Location: PHPKode > scripts > DNP script > admin/action.php
<?PHP
/*
    This file is part of DNP Script, an open source domain portfolio manager.
    Copyright (C) 2011  Robert Picard

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as
    published by the Free Software Foundation, either version 3 of the
    License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
	error_reporting(0);

	// Make sure the user is logged in as the admin
	session_start();
	
	if(!$_SESSION['admin']){
		header('Location: index.php');
		die;
	}
	
	// Connect to the database	
	require('../config.php');
	
	$con = mysql_connect($db_host, $db_user, $db_pass);
		
		if(!$con) {
			die("Could not connect to the database: ".mysql_error());
		}
	
	mysql_select_db($db_name, $con);
	
	
	// Use if statements to find out what action is being requested and complete
	// that action.
	if ($_POST['new-domain']) {
		$domain =		$_POST['domain'];
		$registrar =	$_POST['registrar'];
		$expiry =		$_POST['expiry'];
		$price =		$_POST['price'];
		
		$domain =		mysql_real_escape_string($domain);
		$registrar =	mysql_real_escape_string($registrar);
		$expiry =		mysql_real_escape_string($expiry);
		$price =		mysql_real_escape_string($price);
		
		$query = "INSERT INTO dnp_domains (domain, registrar, expiry, price) VALUES ('$domain', '$registrar', '$expiry', '$price')";
		
		mysql_query($query) or die("Could not add record to the database: ".mysql_error());
		
		header('Location: index.php?module=domains');
		die;
	}
	
	if($_GET['action'] == "delete") {
		$id = $_GET['id'];
		
		$query = "DELETE FROM dnp_domains WHERE id='$id'";
		
		mysql_query($query) or die("Could not delete record from the database: ".mysql_error());
		
		header('Location: index.php?module=domains');
		die;
	}
	
	if($_GET['action'] == "settings") {
		if($_POST['title']) {
			$title = mysql_real_escape_string($_POST['title']);
			$query = "UPDATE dnp_settings SET value='$title' WHERE name='title'";
			
			mysql_query($query);
			
			header('Location: index.php?module=settings');
			die;
		}
		
		if($_POST['description']) {
			$description = mysql_real_escape_string($_POST['description']);
			$query = "UPDATE dnp_settings SET value='$description' WHERE name='description'";
			
			mysql_query($query);
			
			header('Location: index.php?module=settings');
			die;
		}
		
		
		if($_POST['email']) {
			$email = mysql_real_escape_string($_POST['email']);
			$query = "UPDATE dnp_settings SET value='$email' WHERE name='email'";
			
			mysql_query($query);
			
			header('Location: index.php?module=settings');
			die;
		}
		
		if($_POST['analytics-submit']) {
			$analytics = mysql_real_escape_string($_POST['analytics']);
			$query = "UPDATE dnp_settings SET value='$analytics' WHERE name='analytics'";
			
			mysql_query($query);
			
			header('Location: index.php?module=settings');
			die;
		}
		
		if($_POST['pass1']) {
			$pass1 = $_POST['pass1'];
			$pass2 = $_POST['pass2'];
			
			if($pass1 != $pass2) {
				die("Passwords did not match");
			}
			
			$password = sha1(md5($pass1));
			
			$query = "UPDATE dnp_settings SET value='$password' WHERE name='password'";
			
			mysql_query($query);
			
			header('Location: index.php?module=settings');
			die;
		}
	}
?>
Return current item: DNP script