Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?PHP
- session_start();
- include('nav.php');
- include('config.php');
- if (isset($_SESSION['user'])){ //User is logged in
- echo "<Title>HWID - Home</Title>";
- if (isset($_GET['action'])){
- if($_GET['action'] == 'control'){
- $actionistrue = 'true';
- }else{
- $actionistrue = 'false';
- }
- }else{
- $actionistrue = 'false';
- }
- if($actionistrue == 'false'){
- $getmembers = mysql_query('SELECT count(username) FROM members');
- $getmembersresult = mysql_result($getmembers, 0);
- if (!$getmembersresult == '0'){
- $getmem = mysql_query('SELECT * from `members`');
- WHILE($rows = mysql_fetch_array($getmem)):
- $usern = mysql_real_escape_string($rows['username']);
- $passw = mysql_real_escape_string($rows['password']);
- $hwid = mysql_real_escape_string($rows['hwid']);
- $hwid2 = mysql_real_escape_string($rows['hwid2']);
- $hwid3 = mysql_real_escape_string($rows['hwid3']);
- $ban = mysql_real_escape_string($rows['banned']);
- $banr = mysql_real_escape_string($rows['ban_reason']);
- $name = mysql_real_escape_string($rows['name']);
- Echo "<hr>";
- if ($ban =='no') {
- Echo "<font color=green><B>Name:</B> $name | <B>Username:</b> $usern | <b>Password:</b> $passw | <B>HWID:</b> $hwid | <b>HWID 2:</b> $hwid2 | <b>HWID 3:</b> $hwid3 | <b>Banned?</b></b> $ban | <b>Ban reason:</b> $banr | <a href='index.php?action=manage&username=$usern'><img src='images/manage.gif' border='0' alt='Manage user' /></a> | <a href='index.php?action=delete&username=$usern'><img src='images/delete.gif' border='0' alt='Delete user' /></a> <hr></font>";
- }else{
- Echo "<font color=red><B>Name:</B> $name | <B>Username:</b> $usern | <b>Password:</b> $passw | <B>HWID:</b> $hwid | <b>Banned?</b></b> $ban | <b>Ban reason:</b> $banr | <a href='index.php?action=manage&username=$usern'><img src='images/manage.gif' border='0' alt='Delete user' /></a> | <a href='index.php?action=unban&username=$usern'><img src='images/unban.gif' border='0' alt='Unban user' /></a> | <a href='index.php?action=delete&username=$usern'><img src='images/delete.gif' border='0' alt='Delete user' /></a> <hr></font>";
- }
- ENDWHILE;
- }else{
- Echo "<font color=white><hr><b>No members found.</b><hr></font>";
- }
- ?>
- <html>
- <head>
- <LINK href="style.css" rel="stylesheet" type="text/css">
- </head>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <center>
- <div align="center">
- <SCRIPT LANGUAGE="JavaScript">
- <!-- Begin
- document.write('<form><input type=button value="Refresh" onClick="history.go()"></form>')
- // End -->
- </script>
- </div>
- <table>
- <tr>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <Form action="index.php" name="adduser" method="post">
- <tr><td><b><font>Name</td><td>:</td><td></font></b> <input type="name" name="addname"></td></tr>
- <tr><td><b><font>Username</td><td>:</td><td></font></b> <input type="username" name="addusername"></td></tr>
- <tr><td><b><font>Password</td><td>:</td><td></font></b> <input type="password" name="addpassword"></td></tr>
- <tr><td><b><font>Confirm Password</td><td>:</td><td></font></b> <input type="password" name="confirmpassword"></td></tr>
- <tr><td><b><font>HWID</td><td>:</td><td></font></b> <input type="text" name="addhwid"></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="addsubmit" value="Add user">
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- <td width="875" valign="top">
- </form>
- </table>
- </td
- <br>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action='index.php' method="POST">
- <select name="resetpassword">
- <?php
- $lupr = mysql_query('SELECT username FROM `members`');
- WHILE($rows = mysql_fetch_array($lupr)):
- $luprn = $rows['username'];
- echo "<option value='$luprn' name='resetp'>$luprn</option>";
- ENDWHILE;
- ?>
- </select>
- <tr><td><b>Password</td><td>:</td><td></b> <input type="password" name='pr'></td></tr>
- <tr><td><b>Confirm password</td><td>:</td><td></b> <input type="password" name="prc"></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="rp" value='Reset Password'>
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- <td width="875" valign="top">
- </form>
- </table>
- </td>
- <?PHP
- ?>
- <br>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action='index.php' method="POST">
- <select name="userban">
- <?php
- $users = mysql_query('SELECT username FROM `members`');
- WHILE($rows = mysql_fetch_array($users)):
- $usern = $rows['username'];
- echo "<option value='$usern' name='userban'>$usern</option>";
- ENDWHILE;
- ?>
- </select>
- <tr><td><b>Ban Reason</td><td>:</td><td></b> <input type="text" name='banreason'></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="ban" value='Ban User'>
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- <td width="875" valign="top">
- </form>
- </table>
- </td>
- <br>
- <td>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action='index.php' method="POST">
- <select name="changeusername">
- <?php
- $gucu = mysql_query('SELECT username FROM `members`');
- WHILE($rows = mysql_fetch_array($gucu)):
- $cusername = $rows['username'];
- echo "<option value='$cusername' name='cuser'>$cusername</option>";
- ENDWHILE;
- ?>
- </select>
- <tr><td><b>Username</td><td>:</td><td></b> <input type="text" name='cuser1'></td></tr>
- <tr><td><b>Confirm username</td><td>:</td><td></b> <input type="text" name='cuser2'></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="cu" value='Change username'>
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- <td width="875" valign="top">
- </form>
- </table>
- </td>
- </tr>
- </table>
- </center>
- </html>
- <?PHP
- //CSS CODE HERE
- }
- if (isset($_POST['ban'])) { //BAN USER
- $usertoban = mysql_real_escape_string($_POST['userban']);
- $br = mysql_real_escape_string($_POST['banreason']);
- $ciuib = mysql_query("SELECT count(banned) FROM members WHERE banned='yes' AND username='$usertoban'");
- $ciuibr = mysql_result($ciuib, 0);
- if ($ciuibr == '1') {
- Echo "The user is already banned.";
- }else{
- $bu = mysql_query("UPDATE members SET banned='yes', ban_reason='$br' WHERE username='$usertoban'");
- header('location: index.php');
- }
- }else if (isset($_POST['addsubmit'])) { //ADD USER
- $addingname = mysql_real_escape_string($_POST['addname']);
- $addinguser = mysql_real_escape_string($_POST['addusername']);
- $addingpassword = md5(mysql_real_escape_string($_POST['addpassword']));
- $confirmpassword = md5(mysql_real_escape_string($_POST['confirmpassword']));
- $addinghwid = mysql_real_escape_string($_POST['addhwid']);
- $ciueba = mysql_query("SELECT count(username) FROM members WHERE username='$addinguser'");
- $ciuebar = mysql_result($ciueba, 0);
- if ($ciuebar == '1'){
- Echo "<font color=red><b>Error: An account with the specified username already exits.</b></font>";
- }else{
- if ($addingpassword == $confirmpassword) {
- $ccau = mysql_query("INSERT INTO members VALUES('$addingname', '$addinguser', '$addingpassword', '$addinghwid', '', '', 'no', 'N/A')");
- header('location: index.php');
- }else{
- Echo "<font color=red><b>Error: The two passwords entered do not match.</b></font>";
- }
- }
- }else if(isset($_POST['rp'])) { //RESET PASSWORD
- $uoptr = mysql_real_escape_string($_POST['resetpassword']);
- $newpassword = md5(mysql_real_escape_string($_POST['pr']));
- if ($_POST['pr'] == $_POST['prc']){
- $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$uoptr'");
- $ciuer = mysql_result($ciue, 0);
- if ($ciuer == '1'){
- mysql_query("UPDATE members set password='$newpassword' WHERE username='$uoptr'");
- header("location: index.php");
- }else{
- Echo "<font color=red><b>Error: The specified user was not found.</b></font>";
- }
- }else{
- Echo "<font color=red><b>Error: The two passwords you entered do not match.</b></font";
- }
- }if (isset($_POST['cu'])) { //CHANGE USERNAME
- if($_POST['cuser1'] == $_POST['cuser2']) {
- $oldusername = mysql_real_escape_string($_POST['changeusername']);
- $newusername = mysql_real_escape_string($_POST['cuser2']);
- $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$oldusername'");
- $ciuer = mysql_result($ciue, 0);
- if (!$ciuer == '1'){
- Echo "The user could not be found";
- }else{
- mysql_query("UPDATE members SET username='$newusername' WHERE username='$oldusername'");
- header("location: index.php");
- }
- }else{
- Echo "The two usernames you entered do not match.";
- }
- }else if(isset($_POST['updatehwid'])){ //UPDATE HWIDs
- $hwid1 = mysql_real_escape_string($_POST['hwid1']);
- $hwid2 = mysql_real_escape_string($_POST['hwid2']);
- $hwid3 = mysql_real_escape_string($_POST['hwid3']);
- $userch = mysql_real_escape_string($_POST['hwidusername']);
- $cichue = mysql_query("SELECT count(username) FROM members WHERE username='$userch'");
- $cichuer = mysql_result($cichue, 0);
- if ($cichuer == '1'){
- $udhwids = mysql_query("UPDATE members SET `hwid`='$hwid1', `hwid2`='$hwid2', `hwid3`='$hwid3' WHERE username='$userch'");
- header("location:index.php");
- }else{
- Echo "The user was not found.";
- }
- }
- if (isset($_GET['action'])) {
- if ($_GET['action'] == 'control') { //CONTROL PANEL
- Echo "<Title>HWID - Control Panel</Title>";
- $shortusername = $_SESSION['user'];
- Echo "<form action='index.php?action=control' method='post'>";
- Echo "<b>Username:</b> <input type='text' name='newusername' value='$shortusername'>";
- Echo "<br>";
- Echo "<b>Password:</b> <input type='password' name='newpass'>";
- Echo "<br>";
- Echo "<input type='submit' name='update' value='Update'>";
- Echo "</form>";
- if (isset($_POST['update'])) { //UPDATE INFO
- $cleanuser = mysql_real_escape_string($_POST['newusername']);
- $cleanpass = mysql_real_escape_string(md5($_POST['newpass']));
- $updatequery = mysql_query("UPDATE `users` SET username='$cleanuser', password='$cleanpass' WHERE username='$shortusername'");
- unset($_SESSION['user']);
- $_SESSION['user']=$cleanuser;
- header("location: index.php?action=control");
- }
- }else if ($_GET['action'] == 'logout') { //LOGOUT
- if (isset($_SESSION['user'])) {
- unset($_SESSION['user']);
- header ('location: index.php');
- }else{
- header('location: index.php');
- }
- }else if($_GET['action'] == 'unban') { //UNBAN USER
- echo "<Title>HWID - Unban User</Title>";
- $usertounban = $_GET['username'];
- $us = mysql_query("UPDATE members SET banned='no', ban_reason='N/A' WHERE username='$usertounban'");
- header('location: index.php');
- }else if($_GET['action'] == 'delete') { //DELETE USER
- echo "<Title>HWID - Delete user</Title>";
- $utd = mysql_real_escape_string($_GET['username']);
- $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$utd'");
- $ciuer = mysql_result($ciue, 0);
- if ($ciuer == '1') {
- $du = mysql_query("DELETE FROM members WHERE username='$utd'");
- header('location: index.php');
- }else{
- Echo "<font color=red><b>Error: The user could not be found.</b></font>";
- }
- }else if ($_GET['action'] == 'manage') { //MANAGE HWIDs
- $umh = mysql_real_escape_string($_GET['username']);
- Echo "<hr>";
- $gh1 = mysql_query("SELECT `hwid` FROM members WHERE username='$umh'");
- $gh1r = mysql_real_escape_string(mysql_result($gh1, 0));
- $gh2 = mysql_query("SELECT `hwid2` FROM members WHERE username='$umh'");
- $gh2r = mysql_real_escape_string(mysql_result($gh2, 0));
- $gh3 = mysql_query("SELECT `hwid3` FROM members WHERE username='$umh'");
- $gh3r = mysql_real_escape_string(mysql_result($gh3, 0));
- Echo "<form action='index.php' method='post'>";
- Echo "<b>Username:</b> $umh |<input type='hidden' name='hwidusername' value='$umh'> <b>HWID1:</b> <input type='text' name='hwid1' value='$gh1r'> <b>HWID2:</b> <input type='text' name='hwid2' value='$gh2r'> <b>HWID3:</b> <input type='text' name='hwid3' value='$gh3r'> <input type='submit' name='updatehwid' value='Update HWIDs'>";
- Echo "</form>";
- }
- }
- }else if(isset($_POST['login'])) { //User is attempting to login
- $username = mysql_real_escape_string($_POST['username']);
- $password = md5(mysql_real_escape_string($_POST['password']));
- $logincheck = mysql_query("SELECT count(username) FROM users WHERE username='$username' AND password='$password'");
- $loginresult = mysql_result($logincheck, 0);
- if ($loginresult == '1') {
- $_SESSION['user']=$username;
- header('location: index.php');
- }else {
- ?>
- <html>
- <head>
- <LINK href="style.css" rel="stylesheet" type="text/css">
- </head>
- <Title>HWID - Authentication</Title>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <center>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <font color=red><B>Login failure</B></font>
- <form action="index.php" method="POST">
- <tr><td><b><font>Username</td><td><font>:</font></td><td></b> <input type="text" name="username"><br></td></tr>
- <tr><td><b><font>Password</td><td><font>:</font></td><td></b> <input type="password" name="password"><br></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="login" value="Login!">
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- </form>
- </table>
- </center>
- </html>
- <?PHP
- }
- }else{
- ?>
- <html>
- <head>
- <LINK href="style.css" rel="stylesheet" type="text/css">
- </head>
- <Title>HWID - Authentication</Title>
- <style>
- body { background-color: #d0d0d0;)}
- </style>
- <center>
- <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="34" valign="top">
- <div class="User_Top"></div>
- <div class="User_Middle">
- <div class="Sidebar_content">
- <div align="center">
- <table border="0">
- <form action="index.php" method="POST">
- <tr><td><b><font>Username</td><td><font>:</font></td><td></b> <input type="text" name="username"><br></td></tr>
- <tr><td><b><font>Password</td><td><font>:</font></td><td></b> <input type="password" name="password"><br></td></tr>
- <tr><td> </td><td> </td><td><input type="submit" name="login" value="Login!">
- </form>
- </table>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class="Statistics_Bottom"></div>
- </td>
- <td>
-
- </td>
- </form>
- </table>
- </center>
- </html>
- <?PHP
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement