Motion
10-09-2006, 04:17 PM
Ok i tryed making this, you should see what im trying to do, it always says im not logged in or dont have permission to view it, when i am logged in and i do have permission >.<
<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] ==5)
{
if($_GET[user])
{
if (!$_POST[update])
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
echo("
<form method=\"POST\">
<b><font face=\"Verdana\" size=\"1\">
Please use this tool responsibly.
<br><br>
Username:<br>
<input type=\"text\" size=\"25\" maxlength=\"25\" name=\"username\"
value=\"$user[username]\">
<br><br>
User Title:<br>
<input type=\"text\" size=\"25\" maxlength=\"50\" name=\"usertitle\"
value=\"$user[usertitle]\">
<br><br>
User Level:<br>
");
?>
<?
if($user[level]==1){
echo("
<select name=\"level\">
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==3){
echo("
<select name=\"level\">
<option value=\"3\">Moderator</option>
<option value=\"1\">Normal User</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==5){
echo("
<select name=\"level\">
<option value=\"5\">Administrator</option>
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
</select>
");
?>
<?
echo("
<br><br>
Name Colour:<br>
<input size=\"25\" maxlength=\"1\" name=\"namecolor\"
value=\"$user[namecolor]\"></td>
<br><br>
Age:<br>
<input type=\"text\" size=\"25\" name=\"locate\" value=\"$user[location]\">
<br><br>
Some Hobbies:<br>
<input size=\"25\" name=\"msn\" value=\"$user[msn]\">
<br><br>
Homepage:<br>
<input size=\"25\" name=\"aim\" value=\"$user[aim]\">
<br><br>
Email Address:</b></font><br>
<input size=\"25\" name=\"email\" value=\"$user[email]\">
<br><br>
<input type=\"submit\" name=\"update\" value=\"Update User\">
</form>
");
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
$level = htmlspecialchars($_POST[level]);
$username = htmlspecialchars($_POST[username]);
$usertitle = htmlspecialchars($_POST[usertitle]);
$namecolor = htmlspecialchars($_POST[namecolor]);
echo ("$_GET[user]'s profile has been updated.");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim',
location = '$locate', level = '$level', username= '$username', usertitle = '$usertitle', namecolor = '$namecolor' where username = '$_GET[user]'");
}
}
else
{
echo("<form action=\"edituser.php?user=$_POST[user]\"><font face=\"Verdana\" size=\"1\"><b>Edit User</b><br><br>Please type in the user you wish to edit<br><input type=\"text\" input size=\"25\" name=\"user\"><br><br><input type=\"submit\" value=\"Edit This User\"></form>");
}
}
else
{
echo("Sorry, but you are not allowed to view this page!");
}
}
?>
<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] ==5)
{
if($_GET[user])
{
if (!$_POST[update])
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
echo("
<form method=\"POST\">
<b><font face=\"Verdana\" size=\"1\">
Please use this tool responsibly.
<br><br>
Username:<br>
<input type=\"text\" size=\"25\" maxlength=\"25\" name=\"username\"
value=\"$user[username]\">
<br><br>
User Title:<br>
<input type=\"text\" size=\"25\" maxlength=\"50\" name=\"usertitle\"
value=\"$user[usertitle]\">
<br><br>
User Level:<br>
");
?>
<?
if($user[level]==1){
echo("
<select name=\"level\">
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==3){
echo("
<select name=\"level\">
<option value=\"3\">Moderator</option>
<option value=\"1\">Normal User</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==5){
echo("
<select name=\"level\">
<option value=\"5\">Administrator</option>
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
</select>
");
?>
<?
echo("
<br><br>
Name Colour:<br>
<input size=\"25\" maxlength=\"1\" name=\"namecolor\"
value=\"$user[namecolor]\"></td>
<br><br>
Age:<br>
<input type=\"text\" size=\"25\" name=\"locate\" value=\"$user[location]\">
<br><br>
Some Hobbies:<br>
<input size=\"25\" name=\"msn\" value=\"$user[msn]\">
<br><br>
Homepage:<br>
<input size=\"25\" name=\"aim\" value=\"$user[aim]\">
<br><br>
Email Address:</b></font><br>
<input size=\"25\" name=\"email\" value=\"$user[email]\">
<br><br>
<input type=\"submit\" name=\"update\" value=\"Update User\">
</form>
");
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
$level = htmlspecialchars($_POST[level]);
$username = htmlspecialchars($_POST[username]);
$usertitle = htmlspecialchars($_POST[usertitle]);
$namecolor = htmlspecialchars($_POST[namecolor]);
echo ("$_GET[user]'s profile has been updated.");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim',
location = '$locate', level = '$level', username= '$username', usertitle = '$usertitle', namecolor = '$namecolor' where username = '$_GET[user]'");
}
}
else
{
echo("<form action=\"edituser.php?user=$_POST[user]\"><font face=\"Verdana\" size=\"1\"><b>Edit User</b><br><br>Please type in the user you wish to edit<br><input type=\"text\" input size=\"25\" name=\"user\"><br><br><input type=\"submit\" value=\"Edit This User\"></form>");
}
}
else
{
echo("Sorry, but you are not allowed to view this page!");
}
}
?>