Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ///fxbghacker
- session_start();
- ///database connection
- $cstr = "mysql:host=127.0.0.1;dbname=orderadmin;charset=utf8";
- $cstr_opts = [
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
- PDO::ATTR_EMULATE_PREPARES => false
- ];
- $db = new PDO($cstr, "root", "", $cstr_opts);
- if(@$_GET['action'])
- {
- switch(@$_GET['action'])
- {
- case "logout":
- session_destroy();
- echo '<script>document.location.replace("admin.php");</script>';
- break;
- case "work":
- $id = filter_var($_POST['orderid'], FILTER_SANITIZE_STRING);
- $q = $db->query("update orders set status = '1' where id = '".$id."'");
- $q->execute();
- break;
- }
- }
- if(@$_POST['user'] && @$_POST['pass'])
- {
- $user = filter_var($_POST['user'], FILTER_SANITIZE_STRING);
- $pass = md5($_POST['pass']);
- $q = $db->prepare("select user, pass from users where user = :user and pass = :pass");
- $q->bindParam(":user", $user);
- $q->bindParam(":pass", $pass);
- $q->execute();
- if($q->fetch())
- {
- $_SESSION['logged_in'] = "true";
- echo '<script>document.location.replace("admin.php");</script>';
- }
- }
- function getOrders($db)
- {
- //gets the last 10 orders, descending
- $q = $db->query("select * from orders where status = '0' order by id desc limit 10");
- return $q->fetchAll();
- }
- ?>
- <!doctype html>
- <html lang="en">
- <head>
- <title>Some page advertising itself</title>
- <style>
- h1, h2
- {
- border-bottom: 1px solid #000;
- }
- p
- {
- margin:1.5em;
- }
- p.order
- {
- border:1px solid #000;
- padding:1em;
- }
- form
- {
- margin:1.5em;
- }
- </style>
- </head>
- <body>
- <?php
- if(@$_SESSION['logged_in'] == "true")
- {
- //logged in
- ?>
- <h1>Admin panel</h1>
- <ul>
- <li><a href="?action=logout">Logout</a></li>
- </ul>
- <h2>Orders</h2>
- <p>
- <?php
- $orders = getOrders($db);
- foreach($orders as $order)
- {
- echo '<p class="order">
- Order id: '.$order['id'].'<br/>
- Order from: '.$order['fname'].' '.$order['lname'].'<br/>
- Order details: '.$order['service'].'
- <form method="post" action="?action=work"><input type="hidden" name="orderid" value="'.$order['id'].'"><button type="submit">Work on this order</button></form>
- </p>';
- }
- ?>
- </p>
- <?php
- } else {
- //not logged in
- ?>
- <h1>Login</h1>
- <form method="post" action="?">
- <p>
- <label for="user">Username
- <input type="text" name="user" />
- </label>
- </p>
- <p>
- <label for="pass">Password
- <input type="password" name="pass" />
- </label>
- </p>
- <p>
- <button type="submit">Login</button>
- </p>
- </form>
- <?php
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement