API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2017
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.97 KB | None | 0 0
raw download clone embed print report
  1. <?PHP
  2. session_start();
  3. include('nav.php');
  4. include('config.php');
  5.  
  6. if (isset($_SESSION['user'])){ //User is logged in
  7. echo "<Title>HWID - Home</Title>";
  8. if (isset($_GET['action'])){
  9. if($_GET['action'] == 'control'){
  10. $actionistrue = 'true';
  11. }else{
  12. $actionistrue = 'false';
  13. }
  14. }else{
  15. $actionistrue = 'false';
  16. }
  17. if($actionistrue == 'false'){
  18. $getmembers = mysql_query('SELECT count(username) FROM members');
  19. $getmembersresult = mysql_result($getmembers, 0);
  20. if (!$getmembersresult == '0'){
  21. $getmem = mysql_query('SELECT * from `members`');
  22. WHILE($rows = mysql_fetch_array($getmem)):
  23. $usern = mysql_real_escape_string($rows['username']);
  24. $passw = mysql_real_escape_string($rows['password']);
  25. $hwid = mysql_real_escape_string($rows['hwid']);
  26. $hwid2 = mysql_real_escape_string($rows['hwid2']);
  27. $hwid3 = mysql_real_escape_string($rows['hwid3']);
  28. $ban = mysql_real_escape_string($rows['banned']);
  29. $banr = mysql_real_escape_string($rows['ban_reason']);
  30. $name = mysql_real_escape_string($rows['name']);
  31. Echo "<hr>";
  32. if ($ban =='no') {
  33. Echo "<font color=green><B>Name:</B> $name | <B>Username:</b> $usern | <b>Password:</b> $passw | <B>HWID:</b> $hwid | <b>HWID 2:</b> $hwid2 | <b>HWID 3:</b> $hwid3 | <b>Banned?</b></b> $ban | <b>Ban reason:</b> $banr | <a href='index.php?action=manage&username=$usern'><img src='images/manage.gif' border='0' alt='Manage user' /></a> | <a href='index.php?action=delete&username=$usern'><img src='images/delete.gif' border='0' alt='Delete user' /></a> <hr></font>";
  34. }else{
  35. Echo "<font color=red><B>Name:</B> $name | <B>Username:</b> $usern | <b>Password:</b> $passw | <B>HWID:</b> $hwid | <b>Banned?</b></b> $ban | <b>Ban reason:</b> $banr | <a href='index.php?action=manage&username=$usern'><img src='images/manage.gif' border='0' alt='Delete user' /></a> | <a href='index.php?action=unban&username=$usern'><img src='images/unban.gif' border='0' alt='Unban user' /></a> | <a href='index.php?action=delete&username=$usern'><img src='images/delete.gif' border='0' alt='Delete user' /></a> <hr></font>";
  36. }
  37. ENDWHILE;
  38.  
  39. }else{
  40. Echo "<font color=white><hr><b>No members found.</b><hr></font>";
  41. }
  42.  
  43. ?>
  44. <html>
  45. <head>
  46.     <LINK href="style.css" rel="stylesheet" type="text/css">
  47. </head>
  48. <style>
  49. body { background-color: #d0d0d0;)}
  50. </style>
  51. <center>
  52. <div align="center">
  53. <SCRIPT LANGUAGE="JavaScript">
  54. <!-- Begin
  55. document.write('<form><input type=button value="Refresh" onClick="history.go()"></form>')
  56. //  End -->
  57. </script>
  58. </div>
  59. <table>
  60. <tr>
  61. <td>
  62. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  63.  <tr>
  64.   <td width="34" valign="top">
  65. <div class="User_Top"></div>
  66. <div class="User_Middle">
  67. <div class="Sidebar_content">
  68. <div align="center">
  69. <table border="0">
  70. <Form action="index.php" name="adduser" method="post">
  71. <tr><td><b><font>Name</td><td>:</td><td></font></b> <input type="name" name="addname"></td></tr>
  72. <tr><td><b><font>Username</td><td>:</td><td></font></b> <input type="username" name="addusername"></td></tr>
  73. <tr><td><b><font>Password</td><td>:</td><td></font></b> <input type="password" name="addpassword"></td></tr>
  74. <tr><td><b><font>Confirm Password</td><td>:</td><td></font></b> <input type="password" name="confirmpassword"></td></tr>
  75. <tr><td><b><font>HWID</td><td>:</td><td></font></b> <input type="text" name="addhwid"></td></tr>
  76. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="addsubmit" value="Add user">
  77. </form>
  78. </table>
  79. </div>
  80. </div>
  81. </div>
  82. </div>
  83. </div>
  84. <div class="Statistics_Bottom"></div>
  85.  
  86.   </td>
  87.   <td>
  88.    &nbsp;
  89.   </td>
  90.   <td width="875" valign="top">
  91. </form>
  92. </table>
  93. </td
  94. <br>
  95. <td>
  96. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  97.  <tr>
  98.   <td width="34" valign="top">
  99.  
  100. <div class="User_Top"></div>
  101. <div class="User_Middle">
  102.  
  103. <div class="Sidebar_content">
  104.  
  105. <div align="center">
  106.  
  107. <table border="0">
  108. <form action='index.php' method="POST">
  109. <select name="resetpassword">
  110. <?php
  111. $lupr = mysql_query('SELECT username FROM `members`');
  112. WHILE($rows = mysql_fetch_array($lupr)):
  113. $luprn = $rows['username'];
  114. echo "<option value='$luprn' name='resetp'>$luprn</option>";
  115. ENDWHILE;
  116. ?>
  117. </select>
  118. <tr><td><b>Password</td><td>:</td><td></b> <input type="password" name='pr'></td></tr>
  119. <tr><td><b>Confirm password</td><td>:</td><td></b> <input type="password" name="prc"></td></tr>
  120. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="rp" value='Reset Password'>
  121. </form>
  122. </table>
  123. </div>
  124. </div>
  125. </div>
  126. </div>
  127. </div>
  128. <div class="Statistics_Bottom"></div>
  129.  
  130.   </td>
  131.   <td>
  132.    &nbsp;
  133.   </td>
  134.   <td width="875" valign="top">
  135. </form>
  136. </table>
  137. </td>
  138. <?PHP
  139. ?>
  140. <br>
  141. <td>
  142. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  143.  <tr>
  144.   <td width="34" valign="top">
  145. <div class="User_Top"></div>
  146. <div class="User_Middle">
  147. <div class="Sidebar_content">
  148. <div align="center">
  149. <table border="0">
  150. <form action='index.php' method="POST">
  151. <select name="userban">
  152. <?php
  153. $users = mysql_query('SELECT username FROM `members`');
  154. WHILE($rows = mysql_fetch_array($users)):
  155. $usern = $rows['username'];
  156. echo "<option value='$usern' name='userban'>$usern</option>";
  157. ENDWHILE;
  158. ?>
  159. </select>
  160. <tr><td><b>Ban Reason</td><td>:</td><td></b> <input type="text" name='banreason'></td></tr>
  161. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="ban" value='Ban User'>
  162. </form>
  163. </table>
  164. </div>
  165. </div>
  166. </div>
  167. </div>
  168. </div>
  169. <div class="Statistics_Bottom"></div>
  170.  
  171.   </td>
  172.   <td>
  173.    &nbsp;
  174.   </td>
  175.   <td width="875" valign="top">
  176. </form>
  177. </table>
  178. </td>
  179. <br>
  180. <td>
  181. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  182.  <tr>
  183.   <td width="34" valign="top">
  184. <div class="User_Top"></div>
  185. <div class="User_Middle">
  186. <div class="Sidebar_content">
  187. <div align="center">
  188. <table border="0">
  189. <form action='index.php' method="POST">
  190. <select name="changeusername">
  191. <?php
  192. $gucu = mysql_query('SELECT username FROM `members`');
  193. WHILE($rows = mysql_fetch_array($gucu)):
  194. $cusername = $rows['username'];
  195. echo "<option value='$cusername' name='cuser'>$cusername</option>";
  196. ENDWHILE;
  197. ?>
  198. </select>
  199.  
  200. <tr><td><b>Username</td><td>:</td><td></b> <input type="text" name='cuser1'></td></tr>
  201. <tr><td><b>Confirm username</td><td>:</td><td></b> <input type="text" name='cuser2'></td></tr>
  202. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="cu" value='Change username'>
  203. </form>
  204. </table>
  205. </div>
  206. </div>
  207. </div>
  208. </div>
  209. </div>
  210. <div class="Statistics_Bottom"></div>
  211.  
  212.   </td>
  213.   <td>
  214.    &nbsp;
  215.   </td>
  216.   <td width="875" valign="top">
  217. </form>
  218. </table>
  219. </td>
  220. </tr>
  221. </table>
  222. </center>
  223. </html>
  224. <?PHP
  225. //CSS CODE HERE
  226. }
  227. if (isset($_POST['ban'])) { //BAN USER
  228. $usertoban = mysql_real_escape_string($_POST['userban']);
  229. $br = mysql_real_escape_string($_POST['banreason']);
  230. $ciuib = mysql_query("SELECT count(banned) FROM members WHERE banned='yes' AND username='$usertoban'");
  231. $ciuibr = mysql_result($ciuib, 0);
  232. if ($ciuibr == '1') {
  233. Echo "The user is already banned.";
  234. }else{
  235. $bu = mysql_query("UPDATE members SET banned='yes', ban_reason='$br' WHERE username='$usertoban'");
  236. header('location: index.php');
  237. }
  238. }else if (isset($_POST['addsubmit'])) { //ADD USER
  239. $addingname = mysql_real_escape_string($_POST['addname']);
  240. $addinguser = mysql_real_escape_string($_POST['addusername']);
  241. $addingpassword = md5(mysql_real_escape_string($_POST['addpassword']));
  242. $confirmpassword = md5(mysql_real_escape_string($_POST['confirmpassword']));
  243. $addinghwid = mysql_real_escape_string($_POST['addhwid']);
  244.  
  245. $ciueba = mysql_query("SELECT count(username) FROM members WHERE username='$addinguser'");
  246. $ciuebar = mysql_result($ciueba, 0);
  247.  
  248. if ($ciuebar == '1'){
  249. Echo "<font color=red><b>Error: An account with the specified username already exits.</b></font>";
  250. }else{
  251. if ($addingpassword == $confirmpassword) {
  252. $ccau = mysql_query("INSERT INTO members VALUES('$addingname', '$addinguser', '$addingpassword', '$addinghwid', '', '', 'no', 'N/A')");
  253. header('location: index.php');
  254. }else{
  255. Echo "<font color=red><b>Error: The two passwords entered do not match.</b></font>";
  256. }
  257. }
  258. }else if(isset($_POST['rp'])) { //RESET PASSWORD
  259. $uoptr = mysql_real_escape_string($_POST['resetpassword']);
  260. $newpassword = md5(mysql_real_escape_string($_POST['pr']));
  261. if ($_POST['pr'] == $_POST['prc']){
  262. $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$uoptr'");
  263. $ciuer = mysql_result($ciue, 0);
  264. if ($ciuer == '1'){
  265. mysql_query("UPDATE members set password='$newpassword' WHERE username='$uoptr'");
  266. header("location: index.php");
  267. }else{
  268. Echo "<font color=red><b>Error: The specified user was not found.</b></font>";
  269. }
  270. }else{
  271. Echo "<font color=red><b>Error: The two passwords you entered do not match.</b></font";
  272. }
  273. }if (isset($_POST['cu'])) { //CHANGE USERNAME
  274. if($_POST['cuser1'] == $_POST['cuser2']) {
  275. $oldusername = mysql_real_escape_string($_POST['changeusername']);
  276. $newusername = mysql_real_escape_string($_POST['cuser2']);
  277. $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$oldusername'");
  278. $ciuer = mysql_result($ciue, 0);
  279. if (!$ciuer == '1'){
  280. Echo "The user could not be found";
  281. }else{
  282. mysql_query("UPDATE members SET username='$newusername' WHERE username='$oldusername'");
  283. header("location: index.php");
  284. }
  285. }else{
  286. Echo "The two usernames you entered do not match.";
  287. }
  288. }else if(isset($_POST['updatehwid'])){ //UPDATE HWIDs
  289. $hwid1 = mysql_real_escape_string($_POST['hwid1']);
  290. $hwid2 = mysql_real_escape_string($_POST['hwid2']);
  291. $hwid3 = mysql_real_escape_string($_POST['hwid3']);
  292. $userch = mysql_real_escape_string($_POST['hwidusername']);
  293. $cichue = mysql_query("SELECT count(username) FROM members WHERE username='$userch'");
  294. $cichuer = mysql_result($cichue, 0);
  295. if ($cichuer == '1'){
  296. $udhwids = mysql_query("UPDATE members SET `hwid`='$hwid1', `hwid2`='$hwid2', `hwid3`='$hwid3' WHERE username='$userch'");
  297. header("location:index.php");
  298. }else{
  299. Echo "The user was not found.";
  300. }
  301. }
  302.  
  303.  
  304. if (isset($_GET['action'])) {
  305. if ($_GET['action'] == 'control') { //CONTROL PANEL
  306. Echo "<Title>HWID - Control Panel</Title>";
  307. $shortusername = $_SESSION['user'];
  308. Echo "<form action='index.php?action=control' method='post'>";
  309. Echo "<b>Username:</b> <input type='text' name='newusername' value='$shortusername'>";
  310. Echo "<br>";
  311. Echo "<b>Password:</b> <input type='password' name='newpass'>";
  312. Echo "<br>";
  313. Echo "<input type='submit' name='update' value='Update'>";
  314. Echo "</form>";
  315. if (isset($_POST['update'])) { //UPDATE INFO
  316. $cleanuser = mysql_real_escape_string($_POST['newusername']);
  317. $cleanpass = mysql_real_escape_string(md5($_POST['newpass']));
  318. $updatequery = mysql_query("UPDATE `users` SET username='$cleanuser', password='$cleanpass' WHERE username='$shortusername'");
  319. unset($_SESSION['user']);
  320. $_SESSION['user']=$cleanuser;
  321. header("location: index.php?action=control");
  322. }
  323. }else if ($_GET['action'] == 'logout') { //LOGOUT
  324. if (isset($_SESSION['user'])) {
  325. unset($_SESSION['user']);
  326. header ('location: index.php');
  327. }else{
  328. header('location: index.php');
  329. }
  330. }else if($_GET['action'] == 'unban') { //UNBAN USER
  331. echo "<Title>HWID - Unban User</Title>";
  332. $usertounban = $_GET['username'];
  333. $us = mysql_query("UPDATE members SET banned='no', ban_reason='N/A' WHERE username='$usertounban'");
  334. header('location: index.php');
  335. }else if($_GET['action'] == 'delete') { //DELETE USER
  336. echo "<Title>HWID - Delete user</Title>";
  337. $utd = mysql_real_escape_string($_GET['username']);
  338. $ciue = mysql_query("SELECT count(username) FROM members WHERE username='$utd'");
  339. $ciuer = mysql_result($ciue, 0);
  340. if ($ciuer == '1') {
  341. $du = mysql_query("DELETE FROM members WHERE username='$utd'");
  342. header('location: index.php');
  343. }else{
  344. Echo "<font color=red><b>Error: The user could not be found.</b></font>";
  345. }
  346. }else if ($_GET['action'] == 'manage') { //MANAGE HWIDs
  347. $umh = mysql_real_escape_string($_GET['username']);
  348. Echo "<hr>";
  349. $gh1 = mysql_query("SELECT `hwid` FROM members WHERE username='$umh'");
  350. $gh1r = mysql_real_escape_string(mysql_result($gh1, 0));
  351.  
  352. $gh2 = mysql_query("SELECT `hwid2` FROM members WHERE username='$umh'");
  353. $gh2r = mysql_real_escape_string(mysql_result($gh2, 0));
  354.  
  355. $gh3 = mysql_query("SELECT `hwid3` FROM members WHERE username='$umh'");
  356. $gh3r = mysql_real_escape_string(mysql_result($gh3, 0));
  357. Echo "<form action='index.php' method='post'>";
  358. Echo "<b>Username:</b> $umh |<input type='hidden' name='hwidusername' value='$umh'> <b>HWID1:</b> <input type='text' name='hwid1' value='$gh1r'> <b>HWID2:</b> <input type='text' name='hwid2' value='$gh2r'> <b>HWID3:</b> <input type='text' name='hwid3' value='$gh3r'> <input type='submit' name='updatehwid' value='Update HWIDs'>";
  359. Echo "</form>";
  360.  
  361. }
  362. }
  363.  
  364.  
  365. }else if(isset($_POST['login'])) { //User is attempting to login
  366. $username = mysql_real_escape_string($_POST['username']);
  367. $password = md5(mysql_real_escape_string($_POST['password']));
  368.  
  369. $logincheck = mysql_query("SELECT count(username) FROM users WHERE username='$username' AND password='$password'");
  370. $loginresult = mysql_result($logincheck, 0);
  371. if ($loginresult == '1') {
  372. $_SESSION['user']=$username;
  373. header('location: index.php');
  374. }else {
  375. ?>
  376. <html>
  377. <head>
  378.     <LINK href="style.css" rel="stylesheet" type="text/css">
  379. </head>
  380. <Title>HWID - Authentication</Title>
  381. <style>
  382. body { background-color: #d0d0d0;)}
  383. </style>
  384. <center>
  385. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  386.  <tr>
  387.   <td width="34" valign="top">
  388.  
  389. <div class="User_Top"></div>
  390. <div class="User_Middle">
  391.  
  392. <div class="Sidebar_content">
  393.  
  394. <div align="center">
  395.  
  396. <table border="0">
  397. <font color=red><B>Login failure</B></font>
  398. <form action="index.php" method="POST">
  399. <tr><td><b><font>Username</td><td><font>:</font></td><td></b> <input type="text" name="username"><br></td></tr>
  400. <tr><td><b><font>Password</td><td><font>:</font></td><td></b> <input type="password" name="password"><br></td></tr>
  401. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="login" value="Login!">
  402. </form>
  403. </table>
  404.  
  405. </div>
  406. </div>
  407. </div>
  408. </div>
  409. </div>
  410. <div class="Statistics_Bottom"></div>
  411.  
  412.   </td>
  413.   <td>
  414.    &nbsp;
  415.   </td>
  416.  
  417. </form>
  418. </table>
  419. </center>
  420. </html>
  421.  
  422. <?PHP
  423. }
  424.  
  425. }else{
  426. ?>
  427. <html>
  428. <head>
  429.     <LINK href="style.css" rel="stylesheet" type="text/css">
  430. </head>
  431. <Title>HWID - Authentication</Title>
  432. <style>
  433. body { background-color: #d0d0d0;)}
  434. </style>
  435. <center>
  436. <table id="Main" width="258" border="0" cellpadding="0" cellspacing="0">
  437.  <tr>
  438.   <td width="34" valign="top">
  439.  
  440. <div class="User_Top"></div>
  441. <div class="User_Middle">
  442.  
  443. <div class="Sidebar_content">
  444.  
  445. <div align="center">
  446.  
  447. <table border="0">
  448. <form action="index.php" method="POST">
  449. <tr><td><b><font>Username</td><td><font>:</font></td><td></b> <input type="text" name="username"><br></td></tr>
  450. <tr><td><b><font>Password</td><td><font>:</font></td><td></b> <input type="password" name="password"><br></td></tr>
  451. <tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" name="login" value="Login!">
  452. </form>
  453. </table>
  454.  
  455. </div>
  456. </div>
  457. </div>
  458. </div>
  459. </div>
  460. <div class="Statistics_Bottom"></div>
  461.  
  462.   </td>
  463.   <td>
  464.    &nbsp;
  465.   </td>
  466.  
  467. </form>
  468. </table>
  469. </center>
  470. </html>
  471. <?PHP
  472. }
  473. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!