run code in 150+ php & hhvm versions
Bugs & Features
<?php require_once('config.php'); require_once('login.php'); if($_SESSION['admin']!=='true'){ header("Location: members.php?msg=Ehm, ehm. You are not admin or you logged out (if so, please log in again)."); echo "You are not admin so please behave yourself :)"; } elseif($_SESSION['admin']=='true'){ if($_GET['action']=='addresult'){ if($_GET['user']){ $user = mysql_real_escape_string($_GET['user']); if($_POST){ if($_POST['subject1']){ $subject=$_POST['subject1']; $marks=$_POST['marks1']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject2']){ $subject=$_POST['subject2']; $marks=$_POST['marks2']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject3']){ $subject=$_POST['subject3']; $marks=$_POST['marks3']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject4']){ $subject=$_POST['subject4']; $marks=$_POST['marks4']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject5']){ $subject=$_POST['subject5']; $marks=$_POST['marks5']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject6']){ $subject=$_POST['subject6']; $marks=$_POST['marks6']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject7']){ $subject=$_POST['subject7']; $marks=$_POST['marks7']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } if($_POST['subject8']){ $subject=$_POST['subject8']; $marks=$_POST['marks8']; mysql_query("INERT INTO $tbl2 (user, subject, marks) VALUES ('$user', '$subject', '$marks'") or die(mysql_error()); } echo "Subject and marks added. Add more if you want!"; } echo "<style>.admin { display:none; } .back { display: block !important; }</style><br />"; echo '<form method="POST" action="">'; for ($i = 1; $i <= 8; $i++) { echo '<div style="border:1px solid #666;">Subject: <input type="text" name="subject'.$i.'" id="subject'.$i.'" placeholder="Subject name" /><br /> Marks: <input type="text" name="marks'.$i.'" id="marks'.$i.'" placeholder="Marks gained" /></div>'; } echo '<input type="submit" value="Add" /></form>'; } } elseif($_GET['action']=='updateresult']){ if($_GET['user']){ if($_POST){ foreach ($_POST as $name => $val){ if($name=='submit'){ break; } //echo htmlspecialchars($name . ': ' . $val) . "\n"; mysql_query("UPDATE $tbl2 SET marks='$val' WHERE subject='$name'") or die(mysql_error()); } echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br /> Record Updated!"; } else { $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); $qr = mysql_query("SELECT * FROM $tbl2 WHERE user_name='$user'"); $rr = mysql_num_rows($qr); if($rr=='0'){ echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br /> No subjects added. You may need to add subjects first so <a href='?action=addresult&user=".$user."'>click here to do so</a>"; } else { echo 'Total subjects: '.$rr; echo '<br /> <form method="POST" action="" name="form21">'; while($s=mysql_fetch_array($qr)){ $subject=$s['subject']; $marks=$s['marks']; echo "<div style='border:1px solid #666;'> Subject: ".$subject."<br/> Marks: <input name='".$subject."' type='text' id='".$subject."' value='".$marks."' /></div><br/>"; } echo '<input type="submit" value="Update" /></form>'; } } } } elseif($_GET['action']=='updateuser'){ if($_GET['user']){ $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); if($_POST){ $pwd = mysql_real_escape_string($_POST['upassword']); $fullname = mysql_real_escape_string($_POST['ufullname']); $session = mysql_real_escape_string($_POST['usession']); $class = mysql_real_escape_string($_POST['uclass']); $campus = mysql_real_escape_string($_POST['ucampus']); $fine = mysql_real_escape_string($_POST['ufine']); $fee = mysql_real_escape_string($_POST['ufee']); $attendance = mysql_real_escape_string($_POST['uattendance']); $result_last = mysql_real_escape_string($_POST['uresult_last']); $fone = mysql_real_escape_string($_POST['ufone']); $addr = mysql_real_escape_string($_POST['uaddr']); $email = mysql_real_escape_string($_POST['uemail']); mysql_query("UPDATE $tbl_name SET fone='$fone', addr='$addr', email='$email', password='$pwd', fullname='$fullname', session='$session', class='$class', campus='$campus', fine='$fine', fee='$fee', attendance='$attendance', resul_last='$result_last' WHERE user_name='$user'") or die(mysql_error()); echo "<style>.admin { display:none; } .back { display: block !important; }</style> <br /> User has been updated!"; } else { $sql22="SELECT * FROM $tbl_name WHERE user_name='$user'"; $result22=mysql_query($sql22) or die(mysql_error()); $user22=mysql_fetch_array($result22); ?> <style>.admin { display:none; } .back { display: block !important; }</style> <form name="form3" method="post" action=""> <strong>Edit a user </strong><br/><br/> Fullname: <input name="ufullname" type="text" id="ufullname" value="<?=$user22['fullname']?>" /><br/> Password: <input name="upassword" type="password" id="upassword" value="<?=$user22['password']?>" /><br/> <strong> If student:</strong><br/> Session: <input name="usession" type="text" id="usession" value="<?=$user22['session']?>" /><br/> Class: <input name="uclass" type="text" id="uclass" value="<?=$user22['class']?>" /><br/> Campus: <input name="ucampus" type="text" id="ucampus" value="<?=$user22['campus']?>" /><br/> Fine: <input name="ufine" type="text" id="ufine" value="<?=$user22['fine']?>" /><br/> Fee status: <input name="ufee" type="text" id="ufee" value="<?=$user22['fee']?>" /><br/> Attendance: <input name="uattendance" type="text" id="uattendance" value="<?=$user22['attendance']?>" /><br/> Last month result: <input name="uresult_last" type="text" id="uresult_last" value="<?=$user22['resul_last']?>" /><br/> Phone: <input name="ufone" type="text" id="ufone" value="<?=$user22['fone']?>" /><br/> Address: <input name="uaddr" type="text" id="uaddr" value="<?=$user22['addr']?>" /><br/> Email: <input name="uemail" type="text" id="uemail" value="<?=$user22['email']?>" /><br/> <br/><input type="submit" name="Submit" value="Update" /></form> <?php } } } elseif($_GET['action']=='logout'){ unset($_SESSION['admin']); header("Location: index.php?msg_gr=You have been logged out of the admin panel!"); } elseif($_GET['action']=='adduser'){ if($_POST['user_name_add']){ $user_name = mysql_real_escape_string($_POST['user_name_add']); $pwd = mysql_real_escape_string($_POST['password']); $fullname = mysql_real_escape_string($_POST['fullname']); $rank = mysql_real_escape_string($_POST['rank']); $session = mysql_real_escape_string($_POST['session']); $class = mysql_real_escape_string($_POST['class']); $campus = mysql_real_escape_string($_POST['campus']); $fine = mysql_real_escape_string($_POST['fine']); $fee = mysql_real_escape_string($_POST['fee']); $attendance = mysql_real_escape_string($_POST['attendance']); $result_last = mysql_real_escape_string($_POST['result_last']); if($rank=='1'){ $rank='teacher'; } else { $rank='student'; } $insert_query = "INSERT INTO $tbl_name (user_name, fullname, password, session, class, campus, fine, fee, attendance, resul_last) VALUES ('$user_name', '$fullname', '$pwd', '$rank','$session', '$class', '$campus', '$fine', '$fee', '$attendance', '$result_last')"; $insert_result = mysql_query($insert_query) or die(mysql_error()); $responsemsg = "User has been added!"; echo '<style>.admin { display:none; } .back { display: block !important; }</style>'; } else { ?> <style>.admin { display:none; } .back { display: block !important; }</style> <form name="form2" method="post" action="admin.php?action=adduser"> <strong>Add a user </strong><br/><br/> Fullname: <input name="fullname" type="text" id="fullname" /><br/> Username: <input name="user_name_add" type="text" id="user_name_add" /><br/> Password: <input name="password" type="password" id="password" /><br/> Rank: <input type="radio" value="2" name="rank" id="rank" /> Student <input type="radio" value="1" name="rank" id="rank" /> Teacher<br /> <strong> If student:</strong><br/> Session: <input name="session" type="text" id="session" /><br/> Class: <input name="class" type="text" id="class" /><br/> Campus: <input name="campus" type="text" id="campus" /><br/> Fine: <input name="fine" type="text" id="fine" /><br/> Fee status: <input name="fee" type="text" id="fee" /><br/> Attendance: <input name="attendance" type="text" id="attendance" /><br/> Last month result: <input name="result_last" type="text" id="result_last" /><br/> <br/><input type="submit" name="Submit" value="Add" /></form> <?php } } elseif($_GET['action']=='deleteuser'){ if($_GET['user']){ $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); $query5 = "DELETE FROM $tbl_name WHERE user_name = '$user'"; $result = mysql_query( $query5 ) or die(mysql_error()); $responsemsg = "User has been deleted!"; } else { $qfo = "SELECT * FROM $tbl_name WHERE (rank = 'teacher' OR rank = 'student')"; $fo = mysql_query($qfo) or die(mysql_error()); $rowfo = mysql_num_rows($fo); echo "<style>.admin { display:none; } .back { display: block !important; }</style>"; if ($rowfo == 0 ) { // no user echo "No users."; } else { while($users = mysql_fetch_array($fo)){ $user_name = $users['user_name']; $fullname = $users['fullname']; $rank = $users['rank']; $uid = $users['id']; $session = $users['session']; $class = $users['class']; echo "<div> ".$uid." ~ ".$fullname." (".$user_name.") of Class ".$class." and session ".$session." - ".$rank." | <a href='?action=deleteuser&user=".$user_name."'>Delete</a> - <a href='?action=viewpwd&user=".$user_name."'>View password</a> - <a href='?action=updateuser&user=".$user_name."'>Update profile</a> - <a href='?action=updateresult&user=".$user_name."'>Update result</a></div>"; } } } } elseif($_GET['action']=='viewpwd') { echo '<style>.admin { display:none; } .back { display: block !important; }</style>'; if($_GET['user']){ $user = $_GET['user']; // profile name. $user = mysql_real_escape_string($user); $qfo = "SELECT * FROM $tbl_name WHERE user_name = '$user' AND (rank = 'teacher' OR rank = 'student')"; $fo = mysql_query($qfo) or die(mysql_error()); $foundu = mysql_num_rows($fo); if($foundu=='0'){ echo "No such user found!"; } else { $userinfo = mysql_fetch_array($fo); $pwd = $userinfo['password']; echo "Password is: <b>".$pwd."</b>"; } } } ?> <?php if (isSet($_GET['msg'])){ echo "<span id='postmsg'>".htmlentities($_GET['msg'])."</span><br/>"; } ?> <?php if (isSet($responsemsg)){ echo "<span id='postmsg'>".htmlentities($responsemsg)."</span><br/>"; } ?> <div class="admin"> Welcome, <?=$_SESSION['fullname']?><br /> What you want to do? <br /><br /> <a href="?action=adduser&noredirect=1">Add a user</a><br /> <a href="?action=deleteuser&noredirect=1">View a user</a><br /> <a href="?action=logout&noredirect=1">Logout from admin panel</a><br /> </div> <div class="back" style="display:none"> <a href="admin.php" >Go back</a><br /> </div> <?php } ?>
Output for 5.3.0 - 5.4.19
Parse error: syntax error, unexpected ']' in /in/eQ3nl on line 75
Process exited with code 255.