setPageTitle("Goon Management"); $currBanner->addContent("Goon Management System"); $currNavbar->setCustomLinksTitle("Goon Management"); $currNavbar->addCustomLink("/users.php?action=viewStats", "View what I've done"); $currNavbar->addCustomLink("/users.php?action=login", "Login"); $currNavbar->addCustomLink("/users.php?action=signup", "Become a Goon"); $currNavbar->addCustomLink("/users.php?action=resetPassword", "Recover a lost password"); // if the user is logged in as not amonymous, give them a logout option if (!$_SESSION["isAnonymous"]) { $currNavbar->addCustomLink("/users.php?action=changePassword", "Change my Password"); $currNavbar->addCustomLink("/users.php?action=logout", "Logout"); } // if the person wants to be added, lets give them a form. if ($_REQUEST["action"] == "signup") { ?>

Become a Hired Goon

Please fill out the following information. (you may also want to make sure you actually need to do this)

Note: These passwords are stored in encrypted form using one way encryption. Although somebody might be able to break it, there are much easier ways for them to steal your password, so its not likely they'd bother.

Username added successfully! You can login now.

"); if (!$result) print("

We could not add that username. Perhaps it is already in use, or you did not fill out all fields. Here is the exact error: " . mysql_error() . "

"); } // if we're displaying a login form elseif ($_REQUEST["action"] == "login") { ?>

Confirm Goon ID (login)

I lost my password! Login successful!

"); } else { print("

"); } } // to do a logout elseif ($_REQUEST["action"] == "logout") { $query = "UPDATE users SET autologinkey = '' WHERE id = $_SESSION[userid]"; mysql_query($query); setcookie("autologinkey", 'a', time() - (60*60*24*365), "/"); setcookie("userid", 'a', time() + (60*60*24*365), "/"); doAnonymousLogin(); } // the form to reset a password elseif ($_REQUEST["action"] == "resetPassword") { ?>

So you lost your password did you? Not a problem, just fill in this form and we'll send you a new one. You can then use that to change your password to something non sucky.

note: The password will be emailed to whatever email address you used to create the account. If you don't have access to that anymore, you only have one real recourse: bribe Tridus into fixing it for you.

"); // set the new password $jumble = md5(time() . getmypid()); $salt = substr($jumble, 0, 2); $newPass = crypt($newPass, $salt); $query = "UPDATE users SET passwd = '$newPass' WHERE id = $row[id]"; mysql_query($query); print("

A new password has been sent to your email address.

"); } // the form to change a password elseif ($_REQUEST["action"] == "changePassword") { if ($_SESSION["isAnonymous"]) { print("

You can change your password if you are logged in. If you aren't, this won't work.

"); } else { ?> You can change your password if you are logged in. If you aren't, this won't work.

"); } // if the passwords don't match elseif ($_REQUEST["passwd"] != $_REQUEST["passwd2"]) { print("

Those two passwords don't match. Hit back and try again.

"); } else { // set the new password $jumble = md5(time() . getmypid()); $salt = substr($jumble, 0, 2); $newPass = crypt($_REQUEST["passwd"], $salt); $query = "UPDATE users SET passwd = '$newPass' WHERE id = $_SESSION[userid]"; $result = mysql_query($query); if ($result == true) print("

Password Changed!

"); else print("

Password change failed! Error: " . mysql_error() . "

"); } } // if we're viewing stats elseif ($_REQUEST["action"] == "viewStats") { // if we are passed in a userid, use that. otherwise use the current user if ($_REQUEST["user"] > 0) $userid = $_REQUEST["user"]; else $userid = $_SESSION["userid"]; print("

This page will tell you how many of the various things you can add you have added. Thats about it, since I don't log any useful user information.

"); // get username $query = "SELECT username, users.name, users_rank.name AS rank FROM users, users_rank WHERE users.rank = users_rank.id AND users.id = $userid"; $row = mysql_fetch_row(mysql_query($query)); $userName = $row[0]; $name = $row[1]; $rank = $row[2]; // get goon links added $query = "SELECT count(*) FROM goonlink WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $goonLinks = $row[0]; // get quotes added $query = "SELECT count(*) FROM quotes WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $quotes = $row[0]; // get timers added $query = "SELECT count(*) FROM randomTimers WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $timers = $row[0]; // get points for quotes added $query = "SELECT SUM(thumbsup) - SUM(thumbsdown) AS points FROM quotes WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $quotes_points = $row[0]; // get wishlist entries $query = "SELECT count(*) FROM wishlist WHERE owner = $userid AND status = 1"; $row = mysql_fetch_row(mysql_query($query)); $wishlist_active = $row[0]; $query = "SELECT count(*) FROM wishlist WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $wishlist_total = $row[0]; // get guestbook entries $query = "SELECT count(*) FROM guestbook WHERE owner = $userid"; $row = mysql_fetch_row(mysql_query($query)); $guestbook = $row[0]; print("

Goon Identification: $userName ($name)
Anonymous: $_SESSION[isAnonymous]
Autologin: $_SESSION[isAutoLogin]
Rank: $rank
Goon Links™ Added: $goonLinks
Memorable Sayings Added: $quotes (points: $quotes_points)
Random Timers Added: $timers
Wishlist: $wishlist_active current entries ($wishlist_total total)
Guestbook: $guestbook entries

\n"); } // if we're doing nothing else { ?>

Yes, yet another user management system. I know... but you can take comfort in the fact that its only used for things that actually need it (like so I can access stuff on the site that the rest of you can't :-) ).