view user_profiles from every user like viewing the own

I've installed this class and it seens to be great :-) thanks

I will need a function for the admin to view and edit all users profiles like every user can view and update there own. I would like to  change every users data from a protected page. No it's only possibe to change the data from one table where the login,pw ... is stored. The admin is not able to change data from the user_profie tabe. How can I use update_user_profile.php as admin to change user data? How would this be possible? Do we need work around or is there a good solution?

Maybe it is possibe already and I don't know how to use it.

tom

I've installed this class and it seens to be great :-) thanks

I will need a function for the admin to view and edit all users profiles like every user can view and update there own. I would like to  change every users data from a protected page. No it's only possibe to change the data from one table where the login,pw ... is stored. The admin is not able to change data from the user_profie tabe. How can I use update_user_profile.php as admin to change user data? How would this be possible? Do we need work around or is there a good solution?

Maybe it is possibe already and I don't know how to use it.

tom

if im not mistaken, trying to read your somewhat bad english... you are saying currently on your site you can only edit your own profile, but as an administrator you can not edit any users data? .. just make a new page, and protect it with a simple if else statement, running the same update_profile.php script except changing the sql query from "WHERE user_id = $logged['id']" it would be "Where user_id =$data[id] " or something similair.. of course the page will need some minor modifications.. but either way you will have to make a new page for the admin area to edit accounts

Code:

<?php
if ($logged['level'] > 4){
if ($_POST['update']){
$value1 = $_POST['value1']; 
$value2= $_POST['value2']; 
$update = mysql_query("UPDATE users 
SET value1 = '$value1', value2 = '$value2' 
WHERE user_id = ".$_GET['id']);
if ($update) echo "Success!";
}
$result = mysql_query("SELECT * FROM users WHERE user_id = ".$_GET['id']);
$data = mysql_array($result);
echo "...the form, and profile fields for editing..";
} else {
echo "You do not have the correct level of access for this page...";
}
?>

_{The above snippet of code is only a universal example of updating a users profile via a protected page based on a field in the logged-in-users table..}

[Free WordPress Themes]

Hello Tom,

yes you're right at the moment the "admin" extension is only for the user table. There is a plan to have this feature (also a user list) for future versions. But maybe this will be a part of of some future "premium" version.

In the meantime check the profile extension and try to implement the methods into the admin extension.

@method, right the admin (owner) can edit everything (via phpmyadmin), but the class is written to protect some things.

[admin_user.php]

Code:

<?php
if ($logged['level'] > 4){
if ($_POST['update']){
$value1 = $_POST['value1']; 
$value2= $_POST['value2']; 
$update = mysql_query("UPDATE users 
SET value1 = '$value1', value2 = '$value2' 
WHERE user_id = ".$_GET['id']);
if ($update) echo "Success!";
}
$result = mysql_query("SELECT * FROM users WHERE user_id = ".$_GET['id']);
$data = mysql_array($result);
echo "...the form, and profile fields for editing..";
} else {
echo "You do not have the correct level of access for this page...";
}

echo "You do not have the correct level of access for this page...";
}
?>

I would like to see/edit the users data in users_profile as admin simular to admin_user.php but there it is only possibel to view/edit the data from the useres tabel and not from the users_profile tabel. I would like to view/edit the users_profile data table as well.

Do you mean that would be possible with your code snippset?
I think it must be something with the use of admin_user.php and update_users_profile.php
^{I hope you got me right ...}

tom

[Free WordPress Themes]

read my post before (note the snippet from method is not related to the class)

[default_admin_level]

read my post before (note the snippet from method is not related to the class)

Do you think it would be a security  or some else problem to use an other script protcted with your class with the default_admin_level to show datas from the users_profile table?

[default_admin_level]

read my post before (note the snippet from method is not related to the class)

Do you think it would be a security  or some else problem to use an other script protcted with your class with the default_admin_level to show datas from the users_profile table?

I created the admin extension to protect the user to edit his own data via the this script and to have the possibility to handle access levels.

of course you can create a script also without the access protection from the script using .htaccess for example...

...
of course you can create a script also without the access protection from the script using .htaccess for example...

Why htaccess? I only need is an script to show the users_profile. It shoult be possible with your class to protect this too. My question was if it is an secrurity issue to do this but I think not because only the admin can use this by using your protection class.

I've simply added

Code:

$update_profile->user =  $_POST['get_user'];

     to change the user to look for by postig the login using a form and i seems to work. What do you think about it?

[Free WordPress Themes]

the user var can't the same than the user var where to change the details

the user var can't the same than the user var where to change the details

I changed it to the method from POST to GET to SELECT the $update_profile->user and it works but I get errors if I try to UPDATE it. That problem seems to belong to the $_POST['login'] var. What's your idea to solve it?

[Free WordPress Themes]

the user var can't the same than the user var where to change the details

I changed it to the method from POST to GET to SELECT the $update_profile->user and it works but I get errors if I try to UPDATE it. That problem seems to belong to the $_POST['login'] var. What's your idea to solve it?

as in my comment before, in the current admin extension is NO support fro the profile, If you created the code by yourself then post it here if you have the problems (check the code from the profile extension first)

I will need a function for the admin to view and edit all users profiles like every user can view and update there own. I would like to  change every users data from a protected page.

tom

Hi Tom, an interesting idea.  I am just curious why you would want to do that?  Olaf's script addresses problems (like lost or forgotten access data, login, password, etc.).  Why would you want to do that with simple profile data?  Once you reset a users password then they could change their own profile data.

You could, from the admin panel, change the password and then access the user the normal way!  Of course that would leave the user without a workable password (perhaps a good thing!).

Here are a couple another ideas...

1)
Under third party mods
http://www.webdigity.com/index.php/topic,5503.0.Different+Users+-+Different+parts+of+each+page%21.html
There is an easy way to add the access_level to the $_SESSION array.

Using access_level 10 for a test, you should be able to copy and modify
ext_user_profile.php
and
upate_user_profile.php
for an admin page that will allow what you want.

That may be a bit deep... But if, as you say, you "need" that function then it is worth talking the time to do (or pay Olaf to do it for you!)

2)
Merge the needed parts of
ext_user_profile.php
into the top of
admin_user.php

Then add the needed parts of
update_user_profile.php
to the bottom of
admin_user.php

That should give you an Admin page that you can use to change all fields except those protected by the class (login, etc).

To me the second option looks like more work but it means not changing the access_user_class.php  That can be important when Olaf releases the next version.

For me the two tiny mods at http://www.webdigity.com/index.php/topic,5503.0.Different+Users+-+Different+parts+of+each+page%21.html
are so easy I just do them on each mod before uploading our sites...

[Guest]

[37.736]

Yahoo crawler, adsense, Msnbot, Baidu Spider