usersearch.php

   1 <?php include ("config.php");
   2 function auth($userid, $password)
   3 {
   4         $sql = "SELECT username FROM users WHERE username='$userid' AND userpass='$password'";
   5         $result = mysql_query($sql);
   6         if (!mysql_num_rows($result))
   7                 return 0;
   8         else
   9         {
  10                 $query_data = mysql_fetch_row($result);
  11                 return $query_data[0];
  12         }
  13 }
  14 $username = auth($uname, $pword);
  15 if (!$username)
  16 {
  17         echo "You are not <a href=login.php>Logged In</a>.";
  18         exit;
  19 }
  20 $sql = "SELECT * FROM users WHERE username='$uname'";
  21 $result = mysql_query($sql);
  22 $myrow = mysql_fetch_array($result);
  23 if ($myrow["level"] <= 49)
  24 {
  25         echo "You cannot be here.";
  26         exit;
  27 }
  28 if ($submit)
  29 {
  30         $sql = "SELECT * FROM users WHERE username LIKE '%$usename%'";
  31         $result = mysql_query($sql);
  32         while ($myrow = mysql_fetch_array($result))
  33         {
  34                 echo "<a href=whois.php?user=".$myrow["userid"].">".$myrow["username"]."</a><br>";
  35         }
  36         echo '<br><br><form method=post action=usersearch.php>
  37 Username: <input type=text name=usename><br><br>
  38 <input type=submit name=submit value="Search">
  39 </form>';
  40 }
  41 if (!$submit)
  42 {
  43         echo '<form method=post action=usersearch.php>
  44 Username: <input type=text name=usename><br><br>
  45 <input type=submit name=submit value="Search">
  46 </form>';
  47 }
  48 ?>