Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THIS IS THE AUTHENTICATION SCRIPT
- <?php
- session_start(); // Start a new session
- // Get the data passed from the form
- $username = $_POST['user'];
- $password = $_POST['pass'];
- // Do some basic sanitizing
- $username = stripslashes($username);
- $password = stripslashes($password);
- $sql = "select * from user where username = '$username' and password = '$password'";
- $result = mysql_query($sql) or die ( mysql_error() );
- $count = 0;
- while ($line = mysql_fetch_assoc($result)) {
- $count++;
- }
- if ($count == 1) {
- $_SESSION['loggedIn'] = "true";
- header("Location: ../admin.php"); // This is wherever you want to redirect the user to
- } else {
- $_SESSION['loggedIn'] = "false";
- header("Location: ../index.php"); // Wherever you want the user to go when they fail the login
- }
- ?>
- THE ADMIN AREA
- <?php
- session_start();
- if ($_SESSION['loggedIn'] != "true") {
- header("Location: admin.php");
- }
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <title>Japanese Proverbs</title>
- <meta charset="utf-8">
- <link rel="stylesheet" type="text/css" href="style.css" />
- <script language="javascript" src="js/jquery.js"></script>
- <script language="javascript" src="js/tweet.js" type="text/javascript"></script>
- <script type="text/javascript" src="js/vote.js"></script>
- <script type="text/javascript" src="js/contact.js"></script>
- <script language="javascript">
- $(function() {
- $("document").ready(function() {
- $(".tweet").tweet({
- username: "japaneseprov3rb",
- avatar_size: 32,
- count: 3,
- loading_text: "loading tweets..."
- });
- })
- //handles the showing and hiding submit div
- $(".showsubmission").click(function() {
- $("#submit_proverb").toggle('slow');
- })
- $("#submitbutton").click(function() {
- $("#submit_proverb").hide('fast');
- $('#submit_success').show('fast');
- setTimeout(function () {$('#submit_success').hide('slow');
- }, 60000);
- })
- //voting
- $('.up_click').click( function() { $.post('include/vote.php', { id: $(this).parent().data('post'), vote: 'up' }) });
- })
- </script>
- </head>
- <body>
- <div class="top_status"><div id="submit_success">Proverb has been submitted</div></div>
- <div id="wrapper">
- <div id="header">
- <?php include("include/header.php"); ?>
- <div id="menu">
- <?php include("include/menu.php"); ?>
- </div>
- </div>
- <div id="content">
- <div id="submit_proverb">
- <p>Submit a proverb. All proverbs will be reviewed and approved by a moderator.</p>
- <form method="post" action="include/insert.php">
- <label for="proverb"></label>
- <input name="proverb" type="text" id="proverb2" size="60">
- <input type="submit" value="Submit" id="submitbutton">
- </form>
- </div>
- <table width="600" border="1" align="center">
- <tr>
- <th width="80" scope="col">Proverb ID</th>
- <th width="326" scope="col">Submission</th>
- <th width="74" scope="col">Approve</th>
- </tr>
- <?php
- // Grabbing all of the unapproved proverbs
- $result = mysql_query("SELECT * FROM proverb WHERE statusid=0 ORDER BY rating DESC LIMIT 10") or die (mysql_error());
- while($row = mysql_fetch_array($result)) {
- $id =$row['ProverbID'];
- $rating = $row['Rating'];
- echo "<tr><td>" . $id . "</td>";
- //If malicious input somehow passes input validation, htmlspecialchars function is used to strip output
- echo "<td>" . $row['Message'] . "</td>";
- echo "<td><a href=\"include/do_approve.php?id=$id\" name=\"id\">Approve</a></td></tr>";
- }
- ?>
- </table>
- <p><a href="include/logout.php">Logout</a>
- </div>
- <div id="footer">
- <?php include("include/footer.php"); ?>
- </div>
- <?php include("include/contact.php"); ?>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement