Code:
<?php
/*------------------------------------------------------------------------------------------
$Revision: 1.5 $
$Date: 04/03/2008 $
--------------------------------------------------------------------------------------------*/
session_start();
//$valid_user=$_SESSION[valid_user];
include_once("../config.php");
include_once($GLOBALS['config']['root'].$GLOBALS['config']['root_lib']."Template.php");
include_once($GLOBALS['config']['root'].$GLOBALS['config']['root_lib']."functions.php");
$tpl = new Template();
$tpl->set('http_root', $GLOBALS['config']['http_root']);
$tpl->set('http_root_tpl', $_SESSION['conf']['template_http_root_dir']);
$tpl->set('http_root_img', $_SESSION['conf']['template_root_img']);
$tpl->set('http_root_tpl_img', $_SESSION['conf']['http_root_tpl_img']);
$tpl->set('root_tpl', $_SESSION['conf']['template_root_dir']);
$tpl->set('http_root_photos', $GLOBALS['config']['http_root_photos']);
$tpl->set('site_title', "");
/*
echo '<pre>';
print_r($HTTP_POST_VARS);
print 'GET:';
print_r($_GET);
print 'session:';
print_r($_SESSION);
echo '</pre>';
*/
if($_POST[a]=="login"){
// if the user has just tried to log in
$query = "SELECT * FROM users WHERE ID=0 ";
$result = @mysql_query($query);
$found=0;
while ($user_data = @mysql_fetch_array($result)) {
$user = $user_data[user];
$pass = $user_data[pass];
$uID = $user_data[ID];
}
// echo "user:".$user."/".$_POST['user']."--pass:".$pass."/".$_POST['password'];
if ($user==$_POST[user] && $pass==$_POST[password]){
//session_unset();// clean up the session variable, if already set
$_SESSION['valid_user'] = $user;
$_SESSION['access'] = $access;
$_SESSION['time'] = date("F j, Y, g:i a");
$_SESSION['uID'] = $uID;
// echo("seted:".$_SESSION['valid_user']);
}
else{
echo "<br><div align=center>you have entered the folowing <u>WRONG</u> info:<br> <b>user:</b> $_POST[user] <br> <b>password:</b> $_POST[password] </div>";
}
@mysql_free_result($result);
}
if($_GET[a]=="logout"){
session_unset();
session_destroy();
session_unregister('$valid_user');
echo "Logouted...<br><meta http-equiv=\"refresh\" content=\"7;URL=index.php\">";
unset($tpl);
die;
}
login_form($_SESSION[valid_user],$tpl);
admin_header($valid_user,$tpl);
//print $_SESSION[valid_user];
//$valid_user="ll";
// if AUTHORIZED
if(isset($_SESSION[valid_user])){
include('../config.php');
$go=$_GET['go'];
switch ($go){
case "add_file":
$tpl->set('title', ' ');
$objSC = New files;
if($_POST['saveit']!=""){
$_POST[filename]=$objSC->save_file($_FILES[file][name],$_FILES[file][tmp_name]);
$objSC->add($_POST,$last_id);
$tpl->set("title", " !");
$objSC->form("edit",$last_id,$tpl);
}else{ $objSC->form("add","",$tpl); }
break;
case "del_file":
$tpl->set('title', ' ');
$objSC = New files;
if($_GET[ID]!=""){
$objSC->del($_GET[ID]);
$tpl->set('title', ' !!! ');
}
$objSC->ls($tpl);
break;
case "edit_file":
$tpl->set('title', ' ');
$objSC = New files;
if($_POST['saveit']!=""){
$objSC->edit($_POST);
$tpl->set("title", " !");
}
$objSC->form("edit",$_GET[ID],$tpl);
break;
case "list_file":
if($_GET[extra]!="") $extrasql=" fldYear='".$_GET[extra]."' "; else $extrasql="";
$tpl->set('title', ' - ');
$objSC = New files;
$objSC->ls($tpl,$extrasql);
break;
case "zaglaven_text":
$tpl->set('title', ' ');
if($_POST[save]!=""){
$sql="
UPDATE `texts` SET
`text` = '".$_POST[texta]."'
WHERE `ID` ='1' LIMIT 1 ;
";
mysql_query($sql) or die("error saving text :".mysql_error());
}
$query = "SELECT * FROM texts WHERE ID='1' LIMIT 1 ";
$result = @mysql_query($query);
while ($row = @mysql_fetch_array($result, MYSQL_ASSOC)) {
$val=$row;
}
$tpl->set('val',$val);
$tpl->set('content', $tpl->fetch($_SESSION['conf']['template_root_dir'].'text_form.tpl'));
break;
case "year":
$tpl->set('title', '');
$objSC = New years;
if($_POST[save]!=""){
$objSC->add($_POST,&$last_id);
$tpl->set('title', '<strong>a </strong>');
}
if(is_numeric($_GET[delid]) AND $_GET[delid]!="") $objSC->del($_GET[delid]);
$objSC->form($tpl);
break;
case "change_pass":
/************************%%%[[[ change_pass ]]]%%%************************/
$tpl->set('title', ' ');
if($_POST[change_tha_pass]!=""){
$pass=$_POST['change_tha_pass'];
$sql="UPDATE `users` SET `pass` = '".$pass."' WHERE ID='0' LIMIT 1 ;" ;
mysql_query($sql);
$tpl->set('title', ' , !');
}
form_change_pass("index.php?go=change_pass",$tpl,"change_pass");
break;
}
// build inside admin SEARCH
/*
a_searcher($values);
$tpl->set("searcher", $values);
$short_search = $tpl->fetch($_SESSION['conf']['template_root_dir'].'admin/a_searcher.tpl');
$tpl->set("searcher", $short_search);
*/
//------- END SEARCH ---------
$tpl->set('menu', $tpl->fetch($_SESSION['conf']['template_root_dir']. 'admin/menu.tpl'));
$tpl->set('actiona', $actiona);
$utf_str = $tpl->fetch($_SESSION['conf']['template_root_dir']. 'admin/index.tpl');
echo $utf_str;
unset($tpl);
}
?>
Lenovo ThinkPad 15 IdeaPad 15
5th May 2023, 22:16 in