UPDATE `users` SET `active` = %d, `modified_at` = '%s' WHERE `id` = %d SQL; $sql = sprintf($sql, (int) $db->escString($active), date('Y-m-d h:i:s'), (int) $db->escString($id)); if ($db->execute($sql)) { Response::Redirect("index.php?done=edit"); } else { $emsg = "Could not edit user. Something went wrong. Please try again."; } } } if (Request::Post('edit_user_password_key') == "1") { $password = Request::Post('password'); $cpassword = Request::Post('cpassword'); if ($password == "") { $errors['password'][] = "Password field cannot be empty"; } if ($cpassword == "") { $errors['cpassword'][] = "Confirm Password field cannot be empty"; } if (strlen($password) < 6 || strlen($password) > 30) { $errors['password'][] = "Password must be (6-30) characters long."; } if ($password != $cpassword) { $errors['password'][] = "Password didnot matched"; $errors['cpassword'][] = "Password didnot matched"; } if (empty($errors)) { $sql = <<<SQL
require_once BASE_DIR . 'configs' . DS . 'incs.php'; require_once BASE_DIR . 'helpers' . DS . 'incs.php'; require_once ADMIN_DIR . 'incs' . DS . 'incs.php'; //------------------------------------------------------- Util::$template_path = ADMIN_DIR . 'templates' . DS; //------------------------------------------------------- $db = new Db($db_config); $sql = "SELECT * FROM `settings`"; $done = Request::Get('done'); $emsg = ""; $smsg = ""; switch (strtolower($done)) { case 'edit': $smsg = "Settings edited successfully"; break; } if (Request::Post('edit_settings_key') == "1") { $site_name = trim(Request::Post('site_name')); if ($site_name == "") { $emsg = "Site name cannot be empty"; } if ($emsg == "") { if ($db->execute(sprintf("UPDATE `settings` SET `site_name` = '%s'", $site_name))) { Response::Redirect('index.php?done=edit'); } else { $emsg = "Could not edit settings. Something went wrong. Please try again."; } } } //------------------------------------------------------- echo Util::Render('master.phtml', array('page_title' => 'Settings', 'content' => Util::Render('settings/index.phtml', array('settings' => $db->row($sql), 'smsg' => $smsg, 'emsg' => $emsg))));
define('DS', DIRECTORY_SEPARATOR); define('ADMIN_DIR', dirname(__FILE__) . DS); define('BASE_DIR', dirname(__FILE__) . DS . '..' . DS); define('ADMIN_ROOT', ''); define('SITE_ROOT', '../'); require_once BASE_DIR . 'Libs' . DS . 'autoload.php'; require_once BASE_DIR . 'configs' . DS . 'incs.php'; require_once BASE_DIR . 'helpers' . DS . 'incs.php'; require_once ADMIN_DIR . 'incs' . DS . 'incs.php'; //------------------------------------------------------- Util::$template_path = ADMIN_DIR . 'templates' . DS; //------------------------------------------------------- $emsg = ""; if (Request::Post('login_key') == "1") { $username = Request::Post('username'); $password = Request::Post('password'); if ($username == "" || $password == "") { $emsg = "Please enter both username and password."; } else { $db = new Db($db_config); $sql = <<<SQL SELECT * FROM `users` WHERE `username` = '%s' AND `password` = '%s' AND `active` = 1 SQL; $sql = sprintf($sql, $db->escString($username), $db->escString(md5($password . SALT))); if ($db->numRows($sql) > 0) { $user = $db->row($sql); $db->execute(sprintf("UPDATE `users` SET `logged_at` = '%s' WHERE `id` = %d", date('Y-m-d h:i:s'), (int) $db->escString($user['id']))); Session::Set('username', $user['username']); Session::Set('id', $user['id']); Response::Redirect(ADMIN_ROOT . 'index.php');
if ($db->execute($sql)) { Response::Redirect('index.php?done=upload_image'); } else { $emsg = "Could not upload image. Please try again."; } } } } if (Request::Post('edit_page_key') == "1") { $page_title = trim(Request::Post('page_title')); $content = trim(Request::Post('content')); $slug = trim(Request::Post('slug')); $menu_title = trim(Request::Post('menu_title')); $is_home = is_null(Request::Post('is_home')) ? 0 : 1; $is_menu = is_null(Request::Post('is_menu')) ? 0 : 1; $active = is_null(Request::Post('active')) ? 0 : 1; if ($page_title == "") { $errors['page_title'][] = "Page title field cannot be empty"; } if ($content == "") { $errors['content'][] = "Content field cannot be empty"; } if ($slug == "") { $errors['slug'][] = "Slug field cannot be empty"; } if ($menu_title == "") { $errors['menu_title'][] = "Menu title field cannot be empty"; } if ($db->numRows(sprintf("SELECT `id` FROM `pages` WHERE `slug` = '%s' AND `id` <> %d", $db->escString($slug), (int) $db->escString($id))) > 0) { $errors['slug'][] = "Slug " . $slug . " already exists. Please try another"; }