<?php
require_once('config.php');
require_once('login.php');
if($_SESSION['admin']!=='true'){
header("Location: home.php?msg=Ehm, ehm. You are not admin or you logged out (if so, please log in again).");
echo "You are not admin so please behave yourself :)";
} elseif($_SESSION['admin']=='true'){
if($_GET['action']=='logout'){
unset($_SESSION['admin']);
} elseif($_GET['action']=='adduser'){
if($_POST['adduser']){
$user_name = mysql_real_escape_string($_POST['user_name']);
$pwd = mysql_real_escape_string($_POST['password']);
$fullname = mysql_real_escape_string($_POST['fullname']);
$rank = mysql_real_escape_string($_POST['rank']);
if($rank=='1'){
$rank='teacher';
} else {
$rank='student';
}
$insert_query = "INSERT INTO $tbl_name (user_name, fullname, password, rank) VALUES ('$user_name', '$fullname', '$pwd', '$rank')";
$insert_result = mysql_query($insert_query) or die(mysql_error());
$responsemsg = "User has been added!";
} else {
?>
<style> .admin { display:none; } </style>
<form name="form2" method="post" action="admin.php?action=adduser">
<strong>Add a user </strong>
Fullname: <input name="fullname" type="text" id="fullname" />
Username: <input name="user_name" type="text" id="user_name" />
Password: <input name="password" type="password" id="password" />
Rank: <input type="radio" value="2" name="rank" id="rank" /> Student <input type="radio" value="1" name="rank" id="rank" /> Teacher
<input type="submit" name="Submit" value="Add" /></form>
<?php
}
} elseif($_GET['action']=='deleteuser'){
if($_GET['user']){
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
$query5 = "DELETE FROM $tbl_name WHERE user_name = '$user'";
$result = mysql_query( $query5 ) or die(mysql_error());
$responsemsg = "User has been deleted!";
} else {
$qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')";
$fo = mysql_query($qfo) or die(mysql_error());
$rowfo = mysql_num_rows($fo);
if ($rowfo == 0 ) { // no user
echo "No users.";
} else {
echo "<style>.admin { display:none; } .back { display: block !important; }</style>";
while($users = mysql_fetch_array($fo)){
$user_name = $users['user_name'];
$fullname = $users['fullname'];
$rank = $users['rank'];
$uid = $users['id'];
$session = $users['session'];
$class = $users['class'];
echo "<div>
".$uid." ~ ".$fullname." (".$user_name.") of Class ".$class." and session ".$session." - ".$rank." | <a href='?action=deleteuser&user=".$user_name."'>Delete</a> - <a href='?action=viewpwd&user=".$user_name."'>View password</a></div>";
}
}
} elseif($_GET['action']=='viewpwd') {
echo '<style>.admin { display:none; } .back { display: block !important; }</style>';
if($_GET['user']){
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
$qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')";
$fo = mysql_query($qfo) or die(mysql_error());
$foundu = mysql_num_rows($fo);
if($foundu=='0'){
echo "No such user found!";
} else {
$userinfo = mysql_fetch_array($fo);
$pwd = $userinfo['password'];
echo "Password is: <b>".$pwd."</b>";
}
}
}
?>
<?php if (isSet($_GET['msg'])){ echo "<span id='postmsg'>".htmlentities($_GET['msg'])."</span><br/>"; } ?>
<?php if (isSet($responsemsg)){ echo "<span id='postmsg'>".htmlentities($responsemsg)."</span><br/>"; } ?>
<div class="admin">
Welcome, <?=$_SESSION['fullname']?><br />
What you want to do?
<a href="?action=adduser">Add a user</a>
<a href="?action=deleteuser">View a user</a>
<a href="?action=logout">Logout from admin panel</a>
</div>
<div class="back" style="display:none">
<a href="admin.php" >Go back</a>
</div>
<?php
}
?>
- Output for 5.4.0 - 5.4.19, 5.5.0 - 5.5.3
- Parse error: syntax error, unexpected 'elseif' (T_ELSEIF) in /in/GYH0A on line 72
Process exited with code 255. - Output for 5.3.0 - 5.3.27
- Parse error: syntax error, unexpected T_ELSEIF in /in/GYH0A on line 72
Process exited with code 255.
preferences:
171.48 ms | 1395 KiB | 59 Q