Location: PHPKode > scripts > Ja2BU > admin/incadmin.php
<?php
include ('header.php');
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
?>
<div id="vforms">
<div id="cconfig">Admin Settings</div>
<?php if(isset($_POST['query'])) {
	$oldpass = $_POST['oldpass'];
	$password = $_POST['password'];
	$keys = rand(111111111,888888888);
	if(get_magic_quotes_gpc()) {
		$password = stripslashes($password);
	}
	if(preg_match('#[^A-Za-z0-9]#',$oldpass)) {
		echo "Invalid Characters.";
		die();
	}
	if(preg_match('#[^A-Za-z0-9]#',$password)) {
		echo "Invalid Characters.";
		die();
	}
	$name = array($oldpass,$password);
	foreach($name as $name) {
		if(preg_match("/%/",$name)) {
			echo "Invalid Characters.";
			die();
		}
		if(preg_match("/;/",$name)) {
			echo "Invalid Characters.";
			die();
		}
		if(preg_match("/</",$name)) {
			echo "Invalid Characters.";
			die();
		}
		if(preg_match("/\\[/",$name)) {
			echo "Invalid Characters.";
			die();
		}
	}
	if(strlen($name) < 5) {
		echo "Invalid Characters.";
		die();
	}
	if(strlen($name) > 80) {
		echo "Invalid Characters.";
		die();
	}
	if(preg_match("/ /",$oldpass)) {
		echo "Invalid Characters.";
		die();
	}
	if(preg_match("/ /",$password)) {
		echo "Invalid Characters.";
		die();
	}
	$coldpass = md5($_POST['oldpass']);
	$brecordSet = &$conn->Execute("SELECT * FROM cpadmin WHERE apassword = '".mysql_real_escape_string($coldpass).
		"'");
	if($brecordSet) {
		if($brecordSet->fields == 0) {
			echo "Sorry, user you are looking for does not exist.";
			$brecordSet->Close();
			$conn->Close();
			die();
		}
	}
	$username = $_SESSION['CC_MODER'];
	$sql = $conn->Prepare('UPDATE cpadmin SET apassword = ? WHERE ausername = ?');
	if($conn->Execute($sql,array($conn->addq(md5($password)),$conn->addq($username))) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	} else {
		echo "<div id ='information'>&nbsp;Successfully. </div>";
		unset($_SESSION['cusid']);
		unset($_SESSION['INC_USER_ID']);
		unset($_SESSION['INC_USER_NAME']);
		unset($_SESSION['CC_MODER']);
		unset($_SESSION['INC_USER_THUMB']);
		unset($_SESSION['INC_USER_PRIV']);
		unset($_SESSION['HTTP_USER_AGENT']);
		unset($_SESSION['logged_in']);
		unset($_SESSION['loggedin']);
		unset($_SESSION['ss_fprint']);
		unset($_SESSION['incsess']);
		unset($_SESSION['inecsess']);
	}
}
if(isset($_POST['submit'])) {
	$plinks = $_POST['plinks'];
	if(get_magic_quotes_gpc()) {
		$plinks = stripslashes($plinks);
	}
	$sql = 'UPDATE abcoption SET valueopt = '.$conn->qstr($plinks).' WHERE optionid = '.$conn->qstr("47").'';
	if($conn->Execute($sql) === false) {
		print '<br /><div id="error">error [3]: '.$conn->ErrorMsg().'</div><br />';
	}
	echo "<div id ='information'>&nbsp;Successfully. ";
    ?>
<a href="incadmin.php">Back to Admin Settings</a></div>
<?php } else { ?>
<form method="post" action="incadmin.php">
Admin Notification:<br />(New Registration, New Post, Tella a Friend...)<br />
<?php if($notificate == 1) { ?>
<select style="background:#EEFFE3;" id="incc" name="plinks">
<option value='1'>-- Yes</option>
<option style="background:#ffffff;" value='1'>---- Yes</option>
<option style="background:#ffffff;" value='0'>------ No</option>
</select>                               
<?php } ?>
<?php if($notificate == 0) { ?>
<select style="background:#FFF6C1;" id="incc" name="plinks">
<option value='0'>-- No</option>
<option style="background:#ffffff;" value='1'>---- Yes</option>
<option style="background:#ffffff;" value='0'>------ No</option>
</select>
<?php } ?>
<br /><br />
<input type="submit" class="topicbuton" name="submit" value="Submit" /><br /><br />
</form>
<form name="maForm" action="incadmin.php" method="post">
Change Password:<br /><br />
Old Password:<br />
<input name="oldpass" id="incc" type="password"><br />
New Password:<br />
<input name="password" id="incc" type="password"><br /><br />
<input class="topicbuton" type="submit" value="New Password" name="query" ></div>
</form>
<?php } ?>
</div>
<?php include ('footer.php');
$conn->Close();
/**************************************
* Revision: v.1.1.
***************************************/
?>
Return current item: Ja2BU