* @author Bill Newman <*****@*****.**>
* @version 3.02 2011/05/18
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see demo_list_pager.php
* @todo none
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to demo_list_pager.php page
if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring
$myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails
}else{
myRedirect(VIRTUAL_PATH . "demo/demo_list_pager.php");
}
//sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
//---end config area --------------------------------------------------
$foundRecord = FALSE; # Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if(mysqli_num_rows($result) > 0)
{#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result))
function updateExecute()
{
global $config;
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$redirect = $config->adminEdit;
# global var used for following formReq redirection on failure
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
$AdminID = formReq('AdminID');
#check for duplicate email
$sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
$result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# someone already has email!
feedback("Email already exists - please choose a different email.");
myRedirect($config->adminEdit);
# duplicate email
}
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID);
mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
$msg = "Admin Updated!";
feedback("Successfully Updated!", "notice");
if ($_SESSION["AdminID"] == $AdminID) {
#this is me! update current session info:
$_SESSION["Privilege"] = $Privilege;
$_SESSION["FirstName"] = $FirstName;
}
} else {
feedback("Data NOT Updated! (or not changed from original values)");
}
get_header();
echo '
<div align="center"><h3>Edit Administrator</h3></div>
<div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
/**
* mysqli version of formReq()
*
* Requires data submitted as isset() and passes data to
* idbIn() which processes per MySQL standards, adding slashes and
* attempting to prevent SQL injection.
*
* Upon failure, user is forcibly redirected to global variable,
* $redirect, which is applied just before checking a series of form values.
*
* mysqli version requires explicit connection, $myConn
*
*<code>
* $iConn = conn("admin",TRUE); //mysqli connection
* $myVar = iformReq($_POST['myVar'],$iConn);
* $otherVar = iformReq($_POST['otherVar'],$iConn);
*</code>
*
* @uses idbIn()
* @see formReq()
* @param string $var data as entered by user
* @param object $myConn active mysqli DB connection, passed by reference.
* @return string returns data filtered by MySQL, adding slashes, etc.
* @todo none
*/
function iformReq($var, &$iConn)
{
/**
* $redirect stores page to redirect user to upon failure
* These variables are declared in the page, just before the form fields are tested.
*
* @global string $redirect
*/
global $redirect;
if (!isset($_POST[$var])) {
feedback("Required Form Data Not Passed", "error");
if (!isset($redirect) || $redirect == "") {
//if no redirect indicated, use the current page!
myRedirect(THIS_PAGE);
} else {
myRedirect($redirect);
}
} else {
return idbIn($_POST[$var], $iConn);
}
}
exit;
}
}
$tyyp_id = 14;
$site->debug->print_hash($site->fdat, 1, "FDAT");
$leht = new Leht(array(id => $site->fdat['id'] ? $site->fdat['id'] : $site->alias("rub_home_id")));
$objekt = new Objekt(array(objekt_id => $site->fdat['id'], on_sisu => 1));
if (!$objekt->objekt_id) {
//redirect 404 lehele
header('Location: index.php?id=' . $site->alias(array('key' => '404error')));
exit;
}
$obj_conf = new CONFIG($objekt->all['ttyyp_params']);
if ($site->fdat['output_device'] == 'pda') {
if (strlen($site->fdat['text']) < 2 || strlen($site->fdat['nimi']) < 2) {
myRedirect($site->fdat['redirect_url']);
exit;
}
$name = trim($site->user->all['firstname'] . ' ' . $site->user->all['lastname']);
$nimi = trim($site->fdat['nimi']);
if ($name != $nimi) {
$site->fdat['nimi'] .= ' (nimi muudetud)';
}
}
$already = 0;
############ get all parent object: trail
$trail_objs = $leht->parents->list;
#oldfor ($y=-1;$y>-10;$y--){
$i = 0;
foreach ($trail_objs as $i => $myobj) {
# skip the first array element - itself
//END CONFIG AREA ----------------------------------------------------------
$access = "superadmin";
#superadmin or above can add new administrators
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_POST['Email'])) {
# if Email is set, check for valid data
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid", "error");
myRedirect($config->adminAdd);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Password must contain letters and numbers only.", "error");
myRedirect($config->adminAdd);
}
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$AdminPW = formReq('PWord1');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
# insert is done here
# feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
* @version 2.10 2012/02/28
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see feed_list.php
* @todo none
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to feed_list.php page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
#proper data must be on querystring
$myID = (int) $_GET['id'];
#Convert to integer, will equate to zero if fails
} else {
myRedirect(VIRTUAL_PATH . "feed/news_list.php");
}
/**
*
* INDIVIDUAL ITEMS FROM LIST PAGE
*
*/
//sql statement to select individual item
$sql = <<<QUERY
SELECT f.FeedName, f.FeedURL
FROM wn16_categoryfeedlink l
LEFT JOIN wn16_feed f
ON f.FeedID = l.FeedID
RIGHT JOIN wn16_newscategories c
ON c.CategoryID = l.CategoryID
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see demo_list_upload.php
* @see upload_form.php
* @see upload_execute.php
* @todo none
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to list page
if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring
$myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails
}else{
myRedirect(VIRTUAL_PATH . "demo/demo_list_upload.php");
}
# sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
$foundRecord = FALSE; # Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if(mysqli_num_rows($result) > 0)
{#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result))
{
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
spl_autoload_register('MyAutoLoader::NamespaceLoader');
$config->titleTag = smartTitle();
#Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php
$config->metaDescription = smartTitle() . ' - ' . $config->metaDescription;
//END CONFIG AREA ----------------------------------------------------------
# check variable of item passed in - if invalid data, forcibly redirect back to demo_list.php page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
#proper data must be on querystring
$myID = (int) $_GET['id'];
#Convert to integer, will equate to zero if fails
} else {
myRedirect(VIRTUAL_PATH . "surveys/index.php");
}
get_header();
#defaults to header_inc.php
?>
<h3 align="center">Survey View</h3>
<?php
$mySurvey = new SurveySez\Survey($myID);
//dumpDie($mySurvey);
if ($mySurvey->isValid) {
//if the survey exsits, show data
echo '<p>Survey Title:<b>' . $mySurvey->Title . '</b></p>';
$mySurvey->showQuestions();
} else {
//appologise
echo '<div>There appears to be no such survey</div>';
function insertExecute()
{
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Customer Added Successfully!", "notice");
} else {
//Problem! Provide feedback!
feedback("Customer NOT added!");
}
myRedirect(THIS_PAGE);
}
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see demo_list_meaningful.php
* @see upload_form.php
* @see upload_execute.php
* @todo align table name and/or item name changes with image name
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to list page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
#proper data must be on querystring
$myID = (int) $_GET['id'];
#Convert to integer, will equate to zero if fails
} else {
myRedirect(VIRTUAL_PATH . "demo/demo_list_meaningful.php");
}
# sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
$foundRecord = FALSE;
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result)) {
$MuffinName = dbOut($row['MuffinName']);
$Description = dbOut($row['Description']);
$Price = dbOut($row['Price']);
$MetaDescription = dbOut($row['MetaDescription']);
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see demo_list_curvy.php
* @see upload_form.php
* @see upload_execute.php
* @todo none
*/
# '../' works for a sub-folder. use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to list page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
#proper data must be on querystring
$myID = (int) $_GET['id'];
#Convert to integer, will equate to zero if fails
} else {
myRedirect(VIRTUAL_PATH . "demo/demo_list_curvy.php");
}
//sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
$foundRecord = FALSE;
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
#records exist - process
$foundRecord = TRUE;
while ($row = mysqli_fetch_assoc($result)) {
$MuffinName = dbOut($row['MuffinName']);
$Description = dbOut($row['Description']);
$Price = dbOut($row['Price']);
$MetaDescription = dbOut($row['MetaDescription']);
function updateExecute()
{
global $config;
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
myRedirect($config->adminReset);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
myRedirect(THIS_PAGE);
}
$myConn = conn('', FALSE);
$redirect = $config->adminReset;
# global var used for following formReq redirection on failure
$AdminID = formReq('AdminID');
# calls dbIn internally, to check form data
$AdminPW = formReq('PWord1');
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
get_header();
echo '
<div align="center"><h3>Reset Administrator Password</h3></div>
<div align="center"><a href="' . $config->adminReset . '">Reset More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
$config->titleTag = 'Log File Details';
#Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php
$config->metaRobots = 'no index, no follow';
#never index admin pages
//END CONFIG AREA ----------------------------------------------------------
$access = "admin";
#admins can edit themselves, developers can edit any - don't change this var or no one can edit their own data
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_GET['del'])) {
#prepare to delete log file
$myDelete = trim($_GET['del']);
unlink(LOG_PATH . $myDelete);
#deletes file
feedback("File '" . $myDelete . "' successfully deleted!");
myRedirect(ADMIN_PATH . 'admin_log_list.php');
#redirect back to list page with message
}
if (isset($_GET['f'])) {
#file info from qstring
$fileName = trim($_GET['f']);
$filePath = LOG_PATH . $_GET['f'];
} else {
$fileName = "No File Found";
}
$config->loadhead = '
<script language="JavaScript">
function confirmDelete()
{
var agree=confirm("Are you sure you wish to delete this log file?");
if(agree)
<?php
/**
* index.php is an ADMIN ONLY page for redirects!
*
* DO NOT place this folder in the root of your application space!
*
* DO place this in the ADMIN folder! (whatever you name it!!)
*
* @package nmCommon
* @author Blake Schwartz
* @version 2.09x 2015
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see config_inc.php
* @todo none
*/
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
$redirect_to_login = TRUE;
#if true, will redirect to admin login page, else redirect to main site index
# END CONFIG AREA ----------------------------------------------------------
if ($redirect_to_login) {
# redirect to current login page
myRedirect($config->adminLogin);
} else {
#redirect to main site index
myRedirect(VIRTUAL_PATH . "index.php");
}
/**
* handles POST data and formulates email response.
*
* @param string $skipFields comma separated string of POST elements to be skipped
* @param boolean $sendEmail indicates whether developer wants email sent or not
* @param string $fromAddress fallback 'noreply' address for domain hosting page
* @param string $toAddress address to receive email
* @param string $website name of website where form was filled out
* @param string $fromDomain name of website where form was filled out
* @return none
* @uses show_POST()
* @todo none
*/
function handle_POST($skipFields, $sendEmail, $toName, $fromAddress, $toAddress, $website, $fromDomain)
{
$aSkip = explode(",", $skipFields);
#split form elements to skip into array
$postData = show_POST($aSkip);
#loops through and creates select POST data for display/email
$fromAddress = "";
//default
if (is_email($_POST['Email'])) {
#Only use Email for return address if valid
$fromAddress = $_POST['Email'];
# extra email injector paranoia courtesy of DH: http://wiki.dreamhost.com/PHP_mail()#Mail_Header_Injection
$fromAddress = preg_replace("([\r\n])", "", $fromAddress);
}
if ($sendEmail) {
#create email
if (isset($_POST['Name'])) {
$Name = $_POST['Name'];
} else {
$Name = "";
}
#Name, if used part of subject
foreach ($_POST as $value) {
#Content-Type: is too similar to email injection to allow
$spaceless = str_replace(" ", "", $value);
#in case hacker is clever enough to remove spaces
if (stripos($spaceless, 'Content-Type:') !== FALSE) {
feedback("Incorrect form data. Email NOT sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
}
$Name = safe($Name);
#Name is part of Subject/header - filter code further for email injection
if ($Name != "") {
$SubjectName = " from: " . $Name . ",";
} else {
$SubjectName = "";
}
#Name, if used part of subject
$postData = str_replace("<br />", PHP_EOL . PHP_EOL, $postData);
#replace <br /> tags with double c/r
$Subject = $website . " message" . $SubjectName . " " . date('F j, Y g:i a');
$txt = $Subject . PHP_EOL . PHP_EOL . $postData;
email_handler($toAddress, $toName, $Subject, $txt, $fromAddress, $Name, $website, $fromDomain);
} else {
//print data only
print "Data printed only. Email <b>not</b> sent!<br />";
echo $postData;
#Shows select POST data
echo '<a href="' . THIS_PAGE . '">Reset Form</a><br />';
}
}
function updateExecute()
{
if (!is_numeric($_POST['CustomerID'])) {
//data must be alphanumeric only
feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$CustomerID = iformReq('CustomerID', $iConn);
//calls mysqli_real_escape() internally, to check form data
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation", "warning");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid", "warning");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Data Updated Successfully!", "success");
} else {
//Problem! Provide feedback!
feedback("Data NOT changed!", "warning");
}
myRedirect(THIS_PAGE);
}
$stmt = $db->prepare($sql);
$stmt->bindValue(1, $NumLogins, PDO::PARAM_INT);
$stmt->bindValue(2, $AdminID, PDO::PARAM_INT);
try {
$stmt->execute();
} catch (PDOException $ex) {
trigger_error($ex->getMessage(), E_USER_ERROR);
}
feedback("Login Successful!", "notice");
if (isset($_SESSION['red']) && $_SESSION['red'] != "") {
#check to see if we'll be redirecting to a requesting page
$red = $_SESSION['red'];
#redirect back to original page
$_SESSION['red'] == '';
#clear session var
myRedirect($red);
} else {
myRedirect($config->adminDashboard);
# successful login! Redirect to admin page
}
} else {
# failed login, redirect
feedback("Login and/or Password are incorrect.", "warning");
myRedirect($config->adminLogin);
}
unset($result, $db);
//clear resources
} else {
feedback("Required data not sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
function showName()
{
#form submits here we show entered name
get_header();
#defaults to footer_inc.php
if (!isset($_POST['YourName']) || $_POST['YourName'] == '') {
//data must be sent
feedback("No form data submitted");
#will feedback to submitting page via session variable
myRedirect(THIS_PAGE);
}
if (!ctype_alnum($_POST['YourName'])) {
//data must be alphanumeric only
feedback("Only letters and numbers are allowed. Please re-enter your name.");
#will feedback to submitting page via session variable
myRedirect(THIS_PAGE);
}
$myName = strip_tags($_POST['YourName']);
# here's where we can strip out unwanted data
echo '<h3 align="center">' . smartTitle() . '</h3>';
echo '<p align="center">Your name is <b>' . $myName . '</b>!</p>';
echo '<p align="center"><a href="' . THIS_PAGE . '">RESET</a></p>';
get_footer();
#defaults to footer_inc.php
}
$_SESSION['red'] = $myProtocol . $_SERVER['HTTP_HOST'] . $myURL;
feedback("Your session has timed out. Please login.");
myRedirect($config->adminLogin);
} else {
if (!isset($access) || $access == "") {
$access = "admin";
}
//empty becomes admin
$access = strtolower($access);
//in case of typo
switch ($access) {
case "admin":
break;
case "superadmin":
# not developer/superadmin, back to admin page
if ($_SESSION['Privilege'] != "developer" && $_SESSION['Privilege'] != "superadmin") {
feedback("Your admin privileges do not allow access to the previous page.");
myRedirect($config->adminDashboard);
}
break;
case "developer":
//highest level. all access!
# not developer to admin page
if ($_SESSION['Privilege'] != "developer") {
feedback("Your admin privileges do not allow access to the previous page.");
myRedirect($config->adminDashboard);
}
break;
break;
}
}
