Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include('nav.php');
- include('config.php');
- if (isset($_SESSION['user'])){
- if (isset($_GET['action']) AND ($_GET['action'] !=='logout')OR (!isset($_GET['action']))) {
- $bancheck=mysql_query('SELECT `banned` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
- $bancheckresult=mysql_result($bancheck, 0);
- if($bancheckresult == "yes"){
- $banreason=mysql_query('SELECT `ban_reason` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
- $banreasonresult=mysql_result($banreason, 0);
- echo ("You have been banned. The reason for the ban is: $banreasonresult");
- die(); }
- }
- }
- if (isset($_GET['action']))
- {
- $action = mysql_real_escape_string($_GET['action']);
- if ($action == 'login'){
- if (isset($_SESSION['user'])){
- header('location: index.php');
- }
- if (isset($_POST['submit']))
- {
- include ('config.php');
- $user = mysql_real_escape_string($_POST['user']);
- $pass = mysql_real_escape_string($_POST['pass']);
- if ($action == 'login')
- {
- $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $user . '" and password="' . md5($pass) . '"') or die (mysql_error ());
- $result=mysql_result($get, 0);
- mysql_close($con);
- if($result != 1)
- {
- echo "Login failure";
- }
- else
- {
- $_SESSION['user']=$user;
- header( 'Location: index.php');
- }
- }
- }
- ?>
- <html>
- <head>
- <title>My Page Login</title>
- </head>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <body>
- <form action='index.php?action=login' method="POST">
- Username: <input type="text" name='user'><br />
- Password: <input type="password" name='pass'><br />
- <input type="submit" name="submit" value='Login!'>
- </form>
- </body>
- </html>
- <?php
- }
- else if ($action == 'logout') {
- ?>
- <Title>Logout</Title>
- <?php
- if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
- {
- echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
- die();
- }
- unset($_SESSION['user']);
- header( 'Location: index.php?action=login');
- }
- else if ($action == 'admin') {
- if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
- {
- echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
- die();
- }
- else {
- if(isset($_POST['add']))
- {
- $add=mysql_query('INSERT INTO users VALUES ("' . $_POST['nameadd'] . '", "", "2", "' . $_POST['useradd'] . '","' . md5($_POST['passadd']) . '", "' . $_POST['hwidadd'] . '", "no", "N/A" )');
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Added the user ' . $_POST['useradd'] . ' to the site.")');
- }else if (isset($_POST['ban']))
- {
- $ban=mysql_query('UPDATE users SET banned = "yes", ban_reason = "' . $_POST['banreason'] . '" WHERE username = "' . $_POST['userban'] . '"');
- $banlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Banned the user ' . $_POST['userban'] . ' from the site.")');
- }include('config.php');
- $query=mysql_query('SELECT `group` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
- $result=mysql_result($query, 0);
- if($result == "1"){
- if (isset($_GET['task'])){
- if ($_GET['task'] == 'delete') {
- if (isset($_GET['uid'])){
- $delete=mysql_query('DELETE FROM users WHERE id =' . $_GET['uid']);
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Deleted the user with the uid: ' . $_GET['uid'] . ' from the site.")');
- }
- }else if ($_GET['task'] == 'unban') {
- if (isset($_GET['uid'])){
- $unban=mysql_query('UPDATE users SET banned = "no", ban_reason = "N/A" WHERE id = ' . $_GET['uid']);
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Unbanned the user with the uid: ' . $_GET['uid'] . ' from the site.")');
- }
- }else if ($_GET['task'] == 'makeadmin') {
- if (isset($_GET['uid'])){
- $makeadmin=mysql_query('UPDATE users SET users.group = 1 WHERE users.id = ' . $_GET['uid']);
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Made the user with the uid: ' . $_GET['uid'] . ' an Admin.")');
- }
- }else if ($_GET['task'] == 'demote'){
- if (isset($_GET['uid'])) {
- $demote=mysql_query('UPDATE users SET users.group = 2 WHERE users.id = ' . $_GET['uid']);
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Demoted the user with the uid ' . $_GET['uid'] . '.")');
- }
- }else if ($_GET['task'] == 'reset') {
- if (isset($_POST['reset'])){
- $resetpass = $_POST['resetpass'];
- $resetconfirmpass = $_POST['resetconfirmpass'];
- if ($resetpass == $resetconfirmpass){
- $reset=mysql_query('UPDATE users set password="' . md5($_POST['resetconfirmpass']) . '" WHERE username = "' . $_POST['resetuser'] . '"');
- $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Changed the password of the user ' . $_POST['resetuser'] . '.")');
- }else{
- echo "<b>The two passwords you entered do not match.</b><br /><br />";
- }
- }
- }else if ($_GET['task'] == 'beta') {
- $len = 15;
- $base='ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
- $max=strlen($base)-1;
- $activatecode='';
- mt_srand((double)microtime()*1000000);
- while (strlen($activatecode)<$len+1)
- $activatecode.=$base{mt_rand(0,$max)};
- $addbetakey =mysql_query('INSERT INTO `key` (`code`) VALUES ("' . $activatecode .'")');
- echo 'The key ' . $activatecode . ' has been added.</br>';
- }else if($_GET['task'] == 'viewbeta') {
- $viewbetaquery=mysql_query('SELECT * FROM `key`');
- WHILE($rows = mysql_fetch_array($viewbetaquery)):
- $betacode = $rows['code'];
- echo "Serial #: <b>$betacode</b></br>";
- endwhile;
- echo 'Click <a href="index.php?action=admin">here</a> to return to the admin page.';
- die();
- }else if ($_GET['task'] == 'requirebeta') {
- if (isset($_POST['betarequiuiredsubmit'])) {
- if (isset($_POST['betarequired'])) {
- if ($_POST['betarequired'] == 'on') {
- $betaon=mysql_query('UPDATE settings SET requirebeta="yes"');
- echo '<b>Beta code enabled</b></br>';
- }else if ($_POST['betarequired'] == 'off'){
- $betaoff=mysql_query('UPDATE settings SET requirebeta="no"');
- echo '<b>Beta code disabled.</b></br>';
- }
- }
- }
- }else if ($_GET['task'] == 'logs') {
- $getlogs=mysql_query('SELECT * FROM logs');
- echo '<hr>';
- WHILE($rows = mysql_fetch_array($getlogs)):
- $user = $rows['user'];
- $actionmade = $rows['action'];
- echo "User: <b>$user</b> | Action: <b>$actionmade</b><hr>";
- endwhile;
- echo 'Click <a href="index.php?action=admin">here</a> to go back to the Admin panel.';
- die();
- }
- }
- $sql=mysql_query('SELECT * FROM users WHERE username <> "' . $_SESSION['user'] . '"');
- echo '<b>Please note that due to security reasons, your account will not show up below.</b>';
- echo '<hr>';
- WHILE($rows = mysql_fetch_array($sql)):
- $id = $rows['id'];
- $group = $rows['group'];
- $username = $rows['username'];
- $password = $rows['password'];
- $banned = $rows['banned'];
- $banreason = $rows['ban_reason'];
- $name = $rows['name'];
- $hwid = $rows['hwid'];
- echo "Name: <b>$name</b> | ID: <b>$id</b> | Group: <b>$group</b> | Username: <b>$username</b> | Password: <b>$password</b> | HWID: <B>$hwid</b> | Banned? <b>$banned</b> | Ban reason: <b>$banreason</b> | " . '<a href="index.php?action=admin&task=delete&uid=' . $id . '"><img src="images/del.gif" border="0" alt="Delete user" /></a> <a href=index.php?action=admin&task=unban&uid=' . $id . '><img src="images/remove_ignore.gif" border="0" alt=" User" /></a><a href=index.php?action=admin&task=makeadmin&uid=' . $id . '><img src="images/banning.gif" border="0" alt="Make User Admin" /></a> <a href=index.php?action=admin&task=demote&uid=' . $id . '><img src="images/user.gif" border="0" alt="Demote User" /></a><hr>';
- endwhile;
- ?>
- <html>
- <Title>Admin Panel</Title>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <body>
- <center>
- <table>
- <tr>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action="index.php?action=admin&task=add" method="post">
- <tr><td>Name</td><td>:</td><td> <input type="text" name="nameadd" id="nameadd"></td></tr>
- <tr><td>Username</td><td>:</td><td> <input type="text" name="useradd" id="useradd"></td></tr>
- <tr><td>Password</td><td>:</td><td> <input type="password" name="passadd" id="passadd"></td></tr>
- <tr><td>HWID</td><td>:</td><td> <input type="text" name="hwidadd" id="hwidadd"></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="add" id="add" value='Add User!'>
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </form>
- </tr></td>
- </table>
- <br>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action='index.php?action=admin&task=ban' method="POST">
- <tr><td>Username</td><td>:</td><td> <input type="text" name='userban'></td></tr>
- <tr><td>Ban Reason</td><td>:</td><td> <input type="text" name='banreason'></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="ban" value='Ban User!'>
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </form>
- </tr></td>
- </table>
- <br>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action="index.php?action=admin&task=reset" method="post">
- <tr><td>Username</td><td>:</td><td> <input type="text" name="resetuser"></td></tr>
- <tr><td>Password</td><td>:</td><td> <input type="password" name="resetpass"></td></tr>
- <tr><td>Confirm Password</td><td>:</td><td><input type="password" name="resetconfirmpass"></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="reset" value="Reset Password">
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </form>
- </tr></td>
- </table>
- </td>
- </tr>
- </table>
- </center>
- <?php
- $ibr=mysql_query('SELECT requirebeta FROM settings');
- $ibrr=mysql_result($ibr, 0);
- If ($ibrr == 'yes') {
- ?>
- </body>
- </html>
- <?php
- }else if ($ibrr) {
- ?>
- </body>
- </html>
- <?php
- }
- }else
- {
- echo 'You do not have permission to access this page.';
- die();
- }
- }
- }
- else if ($action == 'cp'){
- if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
- {
- echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
- die();
- }
- if(isset($_POST['newpassbutton']))
- {
- $pass = mysql_real_escape_string($_POST['oldpass']);
- $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $_SESSION['user'] . '" and password="' . md5($pass) . '"') or die (mysql_error ());
- $result=mysql_result($get, 0);
- mysql_close($con);
- if($result != 1)
- {
- echo "Wrong Password!<br /></br>";
- }
- else
- {
- include('config.php');
- $newpasswordlogin = mysql_real_escape_string($_POST['newpass']);
- $newpass=mysql_query('UPDATE users SET password="' . md5($newpasswordlogin) . '" WHERE username ="' . $_SESSION['user'] . '"');
- echo 'Password changed!<br /></br>';
- }
- }
- ?>
- <Title>Control Panel</Title>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <center>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action="index.php?action=cp&task=pass" method="post">
- <tr><td>Old Password</td><td>:</td><td> <input type="password" name="oldpass" id="oldpass"</br></td></tr>
- <tr><td>New Password</td><td>:</td><td> <input type="password" name="newpass" id="newpass"</br></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="newpassbutton" value="Change Password">
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </form>
- </tr></td>
- </table>
- </td>
- </tr>
- </table>
- </center>
- <?php
- }else if ($action == 'register'){
- $ibr=mysql_query('SELECT requirebeta FROM settings');
- $ibrr=mysql_result($ibr, 0);
- If ($ibrr == 'yes') {
- ?>
- <?php
- }
- if(isset($_POST['register']))
- if ($ibrr =='yes') { //beta required
- {
- $newusername = mysql_real_escape_string($_POST['newusername']);
- $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
- $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
- $betakey = mysql_real_escape_string($_POST['beta']);
- $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
- $checkuserresult=mysql_result($checkuser, 0);
- if($checkuserresult == 0)
- {
- if($newaccountpass == $newaccountpassconfirm)
- {
- $keycheck=mysql_query('SELECT count(code) FROM `key` WHERE `code` =' . $betakey);
- $keyresult=mysql_result($keycheck, 0);
- if ($keyresult == 1) {
- $add=mysql_query('INSERT into users VALUES ("", "2", "' . $newusername . '", "' . md5($newaccountpass) . '", "no", "N/A")');
- $deletekey=mysql_query('DELETE FROM `key` WHERE code="' . $betakey . '"');
- echo "The username $newusername has been created with the password: $newaccountpass";
- }else {
- echo 'Beta key Not valid.';
- die();
- }
- }else
- {
- echo 'The two passwords you entered are incorrect.';
- die();
- }
- }else
- echo 'The username is taken.';
- die();
- }
- }else { //beta not required
- $newusername = mysql_real_escape_string($_POST['newusername']);
- $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
- $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
- $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
- $checkuserresult=mysql_result($checkuser, 0);
- if($checkuserresult == 0)
- {
- include('config.php');
- if ($newaccountpass == $newaccountpassconfirm){
- $add=mysql_query('INSERT INTO users VALUES ("", "2", "' . $newusername . '","' . md5($newaccountpassconfirm) . '", "no", "N/A" )');
- echo 'Your account has been created. You may now login.';
- }else
- {
- echo 'the two passwords you entered do not match.';
- }
- }
- else
- {
- echo 'That username has been taken.';
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement