LaFactoriaVerde_Web/admin/modifyuser.php

<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

include ('../config.php');
include ('../functions.php');

//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection) or die(mysql_error());
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Language" content="es-ES" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Modificar usuario - La Factoría Verde</title>
    <link rel="stylesheet" type="text/css" href="estilos.css">
</head>
<body>
<div id="layout">
  <div id="header"> <img src="../img/lafactoriaverde.gif" alt="La Factoría Verde" />
    <div style="float: right;">Sesión iniciada como <?php echo $_SESSION[user_name]; ?></div>
	<?php 
        $menu_activo='';
        include('_menu.php'); 
    ?>	
  </div>
  <div id="content">
<?php
//check for authority to view this page
if (allow_access(Administrators) != "yes")
{
	echo "<br/><br/><br/><center><p class='error'>No tiene autorización para esta función.</p></center>";
}

$mod_user = '';
if (isset($_GET['username'])) {
	$s_string = $_GET['username'];
	$explodeit = explode(" ", "$s_string");
	$c = count($explodeit);
	if ($c > 1) {
		for ($i = 0; $i < $c; $i++) {
			$mod_user = $explodeit[$i] . "+";
		}
	}
	else {
		$mod_user = $s_string;
	}
}
else {
	$msg .= "No ha indicado el usuario.<br/>";
}

if ((mod_user != "") && ($_POST[mod_pass] == "*******"))
{
	$sql = "SELECT * FROM $table_name WHERE username = '$mod_user'";
	$result = @mysql_query($sql,$connection) or die(mysql_error());

	while ($sql = mysql_fetch_object($result))
	{
		$pass = $sql -> password;
		$last = $sql -> last_login;
	}
	$sql = "DELETE FROM $table_name WHERE username = '$mod_user'";
	$result = @mysql_query($sql,$connection) or die(mysql_error());

	$sql = "INSERT INTO $table_name (firstname, lastname, username, password, group1, group2, group3, 
			pchange, email, redirect, verified, last_login) VALUES ('$_POST[mod_first]', '$_POST[mod_last]', 
			'$mod_user', '$pass', '$_POST[mod_group1]', '$_POST[mod_group2]', 
			'$_POST[mod_group3]', '$_POST[mod_chng]', '$_POST[mod_email]', '$_POST[mod_redirect]',
			'1', '$last')";
			$result = @mysql_query($sql,$connection) or die(mysql_error());
	$msg .= "La información del usuario $mod_user ha sido actualizada.<br/>";
}

if (($mod_user != "") && ($_POST[mod_pass] != "*******"))
{
	$sql = "SELECT * FROM $table_name WHERE username = '$mod_user'";
	$result = @mysql_query($sql,$connection) or die(mysql_error());
	while ($sql = mysql_fetch_object($result))
	{
		$pass = $sql -> password;
		$last = $sql -> last_login;
	}

	$sql = "DELETE FROM $table_name WHERE username = '$mod_user'";
	$result = @mysql_query($sql,$connection) or die(mysql_error());
	$sql = "INSERT INTO $table_name (firstname, lastname, username, password, group1, group2, group3, 
			pchange, email, redirect, verified, last_login) VALUES ('$_POST[mod_first]', '$_POST[mod_last]', 
			'$mod_user', password('$_POST[mod_pass]'), '$_POST[mod_group1]', '$_POST[mod_group2]', 
			'$_POST[mod_group3]', '$_POST[mod_chng]', '$_POST[mod_email]', '$_POST[mod_redirect]',
			'1', '$last')";

	$result = @mysql_query($sql,$connection) or die(mysql_error());
	$msg .= "La información del usuario $mod_user ha sido actualizada.<br/>";
	
}
echo $msg;

?>
	<br/>
    <center>
      <a href="<?php echo "adminpage.php"; ?>">Volver a la lista</a>
    </center>
  </div>
  <div id="footer"> </div>
</div>
</body>
</html>