/** * confirm user access admin area with login token * if not redirect to login.php */ public function confirm_logged_in() { if (!$this->logged_in()) { $this->session_array['admin_id'] = null; utility::redirect_to("login.php"); } if ($this->session_timeout()) { $this->session_array['admin_id'] = null; utility::redirect_to("logout.php"); } }
//Include necessary files include_once '../includes/core/init.inc.php'; $my_session->confirm_logged_in(); ?> <?php utility::find_selected_content(); ?> <?php if (!$current_page) { // subject ID was missing or invlid or // subject couldn't be found in database utility::redirect_to("manage_content.php"); } ?> <?php $_POST["home_display"] = isset($_POST["home_display"]) ? $_POST["home_display"] : null; $_POST["archive_display"] = isset($_POST["archive_display"]) ? $_POST["archive_display"] : null; $_POST["description"] = isset($_POST["description"]) ? $_POST["description"] : null; ?> <?php page::edit_page($current_page["id"]); ?> <?php
/** * delete admin from form, display result * @param string $admin_id */ public static function delete_admin($admin_id) { global $dbo; $id = $admin_id; $query = "DELETE FROM admins WHERE id = {$id} LIMIT 1"; $result = $dbo->query($query); $dbo->confirm_query($result); if ($result && $dbo->affected_rows($result) == 1) { // Success $_SESSION["message"] = "Admin deletion succeed."; utility::redirect_to("manage_admins.php"); } else { // Failure $_SESSION["message"] = "Admin deletion failed."; utility::redirect_to("manage_admins.php?page={$id}"); } }
/** * delete page according page id * @param string $page_id * update session message */ public static function delete_page($page_id) { global $dbo; global $current_page; $id = $page_id; // delete comment belong to this page first. if (comment::delete_comments_for_page($page_id)) { $query = "DELETE FROM pages WHERE id = {$id} LIMIT 1"; $result = $dbo->query($query); $dbo->confirm_query($result); if ($result && $dbo->affected_rows($result) == 1) { // Success $_SESSION["message"] = "Page deletion succeed."; utility::redirect_to("manage_content.php?subject={$current_page["subject_id"]}"); } else { // Failure $_SESSION["message"] = "Page deletion failed."; utility::redirect_to("manage_content.php?page={$id}"); } } }
/* * Include necessary files */ include_once '../includes/core/init.inc.php'; ?> <?php // v1. simple logout // session_start(); //$current_session = $my_session->return_session_data(); //$my_session->return_session_date('admin_id') = null; //$my_session->return_session_date('username') = null; $_SESSION["admin_id"] = null; $my_session->logout(); // $current_session["username"] = null; utility::redirect_to("login.php"); ?> <?php // v2. destroy session // assumes nothing else in session to keep // session_start(); // $_SESSION = array(); // if(isset($_COOKIE[session_name()])) // reset cookie // { // setcookie(session_name(), '', time()-42000, '/'); // } // session_destroy(); // destroy session file on the server // redirect_to("login.php"); ob_end_flush();
include_once '../includes/core/init.inc.php'; ?> <?php $layout_context = "public"; include "../includes/layouts/header.php"; ?> <?php if (isset($_GET['admin'])) { $id = $_GET['admin']; if ($id == admin::$super_user) { session::clear_log_file(); } else { $_SESSION['message'] = "Only SUPERUSER has privilege to clear logs"; utility::redirect_to("access_logs.php"); } } ?> <div id="content-wrap"> <div id = "sidebar"> <?php echo "<strong>" . $_SESSION["username"] . "</strong>" . " is loged in"; echo " "; echo " "; echo " "; echo " "; echo "<a href=logout.php>Log out</a>"; echo "<br />"; echo "<br />";
include_once '../includes/core/init.inc.php'; $my_session->confirm_logged_in(); ?> <?php $current_admin = admin::find_admin_by_id($_GET["admin"]); ?> <?php $key = "admin_id"; if ($my_session->return_session_data($key) == admin::$super_user || $current_admin["id"] == $my_session->return_session_data($key)) { admin::update_admin($current_admin["id"]); } else { $_SESSION["message"] = "ONLY SUPER USER CAN EDIT OTHER USER'S INFORMATION!"; utility::redirect_to("manage_admins.php"); } ?> <?php admin::update_admin($current_admin["id"]); ?> <?php $layout_context = "admin"; ?> <?php include "../includes/layouts/header.php"; ?>
/** * delete a subject according user submit * @param string $subject_id get from user click delete link */ public static function delete_subject($subject_id) { global $dbo; $page_set = page::find_pages_for_subject($subject_id, false); if ($dbo->count_number_rows($page_set) > 0) { // can't delete subject with pages $_SESSION["message"] = "can't delete subject with pages."; utility::redirect_to("manage_content.php?shubject={$current_subject["id"]}"); // redirect have exit() affect, will not excuate below code } $id = $subject_id; $query = "DELETE FROM subjects WHERE id = {$id} LIMIT 1"; $result = $dbo->query($query); if (isset($result) && $dbo->affected_rows($result) == 1) { // Success $_SESSION["message"] = "Subject deletion succeed."; utility::redirect_to("manage_content.php"); } else { // Failure $_SESSION["message"] = "Subject deletion failed."; utility::redirect_to("manage_content.php?shubject={$id}"); } }