<?php
include('functions/functions_general.php');
include('config.php');
$custom_vars = getCustomVars();
if (!checkAdminLogin($_SESSION['exercise_tip_buddy_admin_username'],$_SESSION['exercise_tip_buddy_admin_password'])) {
header('Location:admin-login.php');
}
// ACTIONS
$i = 0;
// Delete Issue
if ($_POST['action'] == 'delete_issue') {
$delete = mysql_query('
DELETE FROM exercise_tip_buddy_mailing_list_archive
WHERE mailing_list_archive_id = "' . $_POST['mailing_list_archive_id'] . '"');
$result_div .= getResultDiv('The issue has been deleted','success');
}
// Add Issue
if ($_POST['action'] == 'add_issue') {
$insert = mysql_query('
INSERT INTO exercise_tip_buddy_mailing_list_archive
SET mailing_list_archive_content_html = "' . magic_quote_alter($_POST['mailing_list_archive_content_html'],'"') . '",
mailing_list_archive_subject = "' . magic_quote_alter($_POST['mailing_list_archive_subject'],'"') . '"');
$result_div .= getResultDiv('The issue has been added','success');
}
// Delete Subscriber
if ($_POST['action'] == 'delete_subscriber') {
$delete = mysql_query('
DELETE FROM exercise_tip_buddy_mailing_list_subscribers
WHERE mailing_list_subscribers_id = "' . $_POST['mailing_list_subscribers_id'] . '"');
$result_div .= getResultDiv('The subscriber has been deleted','success');
}
// Save Settings
if ($_POST['action'] == 'save_settings') {
updateCustomSetting('email_queue_custom_duration',$_POST['email_queue_custom_duration']);
updateCustomSetting('email_queue_max_per_day',$_POST['email_queue_max_per_day']);
updateCustomSetting('email_header',$_POST['email_header']);
updateCustomSetting('email_footer',$_POST['email_footer']);
updateCustomSetting('subject_prefix',$_POST['subject_prefix']);
updateCustomSetting('email_queue_custom_duration_max',$_POST['email_queue_custom_duration_max']);
$result_div .= getResultDiv('The settings have been saved','success');
$custom_vars = getCustomVars();
}
// Add administrator
if ($_POST['action'] == 'add_admin') {
$i = 0;
if (strlen($_POST['administrators_username']) < '6') {
$error[$i] = 'Please enter a longer username (over 6 characters)';
$i++;
}
if (strlen($_POST['administrators_password']) < '6') {
$error[$i] = 'Please enter a longer password (over 6 characters)';
$i++;
}
if (strlen($_POST['administrators_email']) < '1') {
$error[$i] = 'Please enter an email address for the administrator';
$i++;
}
$duplicate_check = mysql_query('
SELECT *
FROM exercise_tip_buddy_administrators
WHERE administrators_username = "' . $_POST['administrators_username'] . '"');
if (mysql_num_rows($duplicate_check) > 0) {
$error[$i] = 'That username is already being used, please use another';
$i++;
}
$error_div = getResultDiv($error);
$result_div .= $error_div;
if ($error_div == '') {
$insert = mysql_query('
INSERT INTO exercise_tip_buddy_administrators
SET administrators_username = "' . $_POST['administrators_username'] . '",
administrators_pass = PASSWORD("' . $_POST['administrators_password'] . '"),
administrators_email = "' . $_POST['administrators_email'] . '",
administrators_level = "' . $_POST['administrators_level'] . '"');
echo mysql_error();
$result_div .= getResultDiv('The administrator was added','success');
}
}
// Change Password
if ($_POST['action'] == 'change_password') {
if (strlen($_POST['administrators_password']) < 6) {
$result_div .= getResultDiv('Please choose a longer password (at least 6 characters)');
} else {
if ($update = mysql_query('
UPDATE exercise_tip_buddy_administrators
SET administrators_pass = PASSWORD("' . $_POST['administrators_password'] . '")
WHERE administrators_id = "' . $_POST['administrators_id'] . '"')) {
$result_div .= getResultDiv('The administrators password was changed','success');
} else {
$result_div .= getMysqlError();
}
}
}
// Deleted Admin
if ($_POST['action'] == 'delete_admin') {
if ($_POST['administrators_id'] == $_SESSION['exercise_tip_buddy_admin_id']) {
$result_div = getResultDiv('<strong>You cannot remove your own administrator account.</strong>');
} else {
if ($delete = mysql_query('
DELETE FROM exercise_tip_buddy_administrators
WHERE administrators_id = "' . $_POST['administrators_id'] . '"')) {
$result_div .= getResultDiv('<strong>The administrator was deleted</strong>','success');
} else{
$result_div .= getResultDiv(getMysqlError());
}
}
}
// END ACTIONS
if ($_SESSION['exercise_tip_buddy_admin_level'] == 1) {
$result = mysql_query('
SELECT *
FROM exercise_tip_buddy_administrators
ORDER BY administrators_id ASC');
while ($row = mysql_fetch_array($result)) {
if ($row_style == 'account-row-1') {
$row_style = 'account-row-2';
} else {
$row_style = 'account-row-1';
}
if ($row['administrators_level'] == 1) {
$level = 'Chief Admin';
} elseif ($row['administrators_level'] == 2) {
$level = 'Normal Admin';
}
$admin_block .= '
<tr>
<td class="' . $row_style . '">' . $row['administrators_id'] . '</td>
<td class="' . $row_style . '">' . $row['administrators_username'] . '</td>
<td class="' . $row_style . '">' . $level . '</td>
<td class="' . $row_style . '"><a href="mailto:' . $row['administrators_email'] . '">' . $row['administrators_email'] . '</a></td>
<td class="' . $row_style . '">
<a onClick="switchImage (\'images/plus.gif\',\'images/minus.gif\',\'admin_image_' . $row['administrators_id'] . '\')" href="javascript:toggleLayer(\'edit-' . $row['administrators_id'] . '\');"><img src="images/plus.gif" name="admin_image_' . $row['administrators_id'] . '" id="admin_image_' . $row['administrators_id'] . '" /></a>
<div class="hidden highlighted-border" id="edit-' . $row['administrators_id'] . '">
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="change_password" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
New Pass: <input type="text" size="10" name="administrators_password" />
<input type="submit" value="Change Pass >" />
</form>
</div>
</td>
<td class="' . $row_style . ' nowrap">
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="delete_admin" />
<input type="hidden" name="administrators_id" value="' . $row['administrators_id'] . '" />
<input type="submit" value="Delete" onclick="return confirm(\'Are you sure you want to delete the following administrator: ' . $row['administrators_username'] . '?\')" />
</form>
</td>
</tr>';
}
$admin_block = '
<table cellspacing="1" class="account-table wide">
<tr>
<th>ID</th>
<th>Username</th>
<th>Level</th>
<th>E-Mail</th>
<th>Change Password</th>
<th>Delete</th>
</tr>' . $admin_block . '</table>';
}
// Generate issue entries
$result = mysql_query('
SELECT *
FROM exercise_tip_buddy_mailing_list_archive
ORDER BY mailing_list_archive_id DESC');
while ($row = mysql_fetch_array($result)) {
if ($row_style == 'account-row-1') {
$row_style = 'account-row-2';
} else {
$row_style = 'account-row-1';
}
$issues_block .= '
<tr>
<td class="' . $row_style . '">' . $row['mailing_list_archive_id'] . '</td>
<td class="' . $row_style . '">' . $row['mailing_list_archive_subject'] . '</td>
<td class="' . $row_style . '">' . $row['mailing_list_archive_content_html'] . '</td>
<td class="' . $row_style . ' nowrap">
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="delete_issue" />
<input type="hidden" name="mailing_list_archive_id" value="' . $row['mailing_list_archive_id'] . '" />
<input type="submit" value="Delete" onclick="return confirm(\'Are you sure you want to delete this issue?\')" />
</form>
</td>
</tr>';
}
$issues_block = '
<table cellspacing="1" class="account-table wide">
<tr>
<th>ID</th>
<th>Subject</th>
<th>Content</th>
<th>Delete</th>
</tr>' . $issues_block . '</table>';
// Generate Subscriber List
$result = mysql_query('
SELECT *
FROM exercise_tip_buddy_mailing_list_subscribers
ORDER BY mailing_list_subscribers_id DESC');
while ($row = mysql_fetch_array($result)) {
if ($row_style == 'account-row-1') {
$row_style = 'account-row-2';
} else {
$row_style = 'account-row-1';
}
$subscribers_block .= '
<tr>
<td class="' . $row_style . '">' . $row['mailing_list_subscribers_id'] . '</td>
<td class="' . $row_style . '">' . $row['mailing_list_subscribers_email'] . '</td>
<td class="' . $row_style . ' nowrap">
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="delete_subscriber" />
<input type="hidden" name="mailing_list_subscribers_id" value="' . $row['mailing_list_subscribers_id'] . '" />
<input type="submit" value="Delete" onclick="return confirm(\'Are you sure you want to remove this subscriber?\')" />
</form>
</td>
</tr>';
}
$subscribers_block = '
<table cellspacing="1" class="account-table wide">
<tr>
<th>ID</th>
<th>Email</th>
<th>Delete</th>
</tr>' . $subscribers_block . '</table>';
?>
<head>
<link href="styles/admin.css" rel="stylesheet" type="text/css"></link>
<script language="javascript">
image1 = new Image();
image1.src = "images/white-arrow-down.gif";
image2 = new Image();
image2.src = "images/plus.gif";
image3 = new Image();
image3.src = "images/minus.gif";
</script>
<script type="text/javascript" src="javascript/toggle_div.js"></script>
<title>Admin Home</title>
</head>
<body>
<div class="main">
<h1>Admin Home</h1>
<p><a href="admin-login.php?action=logout">Log Out</a></p>
<?php echo $result_div; ?>
<?php echo startOptionDiv('my_pass','Change My Password'); ?>
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="change_password" />
<input type="hidden" name="administrators_id" value="<?php echo $_SESSION['microcms_admin_id']; ?>" />
New Pass: <input type="text" size="30" name="administrators_password" />
<input type="submit" value="Replace Password >>" />
</form>
<?php echo endOptionDiv(); ?>
<?php echo startOptionDiv('settings','Settings'); ?>
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="save_settings" />
<input type="hidden" name="administrators_id" value="<?php echo $_SESSION['exercise_tip_buddy_admin_id']; ?>" />
<table>
<tr>
<td>Custom Duration:</td>
<td><input type="text" size="5" name="email_queue_custom_duration" value="<?php echo $custom_vars['email_queue_custom_duration']; ?>" />
<td><i>The time limit (in seconds) for sending the number of emails listed in the "Custom Maximum E-mails"</i></td>
</tr>
<tr>
<td>Custom Maximum E-mails:</td>
<td><input type="text" size="5" name="email_queue_custom_duration_max" value="<?php echo $custom_vars['email_queue_custom_duration_max']; ?>" />
<td><i>The maximum number of e-mails that can be sent within the time period set by "Custom Duration"</i></td>
</tr>
<tr>
<td>Max E-mails Per Day:</td>
<td><input type="text" size="5" name="email_queue_max_per_day" value="<?php echo $custom_vars['email_queue_max_per_day']; ?>" />
<td><i>The maximum number of e-mails that can be sent in a 24 hour period</i></td>
</tr>
<tr>
<td>Subject Prefix:</td>
<td><input type="text" size="40" name="subject_prefix" value="<?php echo $custom_vars['subject_prefix']; ?>" />
<td><i>This is added to the beginning of the e-mail subject line</i></td>
</tr>
<tr>
<td>Custom Header:</td>
<td><textarea cols="40" rows="5" name="email_header"><?php echo stripslashes($custom_vars['email_header']); ?></textarea></td>
<td><i>An HTML header that will be added to the beginning of an e-mail</i></td>
</tr>
<tr>
<td>Custom Footer:</td>
<td><textarea cols="40" rows="5" name="email_footer"><?php echo stripslashes($custom_vars['email_footer']); ?></textarea></td>
<td><i>An HTML header that will be added to the end of an e-mail</i></td>
</tr>
</table>
<input type="submit" value="Save Settings >>" />
</form>
<?php echo endOptionDiv(); ?>
<?php echo startOptionDiv('add_issue','Add an Issue'); ?>
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="add_issue" />
<table>
<tr>
<td>Subject: </td>
<td><input type="text" name="mailing_list_archive_subject" size="40" value="<?php echo $form['administrators_username']; ?>" /></td>
</tr>
<tr>
<td>Content (HTML is accepted): </td>
<td><textarea name="mailing_list_archive_content_html" cols="40" rows="5"></textarea></td>
</tr>
<tr>
<td colspan="2"><p class="align-center"><input type="submit" value="Add Issue" /></p></td>
</tr>
</table>
</form>
<?php echo endOptionDiv(); ?>
<?php echo startOptionDiv('manage_issues','Manage Issues'); ?>
<?php echo $issues_block; ?>
<?php echo endOptionDiv(); ?>
<?php echo startOptionDiv('manage_subscribers','Manage Subscribers'); ?>
<?php echo $subscribers_block; ?>
<?php echo endOptionDiv(); ?>
<?php if ($_SESSION['exercise_tip_buddy_admin_level'] == 1) { ?>
<?php echo startOptionDiv('add_administrator','Add an Administrator'); ?>
<form action="admin-home.php" method="post">
<input type="hidden" name="action" value="add_admin" />
<table>
<tr>
<td>Username: </td>
<td><input type="text" name="administrators_username" size="40" value="<?php echo $form['administrators_username']; ?>" /></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="text" name="administrators_password" size="40" value="<?php echo $form['administrators_password']; ?>" /></td>
</tr>
<tr>
<td>E-mail: </td>
<td><input type="text" name="administrators_email" size="40" value="<?php echo $form['administrators_email']; ?>" /></td>
</tr>
<tr>
<td>Administrator Level: </td>
<td>
<select name="administrators_level">
<option value=""></option>
<option value="1">Chief Admin (can add other admins)</option>
<option value="2">Normal Administrator</option>
</select>
</td>
</tr>
<tr>
<td colspan="2"><p class="align-center"><input type="submit" value="Add Administrator" /></p></td>
</tr>
</table>
</form>
<?php echo endOptionDiv(); ?>
<?php echo startOptionDiv('manage_administrators','Manage Administrators'); ?>
<?php echo $admin_block; ?>
<?php echo endOptionDiv(); ?>
</div>
</div>
<?php } ?>
</div>
</body>