Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once("mysql_config.php");
- require_once("functions.php");
- function create_cookie($user)
- {
- setcookie("admin", $user, time()+3600);
- }
- ?>
- <LINK href="theme.css" rel="stylesheet" type="text/css">
- <?php
- //cookie data
- $cookie = $_COOKIE['admin'];
- if(!$cookie && !$_POST['login_sent'])
- {
- echo "<center><b>If you have an administrator account setup, please verify yourself!</b><br/><br/>";
- ?>
- <table>
- <form action="acp.php" method="POST">
- <input type="hidden" name="login_sent" value="1">
- <tr><td>Account Name</td><td><input type="text" name="username" maxlength="20"></td></tr>
- <tr><td>Password</td><td><input type="password" name="password" maxlength="32"></td></tr>
- <tr><td></td><td><input type="submit" value="Login"></td></tr>
- </form>
- </table>
- <?php
- }
- elseif(!$cookie && $_POST['login_sent'])
- {
- //login details
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string(md5($_POST['password']));
- if(!$username || !$password)
- {
- echo "<center><div id='box'>One of the fields were empty.</div></center>";
- }
- else
- {
- $query = mysql_query("SELECT * FROM accounts WHERE username = '$username' AND password = '$password'");
- if(mysql_num_rows($query) < 1)
- {
- echo "<center><div id='box'>The username or password combination doesn't exist.</div></center>";
- }
- else
- {
- echo "<center><div id='box'>You've successfully logged in! <a href='acp.php'>Continue...</a></div></center>";
- create_cookie($username);
- //log
- $f = fopen('logs.txt', 'a');
- fwrite($f, "[". date('m-d-y') ."] --- ". $username ." logged in.\n");
- fclose($f);
- }
- }
- }
- elseif(isset($cookie))
- {
- //
- if(get_revoke_status($cookie) == 1)
- {
- if(isset($_POST['contact_m']))
- {
- mysql_query("INSERT INTO contact_messages VALUES (null, '{$cookie}', '". mysql_real_escape_string(nl2br(strip_tags(stripslashes($_POST['contact_m'])))) ."', '". date('M-D-Y') ."')");
- echo "<center><div id='box'>Thank you. Your message has been received.</div></center>";
- }
- else
- {
- echo "<center><div id='box'><b>Your permissions as an administrator have been revoked. This could be due to abuse of the system or lack of use. Post here if
- <br/>you think this is a mistake.<hr></b><br/><br/><br/>
- ";
- ?>
- <table>
- <form action="acp.php" method="POST">
- <textarea name="contact_m" cols="65" rows="25" maxlength="350"></textarea>
- <br/><input type="submit" value="Send Message">
- </form>
- </table>
- <?php
- "
- <br/><br/></div></center>";
- }
- }
- else
- {
- if($_GET['view'] == "true")
- {
- if(!$_GET['id'])
- {
- $query_get_apps = mysql_query("SELECT * FROM applications WHERE status = 0 ORDER BY id DESC") or die(mysql_error());
- if(mysql_num_rows($query_get_apps) > 0)
- {
- echo "<center>";
- while($row = mysql_fetch_assoc($query_get_apps))
- {
- ?>
- <table>
- <tr><td>First Name</td><td><? echo $row['first_name']; ?></td></tr>
- <tr><td>Last Name</td><td><? echo $row['last_name']; ?></td></tr>
- <tr><td>Email</td><td><? echo $row['email'];?></td></tr>
- <tr><td>Referrer</td><td><? echo $row['referrer']; ?></td></tr>
- <tr><td>Gamertag</td><td><? echo $row['gamertag']; ?></td></tr>
- <tr><td>Expierence</td><td><? echo $row['expierence']; ?></td></tr>
- <tr><td>About Me</td><td><? echo $row['about_me']; ?></td></tr>
- <tr><td>Where did you hear about us?</td><td><? echo $row['wdyhau']; ?></td></tr>
- <tr><td>Why do you want to join?</td><td><? echo $row['why_join']; ?></td></tr>
- <tr><td>Key</td><td><? echo $row['key']; ?></td><tr/>
- <tr><td>Date</td><td><? echo $row['date']; ?></td></tr>
- <tr><td><a href="acp.php?view=true&accept=true&id=<? echo $row['id']; ?>">Accept</a></td><td><a href="acp.php?view=true&deny=true&id=<? echo $row['id']; ?>">Deny</a></td></tr>
- </table>
- <?php
- }
- }
- else
- {
- echo "<center><div id='box'>No applications to display. <a href='acp.php'>Back</a></div></center>";
- }
- }
- elseif($_GET['accept'])
- {
- mysql_query("UPDATE applications SET status = 1 WHERE id = '". $_GET['id'] ."'");
- echo "<center><div id='box'>You've successfully accepted ". get_gamertag($_GET['id']) .". <a href='acp.php?view=true'>Back</a></div>";
- //log
- $f = fopen('logs.txt', 'a');
- fwrite($f, "[". date('m-d-y') ."] --- ". $cookie." accepted an application from ". get_gamertag($_GET['id']) .".\n");
- fclose($f);
- }
- elseif($_GET['deny'])
- {
- mysql_query("UPDATE applications SET status = 2 WHERE id = '". $_GET['id'] ."'");
- echo "<center><div id='box'>You've successfully denied ". get_gamertag($_GET['id']) .". <a href='acp.php?view=true'>Back</a></div>";
- //log
- $f = fopen('logs.txt', 'a');
- fwrite($f, "[". date('m-d-y') ."] --- ". $cookie." denied an application from ". get_gamertag($_GET['id']) .".\n");
- fclose($f);
- }
- else
- {
- die("Don't mess wtih the URL.");
- }
- }
- elseif($_GET['setup'] == "true" || $_POST['new_acc'])
- {
- if(!$_POST['username'] || !$_POST['password'])
- {
- echo "<center><div id='box'>Setup another administration account. <a href='acp.php'>Back</a></div>";
- ?>
- <table>
- <form action="acp.php" method="POST">
- <input type="hidden" name="new_acc" value="1">
- <tr><td>Username</td><td><input type="text" name="username" maxlength="20"></td></tr>
- <tr><td>Password</td><td><input type="text" name="password" maxlength="32"></td></tr>
- <tr><td></td><td><input type="submit" value="Create Account"></td></tr>
- </form>
- </table>
- <?php
- }
- else
- {
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['password']);
- $acc_num = mysql_query("SELECT * FROM accounts WHERE username = '$username' LIMIT 1");
- if(mysql_num_rows($acc_num) > 0)
- {
- echo "<center><div id='box'>An account already exists with the username ". $username .". <a href='acp.php?setup=true'>Back</a></div>";
- }
- else
- {
- mysql_query("INSERT INTO accounts VALUES ('null', '$username', '". md5($password) ."', '1', '0')");
- echo "<center><div id='box'>New account ". $username ." created with the password ". $password .". <a href='acp.php'>Home</a></div>";
- //log
- $f = fopen('logs.txt', 'a');
- fwrite($f, "[". date('m-d-y') ."] --- ".$cookie." created an administrator account with the name: ". $username .".\n");
- fclose($f);
- }
- }
- }
- elseif($_GET['changemessage'] || $_POST['messagechanged'])
- {
- $file = "message.txt";
- if(!$_POST['messagechanged'])
- {
- echo "<center><div id='box'>Please alter the acceptance message to your favoring. The acceptance message is the message people receive when they track their application and it shows accepted. This message
- can be used to give them your contact information. <span style='color:red'>HTML is enabled.</span></div>";
- $f = fopen($file, 'r');
- $content = fread($f, 350);
- fclose($f);
- ?>
- <table>
- <form action="acp.php" method="POST">
- <input type="hidden" name="messagechanged" value="1">
- <tr><td>New Acceptance Message</td><td><textarea name="message" maxlength="350" rows="19" cols="45"><? echo $content; ?></textarea></td></tr>
- <tr><td></td><td><input type="submit" value="Change Message"></td></tr>
- </table>
- <?php
- }
- else
- {
- //get the protected message
- $message = mysql_real_escape_string($_POST['message']);
- //change message
- $f = fopen($file, 'w');
- fwrite($f, $message);
- fclose($f);
- //log
- $b = fopen('logs.txt', 'a');
- fwrite($b, "[". date('m-d-y') ."] ---". $cookie." changed the acceptance message.\n");
- fclose($b);
- echo "<center><div id='box'>Message has been changed. <a href='acp.php'>Back</a></div>";
- }
- }
- elseif($_GET['logs'] == "true")
- {
- echo "<center><div id='box'>The logs. This is where you can see who did what and when. These are UNCHANGABLE.</div>";
- $f = fopen('logs.txt', 'r');
- $logs = fread($f, filesize('logs.txt'));
- fclose($f);
- ?>
- <textarea cols="65" rows="25" disabled="disabled"><? echo $logs; ?></textarea>
- <?php
- }
- elseif($_GET['logout'] == "true")
- {
- setcookie("admin", $cookie, time()-3600);
- header('Location: index.php');
- }
- elseif($_GET['changepass'] == "true" || $_POST['changingpass'])
- {
- $password = mysql_real_escape_string($_POST['new_password']);
- if(!$password)
- {
- echo "<center><div id='box'>You can change your password here.</div>";
- ?>
- <table>
- <form action="acp.php" method="POST">
- <input type="hidden" name="changingpass" value="1">
- <tr><td>New Password</td><td><input type="text" name="new_password" maxlength="32"></td></tr>
- <tr><td></td><td><input type="submit" value="Change Password"></td></tr>
- </form>
- </table>
- <?php
- }
- else
- {
- mysql_query("UPDATE accounts SET password = '". md5($password) ."' WHERE username = '". $cookie ."'");
- echo "<center><div id='box'>Password changed!</div>";
- }
- }
- elseif($_GET['lo'] == "true" || isset($_POST['areyousure']))
- {
- if(isset($_POST['areyousure']))
- {
- if(get_lock_status() == 1)
- {
- echo "<center><div id='box'>You've unlocked the applications.</div></center>";
- mysql_query("UPDATE settings SET lockstatus = 0");
- //log
- $b = fopen('logs.txt', 'a');
- fwrite($b, "[". date('m-d-y') ."] ---". $cookie." unlocked applications.\n");
- fclose($b);
- }
- else
- {
- echo "<center><div id='box'>You've locked the applications.</div></center>";
- mysql_query("UPDATE settings SET lockstatus = 1");
- //log
- $b = fopen('logs.txt', 'a');
- fwrite($b, "[". date('m-d-y') ."] ---". $cookie." locked applications.\n");
- fclose($b);
- }
- }
- else
- {
- if(get_lock_status() == 1)
- {
- echo "<center><div id='box'>Are you sure you wish to unlock applications? ";
- ?>
- <form action="acp.php" method="POST">
- <input type="hidden" name="areyousure" value="1">
- <input type="submit" value="Yes">
- </form>
- <form action="acp.php" method="POST">
- <input type="submit" value="No">
- </form>
- </div>
- </center>
- <?php
- }
- else
- {
- echo "<center><div id='box'>Are you sure you wish to lock applications? ";
- ?>
- <form action="acp.php" method="POST">
- <input type="hidden" name="areyousure" value="1">
- <input type="submit" value="Yes">
- </form>
- <form action="acp.php" method="POST">
- <input type="submit" value="No">
- </form>
- </div>
- </center>
- <?php
- }
- }
- }
- elseif(isset($_GET['feedback']) == "true" || isset($_POST['feedback']))
- {
- if(isset($_POST['feedback']))
- {
- $feedback = mysql_real_escape_string(nl2br(strip_tags(stripslashes($_POST['feedback']))));
- mysql_query("INSERT INTO feedback VALUES (null, '{$cookie}', '{$feedback}')");
- echo "<center><div id='box'>Your feedback has been sent.</div></center>";
- }
- else
- {
- ?>
- <center>
- <table>
- <form action="acp.php" method="POST">
- <tr><td>Your feedback</td><td><textarea name="feedback" cols="65" rows="25" maxlength="2000"></textarea></td></tr>
- <tr><td></td><td><input type="submit" value="Send"></td></tr>
- </form>
- </table>
- </center>
- <?php
- }
- }
- elseif(isset($_GET['permchange']))
- {
- if(isset($_GET['r_username']))
- {
- //make r_username secure
- $r_username = mysql_real_escape_string($_GET['r_username']);
- if(get_revoke_status(get_username($r_username)) == 1)
- {
- mysql_query("UPDATE accounts SET revokestatus = 0 WHERE id = '". $r_username ."'");
- //log
- $b = fopen('logs.txt', 'a');
- fwrite($b, "[". date('m-d-y') ."] ---". $cookie." gave back ". get_username($r_username) ."'s permissions.\n");
- fclose($b);
- echo "<center><div id='box'>You have gave the user their permissions back!</div></center>";
- }
- else
- {
- mysql_query("UPDATE accounts SET revokestatus = 1 WHERE id = '". $r_username ."'");
- //log
- $b = fopen('logs.txt', 'a');
- fwrite($b, "[". date('m-d-y') ."] ---". $cookie." revoked ". get_username($r_username) ."'s permissions.\n");
- fclose($b);
- echo "<center><div id='box'>You have revoked the user's permissions!</div></center>";
- }
- }
- else
- {
- ?>
- <center><div id='box'>
- <table>
- <?php
- $get_users_query = mysql_query("SELECT * FROM accounts");
- while($row_get_users = mysql_fetch_assoc($get_users_query))
- {
- if(get_revoke_status($row_get_users['username']) == 1)
- {
- echo "<tr><br/><td><span style='color:white'>[CURRENTLY REVOKED]</span></td><td>". $row_get_users['username'] ."</td><td><a href='acp.php?permchange=true&r_username=". $row_get_users['id'] ."'>Change Status</a></td></tr>";
- }
- else
- {
- echo "<tr><br/><td>[CURRENTLY IN USE]</td><td>". $row_get_users['username'] ."</td><td><a href='acp.php?permchange=true&r_username=". $row_get_users['id'] ."'>Change Status</a></td></tr>";
- }
- }
- ?>
- </table>
- <form action="acp.php">
- <input type="submit" value="Back">
- </form></div></center>
- <?php
- }
- }
- else
- {
- echo "<center><div id='box'>Welcome to the ACSO administration control panel, ". $cookie ."!<br/><br/><a href='acp.php?view=true'>View Applications</a> | <a href='acp.php?setup=true'>Setup Administrator Account</a>
- | <a href='acp.php?changemessage=true'>Change Accepted Message</a> | <a href='acp.php?logs=true'>View Logs</a> <br/><br/><a href='acp.php?changepass=true'>
- Change Password</a> | <a href='acp.php?lo=true'>Lock/Open Applications</a> | <a href='acp.php?feedback=true'>Suggestions/Feedback</a> | <a href='acp.php?logout=true'>Logout</a>";
- if($cookie == "SRBuckey5266")
- {
- echo "<br/><br/><a href='acp.php?permchange=true'><span style='color:white'>Revoke/Give Permissions</span></a></div></center>";
- }
- else
- {
- echo "</div></center>";
- }
- }
- }
- }
- else
- {
- //nothing to execute - can't be seen by users or activated
- }
- echo "<center><br/><br/><br/><hr>ASCO Navigation<br/> <a href='index.php'>[HOME]</a> | <a href='track.php'>[TRACKING]</a> | <a href='acp.php'>[ACP]</a></center>";
- ?>
Add Comment
Please, Sign In to add comment