API tools faq
paste
Guest User

Untitled

a guest
Jun 6th, 2018
125
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.63 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once("mysql_config.php");
  3. require_once("functions.php");
  4.  
  5. function create_cookie($user)
  6. {
  7. setcookie("admin", $user, time()+3600);
  8. }
  9.  
  10. ?>
  11.  
  12. <LINK href="theme.css" rel="stylesheet" type="text/css">
  13.  
  14. <?php
  15.  
  16. //cookie data
  17. $cookie = $_COOKIE['admin'];
  18.  
  19. if(!$cookie && !$_POST['login_sent'])
  20. {
  21. echo "<center><b>If you have an administrator account setup, please verify yourself!</b><br/><br/>";
  22.  
  23. ?>
  24.  
  25. <table>
  26. <form action="acp.php" method="POST">
  27. <input type="hidden" name="login_sent" value="1">
  28. <tr><td>Account Name</td><td><input type="text" name="username" maxlength="20"></td></tr>
  29. <tr><td>Password</td><td><input type="password" name="password" maxlength="32"></td></tr>
  30. <tr><td></td><td><input type="submit" value="Login"></td></tr>
  31. </form>
  32. </table>
  33.  
  34. <?php
  35. }
  36. elseif(!$cookie && $_POST['login_sent'])
  37. {
  38. //login details
  39. $username = mysql_real_escape_string($_POST['username']);
  40. $password = mysql_real_escape_string(md5($_POST['password']));
  41.  
  42. if(!$username || !$password)
  43. {
  44. echo "<center><div id='box'>One of the fields were empty.</div></center>";
  45. }
  46. else
  47. {
  48. $query = mysql_query("SELECT * FROM accounts WHERE username = '$username' AND password = '$password'");
  49.  
  50. if(mysql_num_rows($query) < 1)
  51. {
  52. echo "<center><div id='box'>The username or password combination doesn't exist.</div></center>";
  53. }
  54. else
  55. {
  56. echo "<center><div id='box'>You've successfully logged in! <a href='acp.php'>Continue...</a></div></center>";
  57. create_cookie($username);
  58.  
  59. //log
  60. $f = fopen('logs.txt', 'a');
  61. fwrite($f, "[". date('m-d-y') ."] --- ". $username ." logged in.\n");
  62. fclose($f);
  63. }
  64. }
  65. }
  66. elseif(isset($cookie))
  67. {
  68. //
  69. if(get_revoke_status($cookie) == 1)
  70. {
  71. if(isset($_POST['contact_m']))
  72. {
  73. mysql_query("INSERT INTO contact_messages VALUES (null, '{$cookie}', '". mysql_real_escape_string(nl2br(strip_tags(stripslashes($_POST['contact_m'])))) ."', '". date('M-D-Y') ."')");
  74. echo "<center><div id='box'>Thank you. Your message has been received.</div></center>";
  75. }
  76. else
  77. {
  78. echo "<center><div id='box'><b>Your permissions as an administrator have been revoked. This could be due to abuse of the system or lack of use. Post here if
  79. <br/>you think this is a mistake.<hr></b><br/><br/><br/>
  80.  
  81. ";
  82.  
  83. ?>
  84.  
  85. <table>
  86. <form action="acp.php" method="POST">
  87. <textarea name="contact_m" cols="65" rows="25" maxlength="350"></textarea>
  88. <br/><input type="submit" value="Send Message">
  89. </form>
  90. </table>
  91.  
  92. <?php
  93.  
  94. "
  95.  
  96. <br/><br/></div></center>";
  97. }
  98. }
  99. else
  100. {
  101. if($_GET['view'] == "true")
  102. {
  103. if(!$_GET['id'])
  104. {
  105. $query_get_apps = mysql_query("SELECT * FROM applications WHERE status = 0 ORDER BY id DESC") or die(mysql_error());
  106.  
  107. if(mysql_num_rows($query_get_apps) > 0)
  108. {
  109. echo "<center>";
  110.  
  111. while($row = mysql_fetch_assoc($query_get_apps))
  112. {
  113. ?>
  114.  
  115. <table>
  116. <tr><td>First Name</td><td><? echo $row['first_name']; ?></td></tr>
  117. <tr><td>Last Name</td><td><? echo $row['last_name']; ?></td></tr>
  118. <tr><td>Email</td><td><? echo $row['email'];?></td></tr>
  119. <tr><td>Referrer</td><td><? echo $row['referrer']; ?></td></tr>
  120. <tr><td>Gamertag</td><td><? echo $row['gamertag']; ?></td></tr>
  121. <tr><td>Expierence</td><td><? echo $row['expierence']; ?></td></tr>
  122. <tr><td>About Me</td><td><? echo $row['about_me']; ?></td></tr>
  123. <tr><td>Where did you hear about us?</td><td><? echo $row['wdyhau']; ?></td></tr>
  124. <tr><td>Why do you want to join?</td><td><? echo $row['why_join']; ?></td></tr>
  125. <tr><td>Key</td><td><? echo $row['key']; ?></td><tr/>
  126. <tr><td>Date</td><td><? echo $row['date']; ?></td></tr>
  127. <tr><td><a href="acp.php?view=true&accept=true&id=<? echo $row['id']; ?>">Accept</a></td><td><a href="acp.php?view=true&deny=true&id=<? echo $row['id']; ?>">Deny</a></td></tr>
  128. </table>
  129.  
  130. <?php
  131. }
  132. }
  133. else
  134. {
  135. echo "<center><div id='box'>No applications to display. <a href='acp.php'>Back</a></div></center>";
  136. }
  137. }
  138. elseif($_GET['accept'])
  139. {
  140. mysql_query("UPDATE applications SET status = 1 WHERE id = '". $_GET['id'] ."'");
  141. echo "<center><div id='box'>You've successfully accepted ". get_gamertag($_GET['id']) .". <a href='acp.php?view=true'>Back</a></div>";
  142.  
  143. //log
  144. $f = fopen('logs.txt', 'a');
  145. fwrite($f, "[". date('m-d-y') ."] --- ". $cookie." accepted an application from ". get_gamertag($_GET['id']) .".\n");
  146. fclose($f);
  147. }
  148. elseif($_GET['deny'])
  149. {
  150. mysql_query("UPDATE applications SET status = 2 WHERE id = '". $_GET['id'] ."'");
  151. echo "<center><div id='box'>You've successfully denied ". get_gamertag($_GET['id']) .". <a href='acp.php?view=true'>Back</a></div>";
  152.  
  153. //log
  154. $f = fopen('logs.txt', 'a');
  155. fwrite($f, "[". date('m-d-y') ."] --- ". $cookie." denied an application from ". get_gamertag($_GET['id']) .".\n");
  156. fclose($f);
  157. }
  158. else
  159. {
  160. die("Don't mess wtih the URL.");
  161. }
  162. }
  163. elseif($_GET['setup'] == "true" || $_POST['new_acc'])
  164. {
  165. if(!$_POST['username'] || !$_POST['password'])
  166. {
  167. echo "<center><div id='box'>Setup another administration account. <a href='acp.php'>Back</a></div>";
  168.  
  169. ?>
  170.  
  171. <table>
  172. <form action="acp.php" method="POST">
  173. <input type="hidden" name="new_acc" value="1">
  174. <tr><td>Username</td><td><input type="text" name="username" maxlength="20"></td></tr>
  175. <tr><td>Password</td><td><input type="text" name="password" maxlength="32"></td></tr>
  176. <tr><td></td><td><input type="submit" value="Create Account"></td></tr>
  177. </form>
  178. </table>
  179.  
  180. <?php
  181. }
  182. else
  183. {
  184. $username = mysql_real_escape_string($_POST['username']);
  185. $password = mysql_real_escape_string($_POST['password']);
  186.  
  187. $acc_num = mysql_query("SELECT * FROM accounts WHERE username = '$username' LIMIT 1");
  188.  
  189. if(mysql_num_rows($acc_num) > 0)
  190. {
  191. echo "<center><div id='box'>An account already exists with the username ". $username .". <a href='acp.php?setup=true'>Back</a></div>";
  192. }
  193. else
  194. {
  195. mysql_query("INSERT INTO accounts VALUES ('null', '$username', '". md5($password) ."', '1', '0')");
  196. echo "<center><div id='box'>New account ". $username ." created with the password ". $password .". <a href='acp.php'>Home</a></div>";
  197.  
  198. //log
  199. $f = fopen('logs.txt', 'a');
  200. fwrite($f, "[". date('m-d-y') ."] --- ".$cookie." created an administrator account with the name: ". $username .".\n");
  201. fclose($f);
  202. }
  203. }
  204. }
  205. elseif($_GET['changemessage'] || $_POST['messagechanged'])
  206. {
  207. $file = "message.txt";
  208.  
  209. if(!$_POST['messagechanged'])
  210. {
  211. echo "<center><div id='box'>Please alter the acceptance message to your favoring. The acceptance message is the message people receive when they track their application and it shows accepted. This message
  212. can be used to give them your contact information. <span style='color:red'>HTML is enabled.</span></div>";
  213.  
  214. $f = fopen($file, 'r');
  215. $content = fread($f, 350);
  216. fclose($f);
  217.  
  218. ?>
  219.  
  220. <table>
  221. <form action="acp.php" method="POST">
  222. <input type="hidden" name="messagechanged" value="1">
  223. <tr><td>New Acceptance Message</td><td><textarea name="message" maxlength="350" rows="19" cols="45"><? echo $content; ?></textarea></td></tr>
  224. <tr><td></td><td><input type="submit" value="Change Message"></td></tr>
  225. </table>
  226.  
  227. <?php
  228. }
  229. else
  230. {
  231.  
  232. //get the protected message
  233. $message = mysql_real_escape_string($_POST['message']);
  234.  
  235. //change message
  236. $f = fopen($file, 'w');
  237. fwrite($f, $message);
  238. fclose($f);
  239.  
  240. //log
  241. $b = fopen('logs.txt', 'a');
  242. fwrite($b, "[". date('m-d-y') ."] ---". $cookie." changed the acceptance message.\n");
  243. fclose($b);
  244.  
  245. echo "<center><div id='box'>Message has been changed. <a href='acp.php'>Back</a></div>";
  246. }
  247. }
  248. elseif($_GET['logs'] == "true")
  249. {
  250. echo "<center><div id='box'>The logs. This is where you can see who did what and when. These are UNCHANGABLE.</div>";
  251.  
  252. $f = fopen('logs.txt', 'r');
  253. $logs = fread($f, filesize('logs.txt'));
  254. fclose($f);
  255.  
  256. ?>
  257.  
  258. <textarea cols="65" rows="25" disabled="disabled"><? echo $logs; ?></textarea>
  259.  
  260. <?php
  261. }
  262. elseif($_GET['logout'] == "true")
  263. {
  264. setcookie("admin", $cookie, time()-3600);
  265.  
  266. header('Location: index.php');
  267. }
  268. elseif($_GET['changepass'] == "true" || $_POST['changingpass'])
  269. {
  270. $password = mysql_real_escape_string($_POST['new_password']);
  271.  
  272. if(!$password)
  273. {
  274. echo "<center><div id='box'>You can change your password here.</div>";
  275.  
  276. ?>
  277.  
  278. <table>
  279. <form action="acp.php" method="POST">
  280. <input type="hidden" name="changingpass" value="1">
  281. <tr><td>New Password</td><td><input type="text" name="new_password" maxlength="32"></td></tr>
  282. <tr><td></td><td><input type="submit" value="Change Password"></td></tr>
  283. </form>
  284. </table>
  285.  
  286. <?php
  287. }
  288. else
  289. {
  290. mysql_query("UPDATE accounts SET password = '". md5($password) ."' WHERE username = '". $cookie ."'");
  291. echo "<center><div id='box'>Password changed!</div>";
  292. }
  293. }
  294. elseif($_GET['lo'] == "true" || isset($_POST['areyousure']))
  295. {
  296. if(isset($_POST['areyousure']))
  297. {
  298. if(get_lock_status() == 1)
  299. {
  300. echo "<center><div id='box'>You've unlocked the applications.</div></center>";
  301. mysql_query("UPDATE settings SET lockstatus = 0");
  302.  
  303. //log
  304. $b = fopen('logs.txt', 'a');
  305. fwrite($b, "[". date('m-d-y') ."] ---". $cookie." unlocked applications.\n");
  306. fclose($b);
  307. }
  308. else
  309. {
  310. echo "<center><div id='box'>You've locked the applications.</div></center>";
  311. mysql_query("UPDATE settings SET lockstatus = 1");
  312.  
  313. //log
  314. $b = fopen('logs.txt', 'a');
  315. fwrite($b, "[". date('m-d-y') ."] ---". $cookie." locked applications.\n");
  316. fclose($b);
  317. }
  318. }
  319. else
  320. {
  321. if(get_lock_status() == 1)
  322. {
  323. echo "<center><div id='box'>Are you sure you wish to unlock applications? ";
  324.  
  325. ?>
  326.  
  327. <form action="acp.php" method="POST">
  328. <input type="hidden" name="areyousure" value="1">
  329. <input type="submit" value="Yes">
  330. </form>
  331.  
  332. <form action="acp.php" method="POST">
  333. <input type="submit" value="No">
  334. </form>
  335. </div>
  336. </center>
  337.  
  338. <?php
  339. }
  340. else
  341. {
  342. echo "<center><div id='box'>Are you sure you wish to lock applications? ";
  343.  
  344. ?>
  345.  
  346. <form action="acp.php" method="POST">
  347. <input type="hidden" name="areyousure" value="1">
  348. <input type="submit" value="Yes">
  349. </form>
  350.  
  351. <form action="acp.php" method="POST">
  352. <input type="submit" value="No">
  353. </form>
  354. </div>
  355. </center>
  356.  
  357. <?php
  358. }
  359. }
  360. }
  361. elseif(isset($_GET['feedback']) == "true" || isset($_POST['feedback']))
  362. {
  363. if(isset($_POST['feedback']))
  364. {
  365. $feedback = mysql_real_escape_string(nl2br(strip_tags(stripslashes($_POST['feedback']))));
  366.  
  367. mysql_query("INSERT INTO feedback VALUES (null, '{$cookie}', '{$feedback}')");
  368. echo "<center><div id='box'>Your feedback has been sent.</div></center>";
  369. }
  370. else
  371. {
  372. ?>
  373. <center>
  374. <table>
  375. <form action="acp.php" method="POST">
  376. <tr><td>Your feedback</td><td><textarea name="feedback" cols="65" rows="25" maxlength="2000"></textarea></td></tr>
  377. <tr><td></td><td><input type="submit" value="Send"></td></tr>
  378. </form>
  379. </table>
  380. </center>
  381.  
  382. <?php
  383. }
  384. }
  385. elseif(isset($_GET['permchange']))
  386. {
  387. if(isset($_GET['r_username']))
  388. {
  389. //make r_username secure
  390. $r_username = mysql_real_escape_string($_GET['r_username']);
  391.  
  392. if(get_revoke_status(get_username($r_username)) == 1)
  393. {
  394. mysql_query("UPDATE accounts SET revokestatus = 0 WHERE id = '". $r_username ."'");
  395.  
  396. //log
  397. $b = fopen('logs.txt', 'a');
  398. fwrite($b, "[". date('m-d-y') ."] ---". $cookie." gave back ". get_username($r_username) ."'s permissions.\n");
  399. fclose($b);
  400.  
  401. echo "<center><div id='box'>You have gave the user their permissions back!</div></center>";
  402. }
  403. else
  404. {
  405. mysql_query("UPDATE accounts SET revokestatus = 1 WHERE id = '". $r_username ."'");
  406.  
  407. //log
  408. $b = fopen('logs.txt', 'a');
  409. fwrite($b, "[". date('m-d-y') ."] ---". $cookie." revoked ". get_username($r_username) ."'s permissions.\n");
  410. fclose($b);
  411.  
  412. echo "<center><div id='box'>You have revoked the user's permissions!</div></center>";
  413. }
  414. }
  415. else
  416. {
  417.  
  418. ?>
  419.  
  420. <center><div id='box'>
  421. <table>
  422.  
  423. <?php
  424. $get_users_query = mysql_query("SELECT * FROM accounts");
  425.  
  426. while($row_get_users = mysql_fetch_assoc($get_users_query))
  427. {
  428. if(get_revoke_status($row_get_users['username']) == 1)
  429. {
  430. echo "<tr><br/><td><span style='color:white'>[CURRENTLY REVOKED]</span></td><td>". $row_get_users['username'] ."</td><td><a href='acp.php?permchange=true&r_username=". $row_get_users['id'] ."'>Change Status</a></td></tr>";
  431. }
  432. else
  433. {
  434. echo "<tr><br/><td>[CURRENTLY IN USE]</td><td>". $row_get_users['username'] ."</td><td><a href='acp.php?permchange=true&r_username=". $row_get_users['id'] ."'>Change Status</a></td></tr>";
  435. }
  436. }
  437.  
  438. ?>
  439. </table>
  440.  
  441. <form action="acp.php">
  442. <input type="submit" value="Back">
  443. </form></div></center>
  444.  
  445. <?php
  446. }
  447. }
  448. else
  449. {
  450. echo "<center><div id='box'>Welcome to the ACSO administration control panel, ". $cookie ."!<br/><br/><a href='acp.php?view=true'>View Applications</a> | <a href='acp.php?setup=true'>Setup Administrator Account</a>
  451. | <a href='acp.php?changemessage=true'>Change Accepted Message</a> | <a href='acp.php?logs=true'>View Logs</a> <br/><br/><a href='acp.php?changepass=true'>
  452. Change Password</a> | <a href='acp.php?lo=true'>Lock/Open Applications</a> | <a href='acp.php?feedback=true'>Suggestions/Feedback</a> | <a href='acp.php?logout=true'>Logout</a>";
  453.  
  454. if($cookie == "SRBuckey5266")
  455. {
  456. echo "<br/><br/><a href='acp.php?permchange=true'><span style='color:white'>Revoke/Give Permissions</span></a></div></center>";
  457. }
  458. else
  459. {
  460. echo "</div></center>";
  461. }
  462. }
  463. }
  464. }
  465. else
  466. {
  467. //nothing to execute - can't be seen by users or activated
  468. }
  469.  
  470. echo "<center><br/><br/><br/><hr>ASCO Navigation<br/> <a href='index.php'>[HOME]</a> | <a href='track.php'>[TRACKING]</a> | <a href='acp.php'>[ACP]</a></center>";
  471. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!