?
Path : /home/admin/public_html/modules-bak/users/ |
Current File : /home/admin/public_html/modules-bak/users/mod_user.php |
<? class user extends MySqls { function Access($module){ global $user_login; $module=strtolower($module); if($user_login['Access']=='Administrator'){ return true; } if($user_login['Login_Status']!='True'){ return false; } $this->Query("SELECT * FROM modules WHERE module_name='".$module."' AND usertype_access_id='".$user_login['Type']."'"); $numRow=$this->numRows(); if($numRow==0){ return false; } return true; } function Initial() { global $user_login; $client_ip=getClientIp(); $SessionID=md5($this->getSessionID()); $current_time=time(); if($user_login['Login_Status']!=true){$su="Guest";}else{$su=$user_login['Login'];} $time=time()-21600000; $this->setQuery("DELETE FROM session WHERE session_time<$time"); $this->freeQuery(); $this->setQuery("SELECT * FROM session WHERE session_ip='$client_ip' AND session_user='$su'"); $this->QueryReturn(); if($this->numRows()==0){ $useronline=array( 'ip'=>getClientIp(), 'user'=>$su, 'time'=>time(), 'url'=>$_SERVER['QUERY_STRING'] ); $this->Insert('useronline',$useronline); $this->setQuery("INSERT INTO session (session_id,session_time,session_ip,session_user) VALUES ('$SessionID','$current_time','$client_ip','$su')"); //$user['s_uid']=$SessionID; if(!$this->QueryReturn()){ Error($this->mysqlError());} } }//end function user function getSessionID(){ mt_srand ((double) microtime() * 1000000); $pass_len = mt_rand (20,40); $allchar = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ0123456789"; $str = "" ; for ( $i = 0; $i<$pass_len ; $i++ ){ $str .= substr( $allchar, mt_rand (0,62), 1 ) ; } $timestamp= time(); $str=$str.$timestamp; return($str); } function login($UserNameLogin,$UserPasswordLogin) { global $user_login; $md5Pass=md5($UserPasswordLogin); //$md5Pass=$UserPasswordLogin; $this->setQuery("SELECT * FROM users where user_login= '$UserNameLogin' AND user_password = '$md5Pass'"); //print_r($this); $result=$this->QueryReturn(); if($this->numRows()==""){ echo "<SCRIPT>alert('ชื่อผู้ใช้งาน หรือ รหัสผ่านไม่ถูกต้อง'); window.history.back(); </SCRIPT>\n"; exit(); }else{ $arr=mysql_fetch_array($result); $this->setQuery("SELECT * FROM user_profile where user_id= '{$arr['user_id']}'"); $result2=$this->QueryReturn(); $arr2=mysql_fetch_array($result2); /*if($arr['user_block']=='Yes'){ $error="Access Denine"; echo "<script>jAlert('Access Denine', 'Error');</script>"; exit(); } if($arr['user_type']!='1'){ $error="Admin Only"; echo "<script>jAlert('Admin Only', 'Error');</script>"; exit(); }*/ //$_IpLogin=getClientIp(); $_SESSION["user_login"]['ID'] =$arr['user_id']; $_SESSION["user_login"]['Login_Status'] ="True"; $_SESSION["user_login"]['Login'] =$arr['user_login']; $_SESSION["user_login"]['Password'] =$arr['user_password']; $_SESSION["user_login"]['Type'] =$arr['user_type']; $_SESSION["user_login"]['Nickname'] =$arr2['nickname']; $_SESSION["user_login"]['Name'] =$arr['user_name']; //print_r($_SESSION["user_login"]); //$user_login['Group_Root']=$this->getRootParent($arr['user_type']); //$access=$this->getDataOneRow('usertype',$arr['user_type'],'usertype_id'); //$user_login['Access']=$access['usertype_name']; $this->setQuery("UPDATE users SET user_last_visit_time='".time()."' WHERE user_login='".$arr['user_login']."'"); $this->freeQuery(); $this->setQuery("UPDATE users SET user_last_login_ip='".getClientIp()."' WHERE user_login='".$arr['user_login']."'"); $this->freeQuery(); //$this->setQuery("UPDATE session set session_user='$UserNameLogin' where session_ip='$_IpLogin'"); //$this->freeQuery(); echo"<meta http-equiv=\"refresh\" content=\"0;url=\"".$_SERVER[PHP_SELF]."\">"; //header("Location:index1.php"); } }//end function login function getRootParent($group){ $parent=$this->getRow('usertype',"WHERE usertype_id='$group'"); if($parent['usertype_parent']!=''){ $root=$this->getRootParent($parent['usertype_parent']); }else{ return $parent['usertype_id']; } return $root; } function logout() { global $user_login; //$_IpLogin=getClientIp(); //$this->setQuery("DELETE FROM session where session_user='".$user_login['Login']."'"); //$this->QueryReturn(); $url=str_replace('?mod=logout', '', $_SERVER[PHP_SELF]); session_start(); session_destroy(); //echo"<meta http-equiv=\"refresh\" content=\"0;url=\"".ucfirst(pathinfo($_SERVER['PHP_SELF'], PATHINFO_FILENAME))."\">"; if ($url=="/reviewer.php") echo"<meta http-equiv=\"refresh\" content=\"0;url=\"index.php\">"; else header("Location:$url"); }//end function logout function add_new_account(){ $data=Array( 'user_login'=>$_POST['username'], 'user_password'=>md5($_POST['password']), 'user_name'=>$_POST['name'], 'user_type'=>$_POST['cat_id'], ); $chk_user=$this->check_data($table='users',$field='user_login',$_POST['username']); if($chk_user==1){ echo "<SCRIPT>alert('username มีการใช้แล้วกรุณาลองชื่ออื่น'); window.history.back(); </SCRIPT>\n"; exit(); } if($_POST['password']!=$_POST['password2']){ echo "<SCRIPT>alert('รหัสผ่านและรหัสผ่านยืนยันไม่ตรงกัน'); window.history.back(); </SCRIPT>\n"; exit(); } if($_POST['name']!=''&&$_POST['username']!=''&&$_POST['cat_id']!=''&&$_POST['password']==$_POST['password2']){ if($this->Insert('users',$data)){ $new_name=$_POST['username']; $id=$this->getDataOneRow('users',$new_name,'user_login'); $data2=Array( 'user_id'=>$id['user_id'], //'photo'=>$photo, 'name'=>$_POST['firstname'], 'lastname'=>$_POST['lastname'], 'nickname'=>$_POST['name'], 'telephone'=>$_POST['tel'], 'email1'=>$_POST['email'], ); if($this->Insert('user_profile',$data2)){ echo "<SCRIPT>alert('ลงทะเบียนเรียบร้อย');</SCRIPT>\n"; echo"<meta http-equiv=\"refresh\" content=\"0;url=blog.php\">"; } else{ echo"<meta http-equiv=\"refresh\" content=\"0;url=register.php?msg=0\">"; } }else{ echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=0\">"; } }else{ echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n"; exit(); } }//end new Account function edit_user(){ //check_data_edit($table,$field,$data,$id_field,$id) $chk_user=$this->check_data_edit($table='users',$field='user_login',$_POST['username'],'user_id',$_POST['user_id']); $this->Query("SELECT name,lastname FROM user_profile WHERE user_id!='".$_POST['user_id']."' AND name='".$_POST['name']."' AND lastname='".$_POST['lastname']."'"); $chk_name_lastname=$this->numRows(); // $chk_email=$this->check_data_edit($table='users',$field='user_email',$_POST['email'],'user_id',$_POST['user_id']); if($chk_user==1){ echo "<SCRIPT>alert('Username is ready to use'); window.history.back(); </SCRIPT>\n"; exit(); } if($chk_name_lastname==1){ echo "<SCRIPT>alert('ชื่อ-นามสกุล ".$_POST['name']." ".$_POST['lastname']." นี้มีในระบบแล้ว'); window.history.back(); </SCRIPT>\n"; exit(); } /* if($chk_email==1){ echo "<SCRIPT>alert('Email is ready to use'); window.history.back(); </SCRIPT>\n"; exit(); } */ if($_POST['password']!=''){ if($_POST['password']!=$_POST['repassword']){ echo "<SCRIPT>alert('รหัสผ่านไม่ตรงกัน'); window.history.back(); </SCRIPT>\n"; exit(); }else{ $pass=md5($_POST['password']); $this->Query("update users set user_password='$pass' where user_id='".$_POST['user_id']."'"); } }//end check _POST['password']!='' if($_POST['username']!=''){ $data=Array( 'user_login'=>$_POST['username'], 'user_name'=>$_POST['name'], 'user_email'=>$_POST['email1'], 'user_type'=>$_POST['usertype'], 'user_block'=>$_POST['block'] ); if($this->Update('users',$data,"where user_id='".$_POST['user_id']."'")){ $chk=$this->check_data($table='user_profile',$field='user_id',$_POST['user_id']); $picname=uploadfiles('photo',$_POST['username'],$file_dir='../user_photo',$limit_size,$numfiles=1); if($picname[0]==''){ $picname[0]=$_POST['edit_photo']; }else{ $img_src="../user_photo/".$picname[0]; make_thumb($img_src,'../user_photo/thumbs/'.$picname[0],150); } $data3=Array('photo'=>$picname[0]); $this->Update('user_profile',$data3,"where user_id='".$_POST['user_id']."'"); if($chk!=0){ $data2=Array( 'name'=>$_POST['name'], 'lastname'=>$_POST['lastname'], 'nickname'=>$_POST['nickname'], 'day'=>$_POST['day'], 'month'=>$_POST['month'], 'year'=>$_POST['year'], 'gender'=>$_POST['gender'], 'address'=>$_POST['address'], 'road'=>$_POST['road'], 'sub_district'=>$_POST['sub_district'], 'district'=>$_POST['district'], 'province'=>$_POST['province'], 'zipcode'=>$_POST['zipcode'], 'telephone'=>$_POST['telephone'], 'mobile'=>$_POST['mobile'], 'email1'=>$_POST['email1'], 'email2'=>$_POST['email2'], 'job'=>$_POST['job'], ); $this->Update('user_profile',$data2,"where user_id='".$_POST['user_id']."'"); }else{ $data2=Array( 'photo'=>$picname[0], 'name'=>$_POST['name'], 'lastname'=>$_POST['lastname'], 'nickname'=>$_POST['nickname'], 'day'=>$_POST['day'], 'month'=>$_POST['month'], 'year'=>$_POST['year'], 'gender'=>$_POST['gender'], 'address'=>$_POST['address'], 'road'=>$_POST['road'], 'sub_district'=>$_POST['sub_district'], 'district'=>$_POST['district'], 'province'=>$_POST['province'], 'zipcode'=>$_POST['zipcode'], 'telephone'=>$_POST['telephone'], 'mobile'=>$_POST['mobile'], 'email1'=>$_POST['email1'], 'email2'=>$_POST['email2'], 'job'=>$_POST['job'], 'user_id'=>$_POST['user_id'], ); $this->Insert('user_profile',$data2); } echo $picname[0]; echo"<meta http-equiv=\"refresh\" content=\"0;url=reviewer.php?mod=user&msg=2\">"; }else{ echo $picname[0]; echo"<meta http-equiv=\"refresh\" content=\"0;url=reviewer.php?mod=user&msg=6\">"; } }else{ echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n"; exit(); } }//end edit user function del_user(){ global $user_login; $user_id=$_GET['id']; $chk_admin=$this->getDataOneRow('users',$user_id,'user_id'); /*if($chk_admin['user_type']==1){ echo "<SCRIPT>alert('Cannot Delete Administator'); window.history.back(); </SCRIPT>\n"; exit(); }*/ if($user_login['Type']==1){ $rs=$this->Query("delete from users where user_id='$user_id'"); if($rs){ $this->Query("DELETE FROM user_profile WHERE user_id='$user_id'"); echo"<meta http-equiv=\"refresh\" content=\"0;url=reviewer.php?mod=user&msg=3\">"; }else{ echo"<meta http-equiv=\"refresh\" content=\"0;url=reviewer.php?mod=user&msg=5\">"; } }else{ echo"<meta http-equiv=\"refresh\" content=\"0;url=reviewer.php?mod=user&msg=4\">"; } } }//end class user ?>