Location: PHPKode > projects > phpBannerEx > adm.php
<?
#################################################################################################
#
#  project              : phpBannerEx
#  filename             : adm.php
#  last modified by     : 
#  e-mail               : hide@address.com
#  purpose              : adminpanel
#
#################################################################################################

#  Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");

db_connect();
ReadConfig();

$user = authorize();

if($user[ur_id] != 1) {
  unauthorize();
  print "<script> document.location=document.location; </script>";
  exit;
}


function main_list() {
  global $lang;

  echo "<center>\n";

  $sql = "SELECT * FROM site WHERE st_status = 0";
  $res = db_query($sql);
  if(mysql_num_rows($res) > 0) {

    echo "<form name=\"frmBann\" method=post>\n";
    echo "<h1>".get_msg(notapproved,$lang)." ".get_msg(sites,$lang)."</h1>\n";
    echo "<table class=list width=50%>\n";
    echo "  <tr>\n";
    echo "    <th class=list>".get_msg(sitecode,$lang)."</th>\n";
    echo "    <th class=list>".get_msg(sitetitle,$lang)."</th>\n";
    echo "    <th class=list>".get_msg(status,$lang)."</th>\n";
    echo "  </tr>\n";

    while($row = mysql_fetch_array($res)) {
      if($row[st_status]) {
        $status = get_msg(approved,$lang);
      } else {
        $status = get_msg(notapproved,$lang);
      }
      echo "  <tr>\n";
      echo "    <td class=list>$row[st_id]</td>\n";
      echo "    <td class=list><a href=\"adm.php?lang=$lang&act=site_view&bid=$row[st_id]\">$row[st_name]</a></td>\n";
      echo "    <td class=list><a href=\"adm.php?lang=$lang&act=site_appr&bid=$row[st_id]&ret=1\">$status</a></td>\n";
      echo "   </tr>\n";
    }
    echo "</table>\n";
    echo "<p>\n";
    echo "</form>\n";
  }

  echo "<form name=\"frmCust\" method=post>\n";
  echo "<h1>".get_msg(customers,$lang)."</h1>\n";
  echo "<table class=list width=50%>\n";
  echo "  <tr>\n";
  echo "    <th class=list>".get_msg(username,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(email,$lang)."</th>\n";
  echo "    <th width=60 class=list>".get_msg(sites,$lang)."</th>\n";
  echo "    <th width=60 class=list>".get_msg(password,$lang)."</th>\n";
  echo "    <th width=60 class=list>".get_msg(delete,$lang)."</th>\n";
  echo "  </tr>\n";
  $sql = "SELECT * FROM user";
  $res = db_query($sql);
  while($row = mysql_fetch_array($res)) {
    $sql2 = "SELECT st_id FROM site WHERE st_status=1 AND st_user_ref='$row[ur_id]'";
    $res2 = db_query($sql2);
    $sitecount = mysql_num_rows($res2);

    echo "  <tr>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=user_mod_form&uid=$row[ur_id]\"> $row[ur_name] </a></td>\n";
    echo "    <td class=list><a href=\"mailto:$row[ur_mail]\"> $row[ur_mail] </a></td>\n";
    echo "    <td class=list>";
    if ($sitecount>0) {
	echo "<a href=\"adm.php?lang=$lang&act=site_list&uid=$row[ur_id]\">".get_msg(view,$lang);
    } else {
	echo "0";
    }
    echo "</a></td>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=user_psw_form&uid=$row[ur_id]\">".get_msg(change,$lang)."</a></td>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=user_del&uid=$row[ur_id]\">".get_msg(delete,$lang)."</a></td>\n";
    echo "   </tr>\n";
  }
  echo "</table>\n";
  echo "<p>\n";
  echo "<a href=\"adm.php?lang=$lang&act=user_add_form\">".get_msg(adduser,$lang)."</a>\n";
  echo "</form>\n";

  echo "<p>\n";
}

# Customers Administration

function user_add_form() {
  global $lang;

  echo "<center>\n";
  echo "<form name=\"frmCust\" method=post>\n";

  echo "<h1>".get_msg(adduser,$lang)."</h1>\n";
  echo "<table class=standard>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(username,$lang)."</td>\n";
  echo "    <td class=standard><input type=text name=\"ur_name\"</td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(password,$lang)."</td>\n";
  echo "    <td class=standard><input type=password name=\"ur_pasw1\"></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(retype,$lang)."</td>\n";
  echo "    <td class=standard><input type=password name=\"ur_pasw2\"></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(email,$lang)."</td>\n";
  echo "    <td class=standard><input type=text name=\"ur_mail\"></td>\n";
  echo "  </tr>\n";
  echo "</table>\n";

  echo "<p>\n";
  echo "<input type=hidden name=act value=user_add>\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "<input type=submit value=\"".get_msg(submit,$lang)."\">\n";
  echo "</form>";
}

function user_add() {
  global $ur_name, $ur_mail, $ur_pasw1, $ur_pasw2,$lang;

  $sql = "SELECT ur_name FROM user WHERE ur_name='$ur_name'";
  $res = db_query($sql);
  $row = mysql_fetch_row($res);

  if(!$ur_name || !$ur_pasw1 || $ur_pasw1 != $ur_pasw2 || !$ur_mail || $row[0] == $ur_name) {

    echo "<center>\n";
    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if(!$ur_name)  { echo get_msg(error_emptyusername,$lang)."!<br>\n"; }
    if(!$ur_pasw1) { echo get_msg(error_emptyuserpasw,$lang)."!<br>\n"; }
    if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."!<br>\n"; }
    if(!$ur_mail) { echo get_msg(error_emptyusermail,$lang)."!<br>\n"; }
    if($row[0] == $ur_name) { echo get_msg(error_userdup,$lang)."!<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

    echo "<FORM action=\"adm.php\" method=\"POST\">\n";
    echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
    if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
    echo "</FORM>\n";
    echo "<p>\n";
  } else {
    $sql = "INSERT INTO user (ur_name, ur_pasw, ur_mail) VALUES ('$ur_name', '$ur_pasw1', '$ur_mail')";
    $res = db_query($sql);
    main_list();
  }
}

function user_mod_form() {
  global $uid,$lang;

  $sql = "SELECT * FROM user WHERE ur_id = '$uid'";
  $res = db_query($sql);
  $row = mysql_fetch_array($res);

  echo "<center>\n";
  echo "<form name=\"frmCust\" method=post>\n";

  echo "<h1>".get_msg(edituser,$lang)."</h1>\n";
  echo "<table class=standard>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(username,$lang)."</td>\n";
  echo "    <td class=standard><input type=text name=\"ur_name\" value=\"$row[ur_name]\"></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(email,$lang)."</td>\n";
  echo "    <td class=standard><input type=text name=\"ur_mail\" value=\"$row[ur_mail]\"></td>\n";
  echo "  </tr>\n";
  echo "</table>\n";

  echo "<p>\n";
  echo "<input type=hidden name=act value=user_mod>\n";
  echo "<input type=hidden name=uid value=\"$uid\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "<input type=submit value=\"".get_msg(submit,$lang)."\">\n";
  echo "</form>";
}

function user_mod() {
  global $uid, $ur_name, $ur_mail, $ur_pasw1, $ur_pasw2,$lang;

  $sql = "SELECT ur_name,ur_id FROM user WHERE ur_name='$ur_name'";
  $res = db_query($sql);
  $row = mysql_fetch_row($res);

  if(!$ur_name || !$ur_mail || ($row[0] == $ur_name && $row[1] != $uid)) {

    echo "<center>\n";
    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if($ur_name && $row[0] == $ur_name && $row[1] != $uid) { echo get_msg(error_userdup,$lang)."!<br>\n"; }
    if(!$ur_name)  { echo get_msg(error_emptyusername,$lang)."!<br>\n"; }
    if(!$ur_mail)  { echo get_msg(error_emptyusermail,$lang)."!<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

    echo "<FORM action=\"adm.php\" method=\"POST\">\n";
    echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
    if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
    echo "</FORM>\n";
    echo "<p>\n";
  } else {
    $sql = "UPDATE user SET ur_name='$ur_name', ur_mail='$ur_mail' WHERE ur_id='$uid'";
    $res = db_query($sql);
    main_list();
  }
}

function user_psw_form() {
  global $uid,$lang;

  echo "<center>\n";
  echo "<form name=\"frmCust\" method=post>\n";

  $sql = "SELECT * FROM user WHERE ur_id = '$uid'";
  $res = db_query($sql);
  $row = mysql_fetch_array($res);

  echo "<h1>".get_msg(changepassword, $lang)."</h1>\n";
  echo "<table class=standard>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(username, $lang)."</td>\n";
  echo "    <td class=standard>$row[ur_name]</td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(password, $lang)."</td>\n";
  echo "    <td class=standard><input type=password name=\"ur_pasw1\"></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=standard>".get_msg(retype, $lang)."</td>\n";
  echo "    <td class=standard><input type=password name=\"ur_pasw2\"></td>\n";
  echo "  </tr>\n";
  echo "</table>\n";

  echo "<p>\n";
  echo "<input type=hidden name=act value=user_psw>\n";
  echo "<input type=hidden name=uid value=\"$uid\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "<input type=submit value=\"".get_msg(submit, $lang)."\">\n";
  echo "</form>";
}

function user_psw() {
  global $uid, $ur_pasw1, $ur_pasw2,$lang;

  if(!$ur_pasw1 || $ur_pasw1 != $ur_pasw2) {
    echo "<center>\n";
    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if(!$ur_pasw1)             { echo get_msg(error_emptyuserpasw,$lang)."!<br>\n"; }
    if($ur_pasw1 != $ur_pasw2) { echo get_msg(error_nomachuserpasw,$lang)."!<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

    echo "<FORM action=\"adm.php\" method=\"POST\">\n";
    echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
    if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
    echo "</FORM>\n";
    echo "<p>\n";
  } else {
    $sql = "UPDATE user SET ur_pasw = '$ur_pasw1' WHERE ur_id = '$uid'";
    $res = db_query($sql);
    main_list();
  }
}

function user_del() {
  global $uid;

  $sql = "DELETE FROM user WHERE ur_id = '$uid'";
  $res = db_query($sql);

  main_list();
}

# Site Administration
function site_list() {
  global $uid,$lang;

  echo "<form name=\"frmBann\" method=post>\n";
  echo "<h1>".get_msg(sites,$lang)."</h1>\n";
  echo "<table class=list width=80%>\n";
  echo "  <tr>\n";
  echo "    <th class=list>".get_msg(sitecode,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(sitetitle,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(status,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(shows,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(clicks,$lang)."</th>\n";
  echo "    <th width=60 class=list>".get_msg(delete,$lang)."</th>\n";
  echo "  </tr>\n";
  $sql = "SELECT * FROM site WHERE st_user_ref='$uid' ORDER BY st_id"; $res = db_query($sql);
  while($row = mysql_fetch_array($res)) {
    if($row[st_status]) {
      $status = get_msg(approved,$lang);
    } else {
      $status = get_msg(notapproved,$lang);
    }
    echo "  <tr>\n";
    echo "    <td class=list>$row[st_id]</td>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=site_view&bid=$row[st_id]\">$row[st_name]</a></td>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=site_appr&uid=$uid&bid=$row[st_id]\">$status</a></td>\n";
    $ratio = 0;
    if ($row[st_show_me] > 0 ) { $ratio = $row[st_show_my]/$row[st_show_me]; }
    echo "    <td class=list>".sprintf("%d / %d (%3.2f)",$row[st_show_my],$row[st_show_me],$ratio)."</td>\n";
    echo "    <td class=list>$row[st_click_my]</td>\n";
    echo "    <td class=list><a href=\"adm.php?lang=$lang&act=site_del&bid=$row[st_id]\">".get_msg(delete,$lang)."</a></td>\n";
    echo "   </tr>\n";
  }
  echo "</table>\n";
  echo "</form>\n";
  echo "<p>\n";

  echo "<a href=\"adm.php?lang=$lang&\">".get_msg(customers,$lang)."</a>\n";
  echo "<p>\n";
}

function site_view() {
  global $bid, $lang, $show_categories;

  $sql = "SELECT * FROM site WHERE st_id='$bid'";
  $ban = mysql_fetch_array(db_query($sql));

  echo "<table class=list width=50%>\n";
  echo "  <tr>\n";
  echo "    <th colspan=2 class=list>".get_msg(site,$lang)."</th>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=list>".get_msg(siteurl,$lang)."</td>\n";
  echo "    <td class=list>$ban[st_url]</td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=list>".get_msg(sitetitle,$lang)."</td>\n";
  echo "    <td class=list>$ban[st_name]</td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=list>".get_msg(sitedesc,$lang)."</td>\n";
  echo "    <td class=list>".nl2br($ban[st_desc])."</td>\n";
  echo "  </tr>\n";
  if ($show_categories) {
    if($lang) {
      $sql = "SELECT ct_id, cl_name FROM cat LEFT JOIN cat_l ON (ct_id = cl_cat_ref) WHERE cl_lang_ref='$lang' ORDER BY cl_name";
    } else {
      $sql = "SELECT ct_id, ct_name FROM cat ORDER BY ct_name";
    }
    $cat = mysql_fetch_row(db_query($sql));

    echo "  <tr>\n";
    echo "    <td class=list>".get_msg(category,$lang)."</td>\n";
    echo "    <td class=list>$cat[1]</td>\n";
    echo "  </tr>\n";
  }
  echo "  <tr>\n";
  echo "    <th colspan=2 class=list>".get_msg(banner,$lang)."</th>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td colspan=2 class=list><img src=\"adm_show.php?id=$ban[st_id]\"></th>\n";
  echo "  </tr>\n";
  echo "</table>\n";
  echo "<p>\n";

  echo "<FORM method=\"POST\">\n";
  echo "<INPUT TYPE=\"button\" name=\"Done_submit\" onclick=\"javascript:history.back()\" VALUE=\"".get_msg(done,$lang)."\">\n";
  echo "</FORM>\n";
  echo "<p>\n";
}

function site_appr() {
  global $bid, $ret;

  $sql = "UPDATE site SET st_status=1-st_status WHERE st_id='$bid'";
  db_query($sql);

  if($ret == 1) {
    $sql = "SELECT st_id, st_user_ref FROM site WHERE st_id='$bid'";
    $res = db_query($sql);
    $sit = mysql_fetch_array($res);
    $sql = "SELECT * FROM user WHERE ur_id='$sit[st_user_ref]'";
    $res = db_query($sql);
    $usr = mysql_fetch_array($res);
	mail_appnotifyuser($usr[ur_name], $usr[ur_pasw], $usr[ur_fname], $usr[ur_lname], $usr[ur_mail]);
    main_list();
  } else {
    site_list();
  }
}

function site_del() {
  global $bid;

  $sql = "DELETE FROM site WHERE st_id='$bid'";
  db_query($sql);

  site_list();
}

include($addheader);

include("adm_menu.inc");

if(!$act) { main_list(); }

if($act == "user_add_form") { user_add_form(); }
if($act == "user_add")      { user_add(); }
if($act == "user_mod_form") { user_mod_form(); }
if($act == "user_mod")      { user_mod(); }
if($act == "user_psw_form") { user_psw_form(); }
if($act == "user_psw")      { user_psw(); }
if($act == "user_del")      { user_del(); }

if($act == "site_list") { site_list(); }
if($act == "site_view") { site_view(); }
if($act == "site_appr") { site_appr(); }
if($act == "site_del")  { site_del(); }

include("$addfooter");


?>
Return current item: phpBannerEx