* @author Bill Newman <*****@*****.**> * @version 3.02 2011/05/18 * @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see demo_list_pager.php * @todo none */ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials # check variable of item passed in - if invalid data, forcibly redirect back to demo_list_pager.php page if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring $myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails }else{ myRedirect(VIRTUAL_PATH . "demo/demo_list_pager.php"); } //sql statement to select individual item $sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID; //---end config area -------------------------------------------------- $foundRecord = FALSE; # Will change to true, if record found! # connection comes first in mysqli (improved) function $result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR)); if(mysqli_num_rows($result) > 0) {#records exist - process $foundRecord = TRUE; while ($row = mysqli_fetch_assoc($result))
function updateExecute() { global $config; $myConn = conn('', FALSE); # MUST precede formReq() function, which uses active connection to parse data $redirect = $config->adminEdit; # global var used for following formReq redirection on failure $FirstName = formReq('FirstName'); # formReq calls dbIn() internally, to check form data $LastName = formReq('LastName'); $Email = strtolower(formReq('Email')); $Privilege = formReq('Privilege'); $AdminID = formReq('AdminID'); #check for duplicate email $sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID); $result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); if (mysql_num_rows($result) > 0) { # someone already has email! feedback("Email already exists - please choose a different email."); myRedirect($config->adminEdit); # duplicate email } #sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero $sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID); mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { $msg = "Admin Updated!"; feedback("Successfully Updated!", "notice"); if ($_SESSION["AdminID"] == $AdminID) { #this is me! update current session info: $_SESSION["Privilege"] = $Privilege; $_SESSION["FirstName"] = $FirstName; } } else { feedback("Data NOT Updated! (or not changed from original values)"); } get_header(); echo ' <div align="center"><h3>Edit Administrator</h3></div> <div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
/** * mysqli version of formReq() * * Requires data submitted as isset() and passes data to * idbIn() which processes per MySQL standards, adding slashes and * attempting to prevent SQL injection. * * Upon failure, user is forcibly redirected to global variable, * $redirect, which is applied just before checking a series of form values. * * mysqli version requires explicit connection, $myConn * *<code> * $iConn = conn("admin",TRUE); //mysqli connection * $myVar = iformReq($_POST['myVar'],$iConn); * $otherVar = iformReq($_POST['otherVar'],$iConn); *</code> * * @uses idbIn() * @see formReq() * @param string $var data as entered by user * @param object $myConn active mysqli DB connection, passed by reference. * @return string returns data filtered by MySQL, adding slashes, etc. * @todo none */ function iformReq($var, &$iConn) { /** * $redirect stores page to redirect user to upon failure * These variables are declared in the page, just before the form fields are tested. * * @global string $redirect */ global $redirect; if (!isset($_POST[$var])) { feedback("Required Form Data Not Passed", "error"); if (!isset($redirect) || $redirect == "") { //if no redirect indicated, use the current page! myRedirect(THIS_PAGE); } else { myRedirect($redirect); } } else { return idbIn($_POST[$var], $iConn); } }
exit; } } $tyyp_id = 14; $site->debug->print_hash($site->fdat, 1, "FDAT"); $leht = new Leht(array(id => $site->fdat['id'] ? $site->fdat['id'] : $site->alias("rub_home_id"))); $objekt = new Objekt(array(objekt_id => $site->fdat['id'], on_sisu => 1)); if (!$objekt->objekt_id) { //redirect 404 lehele header('Location: index.php?id=' . $site->alias(array('key' => '404error'))); exit; } $obj_conf = new CONFIG($objekt->all['ttyyp_params']); if ($site->fdat['output_device'] == 'pda') { if (strlen($site->fdat['text']) < 2 || strlen($site->fdat['nimi']) < 2) { myRedirect($site->fdat['redirect_url']); exit; } $name = trim($site->user->all['firstname'] . ' ' . $site->user->all['lastname']); $nimi = trim($site->fdat['nimi']); if ($name != $nimi) { $site->fdat['nimi'] .= ' (nimi muudetud)'; } } $already = 0; ############ get all parent object: trail $trail_objs = $leht->parents->list; #oldfor ($y=-1;$y>-10;$y--){ $i = 0; foreach ($trail_objs as $i => $myobj) { # skip the first array element - itself
//END CONFIG AREA ---------------------------------------------------------- $access = "superadmin"; #superadmin or above can add new administrators include_once INCLUDE_PATH . 'admin_only_inc.php'; #session protected page - level is defined in $access var if (isset($_POST['Email'])) { # if Email is set, check for valid data if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid", "error"); myRedirect($config->adminAdd); } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Password must contain letters and numbers only.", "error"); myRedirect($config->adminAdd); } $myConn = conn('', FALSE); # MUST precede formReq() function, which uses active connection to parse data $FirstName = formReq('FirstName'); # formReq calls dbIn() internally, to check form data $LastName = formReq('LastName'); $AdminPW = formReq('PWord1'); $Email = strtolower(formReq('Email')); $Privilege = formReq('Privilege'); #sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero $sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege); @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); # insert is done here # feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) {
* @version 2.10 2012/02/28 * @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see feed_list.php * @todo none */ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials # check variable of item passed in - if invalid data, forcibly redirect back to feed_list.php page if (isset($_GET['id']) && (int) $_GET['id'] > 0) { #proper data must be on querystring $myID = (int) $_GET['id']; #Convert to integer, will equate to zero if fails } else { myRedirect(VIRTUAL_PATH . "feed/news_list.php"); } /** * * INDIVIDUAL ITEMS FROM LIST PAGE * */ //sql statement to select individual item $sql = <<<QUERY SELECT f.FeedName, f.FeedURL FROM wn16_categoryfeedlink l LEFT JOIN wn16_feed f ON f.FeedID = l.FeedID RIGHT JOIN wn16_newscategories c ON c.CategoryID = l.CategoryID
* @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see demo_list_upload.php * @see upload_form.php * @see upload_execute.php * @todo none */ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials # check variable of item passed in - if invalid data, forcibly redirect back to list page if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring $myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails }else{ myRedirect(VIRTUAL_PATH . "demo/demo_list_upload.php"); } # sql statement to select individual item $sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID; $foundRecord = FALSE; # Will change to true, if record found! # connection comes first in mysqli (improved) function $result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR)); if(mysqli_num_rows($result) > 0) {#records exist - process $foundRecord = TRUE; while ($row = mysqli_fetch_assoc($result)) {
*/ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials spl_autoload_register('MyAutoLoader::NamespaceLoader'); $config->titleTag = smartTitle(); #Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php $config->metaDescription = smartTitle() . ' - ' . $config->metaDescription; //END CONFIG AREA ---------------------------------------------------------- # check variable of item passed in - if invalid data, forcibly redirect back to demo_list.php page if (isset($_GET['id']) && (int) $_GET['id'] > 0) { #proper data must be on querystring $myID = (int) $_GET['id']; #Convert to integer, will equate to zero if fails } else { myRedirect(VIRTUAL_PATH . "surveys/index.php"); } get_header(); #defaults to header_inc.php ?> <h3 align="center">Survey View</h3> <?php $mySurvey = new SurveySez\Survey($myID); //dumpDie($mySurvey); if ($mySurvey->isValid) { //if the survey exsits, show data echo '<p>Survey Title:<b>' . $mySurvey->Title . '</b></p>'; $mySurvey->showQuestions(); } else { //appologise echo '<div>There appears to be no such survey</div>';
function insertExecute() { $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Customer Added Successfully!", "notice"); } else { //Problem! Provide feedback! feedback("Customer NOT added!"); } myRedirect(THIS_PAGE); }
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see demo_list_meaningful.php * @see upload_form.php * @see upload_execute.php * @todo align table name and/or item name changes with image name */ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials # check variable of item passed in - if invalid data, forcibly redirect back to list page if (isset($_GET['id']) && (int) $_GET['id'] > 0) { #proper data must be on querystring $myID = (int) $_GET['id']; #Convert to integer, will equate to zero if fails } else { myRedirect(VIRTUAL_PATH . "demo/demo_list_meaningful.php"); } # sql statement to select individual item $sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID; $foundRecord = FALSE; # Will change to true, if record found! # connection comes first in mysqli (improved) function $result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR)); if (mysqli_num_rows($result) > 0) { #records exist - process $foundRecord = TRUE; while ($row = mysqli_fetch_assoc($result)) { $MuffinName = dbOut($row['MuffinName']); $Description = dbOut($row['Description']); $Price = dbOut($row['Price']); $MetaDescription = dbOut($row['MetaDescription']);
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see demo_list_curvy.php * @see upload_form.php * @see upload_execute.php * @todo none */ # '../' works for a sub-folder. use './' for the root require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials # check variable of item passed in - if invalid data, forcibly redirect back to list page if (isset($_GET['id']) && (int) $_GET['id'] > 0) { #proper data must be on querystring $myID = (int) $_GET['id']; #Convert to integer, will equate to zero if fails } else { myRedirect(VIRTUAL_PATH . "demo/demo_list_curvy.php"); } //sql statement to select individual item $sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID; $foundRecord = FALSE; # Will change to true, if record found! # connection comes first in mysqli (improved) function $result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR)); if (mysqli_num_rows($result) > 0) { #records exist - process $foundRecord = TRUE; while ($row = mysqli_fetch_assoc($result)) { $MuffinName = dbOut($row['MuffinName']); $Description = dbOut($row['Description']); $Price = dbOut($row['Price']); $MetaDescription = dbOut($row['MetaDescription']);
function updateExecute() { global $config; if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $myID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); myRedirect($config->adminReset); } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Data entered for password must be alphanumeric only"); myRedirect(THIS_PAGE); } $myConn = conn('', FALSE); $redirect = $config->adminReset; # global var used for following formReq redirection on failure $AdminID = formReq('AdminID'); # calls dbIn internally, to check form data $AdminPW = formReq('PWord1'); # SHA() is the MySQL function that encrypts the password $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID); @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { feedback("Password Successfully Reset!", "notice"); } else { feedback("Password NOT Reset! (or not changed from original value)"); } get_header(); echo ' <div align="center"><h3>Reset Administrator Password</h3></div> <div align="center"><a href="' . $config->adminReset . '">Reset More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
$config->titleTag = 'Log File Details'; #Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php $config->metaRobots = 'no index, no follow'; #never index admin pages //END CONFIG AREA ---------------------------------------------------------- $access = "admin"; #admins can edit themselves, developers can edit any - don't change this var or no one can edit their own data include_once INCLUDE_PATH . 'admin_only_inc.php'; #session protected page - level is defined in $access var if (isset($_GET['del'])) { #prepare to delete log file $myDelete = trim($_GET['del']); unlink(LOG_PATH . $myDelete); #deletes file feedback("File '" . $myDelete . "' successfully deleted!"); myRedirect(ADMIN_PATH . 'admin_log_list.php'); #redirect back to list page with message } if (isset($_GET['f'])) { #file info from qstring $fileName = trim($_GET['f']); $filePath = LOG_PATH . $_GET['f']; } else { $fileName = "No File Found"; } $config->loadhead = ' <script language="JavaScript"> function confirmDelete() { var agree=confirm("Are you sure you wish to delete this log file?"); if(agree)
<?php /** * index.php is an ADMIN ONLY page for redirects! * * DO NOT place this folder in the root of your application space! * * DO place this in the ADMIN folder! (whatever you name it!!) * * @package nmCommon * @author Blake Schwartz * @version 2.09x 2015 * @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see config_inc.php * @todo none */ require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials $redirect_to_login = TRUE; #if true, will redirect to admin login page, else redirect to main site index # END CONFIG AREA ---------------------------------------------------------- if ($redirect_to_login) { # redirect to current login page myRedirect($config->adminLogin); } else { #redirect to main site index myRedirect(VIRTUAL_PATH . "index.php"); }
/** * handles POST data and formulates email response. * * @param string $skipFields comma separated string of POST elements to be skipped * @param boolean $sendEmail indicates whether developer wants email sent or not * @param string $fromAddress fallback 'noreply' address for domain hosting page * @param string $toAddress address to receive email * @param string $website name of website where form was filled out * @param string $fromDomain name of website where form was filled out * @return none * @uses show_POST() * @todo none */ function handle_POST($skipFields, $sendEmail, $toName, $fromAddress, $toAddress, $website, $fromDomain) { $aSkip = explode(",", $skipFields); #split form elements to skip into array $postData = show_POST($aSkip); #loops through and creates select POST data for display/email $fromAddress = ""; //default if (is_email($_POST['Email'])) { #Only use Email for return address if valid $fromAddress = $_POST['Email']; # extra email injector paranoia courtesy of DH: http://wiki.dreamhost.com/PHP_mail()#Mail_Header_Injection $fromAddress = preg_replace("([\r\n])", "", $fromAddress); } if ($sendEmail) { #create email if (isset($_POST['Name'])) { $Name = $_POST['Name']; } else { $Name = ""; } #Name, if used part of subject foreach ($_POST as $value) { #Content-Type: is too similar to email injection to allow $spaceless = str_replace(" ", "", $value); #in case hacker is clever enough to remove spaces if (stripos($spaceless, 'Content-Type:') !== FALSE) { feedback("Incorrect form data. Email NOT sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect(THIS_PAGE); } } $Name = safe($Name); #Name is part of Subject/header - filter code further for email injection if ($Name != "") { $SubjectName = " from: " . $Name . ","; } else { $SubjectName = ""; } #Name, if used part of subject $postData = str_replace("<br />", PHP_EOL . PHP_EOL, $postData); #replace <br /> tags with double c/r $Subject = $website . " message" . $SubjectName . " " . date('F j, Y g:i a'); $txt = $Subject . PHP_EOL . PHP_EOL . $postData; email_handler($toAddress, $toName, $Subject, $txt, $fromAddress, $Name, $website, $fromDomain); } else { //print data only print "Data printed only. Email <b>not</b> sent!<br />"; echo $postData; #Shows select POST data echo '<a href="' . THIS_PAGE . '">Reset Form</a><br />'; } }
function updateExecute() { if (!is_numeric($_POST['CustomerID'])) { //data must be alphanumeric only feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect(THIS_PAGE); } $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $CustomerID = iformReq('CustomerID', $iConn); //calls mysqli_real_escape() internally, to check form data $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation", "warning"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid", "warning"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Data Updated Successfully!", "success"); } else { //Problem! Provide feedback! feedback("Data NOT changed!", "warning"); } myRedirect(THIS_PAGE); }
$stmt = $db->prepare($sql); $stmt->bindValue(1, $NumLogins, PDO::PARAM_INT); $stmt->bindValue(2, $AdminID, PDO::PARAM_INT); try { $stmt->execute(); } catch (PDOException $ex) { trigger_error($ex->getMessage(), E_USER_ERROR); } feedback("Login Successful!", "notice"); if (isset($_SESSION['red']) && $_SESSION['red'] != "") { #check to see if we'll be redirecting to a requesting page $red = $_SESSION['red']; #redirect back to original page $_SESSION['red'] == ''; #clear session var myRedirect($red); } else { myRedirect($config->adminDashboard); # successful login! Redirect to admin page } } else { # failed login, redirect feedback("Login and/or Password are incorrect.", "warning"); myRedirect($config->adminLogin); } unset($result, $db); //clear resources } else { feedback("Required data not sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); }
function showName() { #form submits here we show entered name get_header(); #defaults to footer_inc.php if (!isset($_POST['YourName']) || $_POST['YourName'] == '') { //data must be sent feedback("No form data submitted"); #will feedback to submitting page via session variable myRedirect(THIS_PAGE); } if (!ctype_alnum($_POST['YourName'])) { //data must be alphanumeric only feedback("Only letters and numbers are allowed. Please re-enter your name."); #will feedback to submitting page via session variable myRedirect(THIS_PAGE); } $myName = strip_tags($_POST['YourName']); # here's where we can strip out unwanted data echo '<h3 align="center">' . smartTitle() . '</h3>'; echo '<p align="center">Your name is <b>' . $myName . '</b>!</p>'; echo '<p align="center"><a href="' . THIS_PAGE . '">RESET</a></p>'; get_footer(); #defaults to footer_inc.php }
$_SESSION['red'] = $myProtocol . $_SERVER['HTTP_HOST'] . $myURL; feedback("Your session has timed out. Please login."); myRedirect($config->adminLogin); } else { if (!isset($access) || $access == "") { $access = "admin"; } //empty becomes admin $access = strtolower($access); //in case of typo switch ($access) { case "admin": break; case "superadmin": # not developer/superadmin, back to admin page if ($_SESSION['Privilege'] != "developer" && $_SESSION['Privilege'] != "superadmin") { feedback("Your admin privileges do not allow access to the previous page."); myRedirect($config->adminDashboard); } break; case "developer": //highest level. all access! # not developer to admin page if ($_SESSION['Privilege'] != "developer") { feedback("Your admin privileges do not allow access to the previous page."); myRedirect($config->adminDashboard); } break; break; } }