function lookup() { if (isset($_POST['lookup_field']) && $_POST['lookup_value'] != '') { global $conn, $config, $lang; require_once $config['basepath'] . '/include/user.inc.php'; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $display = ''; $lookup_value = $misc->make_db_safe($_POST['lookup_value']); $sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE ' . $_POST['lookup_field'] . ' = ' . $lookup_value; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $id = $recordSet->fields[0]; if ($id != '') { $security = login::loginCheck('Admin', true); if ($security === true) { $display .= user_managment::edit_user($id); } else { $user_type = user::get_user_type($id); if ($user_type === admin) { $display .= $lang['user_manager_permission_denied']; } else { $display .= user_managment::edit_user($id); } } } else { $display .= '<div align="center" class="redtext">' . $lang['user_manager_user_not_found'] . '</div>'; $display .= user_managment::show_users(); } return $display; } }