Online PHP editor | output for GYH0A

<?php require_once('config.php'); require_once('login.php'); if($_SESSION['admin']!=='true'){ header("Location: home.php?msg=Ehm, ehm. You are not admin or you logged out (if so, please log in again)."); echo "You are not admin so please behave yourself :)"; } elseif($_SESSION['admin']=='true'){ if($_GET['action']=='logout'){ unset($_SESSION['admin']); } elseif($_GET['action']=='adduser'){ if($_POST['adduser']){ $user_name = mysql_real_escape_string($_POST['user_name']); $pwd = mysql_real_escape_string($_POST['password']); $fullname = mysql_real_escape_string($_POST['fullname']); $rank = mysql_real_escape_string($_POST['rank']); if($rank=='1'){ $rank='teacher'; } else { $rank='student'; } $insert_query = "INSERT INTO $tbl_name (user_name, fullname, password, rank) VALUES ('$user_name', '$fullname', '$pwd', '$rank')"; $insert_result = mysql_query($insert_query) or die(mysql_error()); $responsemsg = "User has been added!"; } else { ?> <style> .admin { display:none; } </style> <form name="form2" method="post" action="admin.php?action=adduser"> <strong>Add a user </strong> Fullname: <input name="fullname" type="text" id="fullname" /> Username: <input name="user_name" type="text" id="user_name" /> Password: <input name="password" type="password" id="password" /> Rank: <input type="radio" value="2" name="rank" id="rank" /> Student <input type="radio" value="1" name="rank" id="rank" /> Teacher <input type="submit" name="Submit" value="Add" /></form> <?php } } elseif($_GET['action']=='deleteuser'){ if($_GET['user']){ $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); $query5 = "DELETE FROM $tbl_name WHERE user_name = '$user'"; $result = mysql_query( $query5 ) or die(mysql_error()); $responsemsg = "User has been deleted!"; } else { $qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')"; $fo = mysql_query($qfo) or die(mysql_error()); $rowfo = mysql_num_rows($fo); if ($rowfo == 0 ) { // no user echo "No users."; } else { echo "<style>.admin { display:none; } .back { display: block !important; }</style>"; while($users = mysql_fetch_array($fo)){ $user_name = $users['user_name']; $fullname = $users['fullname']; $rank = $users['rank']; $uid = $users['id']; $session = $users['session']; $class = $users['class']; echo "<div> ".$uid." ~ ".$fullname." (".$user_name.") of Class ".$class." and session ".$session." - ".$rank." | <a href='?action=deleteuser&user=".$user_name."'>Delete</a> - <a href='?action=viewpwd&user=".$user_name."'>View password</a></div>"; } } } elseif($_GET['action']=='viewpwd') { echo '<style>.admin { display:none; } .back { display: block !important; }</style>'; if($_GET['user']){ $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); $qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')"; $fo = mysql_query($qfo) or die(mysql_error()); $foundu = mysql_num_rows($fo); if($foundu=='0'){ echo "No such user found!"; } else { $userinfo = mysql_fetch_array($fo); $pwd = $userinfo['password']; echo "Password is: <b>".$pwd."</b>"; } } } ?> <?php if (isSet($_GET['msg'])){ echo "<span id='postmsg'>".htmlentities($_GET['msg'])."</span><br/>"; } ?> <?php if (isSet($responsemsg)){ echo "<span id='postmsg'>".htmlentities($responsemsg)."</span><br/>"; } ?> <div class="admin"> Welcome, <?=$_SESSION['fullname']?><br /> What you want to do? <a href="?action=adduser">Add a user</a> <a href="?action=deleteuser">View a user</a> <a href="?action=logout">Logout from admin panel</a> </div> <div class="back" style="display:none"> <a href="admin.php" >Go back</a> </div> <?php } ?>