Location: PHPKode > projects > PHP File Database > fdat/admin.php
<?php
/*
###############################################################################
# admin.php                                                                   #
###############################################################################
# FDat (File Database) Beta Version                                           #
# Open-Source Project by Jeffrey Gelens (hide@address.com)                  #
# =========================================================================== #
# Copyright (c) 2001 Jeffrey Gelens - All Rights Reserved                     #
#                                                                             #
# This program is free software; you can redistribute it and/or               #
# modify it under the terms of the GNU General Public License                 #
# as published by the Free Software Foundation; either version 2              #
# of the License, or (at your option) any later version.                      #
###############################################################################
*/
require ('sources/functions.php');
require ('settings.php');

mysql_connect ($database['host'], $database['username'], $database['password']) or die ("Can't connect to database server");
mysql_select_db ($database['name']) or die ("Database doesn't exist, check settings.php");

$check = check($PHP_SELF);
if (!$check) {
  echo "Not logged in or session time is expired!!!";
  exit;
}
$rankCheck = get_UserData($koekje);
if ($rankCheck != "a") {
  echo "Permission denied!!!";
  exit;
}

head();
head2();

if ($send == "clearLog") {
  $sql = "DELETE FROM userlog";
  $result = mysql_query($sql);
  echo "Log-file cleared!!";

}

if ($send == "delFiletype") {
  $sql = "DELETE FROM docs WHERE doctype = '$doctype'";
  $result = mysql_query($sql);
  echo "Filetype '$doctype' is deleted!";

}

if ($send == "delLinks") {
  $sql = "DELETE FROM links WHERE link = '$link'";
  $result = mysql_query($sql);
  echo "'Deleted: $link'!";

}

if ($send == "delLinkSubj") {
  $sql = "DELETE FROM links_subjects WHERE name = '$linkSubj'";
  $result = mysql_query($sql);
  echo "Category '$linkSubj' is deleted!";

}

if ($send == "delSubj") {
  $sql = "DELETE FROM subjects WHERE name = '$name'";
  $result = mysql_query($sql);
  echo "Subject '$name' is deleted!";

}

if ($send == "delUser") {
  $sql = "DELETE FROM users WHERE username = '$user'";
  $result = mysql_query($sql);
  echo "Deleted: $user!";

}

if ($send == "addSubj") {
  $sql = "SELECT * FROM subjects WHERE name = '$name'";
  $result = mysql_query($sql);
  $check = mysql_result($result, '');
  if (!$check) {

   $name = htmlspecialchars(addslashes($name));
   $short_name = htmlspecialchars(addslashes($short_name));
   $sql = "INSERT INTO subjects VALUES ('$name', '$short_name')";
   $result = mysql_query($sql);
   echo "Subject added!";
}
else {
  echo "Subject already exist!";
}
}

if ($send == "addFiletype") {
  $sql = "SELECT * FROM docs WHERE doctype = '$doctype'";
  $result = mysql_query($sql);
  $check = mysql_result($result, '');
  if (!$check) {

    $doctype = addslashes($doctype);
    $description = htmlspecialchars(addslashes($description));
    $icon = htmlspecialchars(addslashes($icon));

    $sql = "INSERT INTO docs VALUES ('$doctype', '$description', '$icon')";
    $result = mysql_query($sql);
    echo "Filetype addes!";
    }

  else {
  echo "Filetype already exist!";
  }
}


if ($send == "addUser") {
  $sql = "SELECT * FROM users WHERE username = '$username'";
  $result = mysql_query($sql);
  $check = mysql_result($result, '');
  if (!$check) {

  if ($password == $password2) {

    $username = addslashes($username);
    $username = htmlspecialchars($username);
    $password = md5($password);

    $sql = "INSERT INTO users VALUES ('$username', '$password', '$rank')";
    $result = mysql_query($sql);
    echo "User added!";
    }
  else {
    echo "Passwords are not equal!";
  }
  }
  else {
  echo "User already exist!";
  }
}

if ($send == "addLinkSubj") {

  $sql = "SELECT * FROM links_subjects WHERE name = '$linkSubj'";
  $result = mysql_query($sql);
  $check = mysql_result($result, '');
  if (!$check) {

  $linkSubj = htmlspecialchars(addslashes($linkSubj));
  $sql = "INSERT INTO links_subjects VALUES ('', '$linkSubj')";
  $result = mysql_query($sql);
  echo "Link category added!";

}

  else {
    echo "Link Category already exist!";
  }
}

if ($send == "addLinks") {
  $link = htmlspecialchars(addslashes($link));
  $description = htmlspecialchars(addslashes($description));
  $sql = "INSERT INTO links VALUES ('$id', '$subject', '$link', '$description')";
  $result = mysql_query($sql);
  echo "Link added!";
}

?>
<p>
<form>
<select onChange="jumpMenu('parent',this,0)">
<option value="" selected>Add...</option>
<option value="admin.php?action=addUser">Add User</option>
<option value="admin.php?action=addSubj">Add Subject</option>
<option value="admin.php?action=addLinkSubj">Add Link Category</option>
<option value="admin.php?action=addLinks">Add Links</option>
<option value="admin.php?action=addFiletype">Add Filetype</option>
</select>
<select onChange="jumpMenu('parent',this,0)">
<option value="" selected>Delete...</option>
<option value="admin.php?action=delUser">Delete User</option>
<option value="admin.php?action=delSubj">Delete Subject</option>
<option value="admin.php?action=delLinkSubj">Delete Link Category</option>
<option value="admin.php?action=delLinks">Delete link</option>
<option value="admin.php?action=delFiletype">Delete Filetype</option>
</select>
<select onChange="jumpMenu('parent',this,0)">
<option value="" selected>Userlog..</option>
<option value="admin.php?action=viewLog">View log-file</option>
<option value="admin.php?action=clearLog">Clear log-file</option>
</select>
</form>
</p>

<?php

if ($action == "viewLog") {
$sql = "SELECT * FROM userlog";
$result = mysql_query($sql);

echo "<table border=\"1\" bgcolor=\"#373737\"><tr><td>Username</td><td>Date</td><td>Time</td></tr>";

while ($row = mysql_fetch_array($result)) {
  echo "<tr><td>" . $row["username"] . "</td><td>" . $row["date"] . "</td><td>" . $row["time"] . "</td></tr>" ;
}
echo "</table>";
}

if ($action == "clearLog") {
echo "Are you sure?<form action='admin.php' method='post'>";

echo "<input type='hidden' name='send' value='clearLog'><br><input type='submit' value='Yes'></form>";

}

if ($action == "delFiletype") {
$sql = "SELECT * FROM docs";
$result = mysql_query($sql);

echo "Delete Filetype:<form action='admin.php' method='post'><select name='doctype'>";
while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["doctype"] . "'>" . $row["doctype"] . "</option>";
}
echo "</select><input type='hidden' name='send' value='delFiletype'><br><input type='submit' value='Delete'></form>";

}

if ($action == "delLinks") {
$sql = "SELECT * FROM links";
$result = mysql_query($sql);

echo "Delete link:<form action='admin.php' method='post'><select name='link'>";
while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["link"] . "'>" . $row["link"] . "</option>";
}
echo "</select><input type='hidden' name='send' value='delLinks'><br><input type='submit' value='Delete'></form>";

}

if ($action == "delLinkSubj") {
$sql = "SELECT * FROM links_subjects";
$result = mysql_query($sql);

echo "Delete link category:<form action='admin.php' method='post'><select name='linkSubj'>";
while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["name"] . "'>" . $row["name"] . "</option>";
}
echo "</select><input type='hidden' name='send' value='delLinkSubj'><br><input type='submit' value='Delete'></form>";

}

if ($action == "delSubj") {
$sql = "SELECT * FROM subjects";
$result = mysql_query($sql);

echo "Delete Subject:<form action='admin.php' method='post'><select name='name'>";
while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["name"] . "'>" . $row["name"] . "</option>";
}
echo "</select><input type='hidden' name='send' value='delSubj'><br><input type='submit' value='Delete'></form>";

}

if ($action == "delUser") {
$sql = "SELECT * FROM users";
$result = mysql_query($sql);

echo "Delete User:<form action='admin.php' method='post'><select name='user'>";
while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["username"] . "'>" . $row["username"] . "</option>";
}
echo "</select><input type='hidden' name='send' value='delUser'><br><input type='submit' value='Delete'></form>";

}
if ($action == "addLinks") {
?>

<form action="admin.php" method="post">

<table>
  <tr>
    <td> Category: </td>
    <td> <select name="id">

<?php
$sql = "SELECT * FROM links_subjects";
$result = mysql_query($sql);

while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["id"] . "'>" . $row["name"] . "</option>";
}
echo "</select></td></tr><tr><td>Subject:</td><td><select name='subject'>";

$sql = "SELECT * FROM subjects";
$result = mysql_query($sql);


while ($row = mysql_fetch_array($result)) {
  echo "<option value='" . $row["short_name"] . "'>" . $row["name"] . "</option>";
}

?>

</select>


    </td>
  </tr>
  <tr>
    <td> URL: </td>
    <td> <input type="text" name="link" value="http://"> </td>
  </tr>
  <tr>
    <td> Description: </td>
    <td> <input type="text" name="description" </td>
  </tr>
</table>

<input type="hidden" name="send" value="addLinks">
<input type="submit" value="Add">
</form>

<?php
}

if ($action == "addFiletype") {
?>
<form action="admin.php" method="post">
Link Categorie:
<table>
  <tr>
    <td> Filetype </td>
    <td> <input type="text" name="doctype"></td>
    <td> (eq. text/html) </td>
  </tr>
  <tr>
    <td> Filetype Description </td>
    <td> <input type="text" name="description"></td>
    <td> (eg. HTML-Document) </td>
  </tr>
  <tr>
    <td> Icon </td>
    <td><input type="text" name="icon"></td>
    <td> (New icons can be saved in: <?php echo $icondir; ?><br>Fill in only the filename of the icon.<br>eg. script.gif) </td>
 </td>
  </tr>
</table>

<input type="hidden" name="send" value="addFiletype">
<input type="submit" value="Add">
</form>

<?php
}
if ($action == "addLinkSubj") {
?>

<form action="admin.php" method="post">
Link Category:
<input type="text" name="linkSubj"><br>
<input type="hidden" name="send" value="addLinkSubj">
<input type="submit" value="Add">
</form>

<?php
}
if ($action == "addSubj") {
?>
<form action="admin.php" method="post">
<table>
  <tr>
    <td>Subject:</td>
    <td> <input type="text" name="name"> </td>
  </tr>
  <tr>
    <td>Short subject (max. 2)</td>
    <td> <input type="text" name="short_name" maxlength="2"> </td>
  </tr>
</table>

<input type="hidden" name="send" value="addSubj">
<input type="submit" value="Add">
</form>

<?php
}
?>

<?php
if ($action == "addUser") {
?>

Add User:<br>
<form action="admin.php" method="post">
<table>
  <tr>
    <td>Username:</td>
    <td> <input type="text" name="username"> </td>
  </tr>
  <tr>
    <td> Password: </td>
    <td><input type="password" name="password"> </td>
  </tr>
  <tr>
    <td> Password (again): </td>
    <td> <input type="password" name="password2"> </td>
  </tr>
  <tr>
    <td> Rank: </td>
    <td>
<select name="rank">
<option value="a">Administrator</option>
<option value="t">Teacher</option>
<option value="p">Pupil</option>
</select>
 </td>
  </tr>
</table>

<input type="submit" value="Add">
<input type="hidden" name="send" value="addUser">
</form>

<?php
}
foot();
?>
Return current item: PHP File Database