示例#1
0
<?php

require_once 'session.php';
require_once 'db_connection.php';
require_once 'functions.php';
confirm_logged_in();
?>
	<?php 
$admin = find_admin_by_id($_GET["id"]);
if (!$admin) {
    redirect_to("index.php");
}
?>
	<?php 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //validation
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $fields_with_max_lenghts = array("username" => 30);
    validate_max_lengths($fields_with_max_lenghts);
    if (empty($errors)) {
        $id = $admin['id'];
        $username = trim($_POST["username"]);
        $password = trim($_POST["password"]);
        $username = mysql_prep($username);
        $password1 = password_encrypt($password);
        $query = "UPDATE admins SET ";
        $query .= " username = '******', ";
        $query .= " hashed_password = '******' ";
        $query .= " WHERE id = {$id}";
        $query .= " LIMIT 1";
示例#2
0
//require_once("../includes/session.php");
//require_once("../includes/db_connection.php");
//require_once("../includes/functions.php");
//require_once("../includes/validation_functions.php");
?>

<?php 
require_once '../includes/initialize.php';
?>

<?php 
confirm_logged_in();
?>

<?php 
$admin = find_admin_by_id($_SESSION["admin_id"]);
if (!$admin) {
    // admin ID was missing or invalid or
    // admin couldn't be found in database
    redirect_to("manage_admins.php");
}
?>

<?php 
if (isset($_POST['submit'])) {
    // Process the form
    // validations
    $required_fields = array("username", "password", "email");
    $_POST["username"] = $admin["username"];
    validate_presences($required_fields);
    $fields_with_max_lengths = array("username" => 30);
示例#3
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
confirm_logged_in();
?>


<?php 
$admin_to_be_deleted = find_admin_by_id($_GET["id"]);
if (!$admin_to_be_deleted) {
    // admin ID was missing or invalid or
    // admin couldn't be found in database
    redirect_to("manage_admins.php");
}
$id = $admin_to_be_deleted["id"];
$query = "DELETE FROM admins WHERE id = {$id} LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
    // Success
    $_SESSION["message"] = "Admin deleted.";
    redirect_to("manage_admins.php");
} else {
    // Failure
    $_SESSION["message"] = "Admin deletion failed.";
    redirect_to("manage_admins.php");
}
示例#4
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
?>

<?php 
confirm_logged_in();
?>

<?php 
$current_admin = find_admin_by_id($_GET["id"], false);
if (!$current_admin) {
    // Subject ID was missing or invalid or
    // subject couldn't be found in database
    redirect_to("manage_admins.php");
}
$id = $current_admin["id"];
$query = "DELETE FROM admins ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
    $_SESSION["message"] = "Admin deleted";
    redirect_to("manage_admins.php");
} else {
    $_SESSION["message"] = "Admin deletion failed";
    redirect_to("manage_admin.php?admin={$id}");
}
<?php

require_once "../includes/sessions.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
?>

<?php 
$admin = find_admin_by_id($_GET['id']);
if (!$admin) {
    // admin ID was missing
    // or admin was not found in database
    redirect_to("manage_admins.php");
}
$id = $admin["id"];
$query = "DELETE FROM admins WHERE id = {$id} LIMIT 1";
$result = mysqli_query($db_connection, $query);
if ($result && mysqli_affected_rows($db_connection) == 1) {
    $_SESSION["message"] = "Admin deleted.";
    redirect_to("manage_admin.php");
} else {
    $_SESSION["message"] = "Admin deletion failed. :( ";
    redirect_to("manage_admin.php");
}
示例#6
0
<?php

require_once "../includes/session.php";
require_once "../includes/dbconnect.php";
require_once "../includes/functions.php";
require_once "../includes/validation_function.php";
?>

<?php 
#setting the current_admin
if (!find_admin_by_id($_GET["id"])) {
    redirect_to("manage_admins.php");
}
if (isset($_POST['submit'])) {
    # validation
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $fields_with_max_lengths = array("username" => 30);
    validate_max_lengths($fields_with_max_lengths);
    if (empty($errors)) {
        $username = mysql_prep($_POST["username"]);
        $hashed_password = mysql_prep($_POST["password"]);
        $id = $current_admin["id"];
        if ($current_admin["hashed_password"] == $hashed_password) {
            # code...
            $query = "UPDATE admins SET ";
            $query .= "username = '******', ";
            $query .= "hashed_password = '******' ";
            $query .= "WHERE id= {$id} ";
            $query .= "LIMIT 1";
            $result = mysqli_query($connection, $query);
示例#7
0
<?php

include_once '../includes/session.php';
include_once '../includes/db_connection.php';
require_once '../includes/functions.php';
?>

<?php 
$current_admin = find_admin_by_id($_GET['admin'], false);
if (!$current_admin) {
    redirect_to('manage_admins.php');
}
$id = $current_admin['id'];
$query = 'DELETE FROM admins where id = ' . $id . ' LIMIT 1';
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
    $_SESSION['message'] = "Page Deleted";
    redirect_to('manage_admins.php');
} else {
    $_SESSION['message'] = "Page deletion failed";
    redirect_to('manage_admins.php?admin=' . $id . '');
}
示例#8
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
confirm_logged_in();
require_once "../includes/validation_functions.php";
$layout_context = "admin";
include "../includes/layouts/header.php";
?>

<?php 
$admin_to_edit = find_admin_by_id($_GET['id']);
if (!$admin_to_edit) {
    redirect_to("manage_admins.php");
}
?>

<?php 
// This requires that the form have name="submit" on the submit button
// This says, ok this is was a post request from the form that had a submit value
// If we don't have that, then it was probably a GET request, we don't want to allow that
if (isset($_POST['submit'])) {
    // Validations
    $required_fields = array("username", "password");
    has_presences($required_fields);
    $fields_with_max_lengths = array("username" => 20);
    validate_max_lengths($fields_with_max_lengths);
    if (empty($errors)) {
        // Perform Update
        $id = $admin_to_edit["id"];
示例#9
0
<?php

require_once "includes/session.php";
//For creating a session, we don't use cookies "for better security"
require_once "includes/functions.php";
//Functions files
require_once "includes/db_connection.php";
//Including the database connection file
$user = find_admin_by_id($_SESSION['admin_id']);
?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>Admin's Page</title>
    <!-- Tell the browser to be responsive to screen width -->
    <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
    <!-- Bootstrap 3.3.5 -->
    <link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
    <!-- Font Awesome -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
    <!-- Ionicons -->
    <link rel="stylesheet" href="https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css">
    <!-- Theme style -->
    <link rel="stylesheet" href="dist/css/AdminLTE.min.css">
    <!-- AdminLTE Skins. Choose a skin from the css/skins
         folder instead of downloading all of them to reduce the load. -->
    <link rel="stylesheet" href="dist/css/skins/_all-skins.min.css">
    <!-- DataTables -->
    <link rel="stylesheet" href="plugins/datatables/dataTables.bootstrap.css">
示例#10
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
confirm_logged_in();
if (isset($_GET["id"])) {
    $current_admin = find_admin_by_id($_GET["id"]);
} else {
    redirect_to("manage_admins.php");
}
if (isset($_POST["submit"])) {
    //validations
    $required_fields = array("username", "password");
    validate_presences($required_fields);
    $fields_with_max_lengths = array("username" => 50);
    validate_max_lengths($fields_with_max_lengths);
    if (empty($errors)) {
        $id = $current_admin["id"];
        $username = mysql_prep($_POST['username']);
        $hashed_password = password_encrypt($_POST["password"]);
        $query = "UPDATE admins SET ";
        $query .= "username = '******', ";
        $query .= "password = '******' ";
        $query .= "WHERE id = {$id} ";
        $query .= "LIMIT 1";
        $result = mysqli_query($connection, $query);
        // Test if there was a query error
        if ($result && mysqli_affected_rows($connection) == 1) {
            // Success
示例#11
0
<?php

require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
confirm_login();
$layout_context = "admin";
$id = (int) $_GET["id"];
if (!$id) {
    //must have subject id if we want to edit it
    redirect_to("list_admins.php");
}
$admin = mysqli_fetch_assoc(find_admin_by_id($id));
if (isset($_POST["submit"])) {
    $required_fields = array("username", "password");
    validate_presence($required_fields);
    $fields_with_max_lengths = array("username" => 30, "password" => 30);
    validate_max_lengths($fields_with_max_lengths);
    $fields_with_min_lengths = array("username" => 5, "password" => 5);
    validate_min_lengths($fields_with_min_lengths);
    $password = $_POST["password"];
    includes_number($password);
    includes_capital($password);
    if (empty($errors)) {
        $username = mysql_prep($_POST["username"]);
        $hashed_password = password_hash($password, PASSWORD_BCRYPT, [cost => 10]);
        $query = "UPDATE admins SET ";
        $query .= "username = '******', ";
        $query .= "hashed_password = '******' ";
        $query .= "WHERE id = {$id}";