<?php
include_once 'config.php';
include_once '../checkAdminPagePermissions.php';
$dbBean = new DatabaseBean();
$general = new General($dbBean);
$menu_id = empty($_REQUEST['menu_id']) ? $_SESSION['menu_id'] : $_REQUEST['menu_id'];
$heading = $general->getPageHeading($menu_id);
$query = "SELECT * FROM admins where id=" . $_REQUEST['id'];
if (!$dbBean->Query($query)) {
$dbBean->Kill();
}
$result = $dbBean->RowArray();
?>
<!DOCTYPE html>
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<?php
include '../common.php';
?>
<!-- BEGIN PAGE LEVEL STYLES -->
<link rel="stylesheet" type="text/css" href="<?php
echo ADMIN_URL;
?>
/assets/global/plugins/datatables/plugins/bootstrap/dataTables.bootstrap.css"/>
<!-- END PAGE LEVEL STYLES -->
<?php
include_once 'config.php';
include_once '../checkAdminPagePermissions.php';
$dbBean = new DatabaseBean();
$general = new General($dbBean);
$menu_id = empty($_REQUEST['menu_id']) ? $_SESSION['menu_id'] : $_REQUEST['menu_id'];
$heading = $general->getPageHeading($menu_id);
$query = "SELECT * FROM menu where id=" . $_REQUEST['id'];
if (!$dbBean->Query($query)) {
$dbBean->Kill();
}
$rows = $dbBean->RowArray();
?>
<!DOCTYPE html>
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<?php
include '../common.php';
?>
<!-- BEGIN PAGE LEVEL STYLES -->
<link rel="stylesheet" type="text/css" href="<?php
echo ADMIN_URL;
?>
/assets/global/plugins/datatables/plugins/bootstrap/dataTables.bootstrap.css"/>
/*****************************************************************************************************/
if ($_REQUEST['FLAG'] == 'FORGOT_PWD') {
if (isset($_REQUEST['email']) && $_REQUEST['email'] != '') {
if (!filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
$error = 'danger';
$_SESSION['msg'] = 'Please fill valid email.';
$url = ADMIN_URL . "/login.php";
$general->redirectUrl($url, $error);
exit;
}
$query = "SELECT * FROM `admins` where email='" . $_REQUEST['email'] . "'";
if (!$dbBean->Query($query)) {
$dbBean->Kill();
}
if ($dbBean->RowCount() > 0) {
$email_data = $dbBean->RowArray(null, MYSQLI_ASSOC);
$new_password = $general->create_password(12);
$cond = array("id" => $email_data['id']);
$fieldvalues = array('password' => md5($new_password));
$updated = $dbBean->UpdateRows("admins", $fieldvalues, $cond);
if ($updated) {
$mail = new PHPMailer();
$mail->IsSMTP();
// telling the class to use SMTP
$mail->Host = "smtp.gmail.com";
// SMTP server
$mail->SMTPDebug = 1;
$mail->SMTPAuth = true;
$mail->Port = 587;
$mail->SMTPSecure = 'tls';
$mail->Username = SMPT_EMAIL;
<?php
require_once "config.php";
require_once "functions.inc.php";
$dbBean = new DatabaseBean();
$general = new General($dbBean);
$name = isset($_POST['user']) ? $_POST['user'] : "";
$password = isset($_POST['pw']) ? $_POST['pw'] : "";
$name = stripQuotes(removeBadChars($name));
$password = stripQuotes(removeBadChars($password));
$sql = "SELECT count(*) as ct FROM action_recorder WHERE user_name = '" . $name . "' AND success=0 AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) <= date_added";
if (!$dbBean->Query($sql)) {
$dbBean->Kill();
}
$row = $dbBean->RowArray();
$failattempts = $row['ct'];
if ($failattempts > 5) {
$_SESSION['msg'] = 'The maximum number of login attempts has been reached. Please try again in 15 minutes.';
$num = 'danger';
$url = ADMIN_URL . "/login.php";
$general->redirectUrl($url, $num);
exit;
}
$sql = "SELECT * FROM admins WHERE username = '******' AND binary password='******' ;";
if (!$dbBean->Query($sql)) {
$dbBean->Kill();
}
$row = $dbBean->RowArray();
if ($row) {
$_SESSION['adm_logged'] = true;
$_SESSION['adm_user_id'] = $row['id'];
<th>Action</th>
</tr>
</thead>
<tbody>
<?php
if ($_SESSION['adm_user_id'] == 1 || $_SESSION['adm_status'] == 'Level4') {
$query = "SELECT id, username, email, CONCAT(first_name ,' ',last_name) as name, status FROM admins ORDER BY id";
} else {
$query = "SELECT id, username, email, CONCAT(first_name ,' ',last_name) as name, status FROM admins where id='" . $_SESSION['adm_user_id'] . "'ORDER BY id";
}
if (!$dbBean->Query($query)) {
$dbBean->Kill();
}
if ($dbBean->RowCount() > 0) {
for ($index = 0; $index < $dbBean->RowCount(); $index++) {
$rows = $dbBean->RowArray($index);
?>
<tr class="<?php
echo ($index + 1) % 2 == 0 ? 'even' : 'odd';
?>
gradeX">
<td> <input name="delete[]" type="checkbox" id="delete[]" value="<?php
echo $rows['id'];
?>
" class="checkboxes" /> </td>
<td><?php
echo $rows['username'];
?>
</td>
<td><?php
echo $rows['name'];