-
Notifications
You must be signed in to change notification settings - Fork 0
/
usertypeChange.php
68 lines (51 loc) · 1.35 KB
/
usertypeChange.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
require_once('includes/globals.inc');
if(isset($_GET['name']) && isset($_GET['type']))
{
$name = $_GET['name'];
$type = $_GET['type'];
emitTop('Peanut Butter -> Change User: '.$name, '/pb/');
}
else
{
emitTop('Peanut Butter -> Change User [ERROR]', $_SERVER['PHP_SELF']);
print('<h3>Required information not specified.</h3>');
emitBottom();
die();
}
if($userType != SITEADMIN)
{
print('<h3>Sorry, only siteadmins may change user privileges.</h3>');
emitBottom();
die();
}
if($type == 'promote')
{
mysqlSetup();
$mname = mysql_escape_string($name);
$sqlquery = "UPDATE `pb_users` SET `category` = '".ADMIN
. "' WHERE `name` = '$mname'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print('<h3>User promoted.</h3>');
print("<p><a href=\"accountManagement.php\">Back to Account Management</a></p>");
mysql_close();
}
elseif($type == 'demote')
{
mysqlSetup();
$mname = mysql_escape_string($name);
$sqlquery = "UPDATE `pb_users` SET `category` = '".NORMAL
. "' WHERE `name` = '$mname'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print('<h3>User demoted.</h3>');
print("<p><a href=\"accountManagement.php\">Back to Account Management</a></p>");
mysql_close();
}
else
{
print('<h3>Incorrect type of userchange specified.</h3>');
emitBottom();
die();
}
emitBottom();
?>