERE `suspended` = '1'"; $resultReinstate = openRailwayCore::dbQuery($sqlReinstate); $main = new Template(); $main->set_custom_template("includes/", 'default'); $main->assign_var('ROOT', ROOT); while ($accountSuspend = mysql_fetch_assoc($resultSuspend)) { $main->assign_block_vars('user_loop', array('UID' => $accountSuspend['user_id'], 'NAME' => $accountSuspend['username'], 'SID' => $accountSuspend['staff_id'])); } while ($accountReinstate = mysql_fetch_assoc($resultReinstate)) { $main->assign_block_vars('user_sus_loop', array('UID' => $accountReinstate['user_id'], 'NAME' => $accountReinstate['username'], 'SID' => $accountReinstate['staff_id']));
// Display profile Authentication::blockPageToVisitors(); openRailwayCore::pageHeader(""); openRailwayCore::pageFooter(); } elseif (isset($_GET['mode'])) { // Modes switch ($_GET['mode']) { case "account": Authentication::blockPageToVisitors(); // Account actions if (isset($_GET['action'])) { switch ($_GET['action']) { case "deactivate": // Deactivates account if (isset($_SESSION['user_id'])) { Authentication::deactivateUser($_SESSION['user_id']); } break; case "update": // Update user details - AJAX implementation if (isset($_POST['fname']) && isset($_POST['mname']) && isset($_POST['sname']) && isset($_POST['address']) && isset($_POST['dob']) && isset($_POST['mphone']) && isset($_POST['wphone']) && isset($_POST['hphone']) && isset($_POST['email'])) { openRailwayCore::dbQuery("UPDATE `staff_master` SET `first_name` = '" . $_POST['fname'] . "', `middle_name` = '" . $_POST['mname'] . "', `surname` = '" . $_POST['sname'] . "', `date_of_birth` = '" . $_POST['dob'] . "', `address` = '" . $_POST['address'] . "', `email` = '" . $_POST['email'] . "', `home_phone` = '" . $_POST['hphone'] . "', `mobile_phone` = '" . $_POST['mphone'] . "', `work_phone` = '" . $_POST['wphone'] . "' WHERE `staff_id` = '" . $_SESSION['staff_id'] . "'"); openRailwayCore::logEvent(time(), openRailwayCore::createInteractionIdentifier(), $_SESSION['user_id'], 5, 0, "User (SID: " . $_SESSION['staff_id'] . ") own profile updated"); } else { header("Location: " . ROOT . "user.php?mode=account"); } break; case "changepassword": if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && isset($_POST['confirmpassword'])) { // Change password code }