-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusers_editor_save.php
34 lines (32 loc) · 1 KB
/
users_editor_save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
if ($_SERVER["SCRIPT_NAME"] != "/index.php") {
die();
}
if (!$isAdmin) {
die("You have not rights.");
}
$username = $_GET['username'];
$columnname = $_GET['columnname'];
$val = $_GET['val'];
if ($columnname == "role") {
$result = $dbconnection->query("SELECT `id`
FROM $database.`users`
WHERE `login` = '$username'");
$user_id = $result->fetch_assoc()['id'];
$query = "DELETE FROM $database.`user_roles`
WHERE `user_id` = '$user_id;'; ";
$roles_array = explode(',', $val);
foreach ($roles_array as $item) {
$query .= "INSERT INTO $database.`user_roles`(`user_id`, `role_id`)
VALUES ('$user_id', '$item');";
}
} else {
$query = "UPDATE $database.`users`
SET `$columnname` = '$val'
WHERE `login` = '$username'";
}
if ($result = $dbconnection->multi_query($query)) {
echo "Successfully edited.";
} else {
var_dump($dbconnection->error);
}