RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #174 from TheSerapher/issue-147

Browse Source 
Issue 147
This commit is contained in:
Sebastian Grewe 2013-06-13 02:39:23 -07:00
commit 8c01351b76
17 changed files with 231 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/include/classes/statistics.class.php
View File

@ -185,7 +185,8 @@ class Statistics {
$stmt = $this->mysqli->prepare("
SELECT
a.id AS id,
a.admin as admin,
a.is_admin as is_admin,
a.is_locked as is_locked,
a.username AS username,
a.donate_percent AS donate_percent,
a.email AS email,

61
public/include/classes/user.class.php
View File

@ -36,7 +36,10 @@ class User {
return $this->getSingle($username, 'email', 'username', 's');
}
public function getUserAdmin($id) {
return $this->getSingle($id, 'admin', 'id');
return $this->getSingle($id, 'is_admin', 'id');
}
public function getUserLocked($id) {
return $this->getSingle($id, 'is_locked', 'id');
}
public function getUserToken($id) {
return $this->getSingle($id, 'token', 'id');
@ -44,9 +47,27 @@ class User {
public function getIdFromToken($token) {
return $this->getSingle($token, 'id', 'token', 's');
}
public function isLocked($id) {
return $this->getUserLocked($id);
}
public function isAdmin($id) {
if ($this->getUserAdmin($id) == 1) return true;
return false;
return $this->getUserAdmin($id);
}
public function changeLocked($id) {
$field = array(
'name' => 'is_locked',
'type' => 'i',
'value' => !$this->isLocked($id)
);
return $this->updateSingle($id, $field);
}
public function changeAdmin($id) {
$field = array(
'name' => 'is_admin',
'type' => 'i',
'value' => !$this->isAdmin($id)
);
return $this->updateSingle($id, $field);
}
public function setUserToken($id) {
@ -79,10 +100,15 @@ class User {
public function checkLogin($username, $password) {
$this->debug->append("STA " . __METHOD__, 4);
$this->debug->append("Checking login for $username with password $password", 2);
if ( $this->checkUserPassword($username, $password) ) {
if ($this->isLocked($this->getUserId($username))) {
$this->setErrorMessage("Account is locked. Please contact site support.");
return false;
}
if ( $this->checkUserPassword($username, $password)) {
$this->createSession($username);
return true;
}
$this->setErrorMessage("Invalid username or password");
return false;
}
@ -300,7 +326,7 @@ class User {
private function checkUserPassword($username, $password) {
$this->debug->append("STA " . __METHOD__, 4);
$user = array();
$stmt = $this->mysqli->prepare("SELECT username, id, admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
$stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
if ($this->checkStmt($stmt)) {
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt));
$stmt->execute();
@ -308,7 +334,7 @@ class User {
$stmt->fetch();
$stmt->close();
// Store the basic login information
$this->user = array('username' => $row_username, 'id' => $row_id, 'admin' => $row_admin);
$this->user = array('username' => $row_username, 'id' => $row_id, 'is_admin' => $row_admin);
return $username === $row_username;
}
return false;
@ -337,7 +363,8 @@ class User {
$this->debug->append("STA " . __METHOD__, 4);
session_destroy();
session_regenerate_id(true);
return true;
// Enforce a page reload
header("Location: index.php");
}
/**
@ -359,7 +386,7 @@ class User {
$this->debug->append("Fetching user information for user id: $userID");
$stmt = $this->mysqli->prepare("
SELECT
id, username, pin, api_key, admin, email,
id, username, pin, api_key, is_admin, email,
IFNULL(donate_percent, '0') as donate_percent, coin_address, ap_threshold
FROM $this->table
WHERE id = ? LIMIT 0,1");
@ -417,7 +444,7 @@ class User {
");
} else {
$stmt = $this->mysqli->prepare("
INSERT INTO $this->table (username, pass, email, pin, api_key, admin)
INSERT INTO $this->table (username, pass, email, pin, api_key, is_admin)
VALUES (?, ?, ?, ?, ?, 1)
");
}
@ -505,6 +532,22 @@ class User {
}
return false;
}
/**
* Check if a user is authenticated and allowed to login
* Checks the $_SESSION for existing data
* Destroys the session if account is now locked
* @param none
* @return bool
**/
public function isAuthenticated() {
$this->debug->append("STA " . __METHOD__, 4);
if ($_SESSION['AUTHENTICATED'] == true && ! $this->isLocked($_SESSION['USERDATA']['id']))
return true;
// Catchall
$this->logoutUser();
return false;
}
}
// Make our class available automatically

11
public/include/pages/account.inc.php
View File

@ -1,13 +1,10 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) {
header('Location: index.php?page=home');
if ($user->isAuthenticated()) {
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
}
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?>

122
public/include/pages/account/edit.inc.php
View File

@ -4,79 +4,77 @@
if (!defined('SECURITY'))
die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) {
header('Location: index.php?page=home');
}
if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg');
} else {
switch ($_POST['do']) {
case 'cashOut':
if ($setting->getValue('manual_payout_active') == 1) {
$_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg');
} else {
$setting->setValue('manual_payout_active', 1);
$continue = true;
$aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']);
$dBalance = $aBalance['confirmed'];
$sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']);
// Ensure we can cover the potential transaction fee
if ($dBalance > $config['txfee']) {
if ($bitcoin->can_connect() === true) {
try {
$bitcoin->validateaddress($sCoinAddress);
} catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg');
$continue = false;
}
if ($continue == true) {
// Send balance to address, mind fee for transaction!
if ($user->isAuthenticated()) {
if ( ! $user->checkPin($_SESSION['USERDATA']['id'], $_POST['authPin']) && $_POST['do']) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid PIN','TYPE' => 'errormsg');
} else {
switch ($_POST['do']) {
case 'cashOut':
if ($setting->getValue('manual_payout_active') == 1) {
$_SESSION['POPUP'][] = array('CONTENT' => 'A manual payout is in progress. Please try again later.', 'TYPE' => 'errormsg');
} else {
$setting->setValue('manual_payout_active', 1);
$continue = true;
$aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']);
$dBalance = $aBalance['confirmed'];
$sCoinAddress = $user->getCoinAddress($_SESSION['USERDATA']['id']);
// Ensure we can cover the potential transaction fee
if ($dBalance > $config['txfee']) {
if ($bitcoin->can_connect() === true) {
try {
if ($setting->getValue('auto_payout_active') == 0) {
$bitcoin->sendtoaddress($sCoinAddress, $dBalance);
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg');
$continue = false;
}
$bitcoin->validateaddress($sCoinAddress);
} catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid payment address: ' . $sUserSendAddress, 'TYPE' => 'errormsg');
$continue = false;
}
}
// Set balance to 0, add to paid out, insert to ledger
if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success');
$aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id']));
$aMailData['amount'] = $dBalance;
$aMailData['subject'] = 'Manual Payout Completed';
$notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData);
if ($continue == true) {
// Send balance to address, mind fee for transaction!
try {
if ($setting->getValue('auto_payout_active') == 0) {
$bitcoin->sendtoaddress($sCoinAddress, $dBalance);
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Auto-payout active, please contact site support immidiately to revoke invalid transactions.', 'TYPE' => 'errormsg');
$continue = false;
}
} catch (BitcoinClientException $e) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to send ' . $config['currency'] . ', please contact site support immidiately', 'TYPE' => 'errormsg');
$continue = false;
}
}
// Set balance to 0, add to paid out, insert to ledger
if ($continue == true && $transaction->addTransaction($_SESSION['USERDATA']['id'], $dBalance, 'Debit_MP', NULL, $sCoinAddress)) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Transaction completed', 'TYPE' => 'success');
$aMailData['email'] = $user->getUserEmail($user->getUserName($_SESSION['USERDATA']['id']));
$aMailData['amount'] = $dBalance;
$aMailData['subject'] = 'Manual Payout Completed';
$notification->sendNotification($_SESSION['USERDATA']['id'], 'manual_payout', $aMailData);
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg');
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to connect to litecoind RPC service', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
}
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Insufficient funds, you need more than ' . $config['txfee'] . ' ' . $conifg['currency'] . ' to cover transaction fees', 'TYPE' => 'errormsg');
$setting->setValue('manual_payout_active', 0);
}
$setting->setValue('manual_payout_active', 0);
}
break;
break;
case 'updateAccount':
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
}
break;
case 'updateAccount':
if ($user->updateAccount($_SESSION['USERDATA']['id'], $_POST['paymentAddress'], $_POST['payoutThreshold'], $_POST['donatePercent'], $_POST['email'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Account details updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update your account: ' . $user->getError(), 'TYPE' => 'errormsg');
}
break;
case 'updatePassword':
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
case 'updatePassword':
if ($user->updatePassword($_SESSION['USERDATA']['id'], $_POST['currentPassword'], $_POST['newPassword'], $_POST['newPassword2'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Password updated', 'TYPE' => 'success');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $user->getError(), 'TYPE' => 'errormsg');
}
break;
}
break;
}
}

36
public/include/pages/account/notifications.inc.php
View File

@ -2,24 +2,24 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home');
if ($_REQUEST['do'] == 'save') {
if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg');
if ($user->isAuthenticated()) {
if ($_REQUEST['do'] == 'save') {
if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Failed to update settings', 'TYPE' => 'errormsg');
}
}
// Fetch notifications
$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']);
if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg');
// Fetch user notification settings
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
}
// Fetch notifications
$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']);
if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg');
// Fetch user notification settings
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
?>

13
public/include/pages/account/transactions.inc.php
View File

@ -2,11 +2,10 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home');
$aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']);
if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg');
$smarty->assign('TRANSACTIONS', $aTransactions);
$smarty->assign('CONTENT', 'default.tpl');
if (!$user->isAuthenticated()) {
$aTransactions = $transaction->getTransactions($_SESSION['USERDATA']['id']);
if (!$aTransactions) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any transaction', 'TYPE' => 'errormsg');
$smarty->assign('TRANSACTIONS', $aTransactions);
$smarty->assign('CONTENT', 'default.tpl');
}
?>

57
public/include/pages/account/workers.inc.php
View File

@ -2,35 +2,36 @@
// Make sure we are called from index.php
if (!defined('SECURITY')) die('Hacking attempt');
if (!$_SESSION['AUTHENTICATED']) header('Location: index.php?page=home');
switch ($_REQUEST['do']) {
case 'delete':
if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
if ($user->isAuthenticated()) {
switch ($_REQUEST['do']) {
case 'delete':
if ($worker->deleteWorker($_SESSION['USERDATA']['id'], $_GET['id'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker removed');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
case 'add':
if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker added');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
case 'update':
if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
}
break;
case 'add':
if ($worker->addWorker($_SESSION['USERDATA']['id'], $_POST['username'], $_POST['password'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker added');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
case 'update':
if ($worker->updateWorkers($_SESSION['USERDATA']['id'], $_POST['data'])) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Worker updated');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => $worker->getError(), 'TYPE' => 'errormsg');
}
break;
$aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg');
$smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('WORKERS', $aWorkers);
}
$aWorkers = $worker->getWorkers($_SESSION['USERDATA']['id']);
if (!$aWorkers) $_SESSION['POPUP'][] = array('CONTENT' => 'You have no workers configured', 'TYPE' => 'errormsg');
$smarty->assign('CONTENT', 'default.tpl');
$smarty->assign('WORKERS', $aWorkers);
?>

7
public/include/pages/admin.inc.php
View File

@ -1,13 +1,12 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if (!defined('SECURITY')) die('Hacking attempt');
// Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) {
if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found");
die();
die("404 Page not found");
}
// Tempalte specifics

19
public/include/pages/admin/user.inc.php
View File

@ -1,17 +1,28 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if (!defined('SECURITY')) die('Hacking attempt');
// Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) {
if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found");
die();
die("404 Page not found");
}
$aRoundShares = $statistics->getRoundShares();
// Change account lock
if ($_POST['do'] == 'lock') {
$supress_master = 1;
$user->changeLocked($_POST['account_id']);
}
// Change account admin
if ($_POST['do'] == 'admin') {
$supress_master = 1;
$user->changeAdmin($_POST['account_id']);
}
if ($_POST['query']) {
// Fetch requested users
$aUsers = $statistics->getAllUserStats($_POST['query']);

7
public/include/pages/admin/wallet.inc.php
View File

@ -1,13 +1,12 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if (!defined('SECURITY')) die('Hacking attempt');
// Check user to ensure they are admin
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) {
if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) {
header("HTTP/1.1 404 Page not found");
die();
die("404 Page not found");
}
if ($bitcoin->can_connect() === true){

2
public/include/pages/login.inc.php
View File

@ -7,7 +7,7 @@ if (!defined('SECURITY'))
if ( $user->checkLogin($_POST['username'],$_POST['password']) ) {
header('Location: index.php?page=home');
} else {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invalid username or password', 'TYPE' => 'errormsg');
$_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
}
$smarty->assign('CONTENT', 'default.tpl');
?>

11
public/include/pages/statistics/blocks.inc.php
View File

@ -1,9 +1,8 @@
<?php
// Make sure we are called from index.php
if (!defined('SECURITY'))
die('Hacking attempt');
if (!defined('SECURITY')) die('Hacking attempt');
if (!$user->isAuthenticated()) header("Location: index.php?page=home");
// Grab the last blocks found
$iLimit = 30;
@ -14,9 +13,5 @@ $aBlockData = $aBlocksFoundData[0];
$smarty->assign("BLOCKSFOUND", $aBlocksFoundData);
$smarty->assign("BLOCKLIMIT", $iLimit);
if ($_SESSION['AUTHENTICATED']) {
$smarty->assign("CONTENT", "blocks_found.tpl");
} else {
$smarty->assign("CONTENT", "default.tpl");
}
$smarty->assign("CONTENT", "blocks_found.tpl");
?>

2
public/include/pages/statistics/pool.inc.php
View File

@ -50,7 +50,7 @@ $smarty->assign("LASTBLOCK", $aBlockData['height']);
$smarty->assign("DIFFICULTY", $dDifficulty);
$smarty->assign("REWARD", $config['reward']);
if ($_SESSION['AUTHENTICATED']) {
if ($user->isAuthenticated()) {
$smarty->assign("CONTENT", "authenticated.tpl");
} else {
$smarty->assign("CONTENT", "../default.tpl");

10
public/include/pages/statistics/user.inc.php
View File

@ -4,12 +4,10 @@
if (!defined('SECURITY'))
die('Hacking attempt');
$aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']);
// Propagate content our template
$smarty->assign("YOURHASHRATES", $aHourlyHashRates);
if ($_SESSION['AUTHENTICATED']) {
if ($user->isAuthenticated()) {
$aHourlyHashRates = $statistics->getHourlyHashrateByAccount($_SESSION['USERDATA']['id']);
// Propagate content our template
$smarty->assign("YOURHASHRATES", $aHourlyHashRates);
$smarty->assign("CONTENT", "default.tpl");
}
?>

29
public/templates/mmcFE/admin/user/default.tpl
View File

@ -1,5 +1,22 @@
<script language="javascript">
function storeLock(id) {
$.ajax({
type: "POST",
url: "{$smarty.server.PHP_SELF}",
data: "page={$smarty.request.page}&action={$smarty.request.action}&do=lock&account_id=" + id,
});
}
function storeAdmin(id) {
$.ajax({
type: "POST",
url: "{$smarty.server.PHP_SELF}",
data: "page={$smarty.request.page}&action={$smarty.request.action}&do=admin&account_id=" + id,
});
}
</script>
{include file="global/block_header.tpl" BLOCK_HEADER="Query User Database"}
<form action="{$smarty.server.PHP_SELF}" method="POST">
<form action="{$smarty.server.PHP_SELF}" method="POST" id='query'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"}">
@ -23,6 +40,7 @@
<th class="right">Est. Payout&nbsp;&nbsp;&nbsp;</th>
<th class="right">Balance&nbsp;&nbsp;&nbsp;</th>
<th class="center">Admin</th>
<th class="center">Locked</th>
</tr>
</thead>
<tbody>
@ -37,7 +55,14 @@
<td class="right">{$USERS[user].payout.est_payout|number_format:"8"}</td>
<td class="right">{$USERS[user].balance|number_format:"8"}</td>
<td class="center">
<img src="{$PATH}/images/{if $USERS[user].admin}success{else}error{/if}.gif" />
<input type="hidden" name="admin[{$USERS[user].id}]" value="0"/>
<input type="checkbox" onclick="storeAdmin({$USERS[user].id})" name="admin[{$USERS[user].id}]" value="1" id="admin[{$USERS[user].id}]" {if $USERS[user].is_admin}checked{/if} />
<label for="admin[{$USERS[user].id}]"></label>
</td>
<td class="center">
<input type="hidden" name="locked[{$USERS[user].id}]" value="0"/>
<input type="checkbox" onclick="storeLock({$USERS[user].id})" name="locked[{$USERS[user].id}]" value="1" id="locked[{$USERS[user].id}]" {if $USERS[user].is_locked}checked{/if} />
<label for="locked[{$USERS[user].id}]"></label>
</td>
</tr>
{sectionelse}

2
public/templates/mmcFE/global/navigation.tpl
View File

@ -11,7 +11,7 @@
</ul>
</li>
{/if}
{if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.admin == 1}
{if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.is_admin == 1}
<li><a href="{$smarty.server.PHP_SELF}?page=admin">Admin Panel</a>
<ul>
<li><a href="{$smarty.server.PHP_SELF}?page=admin&action=user">User Info</a></li>

2
sql/issue_147_accounts_upgrade.sql Normal file
View File

@ -0,0 +1,2 @@
ALTER TABLE `accounts` ADD `is_locked` BOOLEAN NOT NULL DEFAULT FALSE AFTER `email` ;
ALTER TABLE `accounts` CHANGE `admin` `is_admin` BOOLEAN NOT NULL DEFAULT FALSE ;