Location: PHPKode > projects > MyFWB - Faisal Shah's dition > MyFWB/includes/core_admin_main.php
<?php
session_start();
/*
MyFWB 1.0 Faisal Shah's ├ędition 
27 August 2008 18:35 French standard time.
This is a free software made to be good for some one, and it comes as it is with no warrenty, and it's a copy righted Software which means you can use and distribute it to un-limited number of people but can't edit / re-produce or re-make any thing from it's core code, This software is free for ever and for everyone, but REMOVING COPYRIGHT FROM THE BOTTOM OF ANY PART OF IT MAKES IT ILLEGAL TO USE. IF YOU DO THIS, AND WE GOT THE REPORT, IT CAN CAUSE THE TERMINATION OF YOUR SITE AND SOME TIMES WE DO REPORT THESE KIND OF CASES TO YOUR ISP (INTERNET PROVIDER TO SHUT DOWN YOUR INTERNET CONNETION).. SO PLEASE KEEP IT LEGAL. Thanks for using our product!
(c)2008 Faisal Tasleem Shah All Rights Reserved.
*/

require_once("configuration.php");
require_once("core_functions.php");
$connect = mysql_connect("$db_host","$db_user","$db_pass");
mysql_select_db("$db_name");
$sid = session_id();
if($_SESSION["admin_permission"] == "Yes")
{

$query = mysql_query("select username from user where userid=1");
$user = mysql_fetch_array($query);

$admin_username = $user['username'];

$main_form = "<div align=\"center\">

<table width=\"75%\">

	<tr>
		<td>
		<b>$admin_username , </b>Welcome to MyFWB Administration...               <a target=\"_BLANK\" href=\"../\"><img src=\"../images/view_site.png\"></a><a href=\"?action=logout&sid=$sid\"><img src=\"../images/logout.png\"></a>
		
		
		<table  width=\"100%\">
			<tr>
				<td width=\"430\">
				<form method=\"POST\" action=\"?action=site_management&sid=$sid\">
					<p>
					<input type=\"submit\" value=\"Site Management\" name=\"site_management\" style=\"font-weight: 700\"></p>
				</form>
&nbsp;</td>
				<td>
				<form method=\"POST\" action=\"?action=extras&sid=$sid\">
					<p>
					<input type=\"submit\" value=\"Extras!\" name=\"extras\" style=\"font-weight: 700\"></p>
				</form>
&nbsp;</td>
			</tr>
		</table>
		
		
		</td>
	</tr>
</table>

</div>";

echo $main_form;
}else
{
require_once("core_admin_login.php");
echo $login_form;
exit();
}

if($_GET["action"] == "site_management" && $_GET["sid"] == $sid)
{

$query_getting_page_list = mysql_query("select * from site");


while($pages = mysql_fetch_array($query_getting_page_list))
{
	$page_title_striped = stripslashes("$pages[pagetitle]");
echo "
	<div align=\"center\">
	<table width=\"75%\">
	<tr>
		<td>$page_title_striped <img src=\"../images/arrow.png\"> <a href=\"?action=edit&pageid=$pages[pageid]&securekey=$sid\"><span style=\"text-decoration: none\">Edit</span></a> - <a href=\"?action=delete_page&pageid=$pages[pageid]&sid=$sid\"><span style=\"text-decoration: none\">Delete</span></a>...</td>
	</tr>
</table>
</div>";
}
echo "<form method=\"POST\" name=\"adding_new_page\" action=\"?action=adding_new_page&securekey=$sid\">
	<p align=\"center\">
	<input type=\"submit\" value=\"Adding new page\" name=\"new_page\" style=\"font-weight: 700\"></p>
</form>";
}

if($_GET["action"] == "delete_page" && $_GET["pageid"] && $_GET["sid"] == $sid)
{
$pageid = $_GET["pageid"];

if($pageid == 1)
{
echo "<b><font color=\"RED\"> WARNING : You are trying to delete the Core page of MyFWB.. This page can't be deleted, however, you can still edit this page and can change it's title / name and content. But you can't delete it...</font></b>";
exit();
}
$page_information = mysql_query("select pagetitle from site where pageid=$pageid");
$deleting_page = mysql_query("DELETE FROM site WHERE pageid = $pageid");
$result_page_information = mysql_fetch_array($page_information);

echo "<p><b><font size=\"5\" face=\"Euphemia\" color=\"#FF0000\">Congratulation .... </font>
</b></p>
<p> $result_page_information[pagetitle] is deleted successfully...

</p>
<p> Click here to return to <a href=\"?action=site_management&sid=$sid\">
<span style=\"text-decoration: none\">Page Management...</span></a></p>";
}

$extras_form = "<div align=\"center\">

<table width=\"75%\">
	<tr>
		<td>
		<form method=\"POST\" action=\"?action=changing_user_email&sid=$sid\">
			<fieldset style=\"padding: 2\">
			<legend><font color=\"#008000\">Changing Username or (and) Email</font></legend>
			<p align=\"center\">Username : <input type=\"text\" name=\"username\" value=\"$info2change[username]\" size=\"20\"><p align=\"center\">
			E-mail : <input type=\"text\" value=\"$info2change[useremail]\" name=\"email\" size=\"23\">
				<br>Site name : <input type-\"text\" name=\"site_name\" value=\"$site_name\">
			</p>
			</fieldset><p align=\"center\">
			<input type=\"submit\" value=\"Submit\" name=\"user_change\"></p>
		</form>
		</td>
	</tr>
	<tr>
		<td>
		<form method=\"POST\" action=\"?action=changing_password&sid=$sid\">
			<fieldset style=\"padding: 2\">
			<legend><font color=\"#FF0000\">Changing Password</font></legend>
			<p align=\"center\">
			<b>New Password : </b>
			<input type=\"password\" name=\"new_password\" size=\"16\" style=\"font-weight: 700\"></p>
			<p align=\"center\"><b>Confirm new password : </b>
			<input type=\"password\" name=\"confirm_new_password\" size=\"9\" style=\"font-weight: 700\"></p>
			</fieldset><p align=\"center\">
			<input type=\"submit\" value=\"Submit\" name=\"email_change\">
		</form>
		<p align=\"center\">
			<form method=\"post\" action=\"?action=online_queries&sid=$sid\">
			<input type=\"submit\" name=\"submit\" value=\"Read 'Contact Us' Online queries\">
			</form>
			
			</td>
				
	</tr>
</table>

</div>";

if($_GET["action"] == "extras" && $_GET["sid"] == $sid)
{


$user_info_change = mysql_query("select * from user where userid=1");
$info2change = mysql_fetch_array($user_info_change);
$site_info = mysql_query("select name from site");
$siteinfo = mysql_fetch_array($site_info);
$site_name = stripslashes("$siteinfo[name]");

$extras_form_inside = "<div align=\"center\">

<table width=\"75%\">
	<tr>
		<td>
		<form method=\"POST\" action=\"?action=changing_user_email&sid=$sid\">
			<fieldset style=\"padding: 2\">
			<legend><font color=\"#008000\">Changing Username or (and) Email</font></legend>
			<p align=\"center\">Username : <input type=\"text\" name=\"username\" value=\"$info2change[username]\" size=\"20\"><p align=\"center\">
			E-mail : <input type=\"text\" value=\"$info2change[useremail]\" name=\"email\" size=\"23\">
				<br>Site name : <input type-\"text\" name=\"site_name\" value=\"$site_name\">
			</p>
			</fieldset><p align=\"center\">
			<input type=\"submit\" value=\"Submit\" name=\"user_change\"></p>
		</form>
		</td>
	</tr>
	<tr>
		<td>
		<form method=\"POST\" action=\"?action=changing_password&sid=$sid\">
			<fieldset style=\"padding: 2\">
			<legend><font color=\"#FF0000\">Changing Password</font></legend>
			<p align=\"center\">
			<b>New Password : </b>
			<input type=\"password\" name=\"new_password\" size=\"16\" style=\"font-weight: 700\"></p>
			<p align=\"center\"><b>Confirm new password : </b>
			<input type=\"password\" name=\"confirm_new_password\" size=\"9\" style=\"font-weight: 700\"></p>
			</fieldset><p align=\"center\">
			<input type=\"submit\" value=\"Submit\" name=\"email_change\">
		</form>
		<p align=\"center\">
			<form method=\"post\" action=\"?action=online_queries&sid=$sid\">
			<input type=\"submit\" name=\"submit\" value=\"Read 'Contact Us' Online queries\">
			</form>
			
			</td>
				
	</tr>
</table>

</div>";
echo $extras_form_inside;
}

if($_GET["action"] == "changing_user_email" && $_GET["sid"] == $sid)
{

if($_POST["username"] == "")
{
echo "The username field can't be empty, Please insert a valid value...";
}else
{
$sec1 = 1;
}

if($_POST["email"] == "")
{
echo "<br>The e-mail field can't be empty, Please insert the correct value...";
}else
{
$sec2 = 1;
}

if($_POST["site_name"] == "")
{
echo "<br>The Site name field can't be empty, Please enter your site name to continue...";
}else
{
$sec3 = 1;
}
	
$security_changing_info = $sec1 + $sec2 + $sec3;

if($security_changing_info == 3)
{
$username = secure("$_POST[username]");
$email = secure("$_POST[email]");
$site_name = secure("$_POST[site_name]");
$query_new_info_write = mysql_query("UPDATE `user` SET `username` = '$username',
`useremail` = '$email' WHERE userid =1");
$query_new_site_name = mysql_query("UPDATE site set name = '$site_name'");
echo "Your username and (or) e-mail and (or) Web-Site name is changed successfully...";
exit();
}else
{
echo $extras_form;	
}	
}

if($_GET["action"] == "changing_password" && $_GET["sid"] == $sid)
{

$old_pass_getting_data = mysql_query("select password from user where userid=1");
$old_pass_check = mysql_fetch_array($old_pass_getting_data);

$old_pass_in_data = secure("$old_pass_check[password]");
$old_pass = secure("$_POST[old_password]");
$old_pass1 = md5($old_pass);
$old_pass2 = base64_encode($old_pass1);
$new_pass = secure("$_POST[new_password]");
$conf_pass = secure("$_POST[confirm_new_password]");


if($new_pass == "")
{
echo "<br>There is nothing in new password field, that can't be blank... Please <a href=\"?action=extras&sid=$sid\">Go Back</a> and fix it up...";
}else
{
$sec2 = 1;	
}

if($conf_pass == "")
{
echo "<br>There is nothing in New confirmation password field, Please <a href=\"?action=extras&sid=$sid\">Go Back</a> and fix it up...";
}else
{
$sec3 = 1;
}	

if($sec_pass_change = 3)
{

if($new_pass == $conf_pass)
{
$both_same = "Yes";
}else
{
echo "There is probably some problem, and the problem is that the new password and the confirmation of that password doesn't match.. Please try again!";
}

if($both_same == "Yes")
{

$new_pass1 = md5($new_pass);
$new_pass2 = base64_encode($new_pass1);

$writing_new_pass = mysql_query("UPDATE user set password = '$new_pass2' where userid=1");
echo "<b>Your password is changed successfully...";
exit();
}
}
}

if($_GET["action"] == logout && $_GET["sid"] == $sid)
{
$_SESSION["admin_permission"] = "";
echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=\">";
}

if($_GET["action"] == "online_queries" && $_GET["sid"] == $sid)
{

$getting_queries_list = mysql_query("select * from contactsystem");


while($list_queries = mysql_fetch_array($getting_queries_list))
{
echo "
	<div align=\"center\">
	<table width=\"75%\">
		<tr>
			<td><a href=\"?action=online_queries_read&messagekey=$list_queries[id]&sid=$sid\">$list_queries[name] - $list_queries[email]</a></td>
		</tr>
	</table>";
}
}

if($_GET["action"] == "online_queries_read" && $_GET["messagekey"] && $_GET["sid"] == $sid)
{

$getting_queries_message = mysql_query("select * from contactsystem where id=$_GET[messagekey]");
$message = mysql_fetch_array($getting_queries_message);

if($message == "")
{
echo "Currently there are no Online queries...";
}

echo "<table width=\"75%\">
	<tr>
		<td>Sender Info : $message[name] - $message[email]&nbsp;&nbsp;&nbsp; ->>>>> <a href=\"?action=queries_delete&messagekey=$message[id]&sid=$sid\">
		<span style=\"text-decoration: none\">Delete this message!</span></a><p>$message[message]</td>
			<form method=\"POST\" action=\"?action=online_queries&sid=$sid\">
			<p>
			<input type=\"submit\" value=\"&lt;&lt;Back\" name=\"back\" style=\"font-weight: 700\"></p>
		</form>
	</tr>
</table>";
}

if($_GET["action"] == "queries_delete" && $_GET["messagekey"] && $_GET["sid"] == $sid)
{
$message2del = $_GET["messagekey"];

mysql_query("DELETE from contactsystem where id=$message2del");
echo "<b>Message Deleted successfully...";
echo "<form method=\"POST\" action=\"?action=online_queries&sid=$sid\">
	<p align=\"center\">
	<input type=\"submit\" value=\"&lt;&lt;Back to Query Manager!\" name=\"back\" style=\"font-weight: 700\"></p>
</form>";
}
?>
Return current item: MyFWB - Faisal Shah's dition