Advertisement
lowheartrate

common.inc.php 11292016-0617

Nov 29th, 2016
211
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 29.83 KB | None | 0 0
  1. <?php
  2. // starts session for all function(s)
  3. session_start();
  4.  
  5. // connects to users database
  6. function dbConnect(){
  7.     require 'core/config.php';
  8.     try{
  9.         // for users table
  10.         $conn = new pdo("mysql:host=$server_name;dbname=$db_name;", $dbuser, $dbpw);
  11.         $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  12.         return $conn;
  13.  
  14.     }   catch(PDOException $e){
  15.         echo 'ERROR', $e->getMessage();
  16.     }
  17. }
  18.  
  19. // module for users to log in to profile
  20. function checkLogin() {
  21.   // originally header.php
  22.  
  23.   // if user is logged in
  24.   if(isset($_SESSION['username'])) {
  25.     $username = $_SESSION['username'];
  26.  
  27.     // run query to get users avatar
  28.     $getAvatar = dbConnect()->prepare("SELECT avatar FROM users WHERE username = :username");
  29.     $getAvatar->bindParam(':username', $username);
  30.     // execute query
  31.     $getAvatar->execute();
  32.     // set each column as row
  33.     $row = $getAvatar->fetch(PDO::FETCH_ASSOC);
  34.     // set $avatar as users set avatar
  35.     $avatar = $row['avatar'];
  36.  
  37.     // echo avatar, certain nav elements!!
  38.     echo '
  39.    <div class="navbar-right">
  40.       <!-- icons -->
  41.       <img src="http://i.imgur.com/HD6W7XJ.png" class="icon-search" alt="search-icon" />
  42.  
  43.       <a class="p1" href="#p1">
  44.         <img src="http://i.imgur.com/iHfwTS1.png" class="teamspeak-icon" alt="teamspeak icon" />
  45.       </a>
  46.  
  47.        <div class="page" id="p1-page">
  48.          <div id="shell">
  49.              <a class="btn-register">X</a>
  50.    ';
  51.                 // Don't report any php errors.
  52.                 error_reporting(0);
  53.  
  54.                 // load framework files
  55.                 require_once("includes/libraries/TeamSpeak3/TeamSpeak3.php");
  56.  
  57.                 // connect to server, authenticate and spawn an object for the virtual server on port xxxx
  58.                 $ts3_VirtualServer = TeamSpeak3::factory("serverquery://serverquerylogin:ATJ75oPF@63.251.20.99:14012/?server_port=14010&use_offline_as_virtual=1&no_query_clients=1");
  59.  
  60.                 // build and display HTML treeview using custom image paths (remote icons will be embedded using data URI sheme)
  61.                 echo $ts3_VirtualServer->getViewer(new TeamSpeak3_Viewer_Html("includes/images/viewer/", "", "data:image"));
  62.  
  63.                 // Report all php errors again.
  64.                 error_reporting(-1);
  65.     echo '
  66.              <a href="ts3server://ts3.heartfx.org/?port=4010&nickname=WebGuest"><button class="btn-connect">Connect</button></a>
  67.          </div>
  68.        </div>
  69.    ';
  70.  
  71.     // if user doesn't have avatar set:
  72.     if (empty($avatar)) {
  73.       echo '
  74.      <a class="p1" href="#p2">
  75.        <!-- default avatar -->
  76.        <img src="http://i.imgur.com/QFxs0nX.png" class="user_avatar" alt="default avatar" />
  77.      </a>
  78.      ';
  79.  
  80.     // if user has set an avatar:
  81.     } else {
  82.  
  83.       echo '
  84.      <a class="p1" href="#p2">
  85.        <!-- set avatar -->
  86.        <img src="includes/uploads/avatars/' .$avatar. '" class="user_avatar" alt="' .$username. ' avatar" />
  87.      </a>
  88.      ';
  89.  
  90.     }
  91.  
  92.     echo '
  93.    <div class="page" id="p2-page">
  94.      <div id="shell">
  95.        <a class="btn-register">X</a>
  96.  
  97.        <div class="top_user_cp">
  98.          <!-- link to $username profile -->
  99.          <a href="#">
  100.            <img src="http://i.imgur.com/sgmU8mb.png" class="member_icon" alt="member icon" />
  101.            <p class="username">' .$username. '</p>
  102.          </a>
  103.  
  104.          <!-- link to preferences where user can change password, avatar, etc. -->
  105.          <a href="action.php?action=edit_account">
  106.            <img src="http://i.imgur.com/P7gStLu.png" class="preferences" alt="preferences" />
  107.          </a>
  108.        </div>
  109.  
  110.    ';
  111.  
  112.         // get id from users table to use in query below
  113.         $sql = "SELECT id, level FROM users WHERE username = :username";
  114.         $get_id_from_user = dbConnect()->prepare($sql);
  115.         $get_id_from_user->bindParam(':username', $username);
  116.         $get_id_from_user->execute();
  117.         $id_from_user = $get_id_from_user->fetchAll();
  118.         foreach($id_from_user as $row) {$id = $row['id'];$level=$row['level'];}
  119.  
  120.         // get more details about user
  121.         $sql = "SELECT * FROM user_details WHERE id = :id";
  122.         $get_user_details = dbConnect()->prepare($sql);
  123.         $get_user_details->bindParam(':id', $id);
  124.         $get_user_details->execute();
  125.         $user_details = $get_user_details->fetchAll();
  126.         foreach($user_details as $row) {
  127.           $id = $row['id'];
  128.           $first_name = $row['first_name'];
  129.           $last_name = $row['last_name'];
  130.           $birthday = $row['birthday'];
  131.           $steam = $row['steam_profile'];
  132.         }
  133.  
  134.         // get users level
  135.  
  136.     echo '
  137.        <p class="welcome_back">Welcome back, ' .$first_name. '</p>
  138.        <a href="action.php?action=edit_account"><p class="edit_profile">edit preferences</p></a>
  139.  
  140.        <div class="bottom_user_cp">
  141.          <a href="action.php?action=logout">
  142.            <img src="http://image.flaticon.com/icons/svg/25/25376.svg" class="signout_icon" alt="sign out of user account ' .$username. '" />
  143.            <p class="signout">sign out </p>
  144.          </a>
  145.        </div>
  146.      </div>
  147.    </div>
  148.  
  149.    <!-- closing tag to div.navbar-right -->
  150.    </div>';
  151.  
  152.   // if user is not logged in ..
  153.     } else {
  154.  
  155.   // echo sign-up and log-in btns
  156.     echo '
  157.    <div class="navbar-right">
  158.       <!-- sign up / log in buttons -->
  159.       <a href="action.php?action=register_account"><button type="button" class="sign-up">Sign Up</button></a>
  160.       <a href="action.php?action=sign_in"><button type="button" class="log-in">Log In</button></a>
  161.  
  162.       <!-- icons -->
  163.       <img src="http://i.imgur.com/HD6W7XJ.png" class="icon-search" alt="search-icon" />
  164.  
  165.       <!--
  166.       <span class="icon-bars-button">
  167.          <span class="icon-bar"></span>
  168.          <span class="icon-bar"></span>
  169.          <span class="icon-bar"></span>
  170.       </span>
  171.       -->
  172.  
  173.        <a class="p1" href="#p1">
  174.         <!-- teamspeak icon -->
  175.         <img src="http://i.imgur.com/iHfwTS1.png" class="teamspeak-icon" alt="teamspeak icon" />
  176.        </a>
  177.  
  178.        <div class="page" id="p1-page">
  179.          <div id="shell">
  180.            <a class="btn-register">X</a>
  181.    ';
  182.  
  183.             error_reporting(0);
  184.  
  185.             // load framework files
  186.             require_once("includes/libraries/TeamSpeak3/TeamSpeak3.php");
  187.  
  188.             // connect to server, authenticate and spawn an object for the virtual server on port xxxx
  189.             $ts3_VirtualServer = TeamSpeak3::factory("serverquery://serverquerylogin:ATJ75oPF@63.251.20.99:14012/?server_port=14010&use_offline_as_virtual=1&no_query_clients=1");
  190.  
  191.             // build and display HTML treeview using custom image paths (remote icons will be embedded using data URI sheme)
  192.             echo $ts3_VirtualServer->getViewer(new TeamSpeak3_Viewer_Html("includes/images/viewer/", "", "data:image"));
  193.  
  194.     echo '
  195.            <a href="ts3server://ts3.heartfx.org/?port=4010&nickname=WebGuest"><button class="btn-connect">Connect</button></a>
  196.          </div>
  197.        </div>
  198.  
  199.    </div>
  200.    ';
  201.   }
  202.   // check for errors logging in...
  203.   //checkLoginErrors();
  204. }
  205.  
  206. // display all header stuff at beginning of page(s)
  207. function showHeader($title) {
  208.   echo '
  209.  <html lang="en">
  210.    <head>
  211.      <meta charset="utf-8">
  212.      <meta http-equiv="X-UA-Compatible" content="IE=edge">
  213.      <meta name="viewport" content="width=device-width, initial-scale=1">
  214.      <meta name="google-signin-client_id" content="618381226281-f3ht6d47jl818rjmr0p3rh3idftoaka7.apps.googleusercontent.com">
  215.      <link rel="stylesheet" href="includes/css.css" type="text/css">
  216.      <link href="https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700" rel="stylesheet">
  217.      <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
  218.      <link href="https://fonts.googleapis.com/css?family=Oxygen:400,300,700" rel="stylesheet" type="text/css">
  219.      <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
  220.      <script src="includes/js.js"></script>
  221.      <script src="https://www.google.com/recaptcha/api.js"></script>
  222.      <script src="https://apis.google.com/js/platform.js" async defer></script>
  223.      <title>'.$title.'</title>
  224.    </head>
  225.  
  226.    <body>
  227.    <header>
  228.       <nav>
  229.          <div class="navbar-left">
  230.             <a href="index.php">
  231.                <img src="http://i.imgur.com/IGvg5kM.png" alt="heart[fx] logo" width="100px" />
  232.             </a>
  233.          </div>
  234.  ';
  235.  
  236.           checkLogin();
  237.  
  238.   echo '
  239.       <!-- closing tag for nav.navbar -->
  240.       </nav>
  241.    </header>
  242.  ';
  243. }
  244.  
  245. // display footer of closing tags
  246. function showFooter() {
  247.   echo '
  248.    </body>
  249.  </html>
  250.  ';
  251. }
  252.  
  253. // display loginModule on login.php page
  254. function loginModule() {
  255.   echo '
  256.  <center>
  257.    <form method="post" class="login_module">
  258.      <input type="text" class="login_module" name="username" placeholder="username*" /><br />
  259.      <input type="password" class="login_module" name="password" placeholder="password*" /><br />
  260.  
  261.  ';
  262.  
  263.       // check for login errors...
  264.       checkLoginErrors();
  265.  
  266.   echo '
  267.      <div class="pull-left">
  268.        <input type="checkbox" name="remember" /><span class="remember_me">remember me</span>
  269.      </div>
  270.  
  271.      <div class="pull-right">
  272.        <a class="login_module" href="#"><span class="forgot_your_password">forgot your password?</span></a>
  273.      </div>
  274.  
  275.      <button type="submit" class="btn-login">Log In</button>
  276.    </form>
  277.  </center>
  278.  ';
  279. }
  280.  
  281. // check loginErrors before
  282. function checkLoginErrors() {
  283.   if (isset( $_SESSION['username'] )){
  284.       $_SESSION["username"] = $_COOKIE["username"];
  285.       redirect('index.php');
  286.   }
  287.   if(isset($_POST['username'], $_POST['password'])){
  288.       $username = $_POST['username'];
  289.       $password = $_POST['password'];
  290.       // $hash = password_hash($password, PASSWORD_DEFAULT);
  291.       $query = dbConnect()->prepare("SELECT password, activated FROM users WHERE username = :username");
  292.       $query->bindParam(':username', $username);
  293.       $query->execute();
  294.       $result = $query->fetch( PDO::FETCH_ASSOC );
  295.  
  296.       if ( $result == null ) {
  297.           echo "<p class='error'>username invalid</p>";
  298.       } else if ( $result['activated'] != "1" ) {
  299.           echo "<p class='info'>email not verified</p>";
  300.       }
  301.  
  302.       else {
  303.       $storedHash = $result["password"];
  304.       if (password_verify($password, $storedHash)) {
  305.  
  306.           if (isset( $_POST['remember'] )) {
  307.               setcookie("username", $username, time()+7889231); // 3 months
  308.           }
  309.  
  310.           $_SESSION['username'] = $username;
  311.           // notify user login was successful and exit();
  312.           echo "
  313.          <p class='success'>login successful</p>
  314.          <p class='info'>If you are not redirected, try to <a href='index.php'>refresh</a> your page.</p>
  315.          ";
  316.           // after 3 secs... redirect them to homepage where they
  317.           // will then appear logged in!
  318.           redirect("index.php");
  319.           } else {
  320.               echo "<p class='error'>password invalid</p>";
  321.           }
  322.       }
  323.   }
  324. }
  325.  
  326. // protect pages from users logged in
  327. function protect() {
  328.   // If user is logged in remove user from page
  329.   if(isset($_SESSION['username'])) {
  330.     echo '<p class="error">You are already logged in, no need to be here...</p>';
  331.     exit();
  332.   }
  333. }
  334.  
  335. // protect pages from users not logged in :?
  336. function protect2() {
  337.   if(!isset($_SESSION['username'])) {
  338.     echo '<p class="info">You are not logged in, you do not need to be here...</p>';
  339.     exit();
  340.   }
  341. }
  342.  
  343. // check for admin level & display module(s) for admins to post
  344. function adminModules() {
  345.  
  346.   //protect module from users not logged in
  347.   protect2();
  348.  
  349.   // variables for query below
  350.   // gets username of user logged in...
  351.   $username = $_SESSION['username'];
  352.  
  353.   // sets $author to username that is logged in
  354.   $author = $username;
  355.  
  356.   // gets current date
  357.   $current_date = date('F d, Y');
  358.  
  359.  
  360.   // setup query to get get users admin level
  361.   $getAdminLevel = dbConnect()->prepare("SELECT level FROM users WHERE username = :username");
  362.   // sets :username parameter to the $_SESSION username!
  363.   $getAdminLevel->bindParam(':username', $username);
  364.   // Execute the query
  365.   $getAdminLevel->execute();
  366.   // define admin level of user logged in (fetchs level column from user that is logged in & sets it as $adminLevel)
  367.   $adminLevel = $getAdminLevel->fetchColumn();
  368.  
  369.  
  370.   // if user is not an admin, exit!
  371.   if ($adminLevel == 0) {
  372.     exit();
  373.  
  374.   // closes if($adminLevel == 0) statement
  375.   // if user is not level 0 and is admin level, continue...
  376.   } else {
  377.  
  378.     // display module for admin to create post (level 1 module)
  379.     echo '
  380.  
  381.      <div class="container-fluid">
  382.  
  383.        <div class="row">
  384.  
  385.    <!-- stops echo that inserts div.container-fluid && div.row -->
  386.    ';
  387.  
  388.  
  389.           // if admin level == 1 : put in one lg-col-12 row
  390.           // if admin level == 2 : put in two lg-col-6 row
  391.           // if admin level == 3 : put in three lg-col-4 row
  392.  
  393.           // if user is level 1 admin : put in one lg-col-12 in row
  394.           if($adminLevel == 1) {
  395.  
  396.           echo '
  397.  
  398.          <div class="col-lg-12">
  399.  
  400.          <!-- closes echo tag that inserts div.col-lg-12 into div.row -->
  401.          ';
  402.  
  403.           // closes if($adminLevel == 1) statement
  404.           }
  405.  
  406.           // if user is level 2 admin : make col-lg-6
  407.           if($adminLevel == 2) {
  408.  
  409.           echo '
  410.  
  411.          <div class="col-lg-6">
  412.  
  413.          <!-- closes echo tag that inserts div.col-lg-6 into div.row -->
  414.          ';
  415.  
  416.           // closes if($adminLevel == 2) statement
  417.           }
  418.  
  419.           // if user is level 3 admin : make col-lg-4
  420.           if($adminLevel == 3) {
  421.  
  422.           echo '
  423.  
  424.          <div class="col-lg-4">
  425.  
  426.          <!-- closes echo tag that inserts div.col-lg-4 into div.row -->
  427.          ';
  428.  
  429.           // closes if($adminLevel == 3) statement
  430.           }
  431.  
  432.             ///////////////////////
  433.             // start lines here //
  434.             //                  //
  435.             //                  //
  436.             //                  //
  437.             // start lines here //
  438.             /////////////////////
  439.  
  440.             echo '
  441.  
  442.            <!-- heading here -->
  443.            <h3>Admin Level 1 Panel</h3>
  444.            <p>Use this module to create new posts</p>
  445.  
  446.            <!-- button for minimizing function -->
  447.            <button class="btn btn-default hideshow">show/hide</button>
  448.  
  449.            <div class="content">
  450.  
  451.              <form method="post" enctype="multipart/form-data" class="admin_module">
  452.  
  453.                <input class="input2" type="text" name="title" placeholder="Headline" required /><br />
  454.  
  455.                <input class="input2" type="text" name="date" value="' .$current_date. '" readonly /><br />
  456.                <input class="input2" type="text" name="author" value="' .$author. '" readonly /><br />
  457.  
  458.                <div class="input2">
  459.  
  460.                  <p>Select image to upload:</p>
  461.                  <input style="padding:3px;" type="file" name="image" id="image" />
  462.  
  463.                <!-- closes div.input2 for upload image "input"-->
  464.                </div>
  465.  
  466.                <textarea class="ta-summary input2" type="text" name="summary" placeholder="Summary" required></textarea><br />
  467.  
  468.                <button class="btn btn-default input2" type="submit" name="submit">Submit Post</button>
  469.  
  470.              <!-- closes form -->
  471.              </form>
  472.  
  473.            <!-- closes echo that contains heading and form for level 1 module -->
  474.            ';
  475.  
  476.             // checks to make sure image is valid && checks form for error(s)
  477.             include "includes/uploadPost.php";
  478.  
  479.             echo '
  480.  
  481.            <!-- closes div.content -->
  482.            </div>
  483.  
  484.          <!-- closes div.col-lg-? -->
  485.          </div>
  486.  
  487.            <!-- closes echo that contains closing tags for div.col-lg-? && div.content -->
  488.            ';
  489.  
  490.  
  491.  
  492.  
  493.  
  494.  
  495.  
  496.  
  497.  
  498.             /*
  499.             THAT IS ALL FOR ADMIN LEVEL 1 PANEL
  500.             */
  501.  
  502.  
  503.  
  504.  
  505.  
  506.  
  507.  
  508.  
  509.           // if user is level 2 or greater...
  510.           if($adminLevel > 1) {
  511.  
  512.             // if user is level 2 : use col-lg-6
  513.             // if user is level 3 : use col-lg-4
  514.  
  515.             // if user is level 2
  516.             if($adminLevel == 2) {
  517.  
  518.               // use col-lg-6
  519.               echo '
  520.              <div class="col-lg-6">
  521.              ';
  522.  
  523.             // closing tag for if($adminLevel == 2) statement
  524.             }
  525.  
  526.             // if user is level 3
  527.             if($adminLevel == 3) {
  528.  
  529.               // use col-lg-4
  530.               echo '
  531.              <div class="col-lg-4">
  532.              ';
  533.  
  534.             // closing tag for if($adminLevel == 3) statement
  535.             }
  536.  
  537.  
  538.  
  539.  
  540.  
  541.  
  542.  
  543.  
  544.  
  545.  
  546.  
  547.  
  548.  
  549.  
  550.  
  551.             // start query to fetch all users that are not admins!
  552.             $fetchNonAdmins = dbConnect()->prepare("SELECT * FROM users WHERE level < 1");
  553.             // execute the query
  554.             $fetchNonAdmins->execute();
  555.             // select all columns from query
  556.             $nonAdmins = $fetchNonAdmins->fetchAll();
  557.  
  558.  
  559.             // echo users that aren't admins...
  560.             echo '
  561.  
  562.            <!-- heading here -->
  563.            <h3>Admin Level 2 Panel</h3>
  564.            <p>Use this module to adjust regular user levels</p>
  565.  
  566.  
  567.            <!-- button for minimize action in js.js -->
  568.            <button class="btn btn-default hideshow2">show/hide</button>
  569.  
  570.  
  571.            <div class="content2">
  572.  
  573.              <div class="admin_module">
  574.  
  575.                <table class="nonAdmins" border="1">
  576.  
  577.                  <tr>
  578.  
  579.  
  580.                    <!-- header on the table to show which column is which -->
  581.                    <td class="table_header">ID</td>
  582.                    <td class="table_header">Username</td>
  583.                    <td class="table_header">Level 1</td>
  584.                    <td class="table_header">Level 2</td>
  585.  
  586.  
  587.                  <!-- 1st closing tag for tr -->
  588.                  </tr>
  589.  
  590.            ';
  591.  
  592.                 // start to fetch users that are not admins
  593.                 foreach($nonAdmins as $row) {
  594.  
  595.  
  596.                   // display content of table below (each users id, username, etc...)
  597.                   echo '
  598.  
  599.                  <tr>
  600.  
  601.                    <!-- displays each users id from database -->
  602.                    <td class="table_content">' .$row['id']. '</td>
  603.  
  604.                    <!-- displays each users username from database -->
  605.                    <td class="table_content">' .$row['username']. '</td>
  606.  
  607.  
  608.                    <td class="table_content">
  609.  
  610.                      <!-- displays button where it will change X user to level 1 admin level -->
  611.                      <form method="post" class="table_content_form">
  612.  
  613.                        <button class="btn btn-default" type="submit" name="changeLevel">Change to level 1</button>
  614.                        <input type="hidden" name="user_id" value="' .$row['id']. '" />
  615.                        <input type="hidden" name="user_level" value="1" />
  616.  
  617.                      <!-- closing tag to form where it will displays button to update users level to "1" -->
  618.                      </form>
  619.  
  620.                    <!-- closing tag to td that inserts form where button is displayed to update users to level 1 -->
  621.                    </td>
  622.  
  623.  
  624.                    <td class="table_content">
  625.  
  626.                      <form method="post" class="table_content_form">
  627.  
  628.                        <button class="btn btn-default" type="submit" name="changeLevel">Change to level 2</button>
  629.                        <input type="hidden" name="user_id" value="' .$row['id']. '" />
  630.                        <input type="hidden" name="user_level" value="2" />
  631.  
  632.                      <!-- closing tag to form -->
  633.                      </form>
  634.  
  635.                    <!-- closing tag to td that contains button to change user level to 2 -->
  636.                    </td>
  637.  
  638.  
  639.                  </tr>
  640.  
  641.                  <!-- closing tag for echo that displays details of each user that is not an admin -->
  642.                  ';
  643.  
  644.  
  645.                 // closing tag for foreach($nonAdmins as $row) statement
  646.                 }
  647.  
  648.             echo '
  649.  
  650.                <!-- closing tag for table -->
  651.                </table>
  652.  
  653.            <!-- closing tag for echo that inserts closing tag for table -->
  654.            ';
  655.  
  656.  
  657.             // if user hits a change level 1/2 button
  658.             if(isset($_POST['changeLevel'])) {
  659.  
  660.  
  661.               // set variables for query below
  662.               $userid = $_POST['user_id'];
  663.               $newLevel = $_POST['user_level'];
  664.  
  665.               // update users new level in database
  666.               $updateLevel = dbConnect()->prepare("UPDATE users SET level = :level WHERE id = :id");
  667.               // bind some parameters
  668.               $updateLevel->bindParam(':level', $newLevel);
  669.               $updateLevel->bindParam(':id', $userid);
  670.               // execute query
  671.               $updateLevel->execute();
  672.  
  673.               // echo success messsage & redirect??
  674.               echo '<p class="success">user with ID#' .$userid. ' has been updated to level ' .$newLevel. '! <a href="index.php">refresh</a> to update table(s)...</p>';
  675.  
  676.  
  677.             // closing tag for if(isset($_POST['changeLevel'])) statement
  678.             }
  679.  
  680.  
  681.             echo '
  682.  
  683.              <!-- closing tag for div.admin_module -->
  684.              </div>
  685.  
  686.            <!-- closing tag for div.content2 -->
  687.            </div>
  688.  
  689.              <!-- closing tag for col-lg-> -->
  690.              </div>
  691.  
  692.            <!-- closing tag for echo to insert closing tag for col-lg-? -->
  693.            ';
  694.  
  695.           // closing tag for if($adminLevel > 1) statement
  696.           }
  697.  
  698.  
  699.  
  700.  
  701.  
  702.           /* DONE WITH ADMIN LEVEL 2 PANEL HERE */
  703.           /* DONE WITH ADMIN LEVEL 2 PANEL HERE */
  704.           /* DONE WITH ADMIN LEVEL 2 PANEL HERE */
  705.  
  706.  
  707.  
  708.  
  709.           // if users level is greater then 2
  710.           if($adminLevel > 2) {
  711.  
  712.             echo '
  713.  
  714.            <div class="col-lg-4">
  715.  
  716.  
  717.              <!-- heading here-->
  718.              <h3>Admin Level 3 Panel</h3>
  719.              <p>Use this module to demote admins that are at least level 2</p>
  720.  
  721.  
  722.              <!-- button to minimize module -->
  723.              <button class="btn btn-default hideshow3">show/hide</button>
  724.  
  725.  
  726.              <div class="content3">
  727.  
  728.                <div class="admin_module">
  729.  
  730.  
  731.                  <!-- content here -->
  732.  
  733.  
  734.            ';
  735.  
  736.  
  737.                   // setup query to get users that are level 2
  738.                   $getLevel2Admins = dbConnect()->prepare("SELECT * FROM users WHERE LEVEL = 2");
  739.                   $getLevel2Admins->execute();
  740.                   $levelTwoAdmins = $getLevel2Admins->fetchAll();
  741.  
  742.  
  743.                   // content below this line!!
  744.                   echo '
  745.  
  746.                  <!-- this shows the top "titles" for the table -->
  747.                  <table class="nonAdmins" border="1">
  748.  
  749.                    <tr>
  750.  
  751.                      <td class="table_header">ID</td>
  752.                      <td class="table_header">Username</td>
  753.                      <td class="table_header">Level 1</td>
  754.                      <td class="table_header">Level 0</td>
  755.  
  756.                    <!-- closes tr tag -->
  757.                    </tr>
  758.  
  759.                  <!-- closes echo tag -->
  760.                  ';
  761.  
  762.  
  763.                     // for each level 2 user as $row2 variable
  764.                     foreach($levelTwoAdmins as $row2) {
  765.  
  766.                       echo '
  767.  
  768.                        <tr>
  769.  
  770.                          <!-- display each users id next to their name from database -->
  771.                          <td class="table_content">' .$row2['id']. '</td>
  772.                          <!-- display each users username -->
  773.                          <td class="table_content">' .$row2['username']. '</td>
  774.  
  775.  
  776.                          <td class="table_content">
  777.  
  778.                            <form method="post" class="table_content_form">
  779.  
  780.  
  781.                              <!-- button that demotes selected users level down to 1 -->
  782.                              <button class="btn btn-default" type="submit" name="demoteLevel">Demote to level 1</button>
  783.  
  784.                              <input type="hidden" name="user_id2" value="' .$row2['id']. '" />
  785.                              <input type="hidden" name="user_level2" value="1" />
  786.  
  787.  
  788.                            <!-- closes form -->
  789.                            </form>
  790.  
  791.                          <!-- closing tag for td -->
  792.                          </td>
  793.  
  794.  
  795.                          <td class="table_content">
  796.  
  797.                            <form method="post" class="table_content_form">
  798.  
  799.  
  800.                              <!-- button that demotes selected user to level 0 -->
  801.                              <button class="btn btn-default" type="submit" name="demoteLevel">Demote to level 0</button>
  802.  
  803.                              <input type="hidden" name="user_id2" value=" '.$row2['id'].' " />
  804.                              <input type="hidden" name="user_level2" value="0" />
  805.  
  806.  
  807.                            <!-- closes form -->
  808.                            </form>
  809.  
  810.                          <!-- closing td tag -->
  811.                          </td>
  812.  
  813.  
  814.                        <!-- closes tr tag that contains details of each user that is level 2 -->
  815.                        </tr>
  816.  
  817.                      <!-- closes echo tag -->
  818.                      ';
  819.  
  820.                     // closes foreach($levelTwoAdmins as $row2) statement
  821.                     }
  822.  
  823.  
  824.                     // if user hits demote level button
  825.                     if(isset($_POST['demoteLevel'])) {
  826.  
  827.  
  828.                       // set variables
  829.                       $userid2 = $_POST['user_id2'];
  830.                       $newLevel2 = $_POST['user_level2'];
  831.  
  832.                       // setup query to update user in that row to level accordingly
  833.                       $demoteLevel = dbConnect()->prepare("UPDATE users SET level = :level2 WHERE id = :id2");
  834.                       // bind parameters
  835.                       $demoteLevel->bindParam(':id2', $userid2);
  836.                       $demoteLevel->bindParam(':level2', $newLevel2);
  837.                       // execute query
  838.                       $demoteLevel->execute();
  839.  
  840.                       // echo success message and redirect...
  841.                       echo '<p class="success">user with ID#' .$userid2. ' has been demoted to level ' .$newLevel2. '! <a href="index.php">Refresh</a> to update table...</p>';
  842.  
  843.  
  844.                     // closing tag for if(isset($_POST['demoteLevel'])) statement
  845.                     }
  846.  
  847.  
  848.  
  849.                   echo '
  850.                  <!-- closes table -->
  851.                  </table>
  852.  
  853.  
  854.                  <!-- closes echo tag that contains content!! -->
  855.                  ';
  856.  
  857.  
  858.             echo '
  859.  
  860.  
  861.                <!-- closes div.admin_module -->
  862.                </div>
  863.  
  864.              <!-- closes div.content3 -->
  865.              </div>
  866.  
  867.  
  868.            <!-- closes div.col-lg-4 -->
  869.            </div>
  870.  
  871.            <!-- closing tag for echo that displays admin level 3 panel -->
  872.            ';
  873.  
  874.           // closing bracket for if($adminLevel > 2) statement
  875.           }
  876.  
  877.  
  878.     echo '
  879.  
  880.        <!-- closes div.row -->
  881.        </div>
  882.  
  883.      <!-- closes div.container-fluid -->
  884.      </div>
  885.  
  886.    <!-- closes echo tag that closes div.row && div.container-fluid -->
  887.    ';
  888.  
  889.   // closes else tag directly below if($adminLevel == 0) statement
  890.   // that determines what to do if user IS ADMIN!
  891.   }
  892.  
  893.  
  894.   // closes adminModule function
  895. }
  896.  
  897. // show posts here...
  898. function showPosts() {
  899.  
  900.   // run query to get everything from posts table in database.
  901.   $sql = "SELECT * FROM posts";
  902.   $get_posts = dbConnect()->prepare($sql);
  903.   $get_posts->execute();
  904.   $posts = $get_posts->fetchAll();
  905.  
  906.   // start table here
  907.   echo '
  908.  <table class="posts">
  909.    <tr class="heading">
  910.      <th class="heading">Topic</th>
  911.      <th class="heading">Published</th>
  912.      <th class="heading">Views</th>
  913.      <th class="heading">Author</th>
  914.    </tr>
  915.  ';
  916.  
  917.     foreach($posts as $row) {
  918.  
  919.       require 'core/config.php';
  920.  
  921.       $id = $row['id'];
  922.       $image = $row['image'];
  923.       $title = $row['title'];
  924.       $date = $row['date'];
  925.       $summary = $row['summary'];
  926.       $author = $row['author'];
  927.  
  928.       $random_integer = rand(514651661,3513216335121);
  929.  
  930.   echo '
  931.    <tr class="content">
  932.      <th class="posts_topic">
  933.        <img src="' .$posts_images_directory. '/' .$image. '" alt="posts_image" class="posts_image" />
  934.        <p class="posts_title">' .$title. '</p>
  935.  
  936.        <p class="posts_short_summary">
  937.          <!-- echos only first 200 characters of $summary -->
  938.          ' .substr($summary, 0, 50). '...
  939.        </p>
  940.  
  941.        <p class="read_more">
  942.          <!-- link to page where it shows entire post. -->
  943.          <a href="post.php?post=' .$id. '&?rand=' .$random_integer. '">read more</a>
  944.        </p>
  945.      </th>
  946.  
  947.      <th>
  948.        <p class="posts_date">' .$date. '</p>
  949.      </th>
  950.  
  951.      <th>
  952.        <!-- views -->
  953.        <p class="posts_views">451,251</p>
  954.      </th>
  955.  
  956.      <th>
  957.        <!-- author -->
  958.        <p class="posts_author">' .$author. '</p>
  959.      </th>
  960.    </tr>
  961.  ';
  962.  
  963.   // closes foreach $post as $row statement
  964.   }
  965.  
  966.   echo '
  967.  </table>
  968.  ';
  969.  
  970.   // closing tag for showPosts() function
  971. }
  972.  
  973. // function to redirect multiple times on one page
  974. function redirect($url) {
  975.   if (!headers_sent()) {
  976.     header('refresh:3;url='.$url);
  977.     exit;
  978.   } else {
  979.     echo '
  980.    <script type="text/javascript">
  981.      window.setTimeout(function () {
  982.        window.location.href="' .$url. '";
  983.      }, 3000);
  984.    </script>
  985.  
  986.    <noscript>
  987.      <meta http-equiv="refresh" content="0;url='.$url.'" />
  988.    </noscript>
  989.    '; exit;
  990.   }
  991. }
  992. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement