Location: PHPKode > projects > OpenSupports > Opensupports_v2_EN/support/admin/staffadmin.php
<?php
session_start();
require "config.php";
if(isset($_POST[adminuser]))
{
if($_POST[adminuser] != $adminuser)
{
header('Location: error.php?err=loginadmin');
}
elseif($_POST[adminpass] != $adminpass)
{
header('Location: error.php?err=loginadmin');
}
}
if(!isset($_POST[adminuser]))
{
if($_SESSION[login] != true)
{
header('Location: index.php');
}
}
$_SESSION[login] = true;


//MANAGEMENT OF USERS
if($_GET[id] == "agregar")
{
 $str = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
 $code = "";
 for($i=0;$i<8;$i++)
 {
  $code .= substr($str,rand(0,62),1);
 }
 $usernumber1 = @mysql_num_rows(mysql_query("SELECT * from staff"));
 $usernumber2 = $usernumber1  + 1;
 $user = "staff" . $usernumber2;
 
 if($_POST[articulos] == true)
 {
  $articulo = 1;
 }
 elseif($_POST[articulos] == false)
 {
  $articulo = 2;
 }
 
 if($_POST[baneo] == true)
 {
  $baneo = 1;
 }
 elseif($_POST[baneo] == false)
 {
  $baneo = 2;
 }

 if(strlen($_POST[nombre]) < 3)
 {
  $ok2 = no;
 }
 $busca = "select name from staff WHERE name='$_POST[email]'";
 $todoslosquehay =  @mysql_num_rows(mysql_query($busca));
 
 if ($todoslosquehay > 0)
 {
  $ok = "existe";
 }
 else
 {
  if(strlen($_POST[email]) < 7)
  {
   $ok2 = no;
  }
  else
  {
   $mysl1 = mysql_query("INSERT into staff (id,user,pass,name,email,articulo,ban,ultima) VALUES    ('','$user','$code','$_POST[nombre]','$_POST[email]','$articulo','$baneo','Sin Ingresar')") or die ("ERROR4".mysql_error());
   //DEPARTAMENTOS//
   $dep2 = mysql_query("SELECT * from departamentos") or die("ERROR3".mysql_error());
   while($dep1 = mysql_fetch_array($dep2))
   {
    $departamentoactual = $dep1[departamento];
    if($_POST[$departamentoactual] == true)
    {
     $dmysql1 = mysql_query("SELECT * from departamentos WHERE departamento='$departamentoactual'")  or die ("ERROR2".mysql_error());
	 $dmysql2 = mysql_fetch_array($dmysql1);
     $staffdepartamento = $dmysql2[staff] . "-" . $user . "-";
     mysql_query("update departamentos set staff='$staffdepartamento' where departamento='$departamentoactual'") or die ("ERROR1".mysql_error());
    }
   }
   $ok2 = si;
   /*
   $mensaje = "Bienvenido a su cuenta de staff de soporte de" . $titulo . "\n\nSu cuenta: " . $user . "\nSu Contraseña: " . $code .   "\n\nNombre: " . $_POST[nombre] . "\n\nPara Acceder Ingrese en " .  $url . "admin/"; 
   $headers .= "<" . $mailprincipal .">\r\n";
   $headers .= "Reply-To:" . $mailprincipal; 
   mail($_POST[email],"Bienvenido a su cuenta de usuario staff - " . $titulo,$mensaje,$headers);
   */
  }
 }
}
elseif($_GET[id] == "borrar")
{
  $usuariobuscando=@mysql_query("select * from staff WHERE user='$_POST[nombre]'");
  $staff = @mysql_fetch_array($usuariobuscando);
  if(@mysql_num_rows($usuariobuscando) == 0)
  {
    $ok = "false";
  }
  else
  {
    $ok = "true";
    mysql_query("delete from staff where user='$_POST[nombre]'");
	/*
    $mensaje = "Su cuenta de miembro de staff del centro de soporte de " . $titulo . " ha sido borrada por el administrador del sitio.\n\nComuniquese con el administrador."; 
    $headers .= "<" . $mailprincipal .">\r\n";
    $headers .= "Reply-To:" . $mailprincipal; 
    mail($staff[email],"Su cuenta a sido borrada - " . $titulo,$mensaje,$headers);
	*/
  }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<title>Support Center - <?php echo $titulo; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><!-- default stylesheet -->
<link rel="stylesheet" type="text/css" media="all" href="index_files/index.css">
<style type="text/css">
<!--
body {
	background-image: url();
	margin-top: 0px;
	margin-bottom: 0px;
}
-->
</style>
<link rel="stylesheet" href="index_files/style.css" type="text/css">
<script language="Javascript" src="index_files/basejs.js" type="text/javascript"></script>
<style type="text/css">
<!--
.Estilo1 {
	color: #006600;
	font-style: italic;
	font-weight: bold;
}
.Estilo3 {font-weight: bold; color: #006600;}
.Estilo8 {font-size: 16px; color: #009900;}
.Estilo9 {color: #FF0000}
.Estilo10 {color: #000099}
-->
</style>
</head>
</html>
<html>
<head>
</head>
<body>
<center>
  <table align="center" border="0" cellpadding="0" cellspacing="0" width="780">
    <tbody>
      <tr>
        <td style="background-image: url();" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="750">
          <tbody>
            <tr>
              <td><table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
                  <tbody>
                    <tr>
                      <td><table width="100%" border="0" cellpadding="3" cellspacing="0" background="index_files/button-right.jpg">
                        <tbody>
                          <tr>
                            <td class="smalltext" align="left" valign="top"><b><font color="#707070"><a href="index.php" id="navlink"></a>Support Center <img src="login_files/blueblockarrow.gif" width="8" height="8"> Administration <img src="login_files/blueblockarrow.gif" width="8" height="8"> <a href="admin.php">Panel</a> </font></b></td>
                          </tr>
                        </tbody>
                      </table></td>
                    </tr>
                  </tbody>
              </table></td>
            </tr>
            <tr>
              <td><table width="748">
                <tr>
                  <td><div align="center">
                    <p><img src="panel.png" width="128" height="128"></p>
                    <p><span class="Estilo1">Welcome to the Administration Panel </span><span class="Estilo3"></span> (<a href="admin.php?id=cerrar">Close Session</a>) </p>
                  </div></td>
                </tr></table>
                <p align="center"><a href="admin.php"><img src="Back.png" width="70" height="70" border="0"></a> </p>
                <p align="center" class="Estilo8"><?php
if($ok == "true")
{ ?>
                  The user has been deleted. 
                  <?php }
elseif($ok == "false")
{ ?>
                </p>
                <p align="center" class="Estilo8 Estilo9">The user was not found .<span class="Estilo8">
                  <?php }
if($ok2 == si)
{ ?>
                </span></p>
                <p align="center" class="Estilo8 Estilo9"><span class="Estilo8">User has been created:</span></p>
                <table width="389" height="212" border="1" align="center">
                  <tr>
                    <td width="115">Name:</td>
                    <td width="258"><span class="Estilo8">
                      <?php echo $_POST[nombre]; ?>
                    </span></td>
                  </tr>
                  <tr>
                    <td>Email:</td>
                    <td><span class="Estilo8"><?php echo $_POST[email]; ?></span></td>
                  </tr>
                  <tr>
                    <td>User:</td>
                    <td><span class="Estilo8"><?php echo $user; ?></span></td>
                  </tr>
                  <tr>
                    <td>Password:</td>
                    <td><span class="Estilo8"><?php echo $code; ?></span></td>
                  </tr>
                  <tr>
                    <td>Delete users : </td>
                    <td><span class="Estilo8">
                      <?php if($baneo == 1)
{
echo "Yes";
}
if($baneo == 2)
{
echo "No";
} ?>
                    </span></td>
                  </tr>
                  <tr>
                    <td>Publish articles: </td>
                    <td><span class="Estilo8">
                      <?php if($articulo == 1)
{
echo "Yes";
}
if($articulo == 2)
{
echo "No";
} ?>
                    </span></td>
                  </tr>
                  <tr>
                    <td>Deparments</td>
                    <td><?php
				$dep1 = mysql_query("SELECT * from departamentos");
while($dep2 = mysql_fetch_array($dep1))
{
$departamentoactual2 = $dep2[departamento];
if($_POST[$departamentoactual2] == true)
{
echo $departamentoactual2 . ";" ;
}
} ?></td>
                  </tr>
                </table>
                <p><span class="Estilo8">
                  <?php }
elseif($ok == "existe")
{ ?>
                </span></p>
                <p align="center"><span class="Estilo8 Estilo9">The user already exists. </span></p>
                <p align="center"><span class="Estilo8">
                  <?php }
				  elseif($ok2 == no)
				  {
				  ?>
                  <span class="Estilo8 Estilo9">Complete the fields correctly. </span>
                  <?php }?>
                </span></p>
                <hr align="center">
				<p align="center">*Select on the up bar an area to admin. </p></td>
            </tr>
            <tr>
              <td colspan="2" height="15"><div align="center"><?php echo $titulo; echo "©"; echo $fecha = date("Y");  ?>. All rights Reserved - Power by <a href="http://www.opensupports.com" class="Estilo10">OpenSupports</a></div></td>
            </tr>
          </tbody>
        </table></td>
      </tr>
    </tbody>
  </table>
</center>
</body>
</html>
Return current item: OpenSupports