@ 2013-08-31T18:27:49Z <?php
require_once('config.php');
require_once('login.php');
if($_SESSION['admin']!=='true'){
header("Location: members.php?msg=Ehm, ehm. You are not admin or you logged out (if so, please log in again).");
echo "You are not admin so please behave yourself :)";
} elseif($_SESSION['admin']=='true'){
if($_GET['action']=='addresult'){
if($_GET['user']){
$user = mysql_real_escape_string($_GET['user']);
if($_POST){
if($_POST['subject1']){
$subject=$_POST['subject1'];
$marks=$_POST['marks1'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject2']){
$subject=$_POST['subject2'];
$marks=$_POST['marks2'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject3']){
$subject=$_POST['subject3'];
$marks=$_POST['marks3'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject4']){
$subject=$_POST['subject4'];
$marks=$_POST['marks4'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject5']){
$subject=$_POST['subject5'];
$marks=$_POST['marks5'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject6']){
$subject=$_POST['subject6'];
$marks=$_POST['marks6'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject7']){
$subject=$_POST['subject7'];
$marks=$_POST['marks7'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
if($_POST['subject8']){
$subject=$_POST['subject8'];
$marks=$_POST['marks8'];
mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error());
}
echo "Subject and marks added. Add more if you want!";
}
echo "<style>.admin { display:none; } .back { display: block !important; }</style><br />";
echo '<form method="POST" action="">';
for ($i = 1; $i <= 8; $i++) {
echo '<div style="border:1px solid #666;">Subject: <input type="text" name="subject'.$i.'" id="subject'.$i.'" placeholder="Subject name" /><br />
Marks: <input type="text" name="marks'.$i.'" id="marks'.$i.'" placeholder="Marks gained" /></div>';
}
echo '<input type="submit" value="Add" /></form>';
}
} elseif($_GET['action']=='updateresult'){
if($_GET['user']){
if($_POST){
foreach ($_POST as $name => $val){
if($name=='submit'){ break; }
//echo htmlspecialchars($name . ': ' . $val) . "\n";
mysql_query("UPDATE $tbl2 SET marks='$val' WHERE subject='$name'") or die(mysql_error());
}
echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br /> Record Updated!";
} else {
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
$qr = mysql_query("SELECT * FROM $tbl2 WHERE user_name='$user'");
$rr = mysql_num_rows($qr);
if($rr=='0'){
echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br /> No subjects added. You may need to add subjects first so <a href='?action=addresult&user=".$user."'>click here to do so</a>";
} else {
echo 'Total subjects: '.$rr;
echo '<br />
<form method="POST" action="" name="form21">';
while($s=mysql_fetch_array($qr)){
$subject=$s['subject'];
$marks=$s['marks'];
echo "<div style='border:1px solid #666;'> Subject: ".$subject."<br/>
Marks: <input name='".$subject."' type='text' id='".$subject."' value='".$marks."' /></div><br/>";
}
echo '<input type="submit" value="Update" /></form>';
}
}
}
} elseif($_GET['action']=='updateuser'){
if($_GET['user']){
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
if($_POST){
$pwd = mysql_real_escape_string($_POST['upassword']);
$fullname = mysql_real_escape_string($_POST['ufullname']);
$session = mysql_real_escape_string($_POST['usession']);
$class = mysql_real_escape_string($_POST['uclass']);
$campus = mysql_real_escape_string($_POST['ucampus']);
$fine = mysql_real_escape_string($_POST['ufine']);
$fee = mysql_real_escape_string($_POST['ufee']);
$attendance = mysql_real_escape_string($_POST['uattendance']);
$result_last = mysql_real_escape_string($_POST['uresult_last']);
$fone = mysql_real_escape_string($_POST['ufone']);
$addr = mysql_real_escape_string($_POST['uaddr']);
$email = mysql_real_escape_string($_POST['uemail']);
mysql_query("UPDATE $tbl_name SET fone='$fone', addr='$addr', email='$email', password='$pwd', fullname='$fullname', session='$session', class='$class', campus='$campus', fine='$fine', fee='$fee', attendance='$attendance', resul_last='$result_last' WHERE user_name='$user'") or die(mysql_error());
echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br />
User has been updated!";
} else {
$sql22="SELECT * FROM $tbl_name WHERE user_name='$user'";
$result22=mysql_query($sql22) or die(mysql_error());
$user22=mysql_fetch_array($result22);
?>
<style>.admin { display:none; } .back { display: block !important; }</style>
<form name="form3" method="post" action="">
<strong>Edit a user </strong><br/><br/>
Fullname: <input name="ufullname" type="text" id="ufullname" value="<?=$user22['fullname']?>" /><br/>
Password: <input name="upassword" type="password" id="upassword" value="<?=$user22['password']?>" /><br/>
<strong> If student:</strong><br/>
Session: <input name="usession" type="text" id="usession" value="<?=$user22['session']?>" /><br/>
Class: <input name="uclass" type="text" id="uclass" value="<?=$user22['class']?>" /><br/>
Campus: <input name="ucampus" type="text" id="ucampus" value="<?=$user22['campus']?>" /><br/>
Fine: <input name="ufine" type="text" id="ufine" value="<?=$user22['fine']?>" /><br/>
Fee status: <input name="ufee" type="text" id="ufee" value="<?=$user22['fee']?>" /><br/>
Attendance: <input name="uattendance" type="text" id="uattendance" value="<?=$user22['attendance']?>" /><br/>
Last month result: <input name="uresult_last" type="text" id="uresult_last" value="<?=$user22['resul_last']?>" /><br/>
Phone: <input name="ufone" type="text" id="ufone" value="<?=$user22['fone']?>" /><br/>
Address: <input name="uaddr" type="text" id="uaddr" value="<?=$user22['addr']?>" /><br/>
Email: <input name="uemail" type="text" id="uemail" value="<?=$user22['email']?>" /><br/>
<br/><input type="submit" name="Submit" value="Update" /></form>
<?php
}
}
} elseif($_GET['action']=='logout'){
unset($_SESSION['admin']);
header("Location: index.php?msg_gr=You have been logged out of the admin panel!");
} elseif($_GET['action']=='adduser'){
if($_POST['user_name_add']){
$user_name = mysql_real_escape_string($_POST['user_name_add']);
$pwd = mysql_real_escape_string($_POST['password']);
$fullname = mysql_real_escape_string($_POST['fullname']);
$rank = mysql_real_escape_string($_POST['rank']);
$session = mysql_real_escape_string($_POST['session']);
$class = mysql_real_escape_string($_POST['class']);
$campus = mysql_real_escape_string($_POST['campus']);
$fine = mysql_real_escape_string($_POST['fine']);
$fee = mysql_real_escape_string($_POST['fee']);
$attendance = mysql_real_escape_string($_POST['attendance']);
$result_last = mysql_real_escape_string($_POST['result_last']);
if($rank=='1'){
$rank='teacher';
} else {
$rank='student';
}
$insert_query = "INSERT INTO $tbl_name (user_name, fullname, password, session, class, campus, fine, fee, attendance, resul_last) VALUES ('$user_name', '$fullname', '$pwd', '$rank','$session', '$class', '$campus', '$fine', '$fee', '$attendance', '$result_last')";
$insert_result = mysql_query($insert_query) or die(mysql_error());
$responsemsg = "User has been added!";
echo '<style>.admin { display:none; } .back { display: block !important; }</style>';
} else {
?>
<style>.admin { display:none; } .back { display: block !important; }</style>
<form name="form2" method="post" action="admin.php?action=adduser">
<strong>Add a user </strong><br/><br/>
Fullname: <input name="fullname" type="text" id="fullname" /><br/>
Username: <input name="user_name_add" type="text" id="user_name_add" /><br/>
Password: <input name="password" type="password" id="password" /><br/>
Rank: <input type="radio" value="2" name="rank" id="rank" /> Student <input type="radio" value="1" name="rank" id="rank" /> Teacher<br />
<strong> If student:</strong><br/>
Session: <input name="session" type="text" id="session" /><br/>
Class: <input name="class" type="text" id="class" /><br/>
Campus: <input name="campus" type="text" id="campus" /><br/>
Fine: <input name="fine" type="text" id="fine" /><br/>
Fee status: <input name="fee" type="text" id="fee" /><br/>
Attendance: <input name="attendance" type="text" id="attendance" /><br/>
Last month result: <input name="result_last" type="text" id="result_last" /><br/>
<br/><input type="submit" name="Submit" value="Add" /></form>
<?php
}
} elseif($_GET['action']=='deleteuser'){
if($_GET['user']){
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
$query5 = "DELETE FROM $tbl_name WHERE user_name = '$user'";
$result = mysql_query( $query5 ) or die(mysql_error());
$responsemsg = "User has been deleted!";
} else {
$qfo = "SELECT * FROM $tbl_name WHERE (rank = 'teacher' OR rank = 'student')";
$fo = mysql_query($qfo) or die(mysql_error());
$rowfo = mysql_num_rows($fo);
echo "<style>.admin { display:none; } .back { display: block !important; }</style>";
if ($rowfo == 0 ) { // no user
echo "No users.";
} else {
while($users = mysql_fetch_array($fo)){
$user_name = $users['user_name'];
$fullname = $users['fullname'];
$rank = $users['rank'];
$uid = $users['id'];
$session = $users['session'];
$class = $users['class'];
echo "<div>
".$uid." ~ ".$fullname." (".$user_name.") of Class ".$class." and session ".$session." - ".$rank." | <a href='?action=deleteuser&user=".$user_name."'>Delete</a> - <a href='?action=viewpwd&user=".$user_name."'>View password</a> - <a href='?action=updateuser&user=".$user_name."'>Update profile</a> - <a href='?action=updateresult&user=".$user_name."'>Update result</a></div>";
}
}
}
} elseif($_GET['action']=='viewpwd') {
echo '<style>.admin { display:none; } .back { display: block !important; }</style>';
if($_GET['user']){
$user = $_GET['user']; // profile name.
$user = mysql_real_escape_string($user);
$qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')";
$fo = mysql_query($qfo) or die(mysql_error());
$foundu = mysql_num_rows($fo);
if($foundu=='0'){
echo "No such user found!";
} else {
$userinfo = mysql_fetch_array($fo);
$pwd = $userinfo['password'];
echo "Password is: <b>".$pwd."</b>";
}
}
}
?>
<?php if (isSet($_GET['msg'])){ echo "<span id='postmsg'>".htmlentities($_GET['msg'])."</span><br/>"; } ?>
<?php if (isSet($responsemsg)){ echo "<span id='postmsg'>".htmlentities($responsemsg)."</span><br/>"; } ?>
<div class="admin">
Welcome, <?=$_SESSION['fullname']?><br />
What you want to do? <br /><br />
<a href="?action=adduser&noredirect=1">Add a user</a><br />
<a href="?action=deleteuser&noredirect=1">View a user</a><br />
<a href="?action=logout&noredirect=1">Logout from admin panel</a><br />
</div>
<div class="back" style="display:none">
<a href="admin.php" >Go back</a><br />
</div>
<?php
}
?>
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.0.0 - 8.0.12 , 8.0.14 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.6 Warning: require_once(): open_basedir restriction in effect. File(config.php) is not within the allowed path(s): (/tmp:/in:/etc) in /in/Wnv7Q on line 2
Warning: require_once(config.php): Failed to open stream: Operation not permitted in /in/Wnv7Q on line 2
Fatal error: Uncaught Error: Failed opening required 'config.php' (include_path='.:') in /in/Wnv7Q:2
Stack trace:
#0 {main}
thrown in /in/Wnv7Q on line 2
Process exited with code 255 . Output for 8.0.13 Warning: require_once(config.php): Failed to open stream: No such file or directory in /in/Wnv7Q on line 2
Fatal error: Uncaught Error: Failed opening required 'config.php' (include_path='.:') in /in/Wnv7Q:2
Stack trace:
#0 {main}
thrown in /in/Wnv7Q on line 2
Process exited with code 255 . Output for 5.3.0 - 5.3.29 , 5.4.0 - 5.4.45 , 5.5.0 - 5.5.38 , 7.3.32 - 7.3.33 , 7.4.33 Warning: require_once(config.php): failed to open stream: No such file or directory in /in/Wnv7Q on line 2
Fatal error: require_once(): Failed opening required 'config.php' (include_path='.:') in /in/Wnv7Q on line 2
Process exited with code 255 . Output for 5.6.0 - 5.6.38 , 7.0.0 - 7.0.33 , 7.1.0 - 7.1.33 , 7.2.0 - 7.2.33 , 7.3.0 - 7.3.31 , 7.4.0 - 7.4.32 Warning: require_once(): open_basedir restriction in effect. File(config.php) is not within the allowed path(s): (/tmp:/in:/etc) in /in/Wnv7Q on line 2
Warning: require_once(config.php): failed to open stream: Operation not permitted in /in/Wnv7Q on line 2
Fatal error: require_once(): Failed opening required 'config.php' (include_path='.:') in /in/Wnv7Q on line 2
Process exited with code 255 . preferences:dark mode live preview
272.24 ms | 403 KiB | 399 Q