public function GetInfo($id, $pw, $usr, $requestkey, $id_check) { $validkey = md5(hash('sha512', $id_check . $id . $usr . $pw)); if ($requestkey != $validkey) { die("insufficient credentials"); } else { if (isUserAdmin($id_check)) { return $this->Client->getinfo(); } else { die("insufficient credentials"); } } }
<?php require '../init.php'; require '../tools.php'; if (!isUserAdmin()) { fail("Only admins can delete user accounts"); } $userId = htmlspecialchars($_POST['id']); $query = 'DELETE FROM user WHERE id=?'; if ($stmt = $link->prepare($query)) { $stmt->bind_param("s", $userId); if ($stmt->execute()) { if ($stmt->affected_rows > 0) { success(); } fail("User does not exist"); } fail("Error deleting user: "******"Error deleting user");
<?php $id = $loggedInUser->user_id; $account = $loggedInUser->display_username; if(!isUserLoggedIn()){ echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; } if(isUserAdmin($id) === true) { echo "<h2>Welcome Admin</h2>"; $sql = mysql_query("SELECT * FROM Tickets"); } if(isUserMod($id) === true) { echo "<h2>Welcome Moderator</h2>"; $sql = mysql_query("SELECT * FROM Tickets"); } if(isUserNormal($id)){ echo "<h2>How may I help you today, <b>".$account."</b> ?</h2>"; echo " <ul class='flatflipbuttons'> <li style='width: 200px !important;' class='square'><a href='index.php?page=newticket'><span>Get Support</span></a></li> </ul> </br>"; $sql = mysql_query("SELECT * FROM Tickets WHERE `user_id`='$id'"); } $num = mysql_num_rows($sql); ?> <div id="page">
<?php require_once "models/config.php"; if (!isUserLoggedIn()) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } if (!isUserAdmin($id)) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } ?> <table id="page"> <tr> <th>Owner</th> <th>Name</th> <th>ID</th> <th>IP Address</th> <th>Type</th> <th>User</th> <th>Status</th> </tr> <? $result = mysql_query("SELECT * FROM Servers"); while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['Server_Owner'] . "</td>"; echo "<td>" . $row['Server_Name'] . "</td>"; echo "<td>" . $row['Server_Id'] . "</td>";
<?php if (!isset($_SESSION)) { session_start(); } include_once "functions.php"; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $oldPassword = $_POST['oldPassword']; $username = $_SESSION['loggedIn']; $password = $_POST['password']; if (isUserAdmin($username) || isset($oldPassword) && crypt($oldPassword, getSalt()) == getPassword($username)) { include_once "functions.php"; changePassword($username, $password); } else { echo "denied"; } }
<?php if (!isset($_SESSION)) { session_start(); } include_once "functions.php"; if ($_SERVER['REQUEST_METHOD'] == "POST" && isUserAdmin($_SESSION['loggedIn'])) { deleteUser($_POST['username']); }
function displayEvents($sqlArray) { require 'include/configGlobals.php'; echo "<script type=\"text/javascript\">\n"; echo "parent.main_disablePopupBackButton();\n"; echo "</script>\n"; // Display events $eventcheck = mysql_query("SELECT * FROM events ORDER BY `events`.`eventDate`, `events`.`eventDB` ASC") or die(mysql_error()); echo "<table class=\"default\" width=\"100%\">\n"; echo "<th colspan=\"6\">Events</th>\n"; echo "<tr><td>Event Type</td><td>Event Name</td><td>Event Location</td><td>Event Date</td><td>Pre-registered</td><td>Pre-Registration</td></tr>\n"; while ($eventinfo = mysql_fetch_assoc($eventcheck)) { $paymentStatus = ""; $today = date('Y-m-d'); if ($eventinfo['eventType'] == "Autocross") { if ($eventinfo['eventName'] == "All " . date('Y') . " Autocross Regular Events") { $allAutoXEvents = 0x1; $regBegin = date('Y-m-d', mktime(0, 0, 0, substr($eventinfo['eventDate'], 5, 2), substr($eventinfo['eventDate'], 8, 2) - 90, substr($eventinfo['eventDate'], 0, 4))); } else { $regBegin = date('Y-m-d', mktime(0, 0, 0, substr($eventinfo['eventDate'], 5, 2), substr($eventinfo['eventDate'], 8, 2) - 30, substr($eventinfo['eventDate'], 0, 4))); } $regCutoff = date('Y-m-d', mktime(0, 0, 0, substr($eventinfo['eventDate'], 5, 2), substr($eventinfo['eventDate'], 8, 2) - 2, substr($eventinfo['eventDate'], 0, 4))); } else { if ($eventinfo['eventType'] == "Hillclimb") { $regCutoff = date('Y-m-d', mktime(0, 0, 0, substr($eventinfo['eventDate'], 5, 2), substr($eventinfo['eventDate'], 8, 2) - 7, substr($eventinfo['eventDate'], 0, 4))); $regBegin = date('Y-m-d', mktime(0, 0, 0, substr($eventinfo['eventDate'], 5, 2), substr($eventinfo['eventDate'], 8, 2) - 60, substr($eventinfo['eventDate'], 0, 4))); $regLateCutoff = date('Y-m-d', mktime(0, 0, 0, 05, 14, 2008)); } } echo "<tr>\n"; echo "<td>" . $eventinfo['eventType'] . "</td>"; echo "<td>" . $eventinfo['eventName'] . "</td>"; echo "<td>" . $eventinfo['eventLocation'] . "</td>"; echo "<td>" . $eventinfo['eventDate'] . "</td>"; echo "<td>"; $tempquery = $eventinfo['eventDB']; $tempEventcheck = mysql_query("SELECT * FROM {$tempquery}") or die(mysql_error()); $reg_count = 0; $userRegistered = 0; while ($tempEventInfo = mysql_fetch_assoc($tempEventcheck)) { $reg_count = $reg_count + 1; if ($tempEventInfo['registeredUser'] == $sqlArray['username']) { $userRegistered = 1; } } if ($reg_count > 0) { if ($today <= $eventinfo['eventDate']) { echo "<form action=\"eventregistered.php\" method=\"POST\">\n"; echo "[ " . $reg_count . " ] "; echo "<input type=\"hidden\" name=\"regEventName\" value=\"" . $eventinfo['eventDB'] . "\" />"; echo " <input type=\"submit\" name=\"showRegistration\" value=\"Show\" />\n"; if ($sqlArray['admin'] != 0) { echo "<input type=\"hidden\" name=\"regEventKey\" value=\"" . $eventinfo['eventID'] . "\" />\n"; // echo "<br /><input type=\"submit\" name=\"downloadMember\" value=\"Download Member File\" />"; // echo "<br /><input type=\"submit\" name=\"downloadEntries\" value=\"Download Entries File\" />"; // echo "<br /><input type=\"submit\" name=\"downloadPrintable\" value=\"Download Printable File\" />"; echo "<br /><input type=\"submit\" name=\"downloadAllFiles\" value=\"Download All Files\" />\n"; } echo "</form>\n"; } else { echo "-"; } } else { echo "None"; } echo "</td>\n"; echo "<td>\n"; echo "<table class=\"blank\"><tr><td>\n"; if (!isUserInfoComplete($sqlArray)) { echo "User Info Incomplete\n"; echo "<form action=\"events.php\" method=\"POST\">\n"; } else { if ($userRegistered && $today < $regCutoff) { $paymentStatus = displayPaypalEvent($sqlArray, $eventinfo); echo "<form action=\"events.php\" method=\"POST\">\n"; } elseif ($reg_count < 50) { echo "<form action=\"events.php\" method=\"POST\">\n"; if ($today < $regBegin) { echo "Not Open Yet \n"; } else { if ($today < $regCutoff) { if ($eventinfo['eventType'] != "Hillclimb" && $eventinfo['eventName'] != "4th Annual North Country Rumble" && $allAutoXEvents != 0x1) { echo "<input type=\"image\" src=\"images/classy-icons-set/png/32x32/folder_add.png\" name=\"register\" value=\"Register\" alt=\"Register\" title=\"Register For This Event\"onClick=\"alert('After registering for this event online you will still need to check-in with registration at the event.')\" />\n"; } if ($allAutoXEvents == 0x1) { echo "Not Available \n"; } } else { echo "Closed \n"; } } } else { echo "Full \n"; } } echo "</td><td>\n"; echo "<input type=\"hidden\" name=\"regEventName\" value=\"" . $eventinfo['eventDB'] . "\">\n"; if ($userRegistered && ($today >= $regBegin && $today < $regCutoff)) { echo "<input type=\"image\" src=\"images/classy-icons-set/png/32x32/folder_edit.png\" name=\"editregistration\" value=\"EditRegistration\" alt=\"Edit Registration\" title=\"Edit Registration\" />\n"; } if ($userRegistered && ($paymentStatus == "" || $paymentStatus != "Completed" && $paymentStatus != "Pending" && $paymentStatus != "Processed" && $paymentStatus != "In-Progress")) { // User is registered, but payment hasn't been completed. Allow them to unregister. if ($today >= $regBegin && $today < $regCutoff) { echo "<input type=\"image\" src=\"images/classy-icons-set/png/32x32/folder_remove.png\" name=\"unregister\" value=\"Unregister\" alt=\"Unregister\" title=\"Unregister\" />\n"; } } else { if ($eventinfo['eventType'] == "Autocross") { $allAutoXEvents |= 0x2; } } echo "</td></tr></table>\n"; if ($eventinfo['eventType'] == "Hillclimb" && $today < $regCutoff && $today >= $regBegin) { if (isUserAdmin()) { $itemName = $club_Abbr . " " . $eventinfo['eventType'] . " " . $eventinfo['eventName'] . " " . $eventinfo['eventDate']; $hashinput = $itemName . $sqlArray['username']; $itemNumber = hash('md5', $hashinput); echo "<a href=\"#\" onclick=\"parent.main_openPopupWindow('entryHillclimb.php?" . $itemNumber . "')\">Register (testing)</a>\n"; } // echo "<a target=\"_blank\" href=\"http://www.hillclimb.org/events/ascutney/ascutney.htm\">Register</a>\n"; echo "<a target=\"_blank\" href=\"http://www.sccnh.org/hillclimbreg.html\">Register at sccnh.org</a>\n"; } else { if ($eventinfo['eventName'] == "4th Annual North Country Rumble") { echo "Rumble registration not fully completed<br>\n"; echo "Use <a target=\"_blank\" href=\"http://sccnh.xhub.com/SCCNH%20Rumble%20Registration%20Form%202008.pdf\">Official Entry Form [pdf]</a>\n"; echo "for now.\n"; } } echo "</td></form>\n"; echo "</tr>\n"; } echo "</table>\n"; }
require_once $syslog_mod_path . "/class/syslogXML.class.php"; # Get language $locale = $oreon->user->get_lang(); putenv("LANG={$locale}"); setlocale(LC_ALL, $locale); bindtextdomain("messages", $syslog_mod_path . "locale/"); bind_textdomain_codeset("messages", "UTF-8"); textdomain("messages"); /* * Get ACL */ $pearDB = new CentreonDB(); $pearDBndo = new CentreonDB("ndo"); $sid = session_id($_GET["sid"]); $contact_id = check_session($sid, $pearDB); $is_admin = isUserAdmin($sid); $access = new CentreonACL($contact_id, $is_admin); $aclHostString = $access->getHostsString("ID", $pearDBndo); /* * Get selected option in lists */ if (isset($_GET['collector_id']) && $_GET['collector_id'] != "") { $collector_id = $_GET['collector_id']; } else { $collector_id = ""; } if (isset($_GET['Ffacility']) && $_GET['Ffacility'] != "" && $_GET['Ffacility'] != "undefined") { $Ffacility_selected = $_GET['Ffacility']; } else { $Ffacility_selected = ""; }
<?php include './php/libaries.php'; include './php/sqlconn.php'; // Connect to database //Redirect users without administrative rights if (isUserLoggedIn() == false || isUserAdmin() == false) { redirectToHomePage(); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Admin</title> <link rel="stylesheet" href="./foundation/css/foundation.css" /> <link rel="stylesheet" href="./css/customise.css" /> <?php include 'includes/datepicker.html'; ?> <script src="js/admin.js"></script> </head> <body> <?php include 'includes/navbarAdmin.php'; ?> <div class="large-12 columns"> <div id="profileDiv" class="large-12 left columns"> <h3 class="white-font">Profiles</h3>
$userEmail = $userProfileDetails["email"]; if (isset($userProfileDetails["contact_number"])) { $userContactNumber = $userProfileDetails["contact_number"]; } else { $userContactNumber = ""; } $address1 = $userProfileDetails["address_line1"]; if (isset($userProfileDetails["address_line2"])) { $address2 = $userProfileDetails["address_line2"]; } else { $address2 = ""; } $country = $userProfileDetails["country"]; } $userProfilePicturePath = getProfilePicturePathByUsername($username); $isUserAdminValue = isUserAdmin($username); if (isset($_POST['changePasswordSubmit'])) { $currentPassword = $_POST['currentPassword']; $newPassword = $_POST['newPassword']; $updatePasswordResponseMsg = updateUserPassWord($username, $currentPassword, $newPassword); } if (isset($_POST['profilePicUploadSubmit'])) { if ($_FILES["profilePicFile"]["type"] == "image/gif" || $_FILES["profilePicFile"]["type"] == "image/jpeg" || $_FILES["profilePicFile"]["type"] == "image/png" || $_FILES["profilePicFile"]["type"] == "image/pjpeg") { if ($_FILES["profilePicFile"]["size"] < 40000) { if ($_FILES["profilePicFile"]["error"] > 0) { $error = "Return Code: " . $_FILES["profilePicFile"]["error"] . "<br />"; } else { $uploadedFileName = $_FILES["profilePicFile"]["name"]; $fileExt = end(explode(".", $uploadedFileName)); $fileName = $username . "." . $fileExt; $finalFilePath = "user_profile_pictures/" . $fileName;
<?php if(!isUserLoggedIn()) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die(); } $id = @mysql_real_escape_string($_GET["id"]); $sql = @mysql_query("SELECT * FROM Tickets WHERE `id`=$id"); $owner = @mysql_result($sql, 0, "user_id"); if ($loggedInUser->user_id == $owner OR isUserAdmin($loggedInUser->user_id) OR isUserMod($loggedInUser->user_id)) { if (isset($_GET["action"])) { if ($_GET["action"] == "closev") { echo "<h3>Are you sure?</h3><br \><a href=\"index.php?page=viewticket&action=closey&id=" . $id . "\"><input type=\"submit\" class=\"blues\" value=\"Yes\"/></a><br /><a href=\"index.php?page=viewticket&id=$id\"><input type=\"submit\" class=\"blues\" value=\"No\"/></a><br />"; } if ($_GET["action"] == "closey") { mysql_query("UPDATE Tickets SET opened=0 WHERE `id`='$id'"); echo "Your ticket has been closed."; echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">'; } if ($_GET["action"] == "open") { mysql_query("UPDATE Tickets SET opened=1 WHERE `id`='$id'"); echo "Your ticket has been reopened."; echo '<meta http-equiv="refresh" content="0; URL=index.php?page=support">'; } } else { $subject = mysql_result($sql, 0, "subject"); if (isset($_POST["post"])) { $post = mysql_real_escape_string(strip_tags($_POST["post"])); $uid = $loggedInUser->user_id;
<div id="white"> <table class="infos-small"> <tr class="infos-row"> <td colspan="2" class="infos-center"> <div id="new-user"><?php if (isset($username)) { echo $username; } ?> </div> <div class="line line-no-space"></div> </td> </tr> <?php include_once "../helper/functions.php"; if (!isUserAdmin($username)) { echo <<<'OLD_PASSWORD' <tr class="infos-row"> <td class="infos-left"> <div class="icon"> <i class="material-icons">lock</i> <span class="icon-text">Old Password:</span> </div> </td> <td class="infos-right"> <input class="input project" id="account-input-old-password" type="password" placeholder="*******"/> </td> </tr> OLD_PASSWORD; } echo <<<'NEW_PASSWORD' <tr class="infos-row">
<?php require_once 'models/config.php'; include 'models/chat.config.php'; //___ $id = $loggedInUser->user_id; $username = $loggedInUser->display_username; //___ if (isUserCBanned($id)) { die; } else { if (isUserAdmin($id)) { $color = "#0404B4"; } else { if (isUserMod($id)) { $color = "#B43104"; } else { $color = "#000000"; } } $color_ = $db->real_escape_string(htmlentities($color)); $user = $db->real_escape_string(htmlentities($username)); $message = $db->real_escape_string(strip_tags($_POST['message'], '<a>')); $timestamp = $db->real_escape_string(gettime()); $db->Query("INSERT INTO messages (color, username, message, timestamp) VALUES ('{$color_}','{$user}','{$message}','{$timestamp}')"); }
</tr> </table> </td> <td class="overview-right"> <a class="button edit" id="editUser_public" name="userOverviewEdit" href="javascript:void(null)"> <i class="material-icons">mode_edit</i> </a> </td> </tr> <tr class="overview-row"> <td colspan="2"> <div class="overview-line"> </div> </td> </tr> <?php $userArray = []; include "../helper/getUsersFromJSON.php"; if (!empty($userArray)) { for ($i = 0; $i < sizeof($userArray); $i++) { $name = $userArray[$i]->{'username'}; if ($name != "public" && $name != "admin") { if (isUserAdmin($name)) { echo '<tr class="overview-row">' . '<td class="overview-left">' . '<table>' . '<tr>' . '<td class="user-overview-icon"> ' . '<div class="icon">' . '<i class="material-icons">security</i>' . '</div> ' . '</td>' . '<td class="user-overview-appname">' . $name . '</td>' . '</tr>' . '</table>' . '</td>' . '<td class="overview-right">' . '<a id="editUser_' . $name . '" class="button edit" name="userOverviewEdit" href="javascript:void(null)">' . '<i class="material-icons">mode_edit</i>' . '</a>' . '<a id="deleteUser_' . $name . '" class="button edit" name="userOverviewDelete" href="javascript:void(null)">' . '<i class="material-icons">delete</i>' . '</a>' . '</td>' . '</tr>' . '<tr class="overview-row">' . '<td colspan="2">' . '<div class="overview-line"> </div>' . '</td>' . '</tr>'; } else { echo '<tr class="overview-row">' . '<td class="overview-left">' . '<table>' . '<tr>' . '<td class="user-overview-icon"> ' . '<div class="icon">' . '<i class="material-icons">person</i>' . '</div> ' . '</td>' . '<td class="user-overview-appname">' . $name . '</td>' . '</tr>' . '</table>' . '</td>' . '<td class="overview-right">' . '<a id="editUser_' . $name . '" class="button edit" name="userOverviewEdit" href="javascript:void(null)">' . '<i class="material-icons">mode_edit</i>' . '</a>' . '<a id="deleteUser_' . $name . '" class="button edit" name="userOverviewDelete" href="javascript:void(null)">' . '<i class="material-icons">delete</i>' . '</a>' . '</td>' . '</tr>' . '<tr class="overview-row">' . '<td colspan="2">' . '<div class="overview-line"> </div>' . '</td>' . '</tr>'; } } } } ?> </table>
<?php require_once "models/config.php"; if (!isUserLoggedIn()) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } if (!isUserMod($id) and !isUserAdmin($id)) { echo '<meta http-equiv="refresh" content="0; URL=access_denied.php">'; die; } $account = $loggedInUser->display_username; ?> <h1>Ban A user from chat</h1> <form action="" name="banform" method="POST"> <input type="text" name="ban" class="field" /> <input type="submit" value="ban" class="blues" /> </form> <?php if (isset($_POST["ban"])) { $banby = $account; $username = mysql_real_escape_string(strip_tags($_POST["ban"])); mysql_query("UPDATE userCake_Users SET `ChatBanned`='1' WHERE `Username`='{$username}'"); mysql_query("UPDATE userCake_Users SET `BannedBy`='{$banby}' WHERE `Username`='{$username}'"); $message_sys = mysql_real_escape_string(strip_tags("" . $username . " was banned from chat.")); $color_sys = mysql_real_escape_string(strip_tags("#FF0000")); $user_sys = mysql_real_escape_string(strip_tags("system")); mysql_query("INSERT INTO messages (color, username, message) VALUES ('{$color_sys}','{$user_sys}','{$message_sys}')"); } if (isset($_GET["unban"])) { $username = mysql_real_escape_string(strip_tags($_GET["unban"]));
<?php /* UserPie Version: 1.0 http://userpie.com */ require_once "models/config.php"; //require_once("models/slim-config.php"); if (!isUserLoggedIn()) { include 'landing-page.php'; } else { if (isUserAdmin()) { header("Location: admin.php"); } else { header("Location: football_playoff_grid.php"); } }
break; /** * Authorize user. */ /** * Authorize user. */ case 'userAuthorize': if (loginAdmin($sId, $sPassword) == TRUE_VAL) { $aUserInfo = getUserInfo($sId, true); $aUser = array('id' => $aUserInfo['id'], 'nick' => $aUserInfo['nick'], 'sex' => $aUserInfo['sex'], 'age' => $aUserInfo['age'], 'desc' => $aUserInfo['desc'], 'photo' => $aUserInfo['photo'], 'profile' => $aUserInfo['profile'], 'type' => CHAT_TYPE_ADMIN); } elseif (loginUser($sId, $sPassword) == TRUE_VAL && ($bBanned = doBan("check", $sId)) != TRUE) { $aUser = getUserInfo($sId); $aUser['id'] = $sId; $aUser['sex'] = $aUser['sex'] == 'female' ? "F" : "M"; $aUser['type'] = isUserAdmin($sId) ? CHAT_TYPE_ADMIN : CHAT_TYPE_FULL; } else { $sContents = parseXml($aXmlTemplates['result'], $bBanned ? "msgBanned" : "msgUserAuthenticationFailure", FAILED_VAL); break; } $aUser = initUser($aUser); $sContents = parseXml($aXmlTemplates['result'], "", SUCCESS_VAL); $sContents .= parseXml($aXmlTemplates['user'], $aUser['id'], USER_STATUS_NEW, $aUser['nick'], $aUser['sex'], $aUser['age'], $aUser['desc'], $aUser['photo'], $aUser['profile'], $aUser['type'], USER_STATUS_ONLINE); break; case 'banUser': $sBanned = isset($_REQUEST["banned"]) ? process_db_input($_REQUEST['banned']) : FALSE_VAL; $sUserId = getValue("SELECT `ID` FROM `" . MODULE_DB_PREFIX . "Profiles` WHERE `ID` = '" . $sId . "' LIMIT 1"); getResult(empty($sUserId) ? "INSERT INTO `" . MODULE_DB_PREFIX . "Profiles`(`ID`, `Banned`) VALUES('" . $sId . "', '" . $sBanned . "')" : "UPDATE `" . MODULE_DB_PREFIX . "Profiles` SET `Banned`='" . $sBanned . "' WHERE `ID`='" . $sId . "'"); break; case 'kickUser': getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_KICK . "', `When`='" . time() . "' WHERE `ID`='" . $sId . "'");
function displayAdminEventsPage() { //otherwise they are shown the admin area if (!isUserAdmin()) { header("Location: logout.php"); } $databaseName = getDatabaseName(); if (isset($_POST['createEvent'])) { $newEventTableName = "event" . date('U'); $newEventName = $_POST['newEventName']; $newEventLocation = $_POST['newEventLocation']; $newEventDate = $_POST['newEventDate']; $newEventType = $_POST['newEventType']; $createQuery = "CREATE TABLE `" . $databaseName . "`.`" . $newEventTableName . "` (" . "`registeredUser` VARCHAR( 60 ) NOT NULL ," . "`vehicleKey` VARCHAR( 60 ) NOT NULL ," . "`vehicleClass` VARCHAR( 60 ) NOT NULL ," . "`vehicleNumber` VARCHAR( 60 ) NOT NULL ," . "`paid` TINYINT( 1 ) NOT NULL DEFAULT '0'" . ") ENGINE = MYISAM"; if (mysql_query($createQuery)) { $insertQuery = "INSERT INTO `" . $databaseName . "`.`events` (`eventID`, `eventDB`, `eventName`, `eventLocation`, `eventDate`, `eventType`)" . "VALUES (NULL , '" . $newEventTableName . "', '" . $newEventName . "', '" . $newEventLocation . "', '" . $newEventDate . "', '" . $newEventType . "')"; if (!mysql_query($insertQuery)) { die("Created new table but unable to insert event into database. Please contact administrator."); } } else { die("Unable to create new table for event. Please contact administrator."); } header("Location: admin_events.php"); } elseif (isset($_POST['deleteEvent'])) { $eventDB = $_POST['eventDB']; $eventDBkey = $_POST['eventDBkey']; // Delete Event from DB $deleteQuery = "DELETE FROM events WHERE `events`.`eventID` = " . $eventDBkey . " LIMIT 1"; // Drop Table $dropQuery = "DROP TABLE `" . $eventDB . "`"; // die($deleteQuery."\n".$dropQuery); if ($queryCheck1 = mysql_query($deleteQuery)) { if ($queryCheck2 = mysql_query($dropQuery)) { header("Location: admin_events.php"); } die("Deleted event from list. Unable to delete Table."); } die("Unable to delete event."); } elseif (isset($_POST['emailUsers'])) { $emailList = ""; $userCheck = mysql_query("SELECT * FROM users") or die(mysql_error()); while ($userInfo = mysql_fetch_array($userCheck)) { $emailList .= $userInfo['email']; } } echo file_get_contents("admin_header.html"); echo "<br />\n"; echo "<script type=\"text/javascript\">\n"; echo "function confirmDelete() {\n"; echo "var r=confirm(\"Are you sure you want to this event? This cannot be undone.\");\n"; echo "return r;"; echo "}\n"; echo "</script>\n"; echo "<form action=\"admin_events.php\" method=\"POST\">\n"; echo "<table class=\"default\">\n"; echo "<th colspan=\"5\">Create New Event:</th>\n"; echo "<tr><td>Event Name</td><td>Event Location</td><td>EventDate<br>YYYY-MM-DD</td><td>Event Type</td></tr>\n"; echo "<tr><td><input type=\"text\" name=\"newEventName\"></td>\n"; echo "<td><input type=\"text\" name=\"newEventLocation\"></td>\n"; echo "<td><input type=\"text\" name=\"newEventDate\"></td>\n"; echo "<td><select name=\"newEventType\">\n"; echo "<option value=\"Autocross\">Autocross</option>\n"; echo "<option value=\"Hillclimb\">Hillclimb</option>\n"; echo "</select></td>\n"; echo "<td><input type=\"submit\" name=\"createEvent\" value=\"Create Event\"></td></tr>\n"; echo "</table>\n"; echo "</form>\n"; echo "<br>\n"; // Display events $eventcheck = mysql_query("SELECT * FROM events ORDER BY `events`.`eventDate`, `events`.`eventDB` ASC") or die(mysql_error()); echo "<table class=\"default\">\n"; echo "<th colspan=\"4\">Delete Events</th>\n"; echo "<tr><td>Event Type</td><td>Event Name</td><td>Event Location</td><td>Event Date</td></tr>\n"; while ($eventinfo = mysql_fetch_assoc($eventcheck)) { echo "<tr>"; echo "<td>" . $eventinfo['eventType'] . "</td>"; echo "<td>" . $eventinfo['eventName'] . "</td>"; echo "<td>" . $eventinfo['eventLocation'] . "</td>"; echo "<td>" . $eventinfo['eventDate'] . "</td>"; echo "<td>"; $tempquery = $eventinfo['eventDB']; $tempEventcheck = mysql_query("SELECT * FROM {$tempquery}") or die(mysql_error()); $reg_count = mysql_num_rows($tempEventcheck); echo "<form action=\"admin_events.php\" method=\"POST\" onsubmit=\"return confirmDelete()\">\n"; echo "<input type=\"hidden\" name=\"eventDB\" value=\"" . $eventinfo['eventDB'] . "\">\n"; echo "<input type=\"hidden\" name=\"eventDBkey\" value=\"" . $eventinfo['eventID'] . "\">\n"; echo "<input type=\"submit\" name=\"deleteEvent\" value=\"Delete\">\n"; echo "</form>\n"; if ($reg_count != 0) { echo "Users Registered."; } echo "</td></tr>\n"; } echo "</table>\n"; }
<?php if (!isset($_SESSION)) { session_start(); } include_once "helper/functions.php"; if (isset($_SESSION['loggedIn'])) { if (isUserAdmin($_SESSION['loggedIn'])) { header('Location: restricted/admin.php'); } else { header('Location: index.php'); } exit; } $developerName = ""; $colorScheme = ""; include 'helper/getGeneralSettingsFromJSON.php'; ?> <!DOCTYPE html> <html> <head> <?php include 'cookie.php'; ?> <title><?php if (isset($developerName)) { echo $developerName; } ?>
if (!isUserMod($idaa) and !isUserAdmin($idaa)) { $color = htmlentities($value['color']); $user = htmlentities($value['username']); $msg = htmlentities($value['message']); echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "</li>"; } else { $color = htmlentities($value['color']); $user = htmlentities($value['username']); $msg = htmlentities($value['message']); $todelete = $db->real_escape_string($value['id']); echo "<li id='msg_row'><b id='u_name_chat' style='color: " . $color . ";'>" . $user . "</b>: " . $msg . "<a color='blue' href='#' rel=" . $todelete . " class='delete' onClick='deleteChat(this);'>delete</a></li>"; } } ?> <script> <?php if (isUserMod($idaa) || isUserAdmin($idaa)) { ?> function deleteChat(t) { console.log("Clicked delete"); var toDEL = $(t).parent(); var id = $(t).attr('rel'); console.log(id); $.post('ajaxDEL.php', {id: id}) .done(function(data) { $(toDEL).hide(); }); } /*$('.delete').click(function() {