plugins/admin/UserManager.php
changeset 320 112debff64bd
parent 317 f8356d9c3481
child 326 ab66d6d1f1f4
equal deleted inserted replaced
319:8be996c3740d 320:112debff64bd
   203         if ( $existing_level != $user_level )
   203         if ( $existing_level != $user_level )
   204         {
   204         {
   205           // We need to update group memberships
   205           // We need to update group memberships
   206           if ( $existing_level == USER_LEVEL_ADMIN ) 
   206           if ( $existing_level == USER_LEVEL_ADMIN ) 
   207           {
   207           {
   208             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   208             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   209             if ( !$q )
   209             if ( !$q )
   210               $db->_die();
   210               $db->_die();
   211             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
   211             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
   212           }
   212           }
   213           else if ( $existing_level == USER_LEVEL_MOD ) 
   213           else if ( $existing_level == USER_LEVEL_MOD ) 
   214           {
   214           {
   215             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   215             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   216             if ( !$q )
   216             if ( !$q )
   217               $db->_die();
   217               $db->_die();
   218             $session->remove_user_from_group($user_id, GROUP_ID_MOD);
   218             $session->remove_user_from_group($user_id, GROUP_ID_MOD);
   219           }
   219           }
   220           
   220           
   221           if ( $user_level == USER_LEVEL_ADMIN )
   221           if ( $user_level == USER_LEVEL_ADMIN )
   222           {
   222           {
   223             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   223             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   224             if ( !$q )
   224             if ( !$q )
   225               $db->_die();
   225               $db->_die();
   226             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
   226             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
   227           }
   227           }
   228           else if ( $user_level == USER_LEVEL_MOD )
   228           else if ( $user_level == USER_LEVEL_MOD )
   229           {
   229           {
   230             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   230             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
   231             if ( !$q )
   231             if ( !$q )
   232               $db->_die();
   232               $db->_die();
   233             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
   233             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
   234           }
   234           }
   235         }
   235         }
   291       return false;
   291       return false;
   292     }
   292     }
   293     $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u
   293     $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u
   294                            LEFT JOIN '.table_prefix.'users_extra AS x
   294                            LEFT JOIN '.table_prefix.'users_extra AS x
   295                              ON ( u.user_id = x.user_id OR x.user_id IS NULL )
   295                              ON ( u.user_id = x.user_id OR x.user_id IS NULL )
   296                            WHERE ( lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND u.user_id != 1;');
   296                            WHERE ( ' . ENANO_SQLFUNC_LOWERCASE . '(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND u.user_id != 1;');
   297     if ( !$q )
   297     if ( !$q )
   298       $db->_die();
   298       $db->_die();
   299     
   299     
   300     if ( $db->numrows() < 1 )
   300     if ( $db->numrows() < 1 )
   301     {
   301     {