X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-lock_user.php;h=d382ea2f68b91125517ee251dbcbbcc24aed16b3;hb=2142149f3f72f1a2476f95a87937c044d63bbaf2;hp=c257d797f6ffca55e40a41b66cb08666b810046e;hpb=99cab54d086b044c882670ef9e051ba85bf9771f;p=mailer.git diff --git a/inc/modules/admin/what-lock_user.php b/inc/modules/admin/what-lock_user.php index c257d797f6..d382ea2f68 100644 --- a/inc/modules/admin/what-lock_user.php +++ b/inc/modules/admin/what-lock_user.php @@ -32,61 +32,55 @@ ************************************************************************/ // Some security stuff... -if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) -{ +if ((!defined('__SECURITY')) || (!IS_ADMIN())) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // Add description as navigation point -ADD_DESCR("admin", basename(__FILE__)); +ADD_DESCR("admin", __FILE__); -OPEN_TABLE("100%", "admin_content admin_content_align", ""); if (!empty($_GET['u_id'])) { - $result_user = SQL_QUERY_ESC("SELECT status, sex, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result_user = SQL_QUERY_ESC("SELECT status, gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); $ACT = false; if (SQL_NUMROWS($result_user) == 1) { // User found - list($status, $sex, $sname, $fname, $email) = SQL_FETCHROW($result_user); + list($status, $gender, $sname, $fname, $email) = SQL_FETCHROW($result_user); SQL_FREERESULT($result_user); if (empty($_GET['u_id'])) { // Output selection form with all confirmed user accounts listed ADD_MEMBER_SELECTION_BOX(); - } - elseif (!empty($_POST['lock'])) - { + } elseif (!empty($_POST['lock'])) { // Ok, lock the account! - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='LOCKED' WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) + if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("lock-user", stripslashes($_POST['reason']), $_GET['u_id']); + $msg = LOAD_EMAIL_TEMPLATE("lock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); // Send away... - SEND_EMAIL($email, ADMIN_LOCKED_SUBJ, $msg); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_LOCKED_SUBJ, $msg); } // Prepare message $MSG = USER_ACCOUNT_LOCKED_1.$_GET['u_id'].USER_ACCOUNT_LOCKED_2; $ACT = true; - } - elseif (!empty($_POST['unlock'])) - { + } elseif (!empty($_POST['unlock'])) { // Ok, unlock the account! - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED' WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); - if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1) + if (SQL_AFFECTEDROWS() == 1) { // Send an email to the user! In later version you can optionally switch this feature off - $msg = LOAD_EMAIL_TEMPLATE("unlock-user", stripslashes($_POST['reason']), $_GET['u_id']); + $msg = LOAD_EMAIL_TEMPLATE("unlock-user", array('text' => $_POST['reason']), bigintval($_GET['u_id'])); // Send away... - SEND_EMAIL($email, ADMIN_UNLOCKED_SUBJ, $msg); + SEND_EMAIL(bigintval($_GET['u_id']), ADMIN_UNLOCKED_SUBJ, $msg); if (EXT_IS_ACTIVE("rallye")) { RALLYE_AUTOADD_USER($_GET['u_id']); @@ -110,7 +104,7 @@ if (!empty($_GET['u_id'])) } else { - $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT email, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($_GET['u_id'])), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -181,12 +175,10 @@ if (!empty($_GET['u_id'])) // Account does not exists! OUTPUT_HTML("".ADMIN_MEMBER_404_1.$_GET['u_id'].ADMIN_MEMBER_404_2.""); } -} - else -{ +} else { // List all users ADD_MEMBER_SELECTION_BOX(); } -CLOSE_TABLE(); + // ?>