API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 5th, 2017
201
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.78 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. ///fxbghacker
  3. session_start();
  4.  
  5. ///database connection
  6. $cstr = "mysql:host=127.0.0.1;dbname=orderadmin;charset=utf8";
  7. $cstr_opts = [
  8.         PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
  9.         PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
  10.         PDO::ATTR_EMULATE_PREPARES => false
  11. ];
  12.  
  13. $db = new PDO($cstr, "root", "", $cstr_opts);
  14.  
  15. if(@$_GET['action'])
  16. {
  17.     switch(@$_GET['action'])
  18.     {
  19.         case "logout":
  20.                 session_destroy();
  21.                 echo '<script>document.location.replace("admin.php");</script>';
  22.         break;
  23.  
  24.         case "work":
  25.             $id = filter_var($_POST['orderid'], FILTER_SANITIZE_STRING);
  26.             $q = $db->query("update orders set status = '1' where id = '".$id."'");
  27.             $q->execute();
  28.         break;
  29.     }
  30. }
  31.  
  32. if(@$_POST['user'] && @$_POST['pass'])
  33. {
  34.     $user = filter_var($_POST['user'], FILTER_SANITIZE_STRING);
  35.     $pass = md5($_POST['pass']);
  36.  
  37.     $q = $db->prepare("select user, pass from users where user = :user and pass = :pass");
  38.     $q->bindParam(":user", $user);
  39.     $q->bindParam(":pass", $pass);
  40.     $q->execute();
  41.  
  42.     if($q->fetch())
  43.     {
  44.         $_SESSION['logged_in'] = "true";
  45.         echo '<script>document.location.replace("admin.php");</script>';
  46.     }
  47. }
  48.  
  49. function getOrders($db)
  50. {
  51.     //gets the last 10 orders, descending
  52.     $q = $db->query("select * from orders where status = '0' order by id desc limit 10");
  53.     return $q->fetchAll();
  54. }
  55. ?>
  56. <!doctype html>
  57. <html lang="en">
  58. <head>
  59.     <title>Some page advertising itself</title>
  60.  
  61.     <style>
  62.     h1, h2
  63.     {
  64.         border-bottom:  1px solid #000;
  65.     }
  66.  
  67.     p
  68.     {
  69.         margin:1.5em;
  70.     }
  71.  
  72.     p.order
  73.     {
  74.         border:1px solid #000;
  75.         padding:1em;
  76.     }
  77.  
  78.     form
  79.     {
  80.         margin:1.5em;
  81.     }
  82.     </style>
  83. </head>
  84.  
  85. <body>
  86.         <?php
  87.             if(@$_SESSION['logged_in'] == "true")
  88.             {
  89.                 //logged in
  90.                 ?>
  91.  
  92.                 <h1>Admin panel</h1>
  93.                 <ul>
  94.                         <li><a href="?action=logout">Logout</a></li>
  95.                 </ul>
  96.  
  97.                 <h2>Orders</h2>
  98.  
  99.                 <p>
  100.                     <?php
  101.                     $orders = getOrders($db);
  102.                     foreach($orders as $order)
  103.                     {
  104.                         echo '<p class="order">
  105.                             Order id: '.$order['id'].'<br/>
  106.                             Order from: '.$order['fname'].' '.$order['lname'].'<br/>
  107.                             Order details: '.$order['service'].'
  108.  
  109.                                 <form method="post" action="?action=work"><input type="hidden" name="orderid" value="'.$order['id'].'"><button type="submit">Work on this order</button></form>
  110.                             </p>';
  111.                     }
  112.                     ?>
  113.                 </p>
  114.  
  115.                 <?php
  116.             } else {
  117.                 //not logged in
  118.                 ?>
  119.  
  120.                 <h1>Login</h1>
  121.                 <form method="post" action="?">
  122.                         <p>
  123.                             <label for="user">Username
  124.                                     <input type="text" name="user" />
  125.                             </label>
  126.                         </p>
  127.  
  128.                         <p>
  129.                             <label for="pass">Password
  130.                                     <input type="password" name="pass" />
  131.                             </label>
  132.                         </p>
  133.  
  134.                         <p>
  135.                                 <button type="submit">Login</button>
  136.                         </p>
  137.                 </form>
  138.  
  139.                 <?php
  140.             }
  141.         ?>
  142. </body>
  143.  
  144. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!