daily pastebin goal
66%
SHARE
TWEET

Untitled

a guest Jul 20th, 2017 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. include('nav.php');
  4. include('config.php');
  5. if (isset($_SESSION['user'])){
  6. if (isset($_GET['action']) AND ($_GET['action'] !=='logout')OR (!isset($_GET['action']))) {
  7. $bancheck=mysql_query('SELECT `banned` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  8.         $bancheckresult=mysql_result($bancheck, 0);
  9.         if($bancheckresult ==  "yes"){
  10.         $banreason=mysql_query('SELECT `ban_reason` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  11.         $banreasonresult=mysql_result($banreason, 0);
  12.         echo ("You have been banned. The reason for the ban is: $banreasonresult");
  13.         die();      }
  14.         }
  15.         }
  16. if (isset($_GET['action']))
  17. {
  18. $action = mysql_real_escape_string($_GET['action']);
  19.  
  20. if ($action == 'login'){
  21. if (isset($_SESSION['user'])){
  22. header('location: index.php');
  23.  
  24. }
  25. if (isset($_POST['submit']))
  26. {        
  27. include ('config.php');
  28.     $user = mysql_real_escape_string($_POST['user']);
  29.     $pass = mysql_real_escape_string($_POST['pass']);
  30.       if ($action == 'login')
  31.     {
  32.         $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $user . '" and password="' . md5($pass) . '"') or die (mysql_error ());
  33.         $result=mysql_result($get, 0);
  34.  
  35.         mysql_close($con);
  36.         if($result != 1)
  37.         {
  38.             echo "Login failure";
  39.         }
  40.         else
  41.         {
  42.        
  43.             $_SESSION['user']=$user;
  44.                 header( 'Location: index.php');
  45.            
  46.            
  47.  
  48.         }
  49.     }
  50. }
  51. ?>
  52. <html>
  53.     <head>
  54.         <title>My Page Login</title>
  55.     </head>
  56.     <style>
  57. body { background-color: #d0d0d0;)}
  58. </style>
  59.     <body>
  60.         <form action='index.php?action=login' method="POST">
  61.             Username: <input type="text" name='user'><br />
  62.             Password: <input type="password" name='pass'><br />
  63.             <input type="submit" name="submit" value='Login!'>
  64.         </form>
  65.     </body>
  66. </html>
  67. <?php
  68. }
  69. else if ($action == 'logout') {
  70. ?>
  71. <Title>Logout</Title>
  72. <?php
  73. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  74. {
  75. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  76. die();
  77. }
  78. unset($_SESSION['user']);
  79. header( 'Location: index.php?action=login');
  80. }
  81. else if ($action == 'admin') {
  82.  
  83. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  84. {
  85. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  86. die();
  87. }
  88. else {
  89. if(isset($_POST['add']))
  90. {
  91. $add=mysql_query('INSERT INTO users VALUES ("' . $_POST['nameadd'] . '", "", "2", "' . $_POST['useradd'] . '","' . md5($_POST['passadd']) . '", "' . $_POST['hwidadd'] . '", "no", "N/A" )');
  92. $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Added the user ' . $_POST['useradd'] . ' to the site.")');
  93. }else if (isset($_POST['ban']))
  94. {
  95. $ban=mysql_query('UPDATE users SET banned = "yes", ban_reason = "' . $_POST['banreason'] . '" WHERE username = "' . $_POST['userban'] . '"');
  96. $banlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Banned the user ' . $_POST['userban'] . ' from the site.")');
  97. }include('config.php');
  98. $query=mysql_query('SELECT `group` FROM `users` WHERE username="' . $_SESSION['user'] . '"');
  99.         $result=mysql_result($query, 0);
  100.         if($result == "1"){
  101.     if (isset($_GET['task'])){
  102.         if ($_GET['task'] == 'delete') {
  103.             if (isset($_GET['uid'])){
  104.             $delete=mysql_query('DELETE FROM users WHERE id =' . $_GET['uid']);
  105.             $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Deleted the user with the uid: ' . $_GET['uid'] . ' from the site.")');
  106.             }
  107.         }else if ($_GET['task'] == 'unban') {
  108.         if (isset($_GET['uid'])){
  109.         $unban=mysql_query('UPDATE users SET banned = "no", ban_reason = "N/A" WHERE id = ' . $_GET['uid']);
  110.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Unbanned the user with the uid: ' . $_GET['uid'] . ' from the site.")');
  111.         }
  112.         }else if ($_GET['task'] == 'makeadmin') {
  113.         if (isset($_GET['uid'])){
  114.         $makeadmin=mysql_query('UPDATE users SET users.group = 1 WHERE users.id = ' . $_GET['uid']);
  115.                 $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Made the user with the uid: ' . $_GET['uid'] . ' an Admin.")');
  116.         }
  117.         }else if ($_GET['task'] == 'demote'){
  118.         if (isset($_GET['uid'])) {
  119.         $demote=mysql_query('UPDATE users SET users.group = 2 WHERE users.id = ' . $_GET['uid']);
  120.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Demoted the user with the uid ' . $_GET['uid'] . '.")');
  121.         }
  122.         }else if ($_GET['task'] == 'reset') {
  123.            
  124.                 if (isset($_POST['reset'])){
  125.                 $resetpass = $_POST['resetpass'];
  126.                 $resetconfirmpass = $_POST['resetconfirmpass'];
  127.                 if ($resetpass == $resetconfirmpass){
  128.         $reset=mysql_query('UPDATE users set password="' . md5($_POST['resetconfirmpass']) . '" WHERE username = "' . $_POST['resetuser'] . '"');
  129.         $addlog=mysql_query('INSERT INTO logs VALUES ("' . $_SESSION['user'] . '", "Changed the password of the user ' . $_POST['resetuser'] . '.")');
  130.         }else{
  131.         echo "<b>The two passwords you entered do not match.</b><br /><br />";
  132.         }
  133.         }
  134.         }else if ($_GET['task'] == 'beta') {
  135.         $len = 15;
  136.                 $base='ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
  137.                 $max=strlen($base)-1;
  138.                 $activatecode='';
  139.                 mt_srand((double)microtime()*1000000);
  140.                 while (strlen($activatecode)<$len+1)
  141.                 $activatecode.=$base{mt_rand(0,$max)};
  142.         $addbetakey =mysql_query('INSERT INTO `key` (`code`) VALUES ("' . $activatecode .'")');
  143.         echo 'The key ' . $activatecode . ' has been added.</br>';
  144.         }else if($_GET['task'] == 'viewbeta') {
  145.         $viewbetaquery=mysql_query('SELECT * FROM `key`');
  146.         WHILE($rows = mysql_fetch_array($viewbetaquery)):
  147.         $betacode = $rows['code'];
  148.         echo "Serial #: <b>$betacode</b></br>";
  149. endwhile;
  150. echo 'Click <a href="index.php?action=admin">here</a> to return to the admin page.';
  151. die();
  152.         }else if ($_GET['task'] == 'requirebeta') {
  153.         if (isset($_POST['betarequiuiredsubmit'])) {
  154.         if (isset($_POST['betarequired'])) {
  155.         if ($_POST['betarequired'] == 'on') {
  156.         $betaon=mysql_query('UPDATE settings SET requirebeta="yes"');
  157.         echo '<b>Beta code enabled</b></br>';
  158.         }else if ($_POST['betarequired'] == 'off'){
  159.         $betaoff=mysql_query('UPDATE settings SET requirebeta="no"');
  160.         echo '<b>Beta code disabled.</b></br>';
  161.         }
  162.                 }
  163.         }
  164.         }else if ($_GET['task'] == 'logs') {
  165.         $getlogs=mysql_query('SELECT * FROM logs');
  166.         echo '<hr>';
  167.         WHILE($rows = mysql_fetch_array($getlogs)):
  168.         $user = $rows['user'];
  169.         $actionmade = $rows['action'];
  170.         echo "User: <b>$user</b> | Action: <b>$actionmade</b><hr>";
  171.         endwhile;
  172.         echo 'Click <a href="index.php?action=admin">here</a> to go back to the Admin panel.';
  173.         die();
  174.         }
  175.     }
  176.    
  177. $sql=mysql_query('SELECT * FROM users WHERE username <> "' . $_SESSION['user'] . '"');
  178. echo '<b>Please note that due to security reasons, your account will not show up below.</b>';
  179. echo '<hr>';
  180. WHILE($rows = mysql_fetch_array($sql)):
  181. $id = $rows['id'];
  182. $group = $rows['group'];
  183. $username = $rows['username'];
  184. $password = $rows['password'];
  185. $banned = $rows['banned'];
  186. $banreason = $rows['ban_reason'];
  187. $name = $rows['name'];
  188. $hwid = $rows['hwid'];
  189.  
  190. echo "Name: <b>$name</b> | ID: <b>$id</b> | Group: <b>$group</b> | Username: <b>$username</b> | Password: <b>$password</b> | HWID: <B>$hwid</b> | Banned? <b>$banned</b> | Ban reason: <b>$banreason</b> | "  . '<a href="index.php?action=admin&task=delete&uid=' . $id . '"><img src="images/del.gif" border="0" alt="Delete user" /></a> <a href=index.php?action=admin&task=unban&uid=' . $id . '><img src="images/remove_ignore.gif" border="0" alt=" User" /></a><a href=index.php?action=admin&task=makeadmin&uid=' . $id . '><img src="images/banning.gif" border="0" alt="Make User Admin" /></a> <a href=index.php?action=admin&task=demote&uid=' . $id . '><img src="images/user.gif" border="0" alt="Demote User" /></a><hr>';
  191. endwhile;
  192. ?>
  193. <html>
  194. <Title>Admin Panel</Title>
  195. <style>
  196. body { background-color: #d0d0d0;)}
  197. </style>
  198. <body>
  199. <center>
  200. <table>
  201. <tr>
  202. <td>
  203. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  204. <tr>
  205. <td width="34" valign="top">
  206. <div class="User_Top"></div>
  207. <div class="User_Middle">
  208. <div class="Sidebar_content">
  209. <div align="center">
  210. <table border="0">
  211. <form action="index.php?action=admin&task=add" method="post">
  212. <tr><td>Name</td><td>:</td><td> <input type="text" name="nameadd" id="nameadd"></td></tr>
  213. <tr><td>Username</td><td>:</td><td> <input type="text" name="useradd" id="useradd"></td></tr>
  214. <tr><td>Password</td><td>:</td><td> <input type="password" name="passadd" id="passadd"></td></tr>
  215. <tr><td>HWID</td><td>:</td><td> <input type="text" name="hwidadd" id="hwidadd"></td></tr>
  216. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="add" id="add" value='Add User!'>          
  217.             </form>
  218. </table>
  219. </div>
  220. </div>
  221. </div>
  222. </div>
  223. </div>
  224. <div class="Statistics_Bottom"></div>
  225.   </form>
  226. </tr></td>
  227. </table>
  228. <br>
  229. <td>
  230. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  231. <tr>
  232. <td width="34" valign="top">
  233. <div class="User_Top"></div>
  234. <div class="User_Middle">
  235. <div class="Sidebar_content">
  236. <div align="center">
  237.  
  238.             <table border="0">
  239.         <form action='index.php?action=admin&task=ban' method="POST">
  240. <tr><td>Username</td><td>:</td><td> <input type="text" name='userban'></td></tr>
  241. <tr><td>Ban Reason</td><td>:</td><td> <input type="text" name='banreason'></td></tr>
  242.  <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="ban" value='Ban User!'>
  243. </form>
  244. </table>
  245. </div>
  246. </div>
  247. </div>
  248. </div>
  249. </div>
  250. <div class="Statistics_Bottom"></div>
  251.   </form>
  252. </tr></td>
  253. </table>
  254. <br>
  255. <td>
  256. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  257. <tr>
  258. <td width="34" valign="top">
  259. <div class="User_Top"></div>
  260. <div class="User_Middle">
  261. <div class="Sidebar_content">
  262. <div align="center">
  263.             <table border="0">
  264.             <form action="index.php?action=admin&task=reset" method="post">
  265. <tr><td>Username</td><td>:</td><td> <input type="text" name="resetuser"></td></tr>
  266. <tr><td>Password</td><td>:</td><td> <input type="password" name="resetpass"></td></tr>
  267. <tr><td>Confirm Password</td><td>:</td><td><input type="password" name="resetconfirmpass"></td></tr>
  268. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="reset" value="Reset Password">
  269.         </form>
  270. </table>
  271. </div>
  272. </div>
  273. </div>
  274. </div>
  275. </div>
  276. <div class="Statistics_Bottom"></div>
  277.   </form>
  278. </tr></td>
  279. </table>
  280. </td>
  281. </tr>
  282. </table>
  283. </center>
  284.                 <?php
  285.            
  286.             $ibr=mysql_query('SELECT requirebeta FROM settings');
  287.             $ibrr=mysql_result($ibr, 0);
  288.             If ($ibrr == 'yes') {
  289. ?>         
  290.            
  291.             </body>
  292.             </html>
  293.             <?php
  294.             }else if ($ibrr) {
  295.             ?>
  296.            
  297.            
  298. </body>
  299. </html>
  300. <?php
  301. }
  302. }else
  303. {
  304. echo 'You do not have permission to access this page.';
  305. die();
  306. }
  307. }
  308. }
  309. else if ($action == 'cp'){
  310. if ((!isset($_SESSION['user'])) OR ($_SESSION['user'] == ''))
  311. {
  312. echo 'You are not logged in. Please login to see this page. Click <a href=index.php?action=login>here</a> to login.';
  313. die();
  314. }
  315. if(isset($_POST['newpassbutton']))
  316. {
  317.  $pass = mysql_real_escape_string($_POST['oldpass']);
  318. $get=mysql_query('SELECT count(id) FROM users WHERE username="' . $_SESSION['user'] . '" and password="' . md5($pass) . '"') or die (mysql_error ());
  319.         $result=mysql_result($get, 0);
  320.  
  321.         mysql_close($con);
  322.         if($result != 1)
  323.         {
  324.             echo "Wrong Password!<br /></br>";
  325.         }
  326.         else
  327.         {
  328.        include('config.php');
  329.        $newpasswordlogin = mysql_real_escape_string($_POST['newpass']);
  330.            $newpass=mysql_query('UPDATE users SET password="' . md5($newpasswordlogin) . '" WHERE username ="' . $_SESSION['user'] . '"');
  331.            echo 'Password changed!<br /></br>';
  332.  
  333.         }
  334.  
  335. }
  336. ?>
  337. <Title>Control Panel</Title>
  338. <style>
  339. body { background-color: #d0d0d0;)}
  340. </style>
  341. <center>
  342. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  343.  <tr>
  344.   <td width="34" valign="top">
  345. <div class="User_Top"></div>
  346. <div class="User_Middle">
  347. <div class="Sidebar_content">
  348. <div align="center">
  349. <table border="0">
  350. <form action="index.php?action=cp&task=pass" method="post">
  351. <tr><td>Old Password</td><td>:</td><td> <input type="password" name="oldpass" id="oldpass"</br></td></tr>
  352. <tr><td>New Password</td><td>:</td><td> <input type="password"  name="newpass" id="newpass"</br></td></tr>
  353. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="newpassbutton" value="Change Password">
  354. </form>
  355. </table>
  356. </div>
  357. </div>
  358. </div>
  359. </div>
  360. </div>
  361. <div class="Statistics_Bottom"></div>
  362.   </form>
  363. </tr></td>
  364. </table>
  365. </td>
  366. </tr>
  367. </table>
  368. </center>
  369. <?php
  370. }else if ($action == 'register'){
  371. $ibr=mysql_query('SELECT requirebeta FROM settings');
  372. $ibrr=mysql_result($ibr, 0);
  373. If ($ibrr == 'yes') {
  374. ?>
  375.  
  376.  
  377. <?php
  378. }
  379. if(isset($_POST['register']))
  380. if ($ibrr =='yes') { //beta required
  381. {
  382. $newusername = mysql_real_escape_string($_POST['newusername']);
  383. $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
  384. $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
  385. $betakey = mysql_real_escape_string($_POST['beta']);
  386.  
  387.  
  388. $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
  389.         $checkuserresult=mysql_result($checkuser, 0);
  390.  
  391.         if($checkuserresult == 0)
  392.         {
  393.         if($newaccountpass == $newaccountpassconfirm)
  394.         {
  395.         $keycheck=mysql_query('SELECT count(code) FROM `key` WHERE `code` =' . $betakey);
  396.         $keyresult=mysql_result($keycheck, 0);
  397.         if ($keyresult == 1) {
  398.         $add=mysql_query('INSERT into users VALUES ("", "2", "' . $newusername . '", "' . md5($newaccountpass) . '", "no", "N/A")');
  399.                 $deletekey=mysql_query('DELETE FROM `key` WHERE code="' . $betakey . '"');
  400.         echo "The username $newusername has been created with the password: $newaccountpass";
  401.         }else {
  402.         echo 'Beta key Not valid.';
  403.         die();
  404.         }
  405.         }else
  406.         {
  407.         echo 'The two passwords you entered are incorrect.';
  408.         die();
  409.         }
  410.        
  411.         }else
  412.             echo 'The username is taken.';
  413.             die();
  414. }
  415. }else { //beta not required
  416. $newusername = mysql_real_escape_string($_POST['newusername']);
  417. $newaccountpass = mysql_real_escape_string($_POST['newpassword']);
  418. $newaccountpassconfirm = mysql_real_escape_string($_POST['newpasswordconfirm']);
  419. $checkuser=mysql_query('SELECT count(id) FROM users WHERE username="' . $newusername . '"') or die (mysql_error ());
  420.         $checkuserresult=mysql_result($checkuser, 0);
  421.  
  422.         if($checkuserresult == 0)
  423.         {
  424.         include('config.php');
  425.         if ($newaccountpass == $newaccountpassconfirm){
  426.         $add=mysql_query('INSERT INTO users VALUES ("", "2", "' . $newusername . '","' . md5($newaccountpassconfirm) . '", "no", "N/A" )');
  427.                 echo 'Your account has been created. You may now login.';
  428.                 }else
  429.         {
  430.         echo 'the two passwords you entered do not match.';
  431.         }
  432.         }
  433.         else
  434.         {      
  435.                    echo 'That username has been taken.';
  436.         }
  437. }
  438. }
  439. }
  440. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top