1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
<?php
session_start();
/*
BooKa.php
This is the "main" file or "index" file
*/
if(file_exists("./cfg/lock.lock") == false){
header('Location: ./firstrun.php');
}
include "./inc/dbConnect.php";
include "./inc/head.php";
if($_SESSION[logedin]){
?>
<p><img src="./img/Logo.png" alt="BooKa´s logo" /></p>
<div class="menu">
<h1> Logedin <a href="./logout.php">[logout]</a> </h1>
<hr />
<p>
You are logged in.<br />
</p>
<hr />
<?php if($_GET[showadminpage]=="true"){ ?><h2> User registration </h2> <?php }?>
<p>
<?php
if($_SESSION[admin]){ //this section prpbobly needs re work?
if($_GET[showadminpage]=="true"){
echo "<a href='BooKa.php?showadminpage=false'>[hide adminpage]</a><br /> \n";
}
if($_GET[showadminpage]=="false" || $_GET[showadminpage] == null){
echo "<a href='BooKa.php?showadminpage=true'>[Show adminpage]</a><br /> \n";
}
} ?>
</p>
<?php
if($_SESSION[admin] == true && $_GET[showadminpage]== "true" ){
?>
<form action="BooKa.php?showadminpage=true" method="post" >
<p>
<input type="hidden" name="userreg" value="true" />
<label for="username">Name of the new user</label><input type="text" name="username" /><br />
<label for="password1">password of the new user</label><input type="password" name="password1" />
<label for="password2">password again</label><input type="password" name="password2" /><br />
<label for="isadmin">is this user a admin?</label> <input type="checkbox" name="isadmin" /><br />
<?php
//ifs and buts goes here
if($_POST[userreg]){
$canreg = true;
$query = "SELECT * FROM users WHERE username = '{$_POST[username]}';";
$userinfo = $db->query($query);
$newinfo = $userinfo->fetch();
if($newinfo[username] == $_POST[username]){
echo "<span class='warning'> username is already in use </span> <br />";
$canreg = false;
}
if($_POST[username] == null){
echo "<span class='warning'>you need to enter a new username </span> <br />";
$canreg = false;
}
if($_POST[password1] == null){
echo "<span class='warning'>you need to have a password <br /> </span>";
$canreg = false;
}
if($_POST[password2] != $_POST[password1]){
echo "<span class='warning'>passwords deos not match </span> <br />";
$canreg = false;
}
sleep(.5);//to prevent $conreg being true whun it should be false 0_o?
if($canreg){
if($_POST[isadmin]){
$group = 1;
}else {
$group = 2;
}
$username1 = $_POST[username];
$password1 = md5($_POST[password1]);
$db->queryExec("BEGIN;
INSERT INTO users (username, password, 'group')
VALUES('{$username1}' , '{$password1}', '{$group}');
COMMIT;") or die("could not do query");
echo $db->error;
echo "Registration of user {$_POST[username]} complite!";
}
}
?>
<input type="submit" /><br />
</p>
</form>
<?php
if($_SESSION[admin]){ //this section prpbobly needs re work?
if($_GET[showrmuser]=="true"){
echo "<a href='BooKa.php?showadminpage=true&showrmuser=false'>[Hide remove user page]</a><br /> \n";
}
if($_GET[showrmuser]=="false" || $_GET[showrmuser] == null){
echo "<a href='BooKa.php?showadminpage=true&showrmuser=true'>[Show remove user page]</a><br /> \n";
}
}
if($_GET[showrmuser]=="true"){
//table with user id, user name and a remove button goes here...
?>
<h2>DO NOT REMOVE THE LAST ADMIN PL0X!</h2>
<table> <!-- muckup tabell -->
<tr> <!-- row one -->
<td> uid </td>
<td> User Name </td>
<td> Admin </td>
<td> remove </td>
</tr> <!-- end of row one -->
<?php
$result = $db->query("SELECT * FROM users") or die("could not do query!");
foreach($result as $row){
?>
<tr> <!-- Row two and up -->
<td> <?php echo $row[id]?> </td>
<td> <?php echo $row[username]?> </td>
<td> <?php
if($row[group] == 1){
echo "Yes";
} else {
echo "no";
}
?> </td>
<td>
<form action="removeUser.php" method="post">
<p>
<input type="submit" value="remove" />
<input type="hidden" value="<? echo $row[id]?>" name="id"/>
</p>
</form>
</td>
</tr> <!-- end of row two and up -->
<?php
}
?>
</table>
<?php
}
}
?>
</div>
<?php
include "./dbEditor.php";
} else {
?>
<div class="head"><img src="./img/Logo.png" alt="BooKa´s logo" /></div>
<div class="menu">
<h1> Login </h1>
<hr />
<form action="login.php" method="post">
<p>
User name: <input type="text" name="userName" /> <br/>
Pass word: <input type="password" name="userPassword" /> <br />
<input type="hidden" name="login" value="true" />
<input type="submit" name="null" value="Login" />
</p>
</form>
<p>
All registrations are performed by admin.
</p>
</div>
<?php
}
include "./inc/foot.php";
?>
|