function checkUsrPwd($message) { if (isset($_POST['submit'])) { $username = trim(mysqlPrep($_POST['username'])); $password = trim(mysqlPrep($_POST['password'])); $hash_password = md5($password); $query = "SELECT username FROM TeamtwisterUsers WHERE username = '******' AND hash_password = '******' LIMIT 1"; $chk = mysql_query($query); confirmQuery($chk); $ary = mysql_fetch_array($chk); $num = mysql_num_rows($chk); if ($num == 1) { $_SESSION['username'] = $ary['username']; //this helps to check whether the user has successfully logged in $message = ""; return $message; } else { $message = "Username or Password Incorrect. Please try again"; return $message; } } else { $message = ""; return $message; } }
$username = $_POST['username']; $user_password = $_POST['userpassword']; $user_firstname = $_POST['user_firstname']; $user_lastname = $_POST['user_lastname']; $user_email = $_POST['user_email']; $user_role = $_POST['user_role']; $query = "UPDATE users SET "; $query .= "user_firstname = '{$user_firstname}', "; $query .= "user_lastname = '{$user_lastname}', "; $query .= "user_role = '{$user_role}', "; $query .= "username = '******', "; $query .= "user_email = '{$user_email}', "; $query .= "userpassword = '******' "; $query .= "WHERE username = '******' "; $edit_user_query = mysqli_query($connection, $query); confirmQuery($edit_user_query); } ?> <div id="wrapper"> <!-- Navigation --> <?php include "includes/navigation.php"; ?> <div id="page-wrapper"> <div class="container-fluid">
<?php if (isset($_GET['approve'])) { $the_comment_id = $_GET['approve']; $query = "UPDATE comments SET comment_status = 'approve' WHERE comment_id = {$the_comment_id}"; $approve_comment_query = mysqli_query($connection, $query); confirmQuery($approve_comment_query); header("Location: comments.php"); } if (isset($_GET['unapprove'])) { $the_comment_id = $_GET['unapprove']; $query = "UPDATE comments SET comment_status = 'unapprove' WHERE comment_id = {$the_comment_id}"; $unapprove_comment_query = mysqli_query($connection, $query); confirmQuery($unapprove_comment_query); header("Location: comments.php"); } if (isset($_GET['delete'])) { $the_comment_id = $_GET['delete']; $query = "DELETE FROM comments WHERE comment_id = {$the_comment_id}"; $delete_query = mysqli_query($connection, $query); confirmQuery($delete_query); header("Location: comments.php"); } ?> </tbody> </table>
<?php if (isset($_POST['create_user'])) { $user_firstname = escape($_POST['user_firstname']); $user_lastname = escape($_POST['user_lastname']); $user_role = escape($_POST['user_role']); $username = escape($_POST['username']); $user_email = escape($_POST['user_email']); $user_password = escape($_POST['user_password']); $user_password = password_hash($user_password, PASSWORD_BCRYPT, array('cost' => 10)); $query = "INSERT INTO users(user_firstname, user_lastname, user_role,username,user_email,user_password) "; $query .= "VALUES('{$user_firstname}','{$user_lastname}','{$user_role}','{$username}','{$user_email}', '{$user_password}') "; $create_user_query = mysqli_query($connection, $query); confirmQuery($create_user_query); echo "User Created: " . " " . "<a href='users.php'>View Users</a> "; } ?> <form action="" method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="title">Firstname</label> <input type="text" class="form-control" name="user_firstname"> </div> <div class="form-group">
<form action="" method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="title">Post Title</label> <input value="<?php echo $post_title; ?> " type="text" class="form-control" name="title"> </div> <div class="form-group"> <select name="post_category_id" id=""> <?php $query = "SELECT * FROM categories"; $select_categories = mysqli_query($connection, $query); confirmQuery($select_categories); while ($row = mysqli_fetch_assoc($select_categories)) { $the_cat_id = $row['cat_id']; $the_cat_title = $row['cat_title']; echo "<option value='{$the_cat_id}'>{$the_cat_title}</option>"; } ?> </select> </div> <div class="form-group"> <label for="title">Post Author</label> <input value="<?php echo $post_author; ?>
</div> <div class="form-group"> <label for="users">Users</label> <select name="post_user" id=""> <?php echo "<option value='{$post_user}'>{$post_user}</option>"; ?> <?php $users_query = "SELECT * FROM users"; $select_users = mysqli_query($connection, $users_query); confirmQuery($select_users); while ($row = mysqli_fetch_assoc($select_users)) { $user_id = $row['user_id']; $username = $row['username']; echo "<option value='{$username}'>{$username}</option>"; } ?> </select> </div> <!-- <div class="form-group">
$bulk_options = $_POST['bulk_options']; switch ($bulk_options) { case 'approved': $query = "UPDATE comments SET comment_status = '{$bulk_options}' WHERE comment_id = {$commentValueId} "; $update_to_approved_status = mysqli_query($connection, $query); confirmQuery($update_to_approved_status); break; case 'unapproved': $query = "UPDATE comments SET comment_status = '{$bulk_options}' WHERE comment_id = {$commentValueId} "; $update_to_unapproved_status = mysqli_query($connection, $query); confirmQuery($update_to_unapproved_status); break; case 'delete': $query = "DELETE FROM comments WHERE comment_id = {$commentValueId} "; $update_to_delete = mysqli_query($connection, $query); confirmQuery($update_to_delete); break; } } } ?> <form action="" method='post'> <table class="table table-bordered table-hover"> <div id="bulkOptionContainer" class="col-xs-4"> <select class="form-control" name="bulk_options" id="">
function changeSub() { global $connection; if (isset($_GET['change_to_sub'])) { $the_user_id = $_GET['change_to_sub']; $query = "UPDATE users SET user_role = 'subscriber' where user_id = {$the_user_id} "; $change_sub_query = mysqli_query($connection, $query); confirmQuery($change_sub_query); header("Location: users.php"); } }
$bulk_options = $_POST['bulk_options']; switch ($bulk_options) { case 'published': $query = "UPDATE posts SET post_status = '{$bulk_options}' WHERE post_id = {$postValueId} "; $update_to_published_status = mysqli_query($connection, $query); confirmQuery($update_to_published_status); break; case 'draft': $query = "UPDATE posts SET post_status = '{$bulk_options}' WHERE post_id = {$postValueId} "; $update_to_draft_status = mysqli_query($connection, $query); confirmQuery($update_to_draft_status); break; case 'delete': $query = "DELETE FROM posts WHERE post_id = {$postValueId} "; $update_to_delete_status = mysqli_query($connection, $query); confirmQuery($update_to_delete_status); break; case 'clone': $query = "SELECT * FROM posts WHERE post_id = '{$postValueId}' "; $select_post_query = mysqli_query($connection, $query); while ($row = mysqli_fetch_array($select_post_query)) { $post_title = $row['post_title']; $post_category_id = $row['post_category_id']; $post_date = $row['post_date']; $post_author = $row['post_author']; $post_status = $row['post_status']; $post_image = $row['post_image']; $post_tags = $row['post_tags']; $post_content = $row['post_content']; } $query = "INSERT INTO posts(post_category_id, post_title, post_author, post_date,post_image,post_content,post_tags,post_status) ";
<?php if (isset($_POST['update_user'])) { $username = $_POST['username']; $user_email = $_POST['user_email']; $user_firstname = $_POST['user_firstname']; $user_lastname = $_POST['user_lastname']; $user_role = $_POST['user_role']; $query = "UPDATE users SET "; $query .= "username = '******', "; $query .= "user_firstname = '{$user_firstname}', "; $query .= "user_lastname = '{$user_lastname}', "; $query .= "user_email = '{$user_email}', "; $query .= "user_role = '{$user_role}' "; $query .= "WHERE user_id = {$user_id} "; $update_user_query = mysqli_query($connection, $query); confirmQuery($update_user_query); header("Location: ./index.php"); } ?> </div> </div> <!-- /.row --> </div> <!-- /.container-fluid --> </div> <!-- /#page-wrapper -->
if (isset($_POST['create_user'])) { $username = $_POST['username']; $user_firstname = $_POST['user_firstname']; $user_lastname = $_POST['user_lastname']; $user_password = $_POST['user_password']; $user_email = $_POST['user_email']; //$post_date = date("d-m-y"); $user_role = $_POST['user_role']; // $post_image = $_FILES['post_image']['name']; // $post_image_temp = $_FILES['post_image']['tmp_name']; // move_uploaded_file($post_image_temp, "../images/$post_image"); $query = "INSERT INTO users(username, user_firstname, user_lastname, user_password, user_email,\n user_role) "; $query .= "VALUES('{$username}', '{$user_firstname}', '{$user_lastname}', '{$user_password}',\n '{$user_email}', '{$user_role}')"; $insert_user_query = mysqli_query($connection, $query); confirmQuery($insert_user_query); echo "User Created: " . "<a href='users.php'>View Users</a>"; } ?> <form class="" action="" method="post" enctype="multipart/form-data"> <div class="form-group"> <label for="author">First name</label> <input class="form-control" type="text" name="user_firstname"> </div> <div class="form-group"> <label for="post_status">Last name</label> <input class="form-control" type="text" name="user_lastname">
</div> <hr> <!-- Posted Comments --> <?php $query = "SELECT * FROM comments WHERE comment_post_id = {$the_post_id} "; $query .= "AND comment_status = 'approved' "; $query .= "ORDER BY comment_id DESC "; $select_comment_query = mysqli_query($connection, $query); confirmQuery($select_comment_query); while ($row = mysqli_fetch_array($select_comment_query)) { $comment_date = $row['comment_date']; $comment_content = $row['comment_content']; $comment_author = $row['comment_author']; ?> <!-- Comment --> <div class="media"> <a class="pull-left" href="#"> <img class="media-object" src="http://placehold.it/64x64" alt=""> </a> <div class="media-body"> <h4 class="media-heading"><?php echo $comment_author;
<th>Edit</th> <th>Delete</th> </tr> </thead> <tbody> <?php //$query = "SELECT * FROM posts ORDER BY post_id DESC"; $query = "SELECT posts.post_id, posts.post_user, posts.post_title, posts.post_category_id, posts.post_status, posts.post_image, posts.post_tags, posts.post_comment_count, posts.post_date, "; $query .= "categories.cat_id, categories.cat_title "; $query .= " FROM posts "; $query .= " LEFT JOIN categories ON posts.post_category_id = categories.cat_id ORDER BY posts.post_id DESC"; $select_posts = mysqli_query($connection, $query); confirmQuery($select_posts); while ($row = mysqli_fetch_assoc($select_posts)) { $post_id = $row['post_id']; $post_user = $row['post_user']; $post_title = $row['post_title']; $post_category_id = $row['post_category_id']; $post_status = $row['post_status']; $post_image = $row['post_image']; $post_tags = $row['post_tags']; $post_comment_count = $row['post_comment_count']; $post_date = $row['post_date']; $category_id = $row['cat_id']; $category_title = $row['cat_title']; echo "<tr>"; ?>
} ?> " type="text" class="form-control" name="cat_title"> <?php } } ?> <?php if (isset($_POST['update_category'])) { $the_cat_title = $_POST['cat_title']; $query = "UPDATE categories SET cat_title = '{$the_cat_title}' WHERE cat_id = {$cat_id} "; $update_query = mysqli_query($connection, $query); confirmQuery($update_query); } ?> </div> <div class="form-group"> <input class="btn btn-primary" type="submit" name="update_category" value="Update Category"> </div> </form>