her er hele scriptet
<?php
include("../tjek_logind.php");
include("../lang.php");
include ('../config.php');
if(isset($_GET["action"])) {
$action = $_GET["action"];
if ($action=="adminadduser") {
$setupby = addslashes($_POST['setupby']);
$allowzones = addslashes($_POST['allowzones']);
}
$strsql = mysql_query("SELECT zonesleft FROM user WHERE id='$setupby' ") or die(mysql_error());
while($row = mysql_fetch_array($strsql)) {
$zonesleft = $row[zonesleft];
$newzonesleft = $zonesleft - $allowzones;
}
if($newzonesleft<0){
echo""._NODOMAIN1." $zonesleft "._NODOMAIN2."<br> <a href=\"java script:history.go(-1)\">"._BACK."</A>";
} else {
$username = addslashes($_POST['username']);
$user_check_query = mysql_query("SELECT * FROM user WHERE username='$username' ") or die(mysql_error());
$user_check_fetch = mysql_num_rows($user_check_query);
}
if($user_check_fetch != 0){
echo "<body oncontextmenu=\"return false;\"><br><br>Username is taken<br> <a href=\"java script:history.go(-1)\">"._BACK."</A>
";
} else {
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
$firstname = addslashes($_POST['firstname']);
$lastname = addslashes($_POST['lastname']);
$city = addslashes($_POST['city']);
$adr = addslashes($_POST['adr']);
$postnumber = addslashes($_POST['postnumber']);
$country = addslashes($_POST['country']);
$phone = addslashes($_POST['phone']);
$mobil = addslashes($_POST['mobil']);
$email = addslashes($_POST['email']);
$status = addslashes($_POST['status']);
$level = addslashes($_POST['level']);
$allowzones = addslashes($_POST['allowzones']);
$setupby = addslashes($_POST['setupby']);
$setupdate = addslashes($_POST['setupdate']);
$tid = addslashes($_POST['$tid']);
mysql_query("INSERT INTO `user` (
`id` ,
`username` ,
`password` ,
`level` ,
`status` ,
`firstname` ,
`lastname` ,
`adr` ,
`postnumber` ,
`city` ,
`country` ,
`phone` ,
`mobil` ,
`lastlogin` ,
`email` ,
`allowzones` ,
`zonesleft` ,
`profilupdated` ,
`setupdate` ,
`setupby`
)
VALUES (
NULL , '$username', MD5( '$password' ) , '$level', '$status', '$firstname', '$lastname', '$adr', '$posnumber', '$city', '$country',
'$phone', '$mobil', 'never', '$email', '$allowzones', '$allowzones', 'never', '$setupdate', '$setupby'
)") or die(mysql_error());
$setupby = addslashes($_POST['setupby']);
$svar = mysql_query("SELECT * FROM user WHERE id='$setupby' ") or die(mysql_error());
while ($row = mysql_fetch_array($svar))
$zonesleft = $row['zonesleft'];
$minuszones = addslashes($_POST['allowzones']);
$newzonesleft = $zonesleft - $minuszones;
mysql_query("UPDATE user SET zonesleft='$newzonesleft' WHERE id='$setupby' LIMIT 1");
include("../tjek_logind.php");
$username = $_SESSION['username'];
echo"<meta http-equiv=\"refresh\" content=\"0;url=../includes/listuser.php\">";
exit();
}
}
else if ($action=="adminresadduser") {
$username = addslashes($_POST['username']);
$user_check_query = mysql_query("SELECT * FROM user WHERE username='$username' ") or die(mysql_error());
$user_check_fetch = mysql_num_rows($user_check_query);
if($user_check_fetch != 0){
echo "<body oncontextmenu=\"return false;\"><br><br>Username is taken<br> <a href=\"java script:history.go(-1)\">"._BACK."</A>
";
} else {
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
$firstname = addslashes($_POST['firstname']);
$lastname = addslashes($_POST['lastname']);
$city = addslashes($_POST['city']);
$adr = addslashes($_POST['adr']);
$postnumber = addslashes($_POST['postnumber']);
$country = addslashes($_POST['country']);
$phone = addslashes($_POST['phone']);
$mobil = addslashes($_POST['mobil']);
$email = addslashes($_POST['email']);
$status = addslashes($_POST['status']);
$level = addslashes($_POST['level']);
$allowzones = addslashes($_POST['allowzones']);
$setupby = addslashes($_POST['setupby']);
$setupdate = addslashes($_POST['setupdate']);
$allowview = addslashes($_POST['allowview']);
$tid = addslashes($_POST['$tid']);
mysql_query("INSERT INTO `user` (
`id` ,
`username` ,
`password` ,
`level` ,
`status` ,
`firstname` ,
`lastname` ,
`adr` ,
`postnumber` ,
`city` ,
`country` ,
`phone` ,
`mobil` ,
`lastlogin` ,
`email` ,
`allowzones` ,
`zonesleft` ,
`profilupdated` ,
`setupdate` ,
`setupby`
)
VALUES (
NULL , '$username', MD5( '$password' ) , '$level', '$status', '$firstname', '$lastname', '$adr', '$posnumber', '$city', '$country',
'$phone', '$mobil', 'never', '$email', '$allowzones', '$allowzones', 'never', '$setupdate', '$setupby'
)") or die(mysql_error());
$setupby = addslashes($_POST['setupby']);
$svar = mysql_query("SELECT * FROM user WHERE id='$setupby' ") or die(mysql_error());
while ($row = mysql_fetch_array($svar))
$zonesleft = $row['zonesleft'];
$minuszones = addslashes($_POST['allowzones']);
$newzonesleft = $zonesleft - $minuszones;
mysql_query("UPDATE user SET zonesleft='$newzonesleft' WHERE id='$setupby' LIMIT 1");
}
$allowview = addslashes($_POST['allowview']);
if($allowview != 1){
mysql_query("INSERT INTO `ressettings` (
`ns`,
`ns1`,
`password`,
`reseller`,
`http`,
`allowview`
)
VALUES (
'$ns' , '$ns1' , '$usepassword' ,'$username' , '127.0.0.1', '$allowview')") or die(mysql_error());
echo"<meta http-equiv=\"refresh\" content=\"0;url=../includes/listuser.php\">";
}else{
$sql = mysql_query("SELECT * FROM settings") or die(mysql_error());
while ($row = mysql_fetch_array($sql))
{
$ns = $row['ns'];
$ns1 = $row['ns1'];
$httppassword = $row['password'];
$reseller = $row['reseller'];
$http = $row['http'];
mysql_query("INSERT INTO `ressettings` (
`rid`,
`ns`,
`ns1`,
`password`,
`reseller`,
`http`,
`allowview`
)
VALUES (
NULL , '$ns' , '$ns1' , '$httppassword' ,'$username' , '$http', '$allowview')") or die(mysql_error());
echo"<meta http-equiv=\"refresh\" content=\"0;url=../includes/listuser.php\">";
}
}
else{
echo"<meta http-equiv=\"refresh\" content=\"0;url=../\">";
exit;
}
?>
