if ($_REQUEST['edit_password'] == $_REQUEST['edit_password_confirm']) {
$password = $_REQUEST['edit_password'];
$id = $_REQUEST['id'];
$q_update = "UPDATE {$table_admins} SET password = '******' WHERE username = '******'identity'] . "'";
if (mysql_query($q_update)) {
print '<i>>>> Password updated.</i><br />';
} else {
print '<i>>>> An error has occured: ' . mysql_error() . '<br />
Password was not updated. Please go back and try again.</i><br />';
}
} else {
print '<i>>>> Passwords did not match. Please go back and try again.</i><br />';
}
}
$id = $_REQUEST['id'];
$q_update2 = "UPDATE {$table_admins} SET email = '" . text_in($_REQUEST['edit_email']) . "',\n\t\t\t\t\t\tinfo = '" . to_html($_REQUEST['edit_info']) . "',\n\t\t\t\t\t\ttimezone = '" . text_in($_REQUEST['edit_timezone']) . "'\n\t\t\t\t\t\tWHERE username = '******'identity'] . "'";
if (mysql_query($q_update2)) {
print '<i>>>> Profile updated.
<blockquote><a href="index.php">Go to Main</a></blockquote></i>';
} else {
print '<i>>>> An error has occured: ' . mysql_error() . '<br />
Please go back and try again.</i>';
}
print $footer;
exit;
}
function rank($rank)
{
if ($rank == 0) {
$output = "Founder";
} elseif ($rank == 10) {
print $footer;
} else {
print $header;
print '<i>>>> You did not fill in the "Text" field (the main body of the post). You must enter text into said field.</i><br />
<i>>>> Go back to the main textual content management area?</i><br />
<blockquote><i><a href="text.php">Yes</a> / <a href="index.php">No, return to main</a></i></blockquote>';
print $footer;
}
exit;
}
if (isset($_REQUEST['adding_article'])) {
if (!empty($_REQUEST['article_text'])) {
$article_author = $_SESSION['identity'];
$article_title = text_in($_REQUEST['article_title']);
$article_text = to_html($_REQUEST['article_text']);
$article_category = text_in($_REQUEST['article_category']);
if (isset($_REQUEST['open'])) {
$open = 1;
} else {
$open = 0;
}
if (isset($_REQUEST['id'])) {
$insert = "UPDATE {$table_articles} SET title = '{$article_title}', body = '{$article_text}', category = '{$article_category}', open = {$open} WHERE id = '{$id}'";
} else {
$insert = "INSERT INTO {$table_articles} VALUES('','{$article_author}','{$article_title}','{$article_text}','{$article_category}',NOW(),{$open})";
}
print $header;
if (mysql_query($insert)) {
print "<i>>>> Article successfully stored</i>";
} else {
print "<i>>>> Article <b>failed</b> with the following error: " . mysql_error() . "</i>";
}
exit;
}
if (isset($_REQUEST['remove'])) {
$q_blog = mysql_query("SELECT blog FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'");
while ($blog = mysql_fetch_object($q_blog)) {
print $header;
print '<center>Are you sure you wish to remove the blog "' . text_out($blog->blog) . '"?<br />
<b><a href="permissions.php?removing=1&id=' . $_REQUEST['id'] . '">Yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">No</a></b></center>';
print $footer;
}
exit;
}
if (isset($_REQUEST['removing'])) {
$q_remove_blog = "DELETE FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'";
$q_remove_content = "DELETE FROM {$table_blogs} WHERE blog_name = '" . text_in($_REQUEST['blog']) . "'";
print $header;
if (mysql_query($q_remove_blog)) {
print '<i>>>> Blog removed</i><br />';
} else {
print '<i>>>> <b>Error:</b></i><br />' . mysql_error();
}
if (mysql_query($q_remove_content)) {
print '<i>>>> Blog content removed</i><br />';
} else {
print '<i>>>> <b>Error:</b></i><br />' . mysql_error();
}
print $footer;
exit;
}
print $header;
</table>';
}
print $footer;
} else {
print $header;
print '<i>>>> Invalid ID</i>';
print $footer;
}
exit;
}
if (isset($_REQUEST['updating'])) {
if (isset($_REQUEST['id'])) {
}
$id = $_REQUEST['id'];
$category = text_in($_REQUEST['category']);
$description = text_in($_REQUEST['description']);
if (isset($_REQUEST['public'])) {
$public = 1;
} else {
$public = 0;
}
$q_update = "UPDATE {$table_uploads} SET category = '{$category}', public = {$public}, description = '{$description}' WHERE id = '{$id}'";
print $header;
if (mysql_query($q_update)) {
print '<i>>>> File details have been updated<br />
<blockquote><a href="index.php">Return to main</a> / <a href="uploads.php?browse=1">Continue browsing</a></blockquote></i>';
} else {
print '<i>>>> <b>An error occured</b>. The file details were not update</i>';
}
print $footer;
exit;
<?php
$admin_area = TRUE;
$dir_path = "../";
require $dir_path . "config.php";
require $dir_path . "functions/db.php";
require $dir_path . "functions/authentication.php";
require $dir_path . "functions/textparse.php";
require $dir_path . "functions/render.php";
if (isset($_REQUEST['adding'])) {
print $header;
$name = text_in($_REQUEST['link_name']);
$url = text_in($_REQUEST['link_url']);
$category = $_REQUEST['link_category'];
$query = "INSERT INTO {$table_links} VALUES ('' , '{$name}' , '{$url}' , '{$category}', '" . $_SESSION['identity'] . "')";
print "Link creation " . insert_db($query) . "<br />";
print $footer;
exit;
}
if (isset($_REQUEST['add'])) {
$categories = render_categories_menu("category", NULL, $_SESSION['identity']);
print $header;
print '<form name="form1" method="post" action="links.php?adding=1">
<div class="title">Adding a link</div><br />
<table>
<tr>
<td>Category:</td>
<td><select name="link_category" class="tbox">
' . $categories . '
</td>
<tr>
if ($_REQUEST['edit_password'] == $_REQUEST['edit_password_confirm']) {
$password = $_REQUEST['edit_password'];
$id = $_REQUEST['id'];
$q_update = "UPDATE {$table_admins} SET password = '******' WHERE id = '{$id}'";
if (mysql_query($q_update)) {
print '<i>>>> Password updated.</i><br />';
} else {
print '<i>>>> An error has occured: ' . mysql_error() . '<br />
Password was not updated. Please go back and try again.</i><br />';
}
} else {
print '<i>>>> Passwords did not match. Please go back and try again.</i><br />';
}
}
$id = $_REQUEST['id'];
$q_update2 = "UPDATE {$table_admins} SET rank = '" . $_REQUEST['edit_rank'] . "',\n\t\t\t\t\t\ttimezone = '" . text_in($_REQUEST['edit_timezone']) . "',\n\t\t\t\t\t\temail = '" . text_in($_REQUEST['edit_email']) . "',\n\t\t\t\t\t\tinfo = '" . to_html($_REQUEST['edit_info']) . "' WHERE id = '{$id}'";
if (mysql_query($q_update2)) {
print '<i>>>> Profile updated.</i>';
} else {
print '<i>>>> An error has occured: ' . mysql_error() . '<br />
Please go back and try again.</i>';
}
print $footer;
exit;
}
if (isset($_REQUEST['remove_user'])) {
checkrank(10);
if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id'];
$q_user = mysql_query("SELECT id, real_name, username, rank FROM {$table_admins} WHERE id = {$id}");
while ($user = mysql_fetch_object($q_user)) {
$query = "DELETE FROM {$table_comments} WHERE id='{$id}' AND type = '{$type}' LIMIT 1";
if (!mysql_query($query)) {
exit(mysql_error());
}
header("Location:" . $_SERVER['HTTP_REFERER']);
exit;
}
}
}
}
if (isset($_REQUEST['commenting'])) {
if (isset($_REQUEST['id']) && isset($_REQUEST['type']) && !empty($_REQUEST['comment'])) {
$p_id = $_REQUEST['id'];
$author = text_in($_REQUEST['name']);
$email = text_in($_REQUEST['url']);
$comment = substr(urlify(text_in($_REQUEST['comment'])), 0, 1000);
$type = $_REQUEST['type'];
$ip = $_SERVER['REMOTE_ADDR'];
$mask = gethostbyaddr($ip);
if (empty($author)) {
$author = "anonymous";
}
if (empty($email)) {
$email = "no email";
}
insert_db("INSERT INTO {$table_comments} VALUES ('', '{$author}', '{$email}', '{$comment}', NOW() , '{$p_id}', '{$type}' , '{$ip}' , '{$mask}')");
header("Location:" . $_SERVER['HTTP_REFERER']);
} else {
header("Location:" . $_SERVER['HTTP_REFERER']);
}
exit;
<b><a href="category.php?type=category&deleting=1&category=' . text_out($_REQUEST['category']) . '">yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">no</a></b></div><br />' . $footer;
}
}
if (mysql_num_rows($q_category) == 0) {
print $header . '<i>>>> No such category</i><br />' . $footer;
}
}
if (isset($_REQUEST['deleting'])) {
$username = $_SESSION['identity'];
$category = $_REQUEST['category'];
$q_category = "DELETE FROM {$table_category} WHERE owner = '{$username}' AND category = '{$category}'";
print $header;
if (mysql_query($q_category)) {
print '<i>>>> Category removed</i><br />';
} else {
print '<i>>>> Category wasn\'t removed. An error occured: ' . mysql_error() . '</i><br />';
}
if (isset($_REQUEST['content'])) {
print remove_user_content($_SESSION['identity'], text_in($category));
}
print $footer;
}
exit;
}
print $header;
print '<div class="title">Editing your categories</div>
<ul>
<li><a href="category.php?type=category&add=1">Add a category</a></li>
<li><a href="category.php?type=category&remove=1">Remove a category</a></li>
</ul>';
print $footer;
