SBDTHRU
02-25-2010, 02:34 AM
I have a User system set up. In the admin panel there is a place to edit users. But it lists all of the users that are in the database. There are different ranks to all the users (User, Manager, Admin). I am trying to get it so this list ONLY displays the Users. Current code:
$getusers = mysql_query("Select * from users order by username asc");
while($users = mysql_fetch_array($getusers))
{
//makes a list of all the users
echo("<a href='admin.php?user=$users[username]'>$users[username]</a><br />");
//displays the user's names
Entire file:
<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] == Admin)
{
//checks to see if the user is logged in, and if their user level
//is 5 (this is administrator)
if($_GET[user])
{
//checks to see if there is a ?user=username variable in the url.
if (!$_POST[update])
{
// the form hasn't been submitted. We continue...
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
//these lines get the user's information and put it in an array.
//we will display the information in the html form
echo("
<div align='center'><form method='POST'>
<table width='100%'>
<tr>
<td align='right' width='25%'>
User Level
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='level'
value='$user[level]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Location
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='locate'
value='$user[location]'></td>
</tr>
<tr>
<td align='right' width='25%'>
MSN
</td>
<td align='left'>
<input size='25' name='msn' value='$user[msn]'></td>
</tr>
<tr>
<td align='right' width='25%'>
AIM</td>
<td align='left'>
<input size='25' name='aim' value='$user[aim]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Email</td>
<td align='left'>
<input size='25' name='email' value='$user[email]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Initial Bankroll</td>
<td align='left'>
<input size='25' name='intbr' value='$user[intbr]'></td>
</tr>
<tr>
<td align='center'>
</td>
<td align='left'>
<input type='submit' name='update' value='Update'></td>
</tr>
</table>
</form>
</div>");
//displays the html form
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
$level = htmlspecialchars($_POST[level]);
$intbr = htmlspecialchars($_POST[intbr]);
// the above lines get rid of all html.
echo ("$_GET[user]'s profile has been updated.");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim',
location = '$locate', intbr = '$intbr', level = '$level' where username = '$_GET[user]'");
// updates the information in the database.
}
}
else
{
$getusers = mysql_query("Select * from users order by username asc");
while($users = mysql_fetch_array($getusers))
{
//makes a list of all the users
echo("<a href='admin.php?user=$users[username]'>$users[username]</a><br />");
//displays the user's names
}
}
}
else
{
//the user's level is not 5! They cannot view this page
echo("Sorry, but you are not allowed to view this page!");
}
?>
$getusers = mysql_query("Select * from users order by username asc");
while($users = mysql_fetch_array($getusers))
{
//makes a list of all the users
echo("<a href='admin.php?user=$users[username]'>$users[username]</a><br />");
//displays the user's names
Entire file:
<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] == Admin)
{
//checks to see if the user is logged in, and if their user level
//is 5 (this is administrator)
if($_GET[user])
{
//checks to see if there is a ?user=username variable in the url.
if (!$_POST[update])
{
// the form hasn't been submitted. We continue...
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
//these lines get the user's information and put it in an array.
//we will display the information in the html form
echo("
<div align='center'><form method='POST'>
<table width='100%'>
<tr>
<td align='right' width='25%'>
User Level
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='level'
value='$user[level]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Location
</td>
<td align='left'>
<input type='text' size='25' maxlength='25' name='locate'
value='$user[location]'></td>
</tr>
<tr>
<td align='right' width='25%'>
MSN
</td>
<td align='left'>
<input size='25' name='msn' value='$user[msn]'></td>
</tr>
<tr>
<td align='right' width='25%'>
AIM</td>
<td align='left'>
<input size='25' name='aim' value='$user[aim]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Email</td>
<td align='left'>
<input size='25' name='email' value='$user[email]'></td>
</tr>
<tr>
<td align='right' width='25%'>
Initial Bankroll</td>
<td align='left'>
<input size='25' name='intbr' value='$user[intbr]'></td>
</tr>
<tr>
<td align='center'>
</td>
<td align='left'>
<input type='submit' name='update' value='Update'></td>
</tr>
</table>
</form>
</div>");
//displays the html form
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
$level = htmlspecialchars($_POST[level]);
$intbr = htmlspecialchars($_POST[intbr]);
// the above lines get rid of all html.
echo ("$_GET[user]'s profile has been updated.");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim',
location = '$locate', intbr = '$intbr', level = '$level' where username = '$_GET[user]'");
// updates the information in the database.
}
}
else
{
$getusers = mysql_query("Select * from users order by username asc");
while($users = mysql_fetch_array($getusers))
{
//makes a list of all the users
echo("<a href='admin.php?user=$users[username]'>$users[username]</a><br />");
//displays the user's names
}
}
}
else
{
//the user's level is not 5! They cannot view this page
echo("Sorry, but you are not allowed to view this page!");
}
?>