//admin/Config/queries.php<?php switch ($page) { case 'dashboard

1. //admin/Config/queries.php
2.  
3. <?php
4.  
5. switch ($page) {
6.  
7. case 'dashboard':
8. # code...
9. break;
10.  
11. case 'pages':
12. if(isset($_POST['submitted']) == 1) {
13.  
14. $title = mysqli_real_escape_string($dbc, $_POST['title']);
15. $label = mysqli_real_escape_string($dbc, $_POST['label']);
16. $header = mysqli_real_escape_string($dbc, $_POST['header']);
17. $body = mysqli_real_escape_string($dbc, $_POST['body']);
18.  
19.  
20. if($_POST['id'] != '' ) {
21.  
22. $action = 'updated';
23. $q = "UPDATE posts SET user = $_POST[user], slug = '$_POST[slug]', title = '$title', label = '$label', header = '$header', body = '$body' WHERE id = $_GET[id]";
24. } else {
25. $action = 'added';
26. $q = "INSERT INTO posts (type, user, slug, title, label, header, body) VALUES (1, $_POST[user], '$_POST[slug]', '$title', '$label', '$header', '$body')";
27.  
28. }
29.  
30. $r = mysqli_query($dbc, $q);
31.  
32. if($r){
33.  
34. $message = '<p class="alert alert-success">Page was '.$action.'!</p>';
35.  
36. } else {
37.  
38. $message = '<p class="alert alert-danger">Page could not be '.$action.' because: '.mysqli_error($dbc);
39. $message .= '<p class="alert alert-warning">Query: '.$q.'</p>';
40. }
41. }
42.  
43. if(isset($_GET['id'])) { $opened = data_post($dbc, $_GET['id']); }
44.  
45.  
46. break;
47.  
48. case 'users':
49. if(isset($_POST['submitted']) == 1) {
50.  
51. $first = mysqli_real_escape_string($dbc, $_POST['first']);
52. $last = mysqli_real_escape_string($dbc, $_POST['last']);
53.  
54. if($_POST['password'] != '') {
55.  
56. if($_POST['password'] == $_POST['passwordv']) {
57. $password = " password = SHA1('$_POST[password]'),";
58.  
59. $verify = true;
60. } else{
61. $verify = false;
62. }
63. } else {
64. $verify = false;
65. }
66.  
67.  
68. //next line is edited/customized so pages can update without duplicating
69. if($_POST['id'] != '' ) {
70.  
71. $action = 'updated';
72. $q = "UPDATE users SET first = '$first', last = '$last', email = '$_POST[email]', $password status = $_POST[status] WHERE id = $_GET[id]";
73.  
74. $r = mysqli_query($dbc, $q);
75.  
76. } else {
77. $action = 'added';
78.  
79. $q = "INSERT INTO users (first, last, email, password, status) VALUES ('$first', '$last', '$_POST[email]', SHA1('$_POST[pasword]'), '$_POST[status]')";
80.  
81. if($verify == true) {
82. $r = mysqli_query($dbc, $q);
83. }
84. }
85.  
86.  
87. if($r){
88.  
89. $message = '<p class ="alert alert-success">User was '.$action.'!</p>';
90.  
91. } else {
92.  
93. $message = '<p class="alert alert-danger">User could not be '.$action.' because: '.mysqli_error($dbc);
94. if($verify == false) {
95. $message .= '<p class="alert alert-danger">Passwords fields empty or do not match</p>';
96. }
97. $message .= '<p class="alert alert-warning">Query: '.$q.'</p>';
98. }
99. }
100.  
101.  
102. if(isset($_GET['id'])) { $opened = data_user($dbc, $_GET['id']); }
103.  
104. break;
105.  
106. case 'navigation':
107.  
108. if(isset($_POST['submitted']) == 1) {
109.  
110. $label = mysqli_real_escape_string($dbc, $_POST['label']);
111. $url = mysqli_real_escape_string($dbc, $_POST['url']);
112.  
113. //next line is edited/customized so pages can update without duplicating
114. if($_POST['id'] != '' ) {
115.  
116. $action = 'updated';
117. $q = "UPDATE navigation SET id = '$_POST[id]', label = '$label', url = '$url', position = $_POST[position], status = $_POST[status] WHERE id = '$_POST[openedid]'";
118.  
119. $r = mysqli_query($dbc, $q);
120.  
121. }
122.  
123.  
124. if($r){
125.  
126. $message = '<p class ="alert alert-success">Navigation item was '.$action.'!</p>';
127.  
128. } else {
129.  
130. $message = '<p class="alert alert-danger">Navigation could not be '.$action.' because: '.mysqli_error($dbc);
131.  
132. $message .= '<p class="alert alert-warning">Query: '.$q.'</p>';
133. }
134. }
135.  
136.  
137. break;
138.  
139.  
140. case 'settings':
141.  
142. if(isset($_POST['submitted']) == 1) {
143.  
144. $label = mysqli_real_escape_string($dbc, $_POST['label']);
145. $value = mysqli_real_escape_string($dbc, $_POST['value']);
146.  
147. //next line is edited/customized so pages can update without duplicating
148. if($_POST['id'] != '' ) {
149.  
150. $action = 'updated';
151. $q = "UPDATE settings SET id = '$_POST[id]', label = '$label', value = '$value' WHERE id = '$_POST[openedid]'";
152.  
153. $r = mysqli_query($dbc, $q);
154.  
155. }
156.  
157.  
158. if($r){
159.  
160. $message = '<p class ="alert alert-success">Setting was '.$action.'!</p>';
161.  
162. } else {
163.  
164. $message = '<p class="alert alert-danger">Setting could not be '.$action.' because: '.mysqli_error($dbc);
165.  
166. $message .= '<p class="alert alert-warning">Query: '.$q.'</p>';
167. }
168. }
169.  
170.  
171. break;
172.  
173.  
174.  
175.  
176. default:
177. # code...
178. break;
179. }
180.  
181.  
182. ?>