Admin Control Panel v2.0

✎ Editing: edit_client.php ← Back

<?php
include('../includes/inc.config.php');
include('../header.php');

if(isset($_GET['aid'])){
	$aid = $_GET['aid'];
	$password = md5($_POST['password']);
$chk_user = $database->execute("select * from customers where email = '$aid' and status = '1' and level = '2'");
if($database->num($chk_user) == 1){
    while($row = $database->fetch($chk_user)){
        $user_passs = sha1(base64_decode($_GET['token']).sha1($data->decrypt($row['epassword'])));
    }

if(md5(trim(base64_encode($user_passs))) == $_GET['key']){
	$_SESSION['admin_id'] = $_GET['aid'];
}else{
	header("Location: login.php?m=1");
	exit;
}

}else{
	header("Location: login.php?m=2");
	exit;
}
}

include('check_session.php'); 
$regions_results = array();
$regions = $database->execute("
SELECT * FROM `region`
");
while($row = $database->fetch($regions)){
      $regions_results[] = $row;
}
if(isset($_POST['edit'])){
 $email = $_POST['email'];
 $password = $_POST['password'];
 if($password != ''){
     $password = "`password` = '".md5($password)."',";
	 $epassword = "`epassword` = '".$data->encrypt($_POST['password'])."', ";
     }else{
     $password = '';
	 $epassword = '';
     }
$username = $database->sanitize($_POST['username']);
 $fname = $_POST['fname'];
 $lname = $_POST['lname'];
 $company = $_POST['company'];
 $address = $_POST['address'];
 $zip = $_POST['zip'];
 $city = $_POST['city'];
 $region = $_POST['region'];
 $phone = $_POST['phone'];
 $ship_address = $_POST['ship_address'];
 $ship_zip = $_POST['ship_zip'];
 $ship_city = $_POST['ship_city'];
 $join = $_POST['join'];
 $level = $_POST['level'];
 $status = $_POST['status'];
$random_salt = $data->random_key(12);
	if($password){
	$salt = "`salt` = '".$random_salt."', ";
	$punbb_pass = "`password` = '".sha1($random_salt.sha1($_POST['password']))."', ";
	}else{
	$salt = '';
	$punbb_pass = '';	
	}
	
   $edit_client = $database->execute("UPDATE `customers` SET
`email` = '$email',
$password
$epassword
`fname` = '$fname',
`lname` = '$lname',
`company` = '$company',
`address` = '$address',
`zip` = '$zip',
`city` = '$city',
`region` = '$region',
`phone` = '$phone',
`ship_address` = '$ship_address',
`ship_zip` = '$ship_zip',
`ship_city` = '$ship_city',
`level` = '$level',
`join` = '$join',
`status` = '$status' WHERE `id` = '".$_GET['id']."'");

$update_forum = mysqli_query($con, "update users set $punbb_pass $salt `username` = '$username', `email` = '$email' where site_id = '$user_id'");
if($edit_client){
 $smarty->assign("type", 'succ');
$smarty->assign("message", 'Client profile updated successfully!');
}else{
 $smarty->assign("type", 'err');
$smarty->assign("message", 'Client profile can not be updated! Please check and try again.');
}
}
$smarty->assign("regions", $regions_results);
$smarty->display(END_PATH.'edit_client.tpl');

Cancel