Location: PHPKode > scripts > burnauth > burnauth/admin.php
<?
/*
File: admin.php 
Belongs to Script Name: Burning Auth V 1.0
Author: Luca Vignaroli
Email: hide@address.com

Description:
Burning Auth is a script to handle user authenticated access to php scripts. 
The goal is quite simple: protect from unauthorized access those pages who 
need to be kept under admin control, such as data/content administration and/or
members only areas on a website.

Security is achieved through a database authentication and mantained with a 
Session variable set to the authenticated user's name. Every page can be protected
including the file 'shield.php'; at the beginning of it.

Check out the file README for installation instructions. This script is freeware.
*/
include ("shield.php");
?>

<center>

<?

// EDIT USER
if (($_REQUEST['mode'] == "edit") && ($_REQUEST['uid'] != "") && ($_REQUEST['act'] != "submit")) {
	$sql = "SELECT * FROM USERS WHERE ID=" . $_REQUEST['uid'];
	$conn = mysql_connect($burn->HOST, $burn->DBUSERNAME, $burn->DBPASSWORD);
	$dbsel = mysql_select_db($burn->DBNAME, $conn);
	$rs = mysql_query($sql);
	$row = mysql_fetch_array($rs);
	echo "<form method=post action='admin.php?mode=edit&uid=" . $row['ID'] . "&act=submit'>";
	echo "<table border=0 cellpadding=0 cellspacing=0 width=200>";
	echo "<tr><td align=right>Username:</td><td align=left><input type=text name='user' value='" . $row['USERNAME'] . "' style='width : 100px;'></td></tr>";
	echo "<tr><td align=right>Password:</td><td align=left><input type=text name='pass' value='" . $row['PASSWORD'] . "' style='width : 100px;'></td></tr>";
	echo "<tr><td align=right>$errormsg</td><td align=left><input type=submit name='save' value='save'></td></tr>";
	echo "</table>";
	mysql_free_result($rs);
	mysql_close($conn);
}
elseif (($_REQUEST['mode'] == "edit") && ($_REQUEST['act'] == "submit") && ($_REQUEST['uid'] == "1") && (strtolower($_REQUEST['user']) != "admin")) {
	Echo "You can only change the password for the user ADMIN!";
}
elseif (($_REQUEST['mode'] == "edit") && ($_REQUEST['act'] == "submit")) {
	$sql = "UPDATE USERS SET USERNAME='" . $_REQUEST['user'] . "', PASSWORD='" . $_REQUEST['pass'] ."' WHERE ID=" . $_REQUEST['uid'];
	$conn = mysql_connect($burn->HOST, $burn->DBUSERNAME, $burn->DBPASSWORD);
	$dbsel = mysql_select_db($burn->DBNAME, $conn);
	$query = mysql_query($sql) or die ("Error updating database!");
	mysql_close($conn);
	Echo "<font color=green>New data Saved!</font>";
}
else {
}

//INSERT USER
if (($_REQUEST['mode'] == "new") && ($_REQUEST['act'] == "submit") && (strtolower($_REQUEST['user']) != "admin") && ($_REQUEST['user'] != "")) {
	$sql = "INSERT INTO USERS (USERNAME, PASSWORD, LASTTIMEHERE) VALUES ('" . $_REQUEST['user'] . "','" . $_REQUEST['pass'] ."', NOW())";
	$conn = mysql_connect($burn->HOST, $burn->DBUSERNAME, $burn->DBPASSWORD);
	$dbsel = mysql_select_db($burn->DBNAME, $conn);
	$insert = mysql_query($sql) or die ("Error creating user!");
	mysql_close($conn);
	Echo "<font color=green>New user Saved!</font>";
}	
elseif (($_REQUEST['mode'] == "new") && ($_REQUEST['act'] == "submit") && (strtolower($_REQUEST['user']) == "admin")) {
	Echo "<font color=red>Cannot create user ADMIN!</font>";	
}
elseif (($_REQUEST['mode'] == "new") && ($_REQUEST['act'] != "submit")) {
	echo "<hr><b>Insert New User:</b><hr>";
	echo "<form method=post action='admin.php?mode=new&act=submit'>";
	echo "<table border=0 cellpadding=0 cellspacing=0 width=200>";
	echo "<tr><td align=right>Username:</td><td align=left><input type=text name='user' style='width : 100px;'></td></tr>";
	echo "<tr><td align=right>Password:</td><td align=left><input type=text name='pass' style='width : 100px;'></td></tr>";
	echo "<tr><td align=right>$errormsg</td><td align=left><input type=submit name='insert' value='insert'></td></tr>";
	echo "</table>";
}
elseif (($_REQUEST['mode'] == "new") && ($_REQUEST['act'] == "submit") && ($_REQUEST['user'] == "")) {
	echo "<font color=red>Error, username field must NOT be empty!</font>";
}

//DELETE USER
if (($_REQUEST['mode'] == "del") && ($_REQUEST['act'] == "submit") && ($_REQUEST['uid'] == "1")) {
	echo "<font color=red>Cannot delete USER ADMIN!</font>";
}	
elseif (($_REQUEST['mode'] == "del") && ($_REQUEST['act'] == "submit")) {
	$sql = "DELETE FROM USERS WHERE ID=" . $_REQUEST['uid'] . " LIMIT 1";
	$conn = mysql_connect($burn->HOST, $burn->DBUSERNAME, $burn->DBPASSWORD);
	$dbsel = mysql_select_db($burn->DBNAME, $conn);
	$delete = mysql_query($sql) or die ("Error deleting user!: $sql");
	mysql_close($conn);
	Echo "<font color=green>User deleted as requested!</font>";
}
elseif (($_REQUEST['mode'] == "del") && ($_REQUEST['act'] != "submit")) {
	echo "<hr><b>Confirm deletion of user:</b><hr>";
	echo "<form method=post action='admin.php?mode=del&uid=" . $_REQUEST['uid'] . "&act=submit'>";
	echo "<input type=submit name='delete' value='Yes'></form>";
	echo "<form method=post action='admin.php'>";
	echo "<input type=submit name='void' value='No'></form>";
}

$burn->listusers();
?>

</center>
Return current item: burnauth