<?/* users.php (c) 2000 Ying Zhang (ying@zippydesign.com) * * TERMS OF USAGE: * This file was written and developed by Ying Zhang (ying@zippydesign.com) * for educational and demonstration purposes only.  You are hereby granted the * rights to use, modify, and redistribute this file as you like.  The only * requirement is that you must retain this notice, without modifications, at * the top of your source code.  No warranties or guarantees are expressed or * implied. DO NOT use this code in a production environment without * understanding the limitations and weaknesses pretaining to or caused by the * use of these scripts, directly or indirectly. USE AT YOUR OWN RISK! *//****************************************************************************** * MAIN *****************************************************************************/include("../application.php");require_login();require_priv("admin");$DOC_TITLE = "MyMarket User Management";include("templates/header.php");switch (nvl($mode)) {	case "add" :		print_add_user_form();		break;	case "edit" :		print_edit_user_form($username);		break;	case "del" :		delete_user($username);		print_user_list();		break;	case "insert" :		insert_user($HTTP_POST_VARS);		print_user_list();		break;	case "update" :		update_user($HTTP_POST_VARS);		print_user_list();		break;	case "resetpw" :		reset_user_password($username);		include("templates/user_password_reset.php");		print_user_list();		break;	default :		print_user_list();		break;}include("templates/footer.php");/****************************************************************************** * FUNCTIONS *****************************************************************************/function print_add_user_form() {/* print a blank user form so we can add a new user */	global $CFG, $ME;	/* set default values for the reset of the fields */	$frm["username"] = "";	$frm["firstname"] = "";	$frm["lastname"] = "";	$frm["email"] = "";	$frm["phone"] = "";	$frm["address"] = "";	$frm["newmode"] = "insert";	$frm["submit_caption"] = "Add User";	include("templates/user_form.php");}function print_edit_user_form($username) {/* print a user form so we can edit the selected user */	global $CFG, $ME;	/* load up the information for the user */	$qid = db_query("	SELECT username, firstname, lastname, email, phone, address, priv	FROM users	WHERE username = '$username'	");	$frm = db_fetch_array($qid);	$frm["newmode"] = "update";	$frm["submit_caption"] = "Save Changes";	include("templates/user_form.php");}function delete_user($username) {/* delete the user who's login is $username */	global $CFG, $ME;	$qid = db_query("DELETE FROM users WHERE username = '$username'");	include("templates/user_deleted.php");}function insert_user($frm) {/* add a user into the database, we should really have some good validation * routines to check for things like bad passwords, etc., but for the purpose * of this tutorial it's left to the reader (you) to add them in :) */	$password = generate_password();	$qid = db_query("	INSERT INTO users (		username, password, priv, firstname, lastname, email, phone, address	) VALUES (		 '$frm[username]'		,'" . md5($password) ."'		,'$frm[priv]'		,'$frm[firstname]'		,'$frm[lastname]'		,'$frm[email]'		,'$frm[phone]'		,'$frm[address]'	)");	include("templates/user_created.php");}function update_user($frm) {/* update the user record in the database */	$qid = db_query("	UPDATE users SET		 priv = '$frm[priv]'		,firstname = '$frm[firstname]'		,lastname = '$frm[lastname]'		,email = '$frm[email]'		,phone = '$frm[phone]'		,address = '$frm[address]'	WHERE username = '$frm[username]'	");}function print_user_list() {/* read all the categories from the database and print them into a table.  we * will use a template to display the listings to keep this main script clean */	global $CFG, $ME;	$qid = db_query("	SELECT username, firstname, lastname, email, priv	FROM users  	");	include("templates/user_list.php");}?>