Location: PHPKode > projects > OpenSupports > support/admin/admin.php
<?php
session_start();
require "config.php";
if(isset($_POST[adminuser]))
{
if($_POST[adminuser] != $adminuser)
{
header('Location: error.php');
}
elseif($_POST[adminpass] != $adminpass)
{
header('Location: error.php');
}
else
{
$_SESSION[login] = true;
}
}
elseif($_SESSION[login] != true)
{
header('Location: index.php');
}
if($_GET[id] == cerrar)
{
session_unset();
session_destroy();
header('Location: index.php');
}
if($_GET[form] == agregar)
{
$adddep = mysql_query("INSERT into departamentos(id,departamento,staff) VALUES ('','$_POST[departamentoagrega]','')");
header('Location: admin.php?id=departamento&from=complete');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>

<script>
function enviar()
{
    document.departamentoselect.submit();
}
function mostrar(name) {
div = document.getElementById(name);
div.style.display = '';
if(typeof (actual) != "undefined")
{
cerrar(actual);
}
}

function cerrar(name) {
div = document.getElementById(name);
if(div.style.display != 'none')
{
div.style.display='none';
}
}

</script>

<title>Support Center - <?php echo $titulo; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><!-- default stylesheet -->
<link rel="stylesheet" type="text/css" media="all" href="index_files/index.css">
<style type="text/css">
<!--
body {
	background-image: url();
	margin-top: 0px;
	margin-bottom: 0px;
}
-->
</style>
<link rel="stylesheet" href="index_files/style.css" type="text/css">
<!-- default javascript -->
<script language="Javascript">
</script>
<script language="Javascript" src="index_files/basejs.js" type="text/javascript"></script>
<style type="text/css">
<!--
.Estilo1 {
	color: #006600;
	font-style: italic;
	font-weight: bold;
}
.Estilo3 {font-weight: bold; color: #006600;}
.Estilo15 {font-size: 9}
.Estilo16 {font-size: 9px}
.Estilo20 {color: #FF0000}
.Estilo18 {color: #FF0000; font-weight: bold; }
.Estilo21 {color: #000000}
.Estilo22 {font-size: 12px}
.Estilo23 {color: #000099}
-->
</style>
</head>
</html>
<html>
<head>
</head>
<body>
<center>
  <table align="center" border="0" cellpadding="0" cellspacing="0" width="780">
    <tbody>
      <tr>
        <td style="background-image: url();" valign="top"><table align="center" border="0" cellpadding="0" cellspacing="0" width="750">
          <tbody>
            <tr>
              <td><table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
                  <tbody>
                    <tr>
                      <td><table width="100%" border="0" cellpadding="3" cellspacing="0" background="index_files/button-right.jpg">
                        <tbody>
                          <tr>
                            <td class="smalltext" align="left" valign="top"><b><font color="#707070"><a href="index.php" id="navlink"></a>Support Center <img src="login_files/blueblockarrow.gif" width="8" height="8"> Administration <img src="login_files/blueblockarrow.gif" width="8" height="8"> <a href="admin.php">Panel</a> </font></b></td>
                          </tr>
                        </tbody>
                      </table></td>
                    </tr>
                  </tbody>
              </table></td>
            </tr>
            <tr>
              <td><table width="748">
                <tr>
                  <td><div align="center">
                    <p><img src="panel.png" width="128" height="128"></p>
                    <p><span class="Estilo1">Welcome to the Administration Panel </span><span class="Estilo3"></span> (<a href="admin.php?id=cerrar">Close Session</a>) </p>
                  </div></td>
                </tr></table>
                <table width="210" height="50" border="0" align="center">
                  <tr>
                    <td width="49"><div align="center"><a href="admin.php?id=users"><img src="user.png" width="32" height="32" border="0"></a></div></td>
                    <td width="49"><div align="center"><a href="admin.php?id=staff"><img src="staff.png" width="32" height="32" border="0"></a></div></td>
                    <td width="49"><div align="center"><a href="admin.php?id=articulo"><img src="note_edit.jpg" width="32" height="32" border="0"></a></div></td>
                    <td width="49"><div align="center"><a href="admin.php?id=departamentos"><img src="note_edit.jpg" width="32" height="32" border="0"></a></div></td>
                  </tr>
                  <tr>
                    <td><div align="center"><a href="admin.php?id=users">Users</a></div></td>
                    <td><div align="center"><a href="admin.php?id=staff">Staff</a></div></td>
                    <td><div align="center"><a href="admin.php?id=articulo">Articles</a></div></td>
                    <td><div align="center"><a href="admin.php?id=departamentos">Depart.</a></div></td>
                  </tr>
                </table>
				<?php
				if($_GET[id] == "users")
				{
				?>
				<table width="661" height="208">
				<tr>
				<td width="97" height="204">
				<table width="101" height="126">
				<tr>
				<td height="34"><div align="center"><img src="seach.png" width="32" height="32"><br>
				    <a href="javascript:mostrar('seach');var actual = 'seach';">Find User  </a>				  </div></td>
				</tr>
				<tr>
				  <td height="41"><div align="center"><img src="no.png" width="32" height="32"><br>
				     <a href="javascript:mostrar('baneoip');var actual = 'baneoip';">Delete User  </a></div></td>
				  </tr>
				</table>				</td>
				<td width="552">
				  <label> 
				  <div align="center" id="seach" style="display:none;">
				  <table width="441" height="126">
                    <tr>
                      <td height="34"><div align="center"><img src="seach.png"></div></td>
                    </tr>
                    <tr>                     </tr>
				  </table>
				  <table class="tborder" border="0" cellpadding="0" cellspacing="0" width="100%">
                    <!-- BEGIN LOGIN BOX -->
                    <tbody>
                      <tr class="tcat">                        </tr>
                    </tbody>
                    <!-- BEGIN LOGIN BOX -->
                    <tbody>
                      <tr class="tcat">
                        <td align="left" width="1"><img src="index_files/space.gif" height="21" width="1"></td>
                        <td align="left" width="8"><img src="index_files/blockarrow.gif" height="8" width="8"></td>
                        <td align="right" width="25">&nbsp;</td>
                      </tr>
                      <tr>
                        <td colspan="4" bgcolor="#f5f5f5"><table border="0" cellpadding="2" cellspacing="1" width="100%">
                            <tbody>
							
                              <tr>
                              
							 <td class="smalltext" width="46%">
							 <label>
								
							
                                </label>								</td>
							  </tr>
							</tbody>
                          </table>
                            <script language="Javascript">
						document.loginform.loginemail.focus();
						                            </script></td>
                      </tr>
                      <!-- END LOGIN BOX -->
                      <tr class="borderrow1">
                        <td colspan="4" align="left" height="1"><img src="index_files/space.gif" height="1" width="1"></td>
                      </tr>
                      <tr> </tr>
                    </tbody>
                    <tbody>
                        <tr class="tcat">
                          <td align="left" width="1"><img src="index_files/space.gif" height="21" width="1"></td>
                          <td align="left" width="8"><img src="index_files/blockarrow.gif" height="8" width="8"></td>
                          <td width="169" align="left" valign="middle">&nbsp;<img src="clipboard.gif" width="16" height="16"> Mostrar Tickets </td>
                          <td align="right" width="25">&nbsp;</td>
                        </tr>
                        <tr>
                            <td colspan="4" bgcolor="#f5f5f5"><table border="0" cellpadding="2" cellspacing="1" width="100%">
                                <tbody>
                                  <tr>
                                    <td class="smalltext" width="46%"><label>
                                        </label></td>
                                  </tr>
                                </tbody>
                              </table>
                                <script language="Javascript">
						document.loginform.loginemail.focus();
						                            </script></td>
                        </tr>
                        <!-- END LOGIN BOX -->
                        <tr class="borderrow1">
                            <td colspan="4" align="left" height="1"><img src="index_files/space.gif" height="1" width="1"></td>
                        </tr>
                        <tr> </tr>
                            </tbody>
                  </table>
				  <table width="441" height="126">
				    <tr>
				      <td height="41"><p align="center"><strong>Find User: 
				        </strong></p>
                                <form name="form1" method="post" action="busca.php">
                                  <div align="center">
                                    <input name="usuariobusca" type="text" id="usuariobusca">
                                    </p>
                                    <label>
                                    *<br><input type="submit" name="Submit2" value="Buscar">
                                    </label>
                                  </div>
                              </form></td>
				      </tr>
				    <tr>
				      <td height="41"><p>Find information about an user (name, correo, tickets). </p>
                            <p>*Users's Email. </p></td>
                      </tr>
				    </table>
				  </div>
				  <div align="center" id="baneoip" style="display:none;">
				        <table width="441" height="126">
                          <tr>
                            <td height="34"><div align="center"><img src="no.png"></div></td>
                          </tr>
                          <tr>
                            <td height="41"><p align="center"><strong>Delete User:						</strong></p>
				              <form name="form1" method="post" action="borrar.php">
				          <div align="center">
				            <input type="text" name="borrar">
				            *<br>
				            </p>
				               <input type="submit" name="Submit" value="Buscar">
				          </div>
				        </form></td>
                          </tr>
                          <tr>
                            <td height="41"><p></p>
                              <p>*User's Email.</p></td>
                          </tr>
                        </table>
				        </div>
				  <p>&nbsp;</p>
				  				  <p>&nbsp;</p></td>
				</tr>
                </table>
				<p>
				  <?php } ?>
				</p>
				<p>
                  <?php
				if($_GET[id] == "staff")
				{
				?>
</p>
				<table width="759" height="208">
                  <tr>
                    <td width="97" height="204"><table width="101" height="90">
				<tr>
				<td height="34"><div align="center"><img src="seach.png" width="32" height="32"><br>
				    <a href="javascript:mostrar('listado');var actual = 'listado';">List Staff Users </a>				  </div></td>
				</tr>
                        <tr>
                          <td height="41"><div align="center"><img src="si.png" width="32" height="32"><br>
                              <a href="javascript:mostrar('agregarstaff');var actual = 'agregarstaff';">Add Staff User </a></div></td>
                        </tr>
						                        <tr>
                          <td height="41"><div align="center"><img src="no.png" width="32" height="32"><br>
                              <a href="javascript:mostrar('borrarstaff');var actual = 'borrarstaff';">Delete Staff User </a></div></td>
                        </tr>
                    </table></td>
                    <td width="552"><label>
					  <div id="agregarstaff" style="display:none">
                      <table width="441" height="126" align="center">
                        <tr>
                          <td height="34"><div align="center"><img src="si.png" width="32" height="32"></div></td>
                        </tr>
                        <tr>
                          <td height="41"><p align="center"><strong>Add new Staff User: </strong></p>
                              <form name="form1" method="post" action="staffadmin.php?id=agregar">
                                <div align="center">
                                  <p>Name:
                                    <input type="text" name="nombre">
                                  *<br>
                                  E-Mail:
                                  <input type="text" name="email">
                                  *                                  <br>
                                  <input type="checkbox" name="articulos" value="checkbox">
                                  Allow articles publication<br>
                                  <input type="checkbox" name="baneo" value="checkbox">
                                  Allow Delete Users                               <br>
                                  <strong>Allowed departments:</strong>
                                  <br>
                                  <?php
								  $busquedadepartamentos=mysql_query("SELECT * FROM departamentos");
								  while($departamento=mysql_fetch_array($busquedadepartamentos))
								  {
								  ?><input type="checkbox" name="<?php echo $departamento[departamento]; ?>">
                                  <?php echo $departamento[departamento]; ?>
								  <?php
								  }
								  ?> </p>
                                  <input type="submit" name="Submit4" value="Agregar">
                                  </p>
                                </div>
                              </form></td>
                        </tr>
                        <tr>
                          <td height="41"><p></p>
                              <p align="center">*Complete all the fields. The user and password will be generate automatically. </p></td>
                        </tr>
                      </table></div>
					  <div id="borrarstaff" style="display:none"><table width="441" height="126" align="center">
                        <tr>
                          <td height="34"><div align="center"><img src="no.png" width="32" height="32"></div></td>
                        </tr>
                        <tr>
                          <td height="41"><p align="center"><strong>Delete Staff Users: </strong></p>
                              <form name="form1" method="post" action="staffadmin.php?id=borrar">
                                <div align="center">
                                  <p>Username:
                                    <input type="text" name="nombre">
                                  *                                  </p>
                                  <input type="submit" name="Submit4" value="Borrar">
                                  </p>
                                </div>
                              </form></td>
                        </tr>
                        <tr>
                          <td height="41"><p></p>
                              <p align="center">*Write the staff username. (Like: staff32) </p></td>
                        </tr>
                      </table></div>
					  <div id="listado" style="display:none"><table width="718" height="69" border="0" align="center" cellpadding="3" cellspacing="1">
                        <tbody>
                          <tr class="tabletitlerow" title="" onMouseOver="" onMouseOut="" onClick="" id="" style="" height="">
                            <td width="107" height="19" colspan="" align="center" valign="middle" class="tabletitlerow">Last connection </td>
                            <td width="147" colspan="" align="center" valign="middle" class="tabletitlerow">Name&nbsp;</td>
                            <td width="205" colspan="" align="center" valign="middle" class="tabletitlerow">Email</td>
                            <td width="129" align="center" valign="middle" class="tabletitlerow">User</td>
                            <td width="129" align="center" valign="middle" class="tabletitlerow">Password</td>
                            </tr>
                          <?php
$buscarstaff=mysql_query("select * from staff");
while ($staff=mysql_fetch_array($buscarstaff))
{
?>
                          <tr class="row1" onMouseOver="this.className='rowhighlight';" onMouseOut="this.className='row1';">
                            <td height="47" align="center" valign="middle"><span class="Estilo15"><?php echo $staff['ultima']; ?></span></td>
                            <td align="center" valign="middle"><span class="Estilo16"><?php echo $staff['name']; ?></span></td>
                            <td align="center" valign="middle"><span class="Estilo16"><?php echo $staff['email']; ?></span></td>
                            <td align="center" valign="middle"><span class="Estilo16"><?php echo $staff['user']; ?></span></td>
                            <td align="center" valign="middle"><span class="Estilo16"><?php echo $staff['pass']; ?></span></td>
                            </tr>
                          <?php
}
?>
                        </tbody>
                      </table></div></td>
                  </tr>
                </table>
				<p>
                  <?php } ?>
				</p>
				<p>
                  <?php
if($_GET[id] == articulo)
{
?>
</p>
				<p align="center" class="redtext Estilo22">Publish Article </p>
				<form action="admin.php" method="post" enctype='multipart/form-data' name="articulopost" id="articulopost">
                  <table width="475" height="152" align="center">
                    <tr>
                      <td width="71" height="25" class="swiftfieldset">Title:</td>
                      <td width="392"><label>
                        <input name="asunto" type="text" id="asunto">
                      </label></td>
                    </tr>
                    <tr>
                      <td height="45" class="swiftfieldset">Content:</td>
                      <td>
                        <textarea name="text_content" cols="60" rows="10" id="text_content"></textarea></td>
                    </tr>
                    <tr>
                      <td height="36" class="swiftfieldset">File: <span class="Estilo20">(optional)</span></td>
                      <td><input name='fileuploader' type=file class='bginput' id="fileuploader" value="">
                        (Max.:
                        <?php $valorutilizado = $filemax / 1048576; echo $valorutilizado;?>
                        Mb )<span class="Estilo18">*</span></td>
                    </tr>
                    <tr>
                      <td height="34" class="swiftfieldset"><input name="Submit22" type="submit" value="Publish Article" onClick=""></td>
                      <td><span class="Estilo18">*</span><span class="Estilo21">If you add a file, the article can latest more. </span></td>
                    </tr>
                  </table>
				  </form>
				  <form name="form2" method="post" action="admin.php">
				  Delete Article:
				  <input name="borrararticuloid" type="text" value="Write article id">
				  <input type="submit" name="Submit5" value="Delete">
				</form>

				<p>
                  <?php
				  
}
elseif(isset($_POST[borrararticuloid]))
{
 if(@mysql_query("SELECT * from guias where id='$_POST[borrararticuloid]'"))
 {
  mysql_query("delete from guias where id='$_POST[borrararticuloid]'");
  echo "Article has been deleted<br>";
 }
 else
 {
  echo "Article was not found<br>";
 }
}
elseif(isset($_POST['asunto']))
{
if (strlen($_POST[asunto]) < 4)
{
?>
                  <span class="Estilo18">Error:</span><span class="Estilo20"> Title is very short </span>
                  <?php
}
elseif (strlen($_POST[text_content]) < 10)
{
?>
                  <span class="Estilo18">Error:</span><span class="Estilo20"> Content is very short </span>
                  <?php
}
else
{
//INICIA UPLOAD FILE
if($_FILES['fileuploader']['name'] != "")
{
if($_FILES['fileuploader']['size'] < $filemax)
{
do{
$filename = rand(1,1000000) . "_" . $_FILES['fileuploader']['name'];
					$filename=str_replace(" ","_",$filename);
}while(@mysql_num_rows("SELECT file FORM guias where file LIKE '%$filename%'") == 1);
					$add = "../files/$filename";
					copy($_FILES['fileuploader']['tmp_name'], $add);
					chmod("$add",0777);
					echo "
<span class='Estilo19'><strong>Success.</strong> The article has been published.</span>";
//Termina
$publcararticulo = mysql_query("INSERT into guias(id,user,file,asunto,contenido,fecha) values ('','$_SESSION[user]','$filename','$_POST[asunto]','$_POST[text_content]','$date')");
			}
			else
			{
			?>
                  <span class="Estilo18">Error:</span><span class="Estilo20"> The file couldn't be upload .</span>
				  <?php
		}
		}
		else
		{
		$filename = "";
		//Termina
$publcararticulo = mysql_query("INSERT into guias(id,user,file,asunto,contenido,fecha) values ('','$_SESSION[user]','$filename','$_POST[asunto]','$_POST[text_content]','$date')");
		echo "
<span class='Estilo19'><strong>Success.</strong> The article has been published.</span>";
		}
?>
                  <?php
}
}
elseif($_GET[id] == departamentos)
{?>
				</p>
				<p>
                  <?php
if($_GET[form] == eliminar)
{
mysql_query("delete from departamentos where departamento='$_POST[depborrar]'");
echo "You've deleted: " . $_POST[depborrar]; 
}
?>
</p>
				<p>
                </p>
				<p>Add department :</p>
				<form action="admin.php?id=departamentos&form=agregar" method="post">
                  <p>
                    Name:
                      <input name="departamentoagrega" type="text" id="departamentoagrega">
                  </p>
				  <p>
                    <input type="submit" name="Submit32" value="Add">
                  </p>
				  </form>
				<p>Delete department :</p>
				<form action="admin.php?id=departamentos&form=eliminar" method="post">
                  <p>
                    <select name="depborrar" id="depborrar">
                      <?php
								  $busquedadepartamentos=mysql_query("SELECT * FROM departamentos");
								  while($departamento=mysql_fetch_array($busquedadepartamentos))
								  {
								  ?>
                      <option value="<?php echo $departamento[departamento]; ?>"><?php echo $departamento[departamento]; ?>                      </option>
                      <?php echo $departamento[departamento]; ?>
                      <?php
								  }
								  ?>
                      </select>
                  </p>
				  <p>
                    <input type="submit" name="Submit3" value="Delete">
                  </p>
				  </form>
				<p>
				  <?php } ?>
				  </p>
				<hr>
				<p align="center">*Select on the up bar an area to admin. </p></td>
            </tr>
            <tr>
              <td colspan="2" height="15"><div align="center"><?php echo $titulo; echo "©"; echo $fecha = date("Y");  ?>. All rights Reserved - Power by <a href="http://www.opensupports.com" class="Estilo23">OpenSupports</a></div></td>
            </tr>
          </tbody>
        </table></td>
      </tr>
    </tbody>
  </table>
</center>
</body>
</html>
Return current item: OpenSupports