|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/abtechsci/mmc15/Membership/admin/extensions/ |
Upload File : |
<?php
/************* Membership V2.0 *******************/
/*
Released by AwesomePHP.com, under the GPL License, a
copy of it should be attached to the zip file, or
you can view it on http://AwesomePHP.com/gpl.txt
*/
/************* Membership V2.0 *******************/
$check = mysql_query("SELECT * FROM `memb_config`");
while($each = mysql_fetch_assoc($check)){$$each['config_name'] = $each['config_value'];}
//Admin Login
if($_POST['doid'] == 1){
if($CF_ADMINNAME == $_POST['username'] && $CF_ADMINPASSWORD == $_POST['password']){
$host_name = '.'.str_replace('www.','',$_SERVER['HTTP_HOST']);
$adminsession = generate_session(100);
setcookie("adminsession", $adminsession, time()+31104000000, "/", $host_name, 0);
$_SESSION['adminsession'] = $adminsession;
$insert_session = mysql_query("INSERT INTO `memb_adminsessions`
(`session_id`,`session_date`) VALUES ('$adminsession',NOW())") or die(mysql_error());
$is_admin = true;
$message = 'Login successful.';
} else {
$message = 'Invalid username/password.';
}
return;
}
if($is_admin == false){ die();}
//Configuration Updates
if($_POST['doid'] == 2){
$remove_array = array('doid','Submit');
foreach($_POST as $is => $what){
if(!in_array($is,$remove_array)){
$check = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM `memb_config` WHERE `config_name`='$is'"));
if($check[0] > 0){
$update = mysql_query("UPDATE `memb_config` SET `config_value`='$what' WHERE `config_name`='$is' LIMIT 1");
$message .= "$is Updated<br/>";
} else {
$insert = mysql_query("INSERT INTO `memb_config` (`config_name`,`config_value`) VALUES ('$is','$what')");
$message .= "$is Added<br/>";
}
}
}
}
//Member Add/Edit
if($_POST['doid'] == 3){
/*
If delete
*/
if($_POST['do_delete'] == 'yes' && $_POST['user_id'] != NULL){
$get_email = mysql_fetch_assoc(mysql_query("SELECT `user_name` FROM `memb_userlist`
WHERE `user_id`='$_POST[user_id]'"));
$get_loc = mysql_fetch_assoc(mysql_query("SELECT `membership_file`
FROM `memb_memberships` WHERE `membership_id`='$_POST[old_membership_id]'"));
$del = mysql_query("DELETE FROM `memb_userlist` WHERE `user_id`='$_POST[user_id]' LIMIT 1");
$del2 = mysql_query("DELETE FROM `memb_payments` WHERE `user_id`='$_POST[user_id]' LIMIT 1");
editfule($get_loc['membership_file'],'Remove',"\n",$get_email['user_name'],'');
if($del && $del2){ $message = 'User removed.';}else{$message = 'Unable to remove user.Internal error.';}
} else {
//Compost fields dynamically
$remove_array = array('doid','Submit','user_id','old_email','old_name','old_membership_id');
$array_fields = array();
$array_values = array();
$array_updates = array();
// Default user settings
if($_POST['user_id'] == NULL){
$_POST['allow_delete'] = $CF_E_DEL;
}
// Check username uniqueness (needed for directory protectness)
if($_POST['user_name'] != $_POST['old_name']){
$check = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) FROM `memb_userlist`
WHERE `user_name`='$_POST[user_name]'"));
if($check['user_name'] != NULL){
$_POST['user_name'] = $_POST['user_name'].generate_session(5);
}
}
foreach($_POST as $is => $what){
if(eregi('cusfield_',$is)){
$is = trim($is);
if($is){
$field_id = str_replace('cusfield_','',$is);
$_POST['custom_fields'] .= "[$field_id]{+|%|+}[$what]\n";
}
} else {
if(!in_array($is,$remove_array)){
array_push($array_fields,"`$is`");
array_push($array_values,"'$what'");
array_push($array_updates,"`$is`='$what'");
}
}
}
array_push($array_fields,'`custom_fields`');
array_push($array_values,"'$_POST[custom_fields]'");
array_push($array_updates,"`custom_fields`='$_POST[custom_fields]'");
if($_POST['user_id'] == NULL){
//New User
$insert = mysql_query("INSERT INTO `memb_userlist` (".implode(',',$array_fields).")
VALUES (".implode(',',$array_values).")");
if($insert){
$get_loc = mysql_fetch_assoc(mysql_query("SELECT `membership_file`
FROM `memb_memberships` WHERE `membership_id`='$_POST[membership_id]'"));
if($_POST['user_status'] == 1){
editfule($get_loc['membership_id'],'Add',$_POST['user_name'],$_POST['user_password'],'');
}
$message = 'User added.';
}else{$message = 'Unable to add user.';}
} else {
//Edit user
$update = mysql_query("UPDATE `memb_userlist` SET ".implode(',',$array_updates)."
WHERE `user_id`='$_POST[user_id]' LIMIT 1");
if($update){
//If changing membership
$get_cur = mysql_fetch_assoc(mysql_query("SELECT `membership_file`
FROM `memb_memberships` WHERE `membership_id`='$_POST[membership_id]'"));
if($_POST['old_membership_id'] != $_POST['membership_id']){
$get_old = mysql_fetch_assoc(mysql_query("SELECT `membership_file`
FROM `memb_memberships` WHERE `membership_id`='$_POST[old_membership_id]'"));
editfule($get_old['membership_file'],'Remove',$_POST['user_name'],'');
if($_POST['user_status'] == 1){
editfule($get_cur['membership_id'],'Add',$_POST['user_name'],$_POST['user_password'],'');
}
} else {
if($_POST['user_status'] == 1){
editfule($get_cur['membership_id'],'Edit',$_POST['user_name'],$_POST['user_password'],$_POST['old_name']);
} else {
editfule($get_cur['membership_id'],'Remove',$_POST['user_name'],'');
}
}
$message = 'User updated.';}else{$message = 'Unable to update user.';}
}
}
}
//Custom Field Add/Edit
if($_POST['doid'] == 4){
if($_POST['newinput'] != NULL){
$insert = mysql_query("INSERT INTO `memb_customfds` (`field_name`,`is_required`)
VALUES ('$_POST[newinput]','$_POST[is_required]')");
if($insert){$message = 'Field inserted.<br/>';}else{$message = 'Unable to add field.';}
}
foreach($_POST as $is => $what){
if(eregi('fieldxy',$is)){
$field_id = str_replace('fieldxy_','',$is);
$is_required = $_POST["fieldxz_$field_id"];
$update = mysql_query("UPDATE `memb_customfds` SET `field_name`='$what',`is_required`='$is_required'
WHERE `field_id`='$field_id' LIMIT 1");
if($update){$message .= 'Field updated.<br/>';}else{$message .= 'Unable to update field ID#'.$field_id.'.';}
}
}
}
//Send mass email
if($_POST['doid'] == 5){
if($_POST['sendOp'] == 1){
$email_list = explode(',',$_POST['to_emails']);
foreach($email_list as $this_email){
$this_email = trim($this_email);
if($this_email){
$mailit = send_mail($_POST['return_name'],$_POST['return_email'],$_POST['from_name'],
$_POST['from_email'],$_POST['subject'],$_POST['email_message'],$this_email);
if($mailit){$message .= 'Email sent to: '.$this_email.'<br/>';
}else{$message .= 'Unable to send email to: '.$this_email.'<br/>';}
}
}
} else {
if($_POST['sendOp'] == 2){
if($_POST['send_to'] == 1){
$query = "SELECT `user_name`,`user_email`,`user_password` FROM `memb_userlist` WHERE `user_in_list`='1'";
} else {
$query = "SELECT `user_name`,`user_email`,`user_password` FROM `memb_userlist`";
}
} else {
$query = "SELECT `user_name`,`user_email`,`user_password` FROM `memb_userlist` WHERE `membership_id`='$_POST[membership_id]'";
}
$get_users = mysql_query($query);
while($each = mysql_fetch_assoc($get_users)){
$this_message = str_replace('%username%',$each['user_name'],$_POST['email_message']);
$this_message = str_replace('%useremail%',$each['user_email'],$this_message);
$this_message = str_replace('%userpassword%',$each['user_password'],$this_message);
$mailit = send_mail($_POST['return_name'],$_POST['return_email'],$_POST['from_name'],
$_POST['from_email'],$_POST['subject'],$this_message,$each['user_email']);
if($mailit){$message .= 'Email sent to: '.$each['user_email'].'<br/>';
}else{$message .= 'Unable to send email to: '.$each['user_email'].'<br/>';}
}
}
}
//Membership Add/Edit
if($_POST['doid'] == 6){
//Compost fields dynamically
$remove_array = array('doid','Submit','membership_id','move_to','do_delete');
$array_updates = array();
$array_fields = array();
$array_values = array();
/* If membership is number 1, it must stay free */
if($_POST['membership_id'] == 1){ $_POST['membership_free'] = 1; $_POST['membership_public'] = 1;}
/*
If delete
*/
if($_POST['do_delete'] == 'yes' && $_POST['membership_id'] != NULL && $_POST['membership_id'] != 1){
if($_POST['move_to'] == NULL){ $message = 'You need to select membership to move users to';} else {
$update = mysql_query("UPDATE `memb_userlist`
SET `membership_id`='$_POST[move_to]' WHERE `membership_id`='$_POST[membership_id]'");
if($update){
$del = mysql_query("DELETE FROM `memb_memberships` WHERE `membership_id`='$_POST[membership_id]' LIMIT 1") or die(mysql_error());
if($del){ $message = 'Membership removed.';}else{$message='Unable to remove membership. Internal error.';}
} else {
$message = 'Unable to switch user memberships -> Can\'t remove membership.';
}
}
} else {
foreach($_POST as $is => $what){
if(!in_array($is,$remove_array)){
array_push($array_fields,"`$is`");
array_push($array_values,"'$what'");
array_push($array_updates,"`$is`='$what'");
}
}
if($_POST['membership_id'] == NULL){
$insert = mysql_query("INSERT INTO `memb_memberships` (".implode(',',$array_fields).")
VALUES (".implode(',',$array_values).")");
if($insert){ $message = 'Membership added.'; }else{$message = 'Unable to add membership.';}
$get_membership = mysql_fetch_assoc(mysql_query("SELECT `membership_id`
FROM `memb_memberships` ORDER BY `membership_id` DESC LIMIT 1"));
$_POST['membership_id'] = $get_membership['membership_id'];
$_GET['membership_id'] = $get_membership['membership_id'];
} else {
$update = mysql_query("UPDATE `memb_memberships` SET ".implode(',',$array_updates)."
WHERE `membership_id`='$_POST[membership_id]' LIMIT 1") or die(mysql_error());
if($update){ $message = 'Membership updated.';}else{$message = 'Unable to update membership.';}
}
}
}
//Payments Add/Edit
if($_POST['doid'] == 7){
//Compost fields dynamically
$remove_array = array('doid','Submit','payment_id','do_delete');
$array_updates = array();
$array_fields = array();
$array_values = array();
/*
If delete
*/
if($_POST['do_delete'] == 'yes' && $_POST['payment_id'] != NULL){
$del = mysql_query("DELETE FROM `memb_payments` WHERE `payment_id`='$_POST[payment_id]' LIMIT 1") or die(mysql_error());
if($del){ $message = 'Payment removed.';}else{$message='Unable to remove payment. Internal error.';}
} else {
foreach($_POST as $is => $what){
if(!in_array($is,$remove_array)){
array_push($array_fields,"`$is`");
array_push($array_values,"'$what'");
array_push($array_updates,"`$is`='$what'");
}
}
if($_POST['payment_id'] == NULL){
$insert = mysql_query("INSERT INTO `memb_payments` (".implode(',',$array_fields).")
VALUES (".implode(',',$array_values).")");
if($insert){ $message = 'Payment added.'; }else{$message = 'Unable to add Payment.';}
$get_membership = mysql_fetch_assoc(mysql_query("SELECT `payment_id`
FROM `memb_payments` ORDER BY `payment_id` DESC LIMIT 1"));
$_POST['payment_id'] = $get_membership['payment_id'];
$_GET['payment_id'] = $get_membership['payment_id'];
} else {
$update = mysql_query("UPDATE `memb_payments` SET ".implode(',',$array_updates)."
WHERE `payment_id`='$_POST[payment_id]' LIMIT 1") or die(mysql_error());
if($update){ $message = 'Payment updated.';}else{$message = 'Unable to update Payment.';}
}
}
}
//Rates Add/Edit
if($_POST['doid'] == 9){
//Compost fields dynamically
$remove_array = array('doid','Submit','rate_id','do_delete');
$array_updates = array();
$array_fields = array();
$array_values = array();
/*
If delete
*/
if($_POST['do_delete'] == 'yes' && $_POST['rate_id'] != NULL){
$del = mysql_query("DELETE FROM `memb_memberships_rates` WHERE `rate_id`='$_POST[rate_id]' LIMIT 1") or die(mysql_error());
if($del){ $message = 'Rate removed.';}else{$message='Unable to remove rate. Internal error.';}
} else {
foreach($_POST as $is => $what){
if(!in_array($is,$remove_array)){
array_push($array_fields,"`$is`");
array_push($array_values,"'$what'");
array_push($array_updates,"`$is`='$what'");
}
}
if($_POST['rate_id'] == NULL){
$insert = mysql_query("INSERT INTO `memb_memberships_rates` (".implode(',',$array_fields).")
VALUES (".implode(',',$array_values).")") or die(mysql_error());
if($insert){ $message = 'Rate added.'; }else{$message = 'Unable to add rate.';}
$get_membership = mysql_fetch_assoc(mysql_query("SELECT `rate_id`
FROM `memb_memberships_rates` ORDER BY `rate_id` DESC LIMIT 1"));
$_POST['rate_id'] = $get_membership['rate_id'];
$_GET['rate_id'] = $get_membership['rate_id'];
} else {
$update = mysql_query("UPDATE `memb_memberships_rates` SET ".implode(',',$array_updates)."
WHERE `rate_id`='$_POST[rate_id]' LIMIT 1") or die(mysql_error());
if($update){ $message = 'Rate updated.';}else{$message = 'Unable to update rate.';}
}
}
}
?>