Location: PHPKode > projects > PHPEcho CMS > modules/admin/index.php
<?php
/*  +--------------------------------------------
*   |
*   |     Product:       PHPEchoCMS
*   |     Author:        Tigran Abrahamyan
*   |     License:       GPL
*   |     Last updated:  06.04.07
*   |     For version:   2.0
*   |     Desc:          Admin panel main file
*   |        
*   +--------------------------------------------
*/ 

// -------------------
// Set admin load variable for admin panel
// -------------------

DEFINE ( "ADMIN_LOAD", 1);

// -------------------
// Double check admin level
// -------------------

$mlang = $core->getlang("admin");

if ( $_SESSION['admin_level'] )
{
    if ( @$_POST['adminusername'] && $_POST['adminpassword'] && !session_is_registered("admin") )
    {
        $checkAdmin = query ( "SELECT admin_level FROM ".PREFIX."users WHERE username = '".addslashes ( $_POST['adminusername'])."' and password = '".md5 ( addslashes ( $_POST['adminpassword'] ) )."'", 3);
        
        if ( $checkAdmin )
        {
            // logged succesfully
            session_register ( "admin" );
            echo $mlang['013'];
            $core->redirect ( "index.php?module=admin" );
        }   
        else
        {
            // no permission
            echo $mlang['014'];
        }
    }
    elseif ( !session_is_registered("admin") )
    {
        // Authenticating...
        echo $mlang['004']."        
        <form action='index.php?module=admin' method='post'>
        <table width='100%'>
        <tr>
          <td width='10%'>
             ".$mlang['001']."
          </td>
          <td width='70%'>
             <input type='text' name='adminusername'>
          </td>
        </tr>
        <tr>
          <td>
             ".$mlang['002']."
          </td>
          <td>
             <input type='password' name='adminpassword'>
          </td>
        </tr>
        <tr>
          <td colspan='2'>
             <input type='submit' value='".$mlang['003']."'>
          </td>
        </tr>
        </table>
        </form>
        ";
    }
    elseif ( session_is_registered("admin") )
    {
	// Verifying admin permissions
	$perms = query("select * from `".PREFIX."admin_perms` where `id`=".$core->mname2mid(addslashes($_SESSION['username'])), 4);
	$per = $perms['perms'];
	$nn = strlen($per);
	$no = 0;
	// Show menu
	$list1 = array('global', 'modulemanage', 'blockmanage', 'news', 'files', 'gallery', 'forum', 'voting', 'usermanage', 'adminperms', 'banners');
	$list2 = array('005', '006', '017', '007', '008', '009', '010', '011', '018', '019', '021'); 
	echo "<center><table width='100%'><tr>";
	for ($i=0; $i<$nn; $i++)
	{
		if (substr($per, $i, 1) == '1')
		{
			if ($no % 3 == 0 && $no != 0)
				echo "</tr><tr><td width='33%'>
             					<center>
             					<a href='index.php?module=admin&act=".$list1[$i]."'>
						<img src='modules/admin/images/".$list1[$i].".png' border='0'></a><br>
					        <a href='index.php?module=admin&act=".$list1[$i]."'>".$mlang[$list2[$i]]."</a>
				                </center>             
					    </td>"; 
			else
				echo "<td width='33%'>
             					<center>
             					<a href='index.php?module=admin&act=".$list1[$i]."'>
						<img src='modules/admin/images/".$list1[$i].".png' border='0'></a><br>
					        <a href='index.php?module=admin&act=".$list1[$i]."'>".$mlang[$list2[$i]]."</a>
				                </center>             
					    </td>";
			$no++;
		}
	}
	if ($no % 3 == 0)
		echo "</tr><tr><td>
             	    		<center>
             			<a href='index.php?module=admin&act=logout'><img src='modules/admin/images/logout.png' border='0'></a>
             			<br><a href='index.php?module=admin&act=logout'>".$mlang['012']."</a>
	             		 </center>             
	          	    </td>";
	else
		echo "<td>
             	    		<center>
             			<a href='index.php?module=admin&act=logout'><img src='modules/admin/images/logout.png' border='0'></a>
             			<br><a href='index.php?module=admin&act=logout'>".$mlang['012']."</a>
	             		 </center>             
	          	    </td>";
	echo "</tr></table></center>"; 
        
	// Assure that the admin have permission to enter the specified module
	@$se = $_GET['act']; $hasperm = 0;
	for ($k=0; $k<strlen($per); $k++)
		if ($se == $list1[$k])
		{
		    if (substr($per, $k, 1) == '1')
			    $hasperm = 1;
		    else
			    echo "<br>".$mlang['020'];
		    break;
		}
        // Select between admin modules
      if ($hasperm == 1)
        switch ( @$_GET['act'] )
        {
            case "global":
                include ("modules/global.php");
                break;
            case "news":
                include ("modules/news.php");
                break;
            case "files":
                include ("modules/files.php");
                break;
            case "gallery":
                include ("modules/gallery.php");
                break;
            case "modulemanage":
                include ("modules/modulemanage.php");
		break;
	    case "forum":
		include ("modules/forum.php");
                break;
	    case "voting":
		include ("modules/voting.php");
		break;
	    case "usermanage":
		include ("modules/usermanage.php");
		break;
	    case "blockmanage":
		include ("modules/blockmanage.php");
		break;
	    case "adminperms":
		include("modules/adminperms.php");
		break;
	    case "banners":
		include("modules/banners.php");
		break;
            case "logout":
                session_unregister ( "admin" );
                $core->redirect ("index.php");
                break;
        }
    }
    else
    {
        echo $mlang['015'];
    }
}
else
{
    echo $mlang['016'];
}
?>
Return current item: PHPEcho CMS