function checkUsrPwd($message)
{
if (isset($_POST['submit'])) {
$username = trim(mysqlPrep($_POST['username']));
$password = trim(mysqlPrep($_POST['password']));
$hash_password = md5($password);
$query = "SELECT username FROM TeamtwisterUsers WHERE username = '******' AND hash_password = '******' LIMIT 1";
$chk = mysql_query($query);
confirmQuery($chk);
$ary = mysql_fetch_array($chk);
$num = mysql_num_rows($chk);
if ($num == 1) {
$_SESSION['username'] = $ary['username'];
//this helps to check whether the user has successfully logged in
$message = "";
return $message;
} else {
$message = "Username or Password Incorrect. Please try again";
return $message;
}
} else {
$message = "";
return $message;
}
}
$username = $_POST['username'];
$user_password = $_POST['userpassword'];
$user_firstname = $_POST['user_firstname'];
$user_lastname = $_POST['user_lastname'];
$user_email = $_POST['user_email'];
$user_role = $_POST['user_role'];
$query = "UPDATE users SET ";
$query .= "user_firstname = '{$user_firstname}', ";
$query .= "user_lastname = '{$user_lastname}', ";
$query .= "user_role = '{$user_role}', ";
$query .= "username = '******', ";
$query .= "user_email = '{$user_email}', ";
$query .= "userpassword = '******' ";
$query .= "WHERE username = '******' ";
$edit_user_query = mysqli_query($connection, $query);
confirmQuery($edit_user_query);
}
?>
<div id="wrapper">
<!-- Navigation -->
<?php
include "includes/navigation.php";
?>
<div id="page-wrapper">
<div class="container-fluid">
<?php
if (isset($_GET['approve'])) {
$the_comment_id = $_GET['approve'];
$query = "UPDATE comments SET comment_status = 'approve' WHERE comment_id = {$the_comment_id}";
$approve_comment_query = mysqli_query($connection, $query);
confirmQuery($approve_comment_query);
header("Location: comments.php");
}
if (isset($_GET['unapprove'])) {
$the_comment_id = $_GET['unapprove'];
$query = "UPDATE comments SET comment_status = 'unapprove' WHERE comment_id = {$the_comment_id}";
$unapprove_comment_query = mysqli_query($connection, $query);
confirmQuery($unapprove_comment_query);
header("Location: comments.php");
}
if (isset($_GET['delete'])) {
$the_comment_id = $_GET['delete'];
$query = "DELETE FROM comments WHERE comment_id = {$the_comment_id}";
$delete_query = mysqli_query($connection, $query);
confirmQuery($delete_query);
header("Location: comments.php");
}
?>
</tbody>
</table>
<?php
if (isset($_POST['create_user'])) {
$user_firstname = escape($_POST['user_firstname']);
$user_lastname = escape($_POST['user_lastname']);
$user_role = escape($_POST['user_role']);
$username = escape($_POST['username']);
$user_email = escape($_POST['user_email']);
$user_password = escape($_POST['user_password']);
$user_password = password_hash($user_password, PASSWORD_BCRYPT, array('cost' => 10));
$query = "INSERT INTO users(user_firstname, user_lastname, user_role,username,user_email,user_password) ";
$query .= "VALUES('{$user_firstname}','{$user_lastname}','{$user_role}','{$username}','{$user_email}', '{$user_password}') ";
$create_user_query = mysqli_query($connection, $query);
confirmQuery($create_user_query);
echo "User Created: " . " " . "<a href='users.php'>View Users</a> ";
}
?>
<form action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="title">Firstname</label>
<input type="text" class="form-control" name="user_firstname">
</div>
<div class="form-group">
<form action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="title">Post Title</label>
<input value="<?php
echo $post_title;
?>
" type="text" class="form-control" name="title">
</div>
<div class="form-group">
<select name="post_category_id" id="">
<?php
$query = "SELECT * FROM categories";
$select_categories = mysqli_query($connection, $query);
confirmQuery($select_categories);
while ($row = mysqli_fetch_assoc($select_categories)) {
$the_cat_id = $row['cat_id'];
$the_cat_title = $row['cat_title'];
echo "<option value='{$the_cat_id}'>{$the_cat_title}</option>";
}
?>
</select>
</div>
<div class="form-group">
<label for="title">Post Author</label>
<input value="<?php
echo $post_author;
?>
</div>
<div class="form-group">
<label for="users">Users</label>
<select name="post_user" id="">
<?php
echo "<option value='{$post_user}'>{$post_user}</option>";
?>
<?php
$users_query = "SELECT * FROM users";
$select_users = mysqli_query($connection, $users_query);
confirmQuery($select_users);
while ($row = mysqli_fetch_assoc($select_users)) {
$user_id = $row['user_id'];
$username = $row['username'];
echo "<option value='{$username}'>{$username}</option>";
}
?>
</select>
</div>
<!-- <div class="form-group">
$bulk_options = $_POST['bulk_options'];
switch ($bulk_options) {
case 'approved':
$query = "UPDATE comments SET comment_status = '{$bulk_options}' WHERE comment_id = {$commentValueId} ";
$update_to_approved_status = mysqli_query($connection, $query);
confirmQuery($update_to_approved_status);
break;
case 'unapproved':
$query = "UPDATE comments SET comment_status = '{$bulk_options}' WHERE comment_id = {$commentValueId} ";
$update_to_unapproved_status = mysqli_query($connection, $query);
confirmQuery($update_to_unapproved_status);
break;
case 'delete':
$query = "DELETE FROM comments WHERE comment_id = {$commentValueId} ";
$update_to_delete = mysqli_query($connection, $query);
confirmQuery($update_to_delete);
break;
}
}
}
?>
<form action="" method='post'>
<table class="table table-bordered table-hover">
<div id="bulkOptionContainer" class="col-xs-4">
<select class="form-control" name="bulk_options" id="">
function changeSub()
{
global $connection;
if (isset($_GET['change_to_sub'])) {
$the_user_id = $_GET['change_to_sub'];
$query = "UPDATE users SET user_role = 'subscriber' where user_id = {$the_user_id} ";
$change_sub_query = mysqli_query($connection, $query);
confirmQuery($change_sub_query);
header("Location: users.php");
}
}
$bulk_options = $_POST['bulk_options'];
switch ($bulk_options) {
case 'published':
$query = "UPDATE posts SET post_status = '{$bulk_options}' WHERE post_id = {$postValueId} ";
$update_to_published_status = mysqli_query($connection, $query);
confirmQuery($update_to_published_status);
break;
case 'draft':
$query = "UPDATE posts SET post_status = '{$bulk_options}' WHERE post_id = {$postValueId} ";
$update_to_draft_status = mysqli_query($connection, $query);
confirmQuery($update_to_draft_status);
break;
case 'delete':
$query = "DELETE FROM posts WHERE post_id = {$postValueId} ";
$update_to_delete_status = mysqli_query($connection, $query);
confirmQuery($update_to_delete_status);
break;
case 'clone':
$query = "SELECT * FROM posts WHERE post_id = '{$postValueId}' ";
$select_post_query = mysqli_query($connection, $query);
while ($row = mysqli_fetch_array($select_post_query)) {
$post_title = $row['post_title'];
$post_category_id = $row['post_category_id'];
$post_date = $row['post_date'];
$post_author = $row['post_author'];
$post_status = $row['post_status'];
$post_image = $row['post_image'];
$post_tags = $row['post_tags'];
$post_content = $row['post_content'];
}
$query = "INSERT INTO posts(post_category_id, post_title, post_author, post_date,post_image,post_content,post_tags,post_status) ";
<?php
if (isset($_POST['update_user'])) {
$username = $_POST['username'];
$user_email = $_POST['user_email'];
$user_firstname = $_POST['user_firstname'];
$user_lastname = $_POST['user_lastname'];
$user_role = $_POST['user_role'];
$query = "UPDATE users SET ";
$query .= "username = '******', ";
$query .= "user_firstname = '{$user_firstname}', ";
$query .= "user_lastname = '{$user_lastname}', ";
$query .= "user_email = '{$user_email}', ";
$query .= "user_role = '{$user_role}' ";
$query .= "WHERE user_id = {$user_id} ";
$update_user_query = mysqli_query($connection, $query);
confirmQuery($update_user_query);
header("Location: ./index.php");
}
?>
</div>
</div>
<!-- /.row -->
</div>
<!-- /.container-fluid -->
</div>
<!-- /#page-wrapper -->
if (isset($_POST['create_user'])) {
$username = $_POST['username'];
$user_firstname = $_POST['user_firstname'];
$user_lastname = $_POST['user_lastname'];
$user_password = $_POST['user_password'];
$user_email = $_POST['user_email'];
//$post_date = date("d-m-y");
$user_role = $_POST['user_role'];
// $post_image = $_FILES['post_image']['name'];
// $post_image_temp = $_FILES['post_image']['tmp_name'];
// move_uploaded_file($post_image_temp, "../images/$post_image");
$query = "INSERT INTO users(username, user_firstname, user_lastname, user_password, user_email,\n user_role) ";
$query .= "VALUES('{$username}', '{$user_firstname}', '{$user_lastname}', '{$user_password}',\n '{$user_email}', '{$user_role}')";
$insert_user_query = mysqli_query($connection, $query);
confirmQuery($insert_user_query);
echo "User Created: " . "<a href='users.php'>View Users</a>";
}
?>
<form class="" action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="author">First name</label>
<input class="form-control" type="text" name="user_firstname">
</div>
<div class="form-group">
<label for="post_status">Last name</label>
<input class="form-control" type="text" name="user_lastname">
</div>
<hr>
<!-- Posted Comments -->
<?php
$query = "SELECT * FROM comments WHERE comment_post_id = {$the_post_id} ";
$query .= "AND comment_status = 'approved' ";
$query .= "ORDER BY comment_id DESC ";
$select_comment_query = mysqli_query($connection, $query);
confirmQuery($select_comment_query);
while ($row = mysqli_fetch_array($select_comment_query)) {
$comment_date = $row['comment_date'];
$comment_content = $row['comment_content'];
$comment_author = $row['comment_author'];
?>
<!-- Comment -->
<div class="media">
<a class="pull-left" href="#">
<img class="media-object" src="http://placehold.it/64x64" alt="">
</a>
<div class="media-body">
<h4 class="media-heading"><?php
echo $comment_author;
<th>Edit</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
//$query = "SELECT * FROM posts ORDER BY post_id DESC";
$query = "SELECT posts.post_id, posts.post_user, posts.post_title, posts.post_category_id, posts.post_status, posts.post_image, posts.post_tags, posts.post_comment_count, posts.post_date, ";
$query .= "categories.cat_id, categories.cat_title ";
$query .= " FROM posts ";
$query .= " LEFT JOIN categories ON posts.post_category_id = categories.cat_id ORDER BY posts.post_id DESC";
$select_posts = mysqli_query($connection, $query);
confirmQuery($select_posts);
while ($row = mysqli_fetch_assoc($select_posts)) {
$post_id = $row['post_id'];
$post_user = $row['post_user'];
$post_title = $row['post_title'];
$post_category_id = $row['post_category_id'];
$post_status = $row['post_status'];
$post_image = $row['post_image'];
$post_tags = $row['post_tags'];
$post_comment_count = $row['post_comment_count'];
$post_date = $row['post_date'];
$category_id = $row['cat_id'];
$category_title = $row['cat_title'];
echo "<tr>";
?>
}
?>
" type="text" class="form-control" name="cat_title">
<?php
}
}
?>
<?php
if (isset($_POST['update_category'])) {
$the_cat_title = $_POST['cat_title'];
$query = "UPDATE categories SET cat_title = '{$the_cat_title}' WHERE cat_id = {$cat_id} ";
$update_query = mysqli_query($connection, $query);
confirmQuery($update_query);
}
?>
</div>
<div class="form-group">
<input class="btn btn-primary" type="submit" name="update_category" value="Update Category">
</div>
</form>
