<?php
$nickname = trim(mysql_escape_string(htmlspecialchars($_POST['nickname'])));

if(!isset($_POST['action']))
{
$q = mysql_query("SELECT `id`,`ip`,`ua`,`posts`,`answers`,`level`,`status`,`invisible`,`regdate`,`hidden` FROM `chat_users` WHERE `nickname` = '".$nickname."';");

if(mysql_affected_rows() == 0)
{
echo "user  not Found.<br/>\n";
break;
}

$user = mysql_fetch_array($q);
$uid = $user['id'];
$ip = $user['ip'];
$ua = $user['ua'];
$posts = $user['posts'];
$answers = $user['answers'];
$level = $user['level'];
$status = $user['status'];
$invisible = $user['invisible'];
$regdate = $user['regdate'];
$hidden = $user['hidden'];

if($uid == 1 && $id != 1)
{
echo "This user is the main  administrator.<br/>\n";
echo "Dnt hav previlage to do this.<br/>\n";
break;
}

echo "<div class=\"form\">\n";
echo "<form method=\"post\" action=\"admin.php?nocache=$nocache&amp;ver=html&amp;".SID."&amp;pass=$pass&amp;mod=edit\">\n";
echo "NIckname:<br/>\n";
echo "<input name=\"nickname\" value=\"$nickname\" maxlength=\"20\"/><br/>\n";
echo "Password (оставить пустым если изменять не надо):<br/>\n";
echo "<input name=\"upass\" value=\"\" maxlength=\"20\"/><br/>\n";
echo "Status:<br/>\n";
echo "<input name=\"status\" value=\"$status\" maxlength=\"20\"/><br/>\n";
echo "Posts:<br/>\n";
echo "<input name=\"posts\" value=\"$posts\" size=\"6\" maxlength=\"6\"/><br/>\n";
echo "Quiz Points:<br/>\n";
echo "<input name=\"answers\" value=\"$answers\" size=\"6\" maxlength=\"6\"/><br/>\n";
echo "Invisible:<br/>\n";
echo "<select name=\"invisible\">\n";
if($invisible == 0)
{
echo "<option value=\"0\" selected=\"selected\">Off</option>\n";
}
else
{
echo "<option value=\"0\">Off</option>\n";
}
if($invisible == 1)
{
echo "<option value=\"1\" selected=\"selected\">On.</option>\n";
}
else
{
echo "<option value=\"1\">On.</option>\n";
}
if($invisible == 2)
{
echo "<option value=\"2\" selected=\"selected\">totally ignore</option>\n";
}
else
{
echo "<option value=\"2\">totally ignore</option>\n";
}
echo "</select><br/>\n";
echo "Position :<br/>\n";
echo "<select name=\"level\">\n";
if($level == 0)
{
echo "<option value=\"0\" selected=\"selected\">User</option>\n";
}
else
{
echo "<option value=\"0\">User</option>\n";
}
if($level == 1)
{
echo "<option value=\"1\" selected=\"selected\">V.I.P.</option>\n";
}
else
{
echo "<option value=\"1\">V.I.P.</option>\n";
}
if($level == 2)
{
echo "<option value=\"2\" selected=\"selected\">Moderator</option>\n";
}
else
{
echo "<option value=\"2\">Moderator</option>\n";
}
if($level == 3)
{
echo "<option value=\"3\" selected=\"selected\">Super-Moderator</option>\n";
}
else
{
echo "<option value=\"3\">Super-Moderator</option>\n";
}
if($level == 4)
{
echo "<option value=\"4\" selected=\"selected\">Admin</option>\n";
}
else
{
echo "<option value=\"4\">Admin</option>\n";
}
echo "</select><br/>\n";
echo "Show Statistics Moderatorов:<br />\n";
echo "<select name=\"hidden\">\n";
if($hidden == 0)
{
echo "<option value=\"0\" selected=\"selected\">Yes</option>\n";
echo "<option value=\"1\">No</option>\n";
}
else
{
echo "<option value=\"1\" selected=\"selected\">No</option>\n";
echo "<option value=\"0\">Yes</option>\n";
}
echo "</select><br/>\n";
echo "[IP]: <u>$ip</u><br/>\n";
echo "[UserAgent]: <u>$ua</u><br/>\n";
echo "<input type=\"hidden\" name=\"uid\" value=\"$uid\"/>";
echo "<input type=\"hidden\" name=\"action\" value=\"save\"/>";
echo "<input type=\"submit\" value=\"Save\"/></form></div><br/>\n";
}
else
{
$uid = intval($_POST['uid']);
$posts = intval($_POST['posts']);
$answers = intval($_POST['answers']);
$invisible = intval($_POST['invisible']);
$level = intval($_POST['level']);
$hidden = intval($_POST['hidden']);
$nickname = htmlspecialchars(mysql_escape_string(trim($_POST['nickname'])));
$nickname = str_replace('$', '$$', $nickname);
$status = htmlspecialchars(mysql_escape_string(trim($_POST['status'])));
$status = str_replace('$', '$$', $status);
$q = mysql_query("SELECT * FROM `chat_users` WHERE `nickname` = '".$nickname."' AND `id` != '".$uid."';");
	if(mysql_num_rows($q) != 0)
	{
	echo "User with the nickname already exists.<br/>\n";
	break;
	}

$sql = mysql_query("SELECT `level` FROM `chat_users` WHERE `id` = '".$uid."';");
$lev = mysql_result($sql, 0);

	if(preg_match("/[^0-9a-zA-Z_]+/", $_POST['upass']))
	{
	echo "In the password contain prohibited characters! Password must be at the <br/>\n";
	break;
	}
	if(empty($nickname))
	{
	echo "Empty Nickname!<br/>\n";
	break;
	}

	if($invisible < 0 or $invisible > 2)
	{
	echo "Incorrect value of the switch Invisibility <br/>\n";
	break;
	}
	if($status < 0 or $status > 4)
	{
	echo "Incorrect value!<br/>\n";
	break;
	}
	if($lev != $level)
	{
	if($level == 0) $user_status = "<b>User</b>";
	if($level == 1) $user_status = "<b>VIP</b>";
	if($level == 2) $user_status = "<b>Moderator</b>";
	if($level == 3) $user_status = "<b>С-Moderator</b>";
	if($level == 4) $user_status = "<b>Admin</b>";
	$sql = mysql_query("SELECT `nickname` FROM `chat_users` WHERE `id` = '".$id."';");
	$nick = mysql_result($sql, 0);
	$message = $nick." assigns ".$nickname." Status ".$user_status;
	$sql = mysql_query("SELECT `id` FROM `chat_rooms`;");
		while($room_id = mysql_fetch_array($sql))
		{
		mysql_query("INSERT INTO `chat".$room_id['id']."` VALUES(0, '5', '".$bots[3]."', '".$message."', '0', '".date("H:i:s")."', ".time().");");
		}
	}
		if(empty($_POST['upass']))
	{
$query = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `posts` = '".$posts."',  `status` = '".$status."', `level` = '".$level."', `invisible` = '".$invisible."', `answers` = '".$answers."', `hidden` = '".$hidden."' WHERE `id` = '".$uid."';");
	}
	else{
$query = mysql_query("UPDATE `chat_users` SET `nickname` = '".$nickname."', `password` = '".md5($_POST['upass'])."', `posts` = '".$posts."',  `status` = '".$status."', `level` = '".$level."', `invisible` = '".$invisible."', `answers` = '".$answers."', `hidden` = '".$hidden."' WHERE `id` = '".$uid."';");
	}
	if($query)
	{
	echo " successfully saved!<br/>\n";
	if($uid === $id) $_SESSION['pass'] = $_POST['upass'];
	}
	else
	{
	echo "Error!<br/>\n";
	echo mysql_error()."<br/>\n";
	}
}
?>