API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2017
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. include('nav.php');
  4. include('config.php');
  5. if (isset($_SESSION['user'])){
  6. if (isset($_GET['action']) AND ($_GET['action'] !=='logout')OR (!isset($_GET['action']))) {
  7. $bancheck=mysql_query('SELECT `banned` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  8.         $bancheckresult=mysql_result($bancheck, 0);
  9.         if($bancheckresult ==  "yes"){
  10.         $banreason=mysql_query('SELECT `ban_reason` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  11.         $banreasonresult=mysql_result($banreason, 0);
  12.         echo ("You have been banned. The reason for the ban is: $banreasonresult");
  13.         die();      }
  14.         }
  15.         }
  16. if (isset($_GET['action']))
  17. {
  18. $action = mysql_real_escape_string($_GET['action']);
  19.  
  20. if ($action == 'login'){
  21. if (isset($_SESSION['user'])){
  22. header('location: index.php');
  23.  
  24. }
  25. if (isset($_POST['submit']))
  26. {        
  27. include ('config.php');
  28.     $user = mysql_real_escape_string($_POST['user']);
  29.     $pass = mysql_real_escape_string($_POST['pass']);
  30.       if ($action == 'login')
  31.     {
  32.         $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $user . '" and password="' . md5($pass) . '"') or die (mysql_error ());
  33.         $result=mysql_result($get, 0);
  34.  
  35.         mysql_close($con);
  36.         if($result != 1)
  37.         {
  38.             echo "Login failure";
  39.         }
  40.         else
  41.         {
  42.        
  43.             $_SESSION['user']=$user;
  44.                 header( 'Location: index.php');
  45.            
  46.            
  47.  
  48.         }
  49.     }
  50. }
  51. ?>
  52. <html>
  53.     <head>
  54.         <title>My Page Login</title>
  55.     </head>
  56.     <style>
  57. body { background-color: #d0d0d0;)}
  58. </style>
  59.     <body>
  60.         <form action='index.php?action=login' method="POST">
  61.             Username: <input type="text" name='user'><br />
  62.             Password: <input type="password" name='pass'><br />
  63.             <input type="submit" name="submit" value='Login!'>
  64.         </form>
  65.     </body>
  66. </html>
  67. <?php
  68. }
  69. else if ($action == 'logout') {
  70. ?>
  71. <Title>Logout</Title>
  72. <?php
  73. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  74. {
  75. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  76. die();
  77. }
  78. unset($_SESSION['user']);
  79. header( 'Location: index.php?action=login');
  80. }
  81. else if ($action == 'admin') {
  82.  
  83. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  84. {
  85. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  86. die();
  87. }
  88. else {
  89. if(isset($_POST['add']))
  90. {
  91. $add=mysql_query('INSERT INTO users VALUES ("' . $_POST['nameadd'] . '", "", "2", "' . $_POST['useradd'] . '","' . md5($_POST['passadd']) . '", "' . $_POST['hwidadd'] . '", "no", "N/A" )');
  92. $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Added the user ' . $_POST['useradd'] . ' to the site.")');
  93. }else if (isset($_POST['ban']))
  94. {
  95. $ban=mysql_query('UPDATE users SET banned = "yes", ban_reason = "' . $_POST['banreason'] . '" WHERE username = "' . $_POST['userban'] . '"');
  96. $banlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Banned the user ' . $_POST['userban'] . ' from the site.")');
  97. }include('config.php');
  98. $query=mysql_query('SELECT `group` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  99.         $result=mysql_result($query, 0);
  100.         if($result == "1"){
  101.     if (isset($_GET['task'])){
  102.         if ($_GET['task'] == 'delete') {
  103.             if (isset($_GET['uid'])){
  104.             $delete=mysql_query('DELETE FROM users WHERE id =' . $_GET['uid']);
  105.             $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Deleted the user with the uid: ' . $_GET['uid'] . ' from the site.")');
  106.             }
  107.         }else if ($_GET['task'] == 'unban') {
  108.         if (isset($_GET['uid'])){
  109.         $unban=mysql_query('UPDATE users SET banned = "no", ban_reason = "N/A" WHERE id = ' . $_GET['uid']);
  110.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Unbanned the user with the uid: ' . $_GET['uid'] . ' from the site.")');
  111.         }
  112.         }else if ($_GET['task'] == 'makeadmin') {
  113.         if (isset($_GET['uid'])){
  114.         $makeadmin=mysql_query('UPDATE users SET users.group = 1 WHERE users.id = ' . $_GET['uid']);
  115.                 $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Made the user with the uid: ' . $_GET['uid'] . ' an Admin.")');
  116.         }
  117.         }else if ($_GET['task'] == 'demote'){
  118.         if (isset($_GET['uid'])) {
  119.         $demote=mysql_query('UPDATE users SET users.group = 2 WHERE users.id = ' . $_GET['uid']);
  120.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Demoted the user with the uid ' . $_GET['uid'] . '.")');
  121.         }
  122.         }else if ($_GET['task'] == 'reset') {
  123.            
  124.                 if (isset($_POST['reset'])){
  125.                 $resetpass = $_POST['resetpass'];
  126.                 $resetconfirmpass = $_POST['resetconfirmpass'];
  127.                 if ($resetpass == $resetconfirmpass){
  128.         $reset=mysql_query('UPDATE users set password="' . md5($_POST['resetconfirmpass']) . '" WHERE username = "' . $_POST['resetuser'] . '"');
  129.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Changed the password of the user ' . $_POST['resetuser'] . '.")');
  130.         }else{
  131.         echo "<b>The two passwords you entered do not match.</b><br /><br />";
  132.         }
  133.         }
  134.         }else if ($_GET['task'] == 'beta') {
  135.         $len = 15;
  136.                 $base='ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
  137.                 $max=strlen($base)-1;
  138.                 $activatecode='';
  139.                 mt_srand((double)microtime()*1000000);
  140.                 while (strlen($activatecode)<$len+1)
  141.                 $activatecode.=$base{mt_rand(0,$max)};
  142.         $addbetakey =mysql_query('INSERT INTO `key` (`code`) VALUES ("' . $activatecode .'")');
  143.         echo 'The key ' . $activatecode . ' has been added.</br>';
  144.         }else if($_GET['task'] == 'viewbeta') {
  145.         $viewbetaquery=mysql_query('SELECT * FROM `key`');
  146.         WHILE($rows = mysql_fetch_array($viewbetaquery)):
  147.         $betacode = $rows['code'];
  148.         echo "Serial #: <b>$betacode</b></br>";
  149. endwhile;
  150. echo 'Click <a href="index.php?action=admin">here</a> to return to the admin page.';
  151. die();
  152.         }else if ($_GET['task'] == 'requirebeta') {
  153.         if (isset($_POST['betarequiuiredsubmit'])) {
  154.         if (isset($_POST['betarequired'])) {
  155.         if ($_POST['betarequired'] == 'on') {
  156.         $betaon=mysql_query('UPDATE settings SET requirebeta="yes"');
  157.         echo '<b>Beta code enabled</b></br>';
  158.         }else if ($_POST['betarequired'] == 'off'){
  159.         $betaoff=mysql_query('UPDATE settings SET requirebeta="no"');
  160.         echo '<b>Beta code disabled.</b></br>';
  161.         }
  162.                 }
  163.         }
  164.         }else if ($_GET['task'] == 'logs') {
  165.         $getlogs=mysql_query('SELECT * FROM logs');
  166.         echo '<hr>';
  167.         WHILE($rows = mysql_fetch_array($getlogs)):
  168.         $user = $rows['user'];
  169.         $actionmade = $rows['action'];
  170.         echo "User: <b>$user</b> | Action: <b>$actionmade</b><hr>";
  171.         endwhile;
  172.         echo 'Click <a href="index.php?action=admin">here</a> to go back to the Admin panel.';
  173.         die();
  174.         }
  175.     }
  176.    
  177. $sql=mysql_query('SELECT * FROM users WHERE username <> "' . $_SESSION['user'] . '"');
  178. echo '<b>Please note that due to security reasons, your account will not show up below.</b>';
  179. echo '<hr>';
  180. WHILE($rows = mysql_fetch_array($sql)):
  181. $id = $rows['id'];
  182. $group = $rows['group'];
  183. $username = $rows['username'];
  184. $password = $rows['password'];
  185. $banned = $rows['banned'];
  186. $banreason = $rows['ban_reason'];
  187. $name = $rows['name'];
  188. $hwid = $rows['hwid'];
  189.  
  190. echo "Name: <b>$name</b> | ID: <b>$id</b> | Group: <b>$group</b> | Username: <b>$username</b> | Password: <b>$password</b> | HWID: <B>$hwid</b> | Banned? <b>$banned</b> | Ban reason: <b>$banreason</b> | "  . '<a href="index.php?action=admin&task=delete&uid=' . $id . '"><img src="images/del.gif" border="0" alt="Delete user" /></a> <a href=index.php?action=admin&task=unban&uid=' . $id . '><img src="images/remove_ignore.gif" border="0" alt=" User" /></a><a href=index.php?action=admin&task=makeadmin&uid=' . $id . '><img src="images/banning.gif" border="0" alt="Make User Admin" /></a> <a href=index.php?action=admin&task=demote&uid=' . $id . '><img src="images/user.gif" border="0" alt="Demote User" /></a><hr>';
  191. endwhile;
  192. ?>
  193. <html>
  194. <Title>Admin Panel</Title>
  195. <style>
  196. body { background-color: #d0d0d0;)}
  197. </style>
  198. <body>
  199. <center>
  200. <table>
  201. <tr>
  202. <td>
  203. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  204. <tr>
  205. <td width="34" valign="top">
  206. <div class="User_Top"></div>
  207. <div class="User_Middle">
  208. <div class="Sidebar_content">
  209. <div align="center">
  210. <table border="0">
  211. <form action="index.php?action=admin&task=add" method="post">
  212. <tr><td>Name</td><td>:</td><td> <input type="text" name="nameadd" id="nameadd"></td></tr>
  213. <tr><td>Username</td><td>:</td><td> <input type="text" name="useradd" id="useradd"></td></tr>
  214. <tr><td>Password</td><td>:</td><td> <input type="password" name="passadd" id="passadd"></td></tr>
  215. <tr><td>HWID</td><td>:</td><td> <input type="text" name="hwidadd" id="hwidadd"></td></tr>
  216. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="add" id="add" value='Add User!'>          
  217.             </form>
  218. </table>
  219. </div>
  220. </div>
  221. </div>
  222. </div>
  223. </div>
  224. <div class="Statistics_Bottom"></div>
  225.   </form>
  226. </tr></td>
  227. </table>
  228. <br>
  229. <td>
  230. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  231. <tr>
  232. <td width="34" valign="top">
  233. <div class="User_Top"></div>
  234. <div class="User_Middle">
  235. <div class="Sidebar_content">
  236. <div align="center">
  237.  
  238.             <table border="0">
  239.         <form action='index.php?action=admin&task=ban' method="POST">
  240. <tr><td>Username</td><td>:</td><td> <input type="text" name='userban'></td></tr>
  241. <tr><td>Ban Reason</td><td>:</td><td> <input type="text" name='banreason'></td></tr>
  242.  <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="ban" value='Ban User!'>
  243. </form>
  244. </table>
  245. </div>
  246. </div>
  247. </div>
  248. </div>
  249. </div>
  250. <div class="Statistics_Bottom"></div>
  251.   </form>
  252. </tr></td>
  253. </table>
  254. <br>
  255. <td>
  256. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  257. <tr>
  258. <td width="34" valign="top">
  259. <div class="User_Top"></div>
  260. <div class="User_Middle">
  261. <div class="Sidebar_content">
  262. <div align="center">
  263.             <table border="0">
  264.             <form action="index.php?action=admin&task=reset" method="post">
  265. <tr><td>Username</td><td>:</td><td> <input type="text" name="resetuser"></td></tr>
  266. <tr><td>Password</td><td>:</td><td> <input type="password" name="resetpass"></td></tr>
  267. <tr><td>Confirm Password</td><td>:</td><td><input type="password" name="resetconfirmpass"></td></tr>
  268. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="reset" value="Reset Password">
  269.         </form>
  270. </table>
  271. </div>
  272. </div>
  273. </div>
  274. </div>
  275. </div>
  276. <div class="Statistics_Bottom"></div>
  277.   </form>
  278. </tr></td>
  279. </table>
  280. </td>
  281. </tr>
  282. </table>
  283. </center>
  284.                 <?php
  285.            
  286.             $ibr=mysql_query('SELECT requirebeta FROM settings');
  287.             $ibrr=mysql_result($ibr, 0);
  288.             If ($ibrr == 'yes') {
  289. ?>         
  290.            
  291.             </body>
  292.             </html>
  293.             <?php
  294.             }else if ($ibrr) {
  295.             ?>
  296.            
  297.            
  298. </body>
  299. </html>
  300. <?php
  301. }
  302. }else
  303. {
  304. echo 'You do not have permission to access this page.';
  305. die();
  306. }
  307. }
  308. }
  309. else if ($action == 'cp'){
  310. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  311. {
  312. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  313. die();
  314. }
  315. if(isset($_POST['newpassbutton']))
  316. {
  317.  $pass = mysql_real_escape_string($_POST['oldpass']);
  318. $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $_SESSION['user'] . '" and password="' . md5($pass) . '"') or die (mysql_error ());
  319.         $result=mysql_result($get, 0);
  320.  
  321.         mysql_close($con);
  322.         if($result != 1)
  323.         {
  324.             echo "Wrong Password!<br /></br>";
  325.         }
  326.         else
  327.         {
  328.        include('config.php');
  329.        $newpasswordlogin = mysql_real_escape_string($_POST['newpass']);
  330.            $newpass=mysql_query('UPDATE users SET password="' . md5($newpasswordlogin) . '" WHERE username ="' . $_SESSION['user'] . '"');
  331.            echo 'Password changed!<br /></br>';
  332.  
  333.         }
  334.  
  335. }
  336. ?>
  337. <Title>Control Panel</Title>
  338. <style>
  339. body { background-color: #d0d0d0;)}
  340. </style>
  341. <center>
  342. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  343.  <tr>
  344.   <td width="34" valign="top">
  345. <div class="User_Top"></div>
  346. <div class="User_Middle">
  347. <div class="Sidebar_content">
  348. <div align="center">
  349. <table border="0">
  350. <form action="index.php?action=cp&task=pass" method="post">
  351. <tr><td>Old Password</td><td>:</td><td> <input type="password" name="oldpass" id="oldpass"</br></td></tr>
  352. <tr><td>New Password</td><td>:</td><td> <input type="password"  name="newpass" id="newpass"</br></td></tr>
  353. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="newpassbutton" value="Change Password">
  354. </form>
  355. </table>
  356. </div>
  357. </div>
  358. </div>
  359. </div>
  360. </div>
  361. <div class="Statistics_Bottom"></div>
  362.   </form>
  363. </tr></td>
  364. </table>
  365. </td>
  366. </tr>
  367. </table>
  368. </center>
  369. <?php
  370. }else if ($action == 'register'){
  371. $ibr=mysql_query('SELECT requirebeta FROM settings');
  372. $ibrr=mysql_result($ibr, 0);
  373. If ($ibrr == 'yes') {
  374. ?>
  375.  
  376.  
  377. <?php
  378. }
  379. if(isset($_POST['register']))
  380. if ($ibrr =='yes') { //beta required
  381. {
  382. $newusername = mysql_real_escape_string($_POST['newusername']);
  383. $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
  384. $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
  385. $betakey = mysql_real_escape_string($_POST['beta']);
  386.  
  387.  
  388. $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
  389.         $checkuserresult=mysql_result($checkuser, 0);
  390.  
  391.         if($checkuserresult == 0)
  392.         {
  393.         if($newaccountpass == $newaccountpassconfirm)
  394.         {
  395.         $keycheck=mysql_query('SELECT count(code) FROM `key` WHERE `code` =' . $betakey);
  396.         $keyresult=mysql_result($keycheck, 0);
  397.         if ($keyresult == 1) {
  398.         $add=mysql_query('INSERT into users VALUES ("", "2", "' . $newusername . '", "' . md5($newaccountpass) . '", "no", "N/A")');
  399.                 $deletekey=mysql_query('DELETE FROM `key` WHERE code="' . $betakey . '"');
  400.         echo "The username $newusername has been created with the password: $newaccountpass";
  401.         }else {
  402.         echo 'Beta key Not valid.';
  403.         die();
  404.         }
  405.         }else
  406.         {
  407.         echo 'The two passwords you entered are incorrect.';
  408.         die();
  409.         }
  410.        
  411.         }else
  412.             echo 'The username is taken.';
  413.             die();
  414. }
  415. }else { //beta not required
  416. $newusername = mysql_real_escape_string($_POST['newusername']);
  417. $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
  418. $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
  419. $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
  420.         $checkuserresult=mysql_result($checkuser, 0);
  421.  
  422.         if($checkuserresult == 0)
  423.         {
  424.         include('config.php');
  425.         if ($newaccountpass == $newaccountpassconfirm){
  426.         $add=mysql_query('INSERT INTO users VALUES ("", "2", "' . $newusername . '","' . md5($newaccountpassconfirm) . '", "no", "N/A" )');
  427.                 echo 'Your account has been created. You may now login.';
  428.                 }else
  429.         {
  430.         echo 'the two passwords you entered do not match.';
  431.         }
  432.         }
  433.         else
  434.         {      
  435.                    echo 'That username has been taken.';
  436.         }
  437. }
  438. }
  439. }
  440. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!