Location: PHPKode > projects > DDL CMS > Upload these files to your webspace/admin/tsadmin/newwin.php
<?php
	session_start();
	define('TSADMINDIR', dirname(__FILE__) . '/');
	define('WWWROOT', substr(TSADMINDIR, 0, -14));
	define('BASEDIR', substr(WWWROOT, 0, ##BASEDIR##));
	require(BASEDIR . 'funcs.inc');
	require(BASEDIR . 'config.php');
	require(WWWROOT . 'topsites/tsphp.php');
	require(WWWROOT . 'admin/adminfuncs.inc');
	if(!isset($_SESSION) || !is_array($_SESSION) || !array_key_exists('authuser', $_SESSION))
	{
		$_SESSION = NULL;
		session_destroy();
		loginpage(FALSE);
	}
	else
	{
		if(isset($_GET) && is_array($_GET) && count($_GET) > 0 && array_key_exists('page', $_GET) === TRUE)
		{
			switch($_GET['page'])
			{
				case 'quickaccounts':
					if(isset($_POST) && is_array($_POST) && count($_POST) > 0 && array_key_exists('sub', $_POST))
					{
						$_POST = array_map('mysql_escape_string', $_POST);
						switch($_POST['sub'])
						{
							case 'Remove Unconfirmed Accounts':
								# Remove old unconfirmed accounts
								$count = RemoveUnconfirmed();
								$reload = 1;
								$message = $count . ' unconfirmed account(s) has/have been removed.';
								break;
							case 'Delete':
								# Perform a search and delete on the accounts table
								$result = dbcom("SELECT * FROM topsites_Accounts WHERE {$_POST['FindIn']} LIKE '%{$_POST['Find']}%'");
								$count = mysql_num_rows($result);
								while($account = mysql_fetch_assoc($result))
								{
									DoAccountDeletion($account['Username']);
								}
								$count = intval($count);
								$reload = 1;
								$message = $count . ' account(s) has/have been deleted.';
								break;
							case 'Set':
								# Perform a search and set on the accounts table
								if($_POST['Find'] == '[EMPTY]')
								{
									$count = dbcom("UPDATE topsites_Accounts SET {$_POST['SetIn']}='{$_POST['Set']}' WHERE {$_POST['FindIn']}=''");
								}
								else
								{
									$count = dbcom("UPDATE topsites_Accounts SET {$_POST['SetIn']}='{$_POST['Set']}' WHERE {$_POST['FindIn']} LIKE '%{$_POST['Find']}%'");
								}
								$count = intval($count);
								$reload = 1;
								$message = $count . ' change(s) has/have been made';
								break;
							case 'Replace':
								# Perform a search and replace on the accounts table
								if($_POST['Find'] == '[EMPTY]')
								{
									$count = dbcom("UPDATE topsites_Accounts SET {$_POST['FindIn']}='{$_POST['Replace']}' WHERE {$_POST['FindIn']}=''");
								}
								else
								{
									$count = dbcom("UPDATE topsites_Accounts SET {$_POST['FindIn']}=REPLACE({$_POST['FindIn']},'{$_POST['Find']}','{$_POST['Replace']}')");
								}
								$count = intval($count);
								$reload = 1;
								$message = $count . ' replacement(s) has/have been made.';
								break;
						}
					}
					FileTaint("{$GLOBALS['TDIR']}/admin_quickaccounts.tpl");
					require("{$GLOBALS['TDIR']}/admin_quickaccounts.tpl");
					break;
				case 'accountdetails':
					require("{$GLOBALS['TDIR']}/admin_accountdetails.tpl");
					break;
				case 'editaccount':
					# Update account information
					if(isset($_POST) && is_array($_POST) && count($_POST) > 0 && array_key_exists('sub', $_POST) && $_POST['sub'] == 'Update Account')
          {
						$_POST = array_map('mysql_escape_string', $_POST);
						dbcom("UPDATE topsites_Accounts SET " .
							"Email='{$_POST['Email']}', " .
							"Site_URL='{$_POST['Site_URL']}', " .
							"Title='{$_POST['Title']}', " .
							"Password='{$_POST['Password']}', " .
							"Notes='{$_POST['Notes']}', " .
							"In_Weight='{$_POST['In_Weight']}', " .
							"Out_Weight='{$_POST['Out_Weight']}', " .
							"Current_Prod='{$_POST['Current_Prod']}', " .
							"Current_In='{$_POST['Current_In']}', " .
							"Current_Out='{$_POST['Current_Out']}', " .
							"Total_Prod='{$_POST['Total_Prod']}', " .
							"Total_In='{$_POST['Total_In']}', " .
							"Total_Out='{$_POST['Total_Out']}', " .
							"Inactive='{$_POST['Inactive']}', " .
							"Num_Ratings='{$_POST['Num_Ratings']}', " .
							"Rating_Total='{$_POST['Rating_Total']}' " .
							"WHERE Username='{$_POST['Username']}'");
							$message = "Account '{$_POST['Username']}' has been updated successfully";
							$reload = 1;
    					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					}
					else
					{
						require("{$GLOBALS['TDIR']}/admin_editaccount.tpl");
					}
					break;
				case 'cheattally':
					# Clear an account's cheat tally
					if(isset($_POST) && is_array($_POST) && count($_POST) > 0 && array_key_exists('sub', $_POST) && $_POST['sub'] == 'Reset Cheat Tally')
					{
						$username = mysql_escape_string($_POST['Username']);
						dbcom("UPDATE topsites_Cheats SET " .
						"Hit_IP_Address=0, " .
						"Hit_Cookie=0, " .
						"Hit_Exp_Session=0, " .
						"Hit_Proxy=0, " .
						"Hit_Referrer=0, " .
						"Hit_Browser=0, " .
						"Hit_Banned_IP=0, " .
						"Hit_No_Cookies=0, " .
						"Rate_IP_Address=0, " .
						"Rate_Cookie=0, " .
						"Rate_Exp_Session=0, " .
						"Rate_Proxy=0, " .
						"Rate_Referrer=0, " .
						"Rate_Browser=0, " .
						"Rate_No_Cookies=0, " .
						"Rate_Banned_IP=0 " .
						"WHERE Username='$username';");
						$message = "Cheat tally for '{$_POST['Username']}' has been reset.";
					}
					require("{$GLOBALS['TDIR']}/admin_cheattally.tpl");
					break;
				case 'SuspendAccount':
					# Suspend/Un-suspend an account
					$username = mysql_escape_string($_GET['Username']);
					dbcom("UPDATE topsites_Accounts SET Suspended=(!Suspended) WHERE Username='$username';");
					$accountQuery = dbcom("SELECT * FROM topsites_Accounts WHERE Username='$username';");
					$account = mysql_fetch_assoc($accountQuery);
					$message = "Account '$username' has been " . ($account['Suspended'] ? 'suspended' : 'un-suspended');
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'LockAccount':
					# Lock/Un-lock an account
					$username = mysql_escape_string($_GET['Username']);
					dbcom("UPDATE topsites_Accounts SET Locked=(!Locked) WHERE Username='$username';");
					$accountQuery = dbcom("SELECT * FROM topsites_Accounts WHERE Username='$username';");
					$account = mysql_fetch_assoc($accountQuery);
					$message = "Account '$username' has been " . ($account['Locked'] ? 'locked' : 'un-locked');
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'DeleteAccount':
					# Delete an account
					$username = mysql_escape_string($_GET['Username']);
					DoAccountDeletion($username);
					$message = "Account '{$_GET['Username']}' has been deleted.";
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'ConfirmAccount':
					# Confirm a new account
					$username = mysql_escape_string($_GET['Username']);
					$accountQuery = dbcom("SELECT * FROM topsites_Accounts WHERE Username='$username'");
					$account = mysql_fetch_assoc($accountQuery);
					if($account['Status'] == 'Unconfirmed')
					{
						dbcom("UPDATE topsites_Accounts SET Status='Approved' WHERE Username='$username';");
						$account['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id=$username";
						$account['Script_URL'] = $GLOBALS['SCRIPT_URL'];
						Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_added.tpl", $account);
					}
					$message = "Account '{$_GET['Username']}' has been confirmed.";
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'ApproveAccount':
					# Approve a new account
					$username = mysql_escape_string($_GET['Username']);
					$accountQuery = dbcom("SELECT * FROM topsites_Accounts WHERE Username='$username';");
					$account = mysql_fetch_assoc($accountQuery);
					if($account['Status'] == 'Pending')
					{
						dbcom("UPDATE topsites_Accounts SET Status='Approved' WHERE Username='$username';");
						$account['Tracking_URL'] = "{$GLOBALS['IN_URL']}?id=$username";
						$account['Script_URL'] = $GLOBALS['SCRIPT_URL'];
						Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['TDIR']}/email_added.tpl", $account);
					}
					$message = "Account '{$_GET['Username']}' has been approved.";
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'RejectAccount':
					# Reject a new account
					$username = mysql_escape_string($_GET['Username']);
					$accountQuery = dbcom("SELECT * FROM topsites_Accounts WHERE Username='$username';");
					$account = mysql_fetch_assoc($accountQuery);
					if($account['Status'] == 'Unconfirmed' || $account['Status'] == 'Pending')
					{
						DoAccountDeletion($username);
						# Send rejection e-mail
						$rejection = $_REQUEST["Reject_$username"];
						if(!IsEmptyString($rejection))
						{
							$account['Script_URL'] = $GLOBALS['SCRIPT_URL'];
							Email($account['Email'], $GLOBALS['ADMIN_EMAIL'], "{$GLOBALS['DDIR']}/reject/$rejection", $account);
						}
					}
					$message = "Account '{$_GET['Username']}' has been rejected.";
					$reload = 1;
					require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					break;
				case 'edittrigger':
					if(isset($_POST) && is_array($_POST) && count($_POST) > 0)
					{
						## Update an existing trigger
						global $DB;
						$DB->Connect();
						$DB->EscapeHash($_POST);
						if($_POST['Operator'] == '=' )
						{
							$action = "{$_POST['Field']}='{$_POST['Operand']}'";
						}
						else
						{
							$action = "{$_POST['Field']}={$_POST['Field']}{$_POST['Operator']}{$_POST['Operand']}";
						}
						$DB->Update("UPDATE topsites_Triggers SET " .
							"Username='{$_POST['Username']}', " .
							"Type='{$_POST['Type']}', " .
							"Action='$action' " .
							"WHERE Unique_ID='{$_POST['ID']}'");
						$message = "Trigger has been updated successfully";
						$redisplay = 'triggers';
						require("{$GLOBALS['TDIR']}/admin_popup.tpl");
					}
					else
					{
						require("{$GLOBALS['TDIR']}/admin_edittrigger.tpl");
					}
					break;
			}
		}
	}
?>
Return current item: DDL CMS