<?php
require_once 'session.php';
require_once 'db_connection.php';
require_once 'functions.php';
confirm_logged_in();
?>
<?php
$admin = find_admin_by_id($_GET["id"]);
if (!$admin) {
redirect_to("index.php");
}
?>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//validation
$required_fields = array("username", "password");
validate_presences($required_fields);
$fields_with_max_lenghts = array("username" => 30);
validate_max_lengths($fields_with_max_lenghts);
if (empty($errors)) {
$id = $admin['id'];
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$username = mysql_prep($username);
$password1 = password_encrypt($password);
$query = "UPDATE admins SET ";
$query .= " username = '******', ";
$query .= " hashed_password = '******' ";
$query .= " WHERE id = {$id}";
$query .= " LIMIT 1";
//require_once("../includes/session.php");
//require_once("../includes/db_connection.php");
//require_once("../includes/functions.php");
//require_once("../includes/validation_functions.php");
?>
<?php
require_once '../includes/initialize.php';
?>
<?php
confirm_logged_in();
?>
<?php
$admin = find_admin_by_id($_SESSION["admin_id"]);
if (!$admin) {
// admin ID was missing or invalid or
// admin couldn't be found in database
redirect_to("manage_admins.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("username", "password", "email");
$_POST["username"] = $admin["username"];
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
confirm_logged_in();
?>
<?php
$admin_to_be_deleted = find_admin_by_id($_GET["id"]);
if (!$admin_to_be_deleted) {
// admin ID was missing or invalid or
// admin couldn't be found in database
redirect_to("manage_admins.php");
}
$id = $admin_to_be_deleted["id"];
$query = "DELETE FROM admins WHERE id = {$id} LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Admin deleted.";
redirect_to("manage_admins.php");
} else {
// Failure
$_SESSION["message"] = "Admin deletion failed.";
redirect_to("manage_admins.php");
}
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
?>
<?php
confirm_logged_in();
?>
<?php
$current_admin = find_admin_by_id($_GET["id"], false);
if (!$current_admin) {
// Subject ID was missing or invalid or
// subject couldn't be found in database
redirect_to("manage_admins.php");
}
$id = $current_admin["id"];
$query = "DELETE FROM admins ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION["message"] = "Admin deleted";
redirect_to("manage_admins.php");
} else {
$_SESSION["message"] = "Admin deletion failed";
redirect_to("manage_admin.php?admin={$id}");
}
<?php
require_once "../includes/sessions.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
?>
<?php
$admin = find_admin_by_id($_GET['id']);
if (!$admin) {
// admin ID was missing
// or admin was not found in database
redirect_to("manage_admins.php");
}
$id = $admin["id"];
$query = "DELETE FROM admins WHERE id = {$id} LIMIT 1";
$result = mysqli_query($db_connection, $query);
if ($result && mysqli_affected_rows($db_connection) == 1) {
$_SESSION["message"] = "Admin deleted.";
redirect_to("manage_admin.php");
} else {
$_SESSION["message"] = "Admin deletion failed. :( ";
redirect_to("manage_admin.php");
}
<?php
require_once "../includes/session.php";
require_once "../includes/dbconnect.php";
require_once "../includes/functions.php";
require_once "../includes/validation_function.php";
?>
<?php
#setting the current_admin
if (!find_admin_by_id($_GET["id"])) {
redirect_to("manage_admins.php");
}
if (isset($_POST['submit'])) {
# validation
$required_fields = array("username", "password");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
$username = mysql_prep($_POST["username"]);
$hashed_password = mysql_prep($_POST["password"]);
$id = $current_admin["id"];
if ($current_admin["hashed_password"] == $hashed_password) {
# code...
$query = "UPDATE admins SET ";
$query .= "username = '******', ";
$query .= "hashed_password = '******' ";
$query .= "WHERE id= {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
<?php
include_once '../includes/session.php';
include_once '../includes/db_connection.php';
require_once '../includes/functions.php';
?>
<?php
$current_admin = find_admin_by_id($_GET['admin'], false);
if (!$current_admin) {
redirect_to('manage_admins.php');
}
$id = $current_admin['id'];
$query = 'DELETE FROM admins where id = ' . $id . ' LIMIT 1';
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
$_SESSION['message'] = "Page Deleted";
redirect_to('manage_admins.php');
} else {
$_SESSION['message'] = "Page deletion failed";
redirect_to('manage_admins.php?admin=' . $id . '');
}
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
confirm_logged_in();
require_once "../includes/validation_functions.php";
$layout_context = "admin";
include "../includes/layouts/header.php";
?>
<?php
$admin_to_edit = find_admin_by_id($_GET['id']);
if (!$admin_to_edit) {
redirect_to("manage_admins.php");
}
?>
<?php
// This requires that the form have name="submit" on the submit button
// This says, ok this is was a post request from the form that had a submit value
// If we don't have that, then it was probably a GET request, we don't want to allow that
if (isset($_POST['submit'])) {
// Validations
$required_fields = array("username", "password");
has_presences($required_fields);
$fields_with_max_lengths = array("username" => 20);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$id = $admin_to_edit["id"];
<?php
require_once "includes/session.php";
//For creating a session, we don't use cookies "for better security"
require_once "includes/functions.php";
//Functions files
require_once "includes/db_connection.php";
//Including the database connection file
$user = find_admin_by_id($_SESSION['admin_id']);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Admin's Page</title>
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<!-- Bootstrap 3.3.5 -->
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
<!-- Ionicons -->
<link rel="stylesheet" href="https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css">
<!-- Theme style -->
<link rel="stylesheet" href="dist/css/AdminLTE.min.css">
<!-- AdminLTE Skins. Choose a skin from the css/skins
folder instead of downloading all of them to reduce the load. -->
<link rel="stylesheet" href="dist/css/skins/_all-skins.min.css">
<!-- DataTables -->
<link rel="stylesheet" href="plugins/datatables/dataTables.bootstrap.css">
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
confirm_logged_in();
if (isset($_GET["id"])) {
$current_admin = find_admin_by_id($_GET["id"]);
} else {
redirect_to("manage_admins.php");
}
if (isset($_POST["submit"])) {
//validations
$required_fields = array("username", "password");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 50);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
$id = $current_admin["id"];
$username = mysql_prep($_POST['username']);
$hashed_password = password_encrypt($_POST["password"]);
$query = "UPDATE admins SET ";
$query .= "username = '******', ";
$query .= "password = '******' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
// Test if there was a query error
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
<?php
require_once "../includes/session.php";
require_once "../includes/db_connection.php";
require_once "../includes/functions.php";
require_once "../includes/validation_functions.php";
confirm_login();
$layout_context = "admin";
$id = (int) $_GET["id"];
if (!$id) {
//must have subject id if we want to edit it
redirect_to("list_admins.php");
}
$admin = mysqli_fetch_assoc(find_admin_by_id($id));
if (isset($_POST["submit"])) {
$required_fields = array("username", "password");
validate_presence($required_fields);
$fields_with_max_lengths = array("username" => 30, "password" => 30);
validate_max_lengths($fields_with_max_lengths);
$fields_with_min_lengths = array("username" => 5, "password" => 5);
validate_min_lengths($fields_with_min_lengths);
$password = $_POST["password"];
includes_number($password);
includes_capital($password);
if (empty($errors)) {
$username = mysql_prep($_POST["username"]);
$hashed_password = password_hash($password, PASSWORD_BCRYPT, [cost => 10]);
$query = "UPDATE admins SET ";
$query .= "username = '******', ";
$query .= "hashed_password = '******' ";
$query .= "WHERE id = {$id}";