if ($_REQUEST['edit_password'] == $_REQUEST['edit_password_confirm']) { $password = $_REQUEST['edit_password']; $id = $_REQUEST['id']; $q_update = "UPDATE {$table_admins} SET password = '******' WHERE username = '******'identity'] . "'"; if (mysql_query($q_update)) { print '<i>>>> Password updated.</i><br />'; } else { print '<i>>>> An error has occured: ' . mysql_error() . '<br /> Password was not updated. Please go back and try again.</i><br />'; } } else { print '<i>>>> Passwords did not match. Please go back and try again.</i><br />'; } } $id = $_REQUEST['id']; $q_update2 = "UPDATE {$table_admins} SET email = '" . text_in($_REQUEST['edit_email']) . "',\n\t\t\t\t\t\tinfo = '" . to_html($_REQUEST['edit_info']) . "',\n\t\t\t\t\t\ttimezone = '" . text_in($_REQUEST['edit_timezone']) . "'\n\t\t\t\t\t\tWHERE username = '******'identity'] . "'"; if (mysql_query($q_update2)) { print '<i>>>> Profile updated. <blockquote><a href="index.php">Go to Main</a></blockquote></i>'; } else { print '<i>>>> An error has occured: ' . mysql_error() . '<br /> Please go back and try again.</i>'; } print $footer; exit; } function rank($rank) { if ($rank == 0) { $output = "Founder"; } elseif ($rank == 10) {
print $footer; } else { print $header; print '<i>>>> You did not fill in the "Text" field (the main body of the post). You must enter text into said field.</i><br /> <i>>>> Go back to the main textual content management area?</i><br /> <blockquote><i><a href="text.php">Yes</a> / <a href="index.php">No, return to main</a></i></blockquote>'; print $footer; } exit; } if (isset($_REQUEST['adding_article'])) { if (!empty($_REQUEST['article_text'])) { $article_author = $_SESSION['identity']; $article_title = text_in($_REQUEST['article_title']); $article_text = to_html($_REQUEST['article_text']); $article_category = text_in($_REQUEST['article_category']); if (isset($_REQUEST['open'])) { $open = 1; } else { $open = 0; } if (isset($_REQUEST['id'])) { $insert = "UPDATE {$table_articles} SET title = '{$article_title}', body = '{$article_text}', category = '{$article_category}', open = {$open} WHERE id = '{$id}'"; } else { $insert = "INSERT INTO {$table_articles} VALUES('','{$article_author}','{$article_title}','{$article_text}','{$article_category}',NOW(),{$open})"; } print $header; if (mysql_query($insert)) { print "<i>>>> Article successfully stored</i>"; } else { print "<i>>>> Article <b>failed</b> with the following error: " . mysql_error() . "</i>";
} exit; } if (isset($_REQUEST['remove'])) { $q_blog = mysql_query("SELECT blog FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'"); while ($blog = mysql_fetch_object($q_blog)) { print $header; print '<center>Are you sure you wish to remove the blog "' . text_out($blog->blog) . '"?<br /> <b><a href="permissions.php?removing=1&id=' . $_REQUEST['id'] . '">Yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">No</a></b></center>'; print $footer; } exit; } if (isset($_REQUEST['removing'])) { $q_remove_blog = "DELETE FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'"; $q_remove_content = "DELETE FROM {$table_blogs} WHERE blog_name = '" . text_in($_REQUEST['blog']) . "'"; print $header; if (mysql_query($q_remove_blog)) { print '<i>>>> Blog removed</i><br />'; } else { print '<i>>>> <b>Error:</b></i><br />' . mysql_error(); } if (mysql_query($q_remove_content)) { print '<i>>>> Blog content removed</i><br />'; } else { print '<i>>>> <b>Error:</b></i><br />' . mysql_error(); } print $footer; exit; } print $header;
</table>'; } print $footer; } else { print $header; print '<i>>>> Invalid ID</i>'; print $footer; } exit; } if (isset($_REQUEST['updating'])) { if (isset($_REQUEST['id'])) { } $id = $_REQUEST['id']; $category = text_in($_REQUEST['category']); $description = text_in($_REQUEST['description']); if (isset($_REQUEST['public'])) { $public = 1; } else { $public = 0; } $q_update = "UPDATE {$table_uploads} SET category = '{$category}', public = {$public}, description = '{$description}' WHERE id = '{$id}'"; print $header; if (mysql_query($q_update)) { print '<i>>>> File details have been updated<br /> <blockquote><a href="index.php">Return to main</a> / <a href="uploads.php?browse=1">Continue browsing</a></blockquote></i>'; } else { print '<i>>>> <b>An error occured</b>. The file details were not update</i>'; } print $footer; exit;
<?php $admin_area = TRUE; $dir_path = "../"; require $dir_path . "config.php"; require $dir_path . "functions/db.php"; require $dir_path . "functions/authentication.php"; require $dir_path . "functions/textparse.php"; require $dir_path . "functions/render.php"; if (isset($_REQUEST['adding'])) { print $header; $name = text_in($_REQUEST['link_name']); $url = text_in($_REQUEST['link_url']); $category = $_REQUEST['link_category']; $query = "INSERT INTO {$table_links} VALUES ('' , '{$name}' , '{$url}' , '{$category}', '" . $_SESSION['identity'] . "')"; print "Link creation " . insert_db($query) . "<br />"; print $footer; exit; } if (isset($_REQUEST['add'])) { $categories = render_categories_menu("category", NULL, $_SESSION['identity']); print $header; print '<form name="form1" method="post" action="links.php?adding=1"> <div class="title">Adding a link</div><br /> <table> <tr> <td>Category:</td> <td><select name="link_category" class="tbox"> ' . $categories . ' </td> <tr>
if ($_REQUEST['edit_password'] == $_REQUEST['edit_password_confirm']) { $password = $_REQUEST['edit_password']; $id = $_REQUEST['id']; $q_update = "UPDATE {$table_admins} SET password = '******' WHERE id = '{$id}'"; if (mysql_query($q_update)) { print '<i>>>> Password updated.</i><br />'; } else { print '<i>>>> An error has occured: ' . mysql_error() . '<br /> Password was not updated. Please go back and try again.</i><br />'; } } else { print '<i>>>> Passwords did not match. Please go back and try again.</i><br />'; } } $id = $_REQUEST['id']; $q_update2 = "UPDATE {$table_admins} SET rank = '" . $_REQUEST['edit_rank'] . "',\n\t\t\t\t\t\ttimezone = '" . text_in($_REQUEST['edit_timezone']) . "',\n\t\t\t\t\t\temail = '" . text_in($_REQUEST['edit_email']) . "',\n\t\t\t\t\t\tinfo = '" . to_html($_REQUEST['edit_info']) . "' WHERE id = '{$id}'"; if (mysql_query($q_update2)) { print '<i>>>> Profile updated.</i>'; } else { print '<i>>>> An error has occured: ' . mysql_error() . '<br /> Please go back and try again.</i>'; } print $footer; exit; } if (isset($_REQUEST['remove_user'])) { checkrank(10); if (isset($_REQUEST['id'])) { $id = $_REQUEST['id']; $q_user = mysql_query("SELECT id, real_name, username, rank FROM {$table_admins} WHERE id = {$id}"); while ($user = mysql_fetch_object($q_user)) {
$query = "DELETE FROM {$table_comments} WHERE id='{$id}' AND type = '{$type}' LIMIT 1"; if (!mysql_query($query)) { exit(mysql_error()); } header("Location:" . $_SERVER['HTTP_REFERER']); exit; } } } } if (isset($_REQUEST['commenting'])) { if (isset($_REQUEST['id']) && isset($_REQUEST['type']) && !empty($_REQUEST['comment'])) { $p_id = $_REQUEST['id']; $author = text_in($_REQUEST['name']); $email = text_in($_REQUEST['url']); $comment = substr(urlify(text_in($_REQUEST['comment'])), 0, 1000); $type = $_REQUEST['type']; $ip = $_SERVER['REMOTE_ADDR']; $mask = gethostbyaddr($ip); if (empty($author)) { $author = "anonymous"; } if (empty($email)) { $email = "no email"; } insert_db("INSERT INTO {$table_comments} VALUES ('', '{$author}', '{$email}', '{$comment}', NOW() , '{$p_id}', '{$type}' , '{$ip}' , '{$mask}')"); header("Location:" . $_SERVER['HTTP_REFERER']); } else { header("Location:" . $_SERVER['HTTP_REFERER']); } exit;
<b><a href="category.php?type=category&deleting=1&category=' . text_out($_REQUEST['category']) . '">yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">no</a></b></div><br />' . $footer; } } if (mysql_num_rows($q_category) == 0) { print $header . '<i>>>> No such category</i><br />' . $footer; } } if (isset($_REQUEST['deleting'])) { $username = $_SESSION['identity']; $category = $_REQUEST['category']; $q_category = "DELETE FROM {$table_category} WHERE owner = '{$username}' AND category = '{$category}'"; print $header; if (mysql_query($q_category)) { print '<i>>>> Category removed</i><br />'; } else { print '<i>>>> Category wasn\'t removed. An error occured: ' . mysql_error() . '</i><br />'; } if (isset($_REQUEST['content'])) { print remove_user_content($_SESSION['identity'], text_in($category)); } print $footer; } exit; } print $header; print '<div class="title">Editing your categories</div> <ul> <li><a href="category.php?type=category&add=1">Add a category</a></li> <li><a href="category.php?type=category&remove=1">Remove a category</a></li> </ul>'; print $footer;