getUserArray($session, 1); if (!$admin || (int)$admin['access'] !== 9) { die('

Access Denied: You are not Admin!

'); } // --------------------------------------------------------------------------- // Validare username // --------------------------------------------------------------------------- // Mirror the sign-up rule (Account.php, issue #184) so an admin can rename a // player to any name registration would accept. The allowed character set // depends on USRNM_SPECIAL: when on, letters/digits/.-_ and single internal // spaces; when off, ASCII alphanumerics only. $usernameSpecial = defined('USRNM_SPECIAL') ? USRNM_SPECIAL : false; $minLen = defined('USRNM_MIN_LENGTH') ? USRNM_MIN_LENGTH : 3; $maxLen = defined('USRNM_MAX_LENGTH') ? USRNM_MAX_LENGTH : 15; $charsOk = $usernameSpecial ? (bool)preg_match('/^[A-Za-z0-9._-]+(?: [A-Za-z0-9._-]+)*$/D', $username) : !preg_match('/[^0-9A-Za-z]/', $username); if (strlen($username) < $minLen || strlen($username) > $maxLen || !$charsOk) { header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid"); exit; } // verificare duplicat $check = $database->query("SELECT id FROM " . TB_PREFIX . "users WHERE username = '" . $database->escape($username) . "' AND id != $uid LIMIT 1"); if (mysqli_num_rows($check) > 0) { header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=taken"); exit; } $usernameEsc = $database->escape($username); // --------------------------------------------------------------------------- // Update // --------------------------------------------------------------------------- $database->query("UPDATE " . TB_PREFIX . "users SET username = '$usernameEsc' WHERE id = $uid"); // --------------------------------------------------------------------------- // Log admin // --------------------------------------------------------------------------- $adminId = (int)$_SESSION['id']; $time = time(); $logText = "Changed username for user $uid to '$usernameEsc'"; $logEsc = $database->escape($logText); $database->query( "INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " . "VALUES (0, '$adminId', '$logEsc', $time)" ); header("Location: ../../../Admin/admin.php?p=player&uid=" . $uid . "&name=1"); exit; ?>