<?php
  require_once 'conn.php';
  require_once 'http.php';
  
  if (isset($\_REQUEST[\text{'}action\text{'}]))\; \{\; switch\; ($_REQUEST['action']) {
      case 'Login':
        if (isset($\_POST[\text{'}email\text{'}])\; and\; isset($_POST['passwd'])) {
          $sql\; =\; "SELECT\; id,access\_lvl,name,last\_login\; "\; .\; "FROM\; forum\_users\; "\; .\; "WHERE\; email=\text{'}"\; .$_POST['email'] . "' " .
                 "AND passwd='" . $\_POST[\text{'}passwd\text{'}]\; .\; "\text{'}";$result = mysql_query($sql,$conn)
            or die('Could not look up user information; ' . 
                   mysql_error());
  
          if ($row\; =\; mysql\_fetch\_array($result)) {
            session_start();
            $\_SESSION[\text{'}user\_id\text{'}]\; =$row['id'];
            $\_SESSION[\text{'}access\_lvl\text{'}]\; =$row['access_lvl'];
            $\_SESSION[\text{'}name\text{'}]\; =$row['name'];
            $\_SESSION[\text{'}last\_login\text{'}]\; =$row['last_login'];
            $sql\; =\; "UPDATE\; forum\_users\; SET\; last\_login\; =\; \text{'}"\; .\; date("Y-m-d\; H:i:s",time())\; .\; "\text{'}\; "\; .\; "WHERE\; id\; =\; "\; .$row['id'];
            mysql_query($sql,$conn)
              or die(mysql_error() . "<br>" . $sql);\; \}\; \}\; redirect(\text{'}index.php\text{'});\; break;\; case\; \text{'}Logout\text{'}:\; session\_start();\; session\_unset();\; session\_destroy();\; redirect(\text{'}index.php\text{'});\; break;\; case\; \text{'}Create\; Account\text{'}:\; if\; (isset($_POST['name'])
            and isset($\_POST[\text{'}email\text{'}])\; and\; isset($_POST['passwd'])
            and isset($\_POST[\text{'}passwd2\text{'}])\; and$_POST['passwd'] == $\_POST[\text{'}passwd2\text{'}])\; \{$sql = "INSERT INTO forum_users " .
                 "(email,name,passwd,date_joined,last_login) " .
                 "VALUES ('" . $\_POST[\text{'}email\text{'}]\; .\; "\text{'},\text{'}"\; .$_POST['name'] . "','" . $\_POST[\text{'}passwd\text{'}]\; .\; "\text{'},\text{'}"\; .\; date("Y-m-d\; H:i:s",time()).\; "\text{'},\text{'}"\; .\; date("Y-m-d\; H:i:s",time()).\; "\text{'})";\; mysql\_query($sql, $conn)\; or\; die(\text{'}Could\; not\; create\; user\; account;\; \text{'}\; .\; mysql\_error());\; session\_start();$_SESSION['user_id'] = mysql_insert_id($conn);$_SESSION['access_lvl'] = 1;
          $\_SESSION[\text{'}name\text{'}]\; =$_POST['name'];
          $\_SESSION[\text{'}login\_time\text{'}]\; =\; date("Y-m-d\; H:i:s",time());\; \}\; redirect(\text{'}index.php\text{'});\; break;\; case\; \text{'}Modify\; Account\text{'}:\; if\; (isset($_POST['name'])
            and isset($\_POST[\text{'}email\text{'}])\; and\; isset($_POST['accesslvl'])
            and isset($\_POST[\text{'}userid\text{'}]))\; \{$sql = "UPDATE forum_users " .
                 "SET email='" . $\_POST[\text{'}email\text{'}]\; .\; "\text{'},\; name=\text{'}"\; .$_POST['name'] .
                 "', access_lvl=" . $\_POST[\text{'}accesslvl\text{'}]\; .\; ",\; signature=\text{'}"\; .$_POST['signature'] . "' " .
                 " WHERE id=" . $\_POST[\text{'}userid\text{'}];\; mysql\_query($sql, $conn)\; or\; die(\text{'}Could\; not\; update\; user\; account...\; \text{'}\; .\; mysql\_error()\; .\; \text{'}$<br>SQL: ' . sql);
        }
        redirect('admin.php');
        break;
  
      case 'Edit Account':
        if (isset($\_POST[\text{'}name\text{'}])\; and\; isset($_POST['email'])
            and isset($\_POST[\text{'}accesslvl\text{'}])\; and\; isset($_POST['userid'])) {
          $chg\_pw\; =\; FALSE;\; if\; (isset($_POST['oldpasswd'])
              and $\_POST[\text{'}oldpasswd\text{'}]\; !=\; \text{'}\text{'})\; \{$sql = "SELECT passwd FROM forum_users " .
                   "WHERE id=" . $\_POST[\text{'}userid\text{'}];$result = mysql_query($sql)\; or\; die(mysql\_error());\; if\; ($row = mysql_fetch_array($result))\; \{\; if\; (($row['passwd'] == $\_POST[\text{'}oldpasswd\text{'}])\; and\; (isset($_POST['passwd']))
                  and (isset($\_POST[\text{'}passwd2\text{'}]))\; and\; ($_POST['passwd'] == $\_POST[\text{'}passwd2\text{'}]))\; \{$chg_pw = TRUE;
              } else {
                redirect('useraccount.php?error=nopassedit');
                break;
              }
            }
          }
          $sql\; =\; "UPDATE\; forum\_users\; "\; .\; "SET\; email=\text{'}"\; .$_POST['email'] .
                 "', name='" . $\_POST[\text{'}name\text{'}]\; .\; "\text{'},\; access\_lvl="\; .$_POST['accesslvl'] .
                 ", signature='" . $\_POST[\text{'}signature\text{'}];\; if\; ($chg_pw) {
            $sql\; .=\; "\text{'},\; passwd=\text{'}"\; .$_POST['passwd'];
          }
          $sql\; .=\; "\text{'}\; WHERE\; id="\; .$_POST['userid'];
          mysql_query($sql,$conn)
            or die('Could not update user account... ' . mysql_error() .
                   '<br>SQL: ' . $sql);\; \}\; redirect(\text{'}useraccount.php?blah=\text{'}\; .$_POST['userid']);
        break;
  
      case 'Send my reminder!':
        if (isset($\_POST[\text{'}email\text{'}]))\; \{$sql = "SELECT passwd FROM forum_users " .
                 "WHERE email='" . $\_POST[\text{'}email\text{'}]\; .\; "\text{'}";$result = mysql_query($sql,$conn)
            or die('Could not look up password; ' . mysql_error());
  
          if (mysql_num_rows($result))\; \{$row = mysql_fetch_array($result);$subject = 'Comic site password reminder';
            $body\; =\; "Just\; a\; reminder,\; your\; password\; for\; the\; "\; .\; "Comic\; Book\; Appreciation\; site\; is:\; "\; .$row['passwd'] .
                    "\n\nYou can use this to log in at http://" .
                    $\_SERVER[\text{'}HTTP\_HOST\text{'}]\; .\; dirname($_SERVER['PHP_SELF']) . '/login.php?e=' .
                    $\_POST[\text{'}email\text{'}];$headers = "From: admin@yoursite.com\r\n";
  
            mail($\_POST[\text{'}email\text{'}],$subject,$body,$headers)
              or die('Could not send reminder email.');
          }
        }
        redirect('login.php');
        break;
    }
  }
  ?>