OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
reader
/
knaadu
/
cms
/
process
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
01/14/2024 11:47:41 AM
rwxr-xr-x
📄
chk.login.php
936 bytes
12/18/2021 04:01:00 AM
rwxr-xr-x
📄
get.section.article.php
41.34 KB
01/14/2024 11:25:58 AM
rw-r--r--
📄
get.section.author.php
12.17 KB
12/28/2021 03:21:00 AM
rwxr-xr-x
📄
get.section.category.php
9.29 KB
12/18/2021 04:01:00 AM
rwxr-xr-x
📄
get.section.general.php
32.43 KB
02/21/2023 05:59:26 AM
rwxr-xr-x
📄
get.section.issue.php
16.68 KB
12/28/2021 02:59:00 AM
rwxr-xr-x
📄
get.section.tag.php
8.79 KB
12/18/2021 04:29:00 AM
rwxr-xr-x
📄
get.section.user.php
14.23 KB
12/18/2021 04:13:00 AM
rwxr-xr-x
📄
get.section.volume.php
12 KB
12/18/2021 04:01:00 AM
rwxr-xr-x
📄
logout.php
93 bytes
12/18/2021 04:01:00 AM
rwxr-xr-x
📄
upload.php
2.3 KB
12/20/2021 11:28:00 PM
rwxr-xr-x
Editing: get.section.user.php
Close
<? // ACCS Journal: CMS User include '../inc/validate.logged.php'; include '../../inc/config.php'; $act = ''; if (!empty($_POST)) $act = isset($_POST["act"]) ? $_POST["act"] : ''; // Check if already exists on creation if ($act == 'chkExist') { $editId = isset($_POST['editId']) ? $_POST['editId'] : ''; $userEmail = isset($_POST['userEmail']) ? $_POST['userEmail'] : ''; if ($userEmail != '') { if ($editId == '') { $sql = "SELECT user_id FROM users WHERE user_email='$userEmail'"; } else { $sql = "SELECT user_id FROM users WHERE user_email='$userEmail' AND user_id<>$editId"; } $result = mysqli_query($dbpro, $sql); $numRows = mysqli_num_rows($result); if ($numRows == 0) { echo 'OK'; } else { echo 'ERROR: User email already exists!'; } } } // Add if ($act == 'add') { $userName = isset($_POST['userName']) ? trim($_POST['userName']) : ''; $userPassword = isset($_POST['userPassword']) ? trim($_POST['userPassword']) : ''; $userEmail = isset($_POST['userEmail']) ? trim($_POST['userEmail']) : ''; $userPhone = isset($_POST['userPhone']) ? trim($_POST['userPhone']) : ''; $isAdmin = isset($_POST['isAdmin']) ? trim($_POST['isAdmin']) : ''; $isActive = isset($_POST['isActive']) ? trim($_POST['isActive']) : ''; if ($userName != '' && $userPassword != '' && $userEmail != '') { $sql = "INSERT INTO users(user_name,user_email,user_phone,user_password,created_id,is_admin,is_active,date_created) VALUES('$userName','$userEmail','$userPhone','$userPassword',$gUserId,$isAdmin,$isActive,Now())"; mysqli_query($dbpro, $sql); echo "OK"; } } // Update if ($act == 'edit') { $editId = isset($_POST['editId']) ? $_POST['editId'] : ''; $userName = isset($_POST['userName']) ? trim($_POST['userName']) : ''; $userPassword = isset($_POST['userPassword']) ? trim($_POST['userPassword']) : ''; $userEmail = isset($_POST['userEmail']) ? trim($_POST['userEmail']) : ''; $userPhone = isset($_POST['userPhone']) ? trim($_POST['userPhone']) : ''; $isAdmin = isset($_POST['isAdmin']) ? trim($_POST['isAdmin']) : ''; $isActive = isset($_POST['isActive']) ? trim($_POST['isActive']) : ''; if ($editId != '' && $userName != '' && $userPassword != '' && $userEmail != '') { $sql = "UPDATE users SET user_name='$userName',user_password='$userPassword',user_email='$userEmail',user_phone='$userPhone',modified_id=$gUserId,is_admin=$isAdmin,is_active=$isActive,date_modified=Now() WHERE user_id=$editId"; mysqli_query($dbpro, $sql); echo "OK"; } } // Deactivate if ($act == 'delete') { $delId = isset($_POST['delId']) ? $_POST['delId'] : ''; if ($delId != '') { $sql = "UPDATE users SET is_active=0,modified_id=$gUserId,date_modified=Now() WHERE user_id=$delId"; mysqli_query($dbpro, $sql); echo "OK"; } } // Show Add if ($act == 'addForm') { ?> <form id="frmAdd" name="frmAdd"> <div class="card mt-3"> <div class="card-header">Add New User</div> <div class="card-body"> <div class="form-row"> <div class="form-group col-md-6"> <label for="userName">User</label> <input type="text" class="form-control" id="userName" name="userName" maxlength="100" /> </div> <div class="form-group col-md-6"> <label for="userPassword">Password</label> <input type="text" class="form-control" id="userPassword" name="userPassword" maxlength="20" /> </div> </div> <div class="form-row"> <div class="form-group col-md-6"> <label for="userEmail">Email</label> <input type="email" class="form-control" id="userEmail" name="userEmail" maxlength="100" /> </div> <div class="form-group col-md-6"> <label for="userPhone">Phone</label> <input type="text" class="form-control" id="userPhone" name="userPhone" maxlength="10" /> </div> </div> <div class="form-row"> <div class="form-group col-md-6"> <label for="isAdmin">Admin</label> <div class="form-check form-check-inline ml-0 ml-sm-4 w-50"> <label class="form-control radio-inline border-0"><input type="radio" id="isAdmin" name="isAdmin" value="1"> Yes</label> <label class="form-control radio-inline border-0"><input type="radio" id="isAdmin" name="isAdmin" value="0" CHECKED> No</label> </div> </div> <div class="form-group col-md-6"> <label for="isActive">Status</label> <div class="form-check form-check-inline ml-0 ml-sm-4 w-50"> <label class="form-control radio-inline border-0"><input type="radio" id="isActive" name="isActive" value="1" CHECKED> Active</label> <label class="form-control radio-inline border-0"><input type="radio" id="isActive" name="isActive" value="0"> Inactive</label> </div> </div> </div> </div> <div class="card-footer"> <button type="submit" class="btn btn-primary" onclick="return chkAddUser()">Add</button> <div id="panelStatus" class="float-right text-sm text-danger" style="margin-top:5px" align="right"></div> </div> <input type="hidden" id="act" name="act" value="add" /> </div> </form> <? } // Show Edit if ($act == 'editForm') { $isValid = 0; $userId = isset($_POST['id']) ? $_POST['id'] : ''; $sql = "SELECT * FROM users WHERE user_id=$userId"; $result = mysqli_query($dbpro, $sql); $numRows = mysqli_num_rows($result); if ($numRows > 0) { $row = mysqli_fetch_assoc($result); $userName = $row['user_name']; $userPassword = $row['user_password']; $userEmail = $row['user_email']; $userPhone = $row['user_phone']; $isAdmin = $row['is_admin']; $isActive = $row['is_active']; $isValid = 1; } ?> <div class="popup" style="width:500px"> <div class="widget"> <form id="frmEdit" name="frmEdit"> <div class="card"> <div class="card-header">Edit User</div> </div> <div id="widgetEdit_B" style="padding:15px 25px"> <? if($isValid == 1) { ?> <div class="form-row"> <div class="form-group col-md-6"> <label for="userName">User</label> <input type="text" class="form-control" id="userName" name="userName" value="<?=$userName?>" maxlength="100" /> </div> <div class="form-group col-md-6"> <label for="userPassword">Password</label> <input type="text" class="form-control" id="userPassword" name="userPassword" value="<?=$userPassword?>" maxlength="20" /> </div> </div> <div class="form-row"> <div class="form-group col-md-6"> <label for="userEmail">Email</label> <input type="email" class="form-control" id="userEmail" name="userEmail" value="<?=$userEmail?>" maxlength="100" /> </div> <div class="form-group col-md-6"> <label for="userPhone">Phone</label> <input type="text" class="form-control" id="userPhone" name="userPhone" value="<?=$userPhone?>" maxlength="10" /> </div> </div> <div class="form-row"> <div class="form-group col-md-6"> <label for="isAdmin">Admin</label> <div class="form-check form-check-inline ml-0 ml-sm-4 w-50"> <label class="w-75 radio-inline"><input type="radio" id="isAdmin" name="isAdmin" value="1"<? if ($isAdmin == 1) {?> CHECKED<? } ?>> Yes</label> <label class="w-75 radio-inline"><input type="radio" id="isAdmin" name="isAdmin" value="0"<? if ($isAdmin == 0) {?> CHECKED<? } ?>> No</label> </div> </div> <div class="form-group col-md-6"> <label for="isActive">Status</label> <div class="form-check form-check-inline ml-0 ml-sm-4 w-50"> <label class="w-100 radio-inline"><input type="radio" id="isActive" name="isActive" value="1"<? if ($isActive == 1) {?> CHECKED<? } ?>> Active</label> <label class="w-100 radio-inline"><input type="radio" id="isActive" name="isActive" value="0"<? if ($isActive == 0) {?> CHECKED<? } ?>> Inactive</label> </div> </div> </div> <? } ?> </div> <div id="widgetEdit_F" style="border-top:1px solid #ebedf2;padding:20px 15px;"> <div class="col"> <button type="submit" class="btn btn-primary" onclick="return chkEditUser()">Update</button> <button type="submit" class="btn btn-light ml-1" onclick="return clearForm('frmEdit')">Reset</button> <div id="panelStatus" class="float-right text-sm text-danger" style="margin-top:5px" align="right"></div> </div> </div> <input type="hidden" id="editId" name="editId" value="<?=$userId?>" /> <input type="hidden" id="act" name="act" value="edit" /> </form> </div> </div> <? } // Show Deactivate if ($act == 'delForm') { $isValid = 0; $userId = isset($_POST['id']) ? $_POST['id'] : ''; $sql = "SELECT user_name FROM users WHERE user_id=$userId"; $result = mysqli_query($dbpro, $sql); $numRows = mysqli_num_rows($result); if ($numRows > 0) { $row = mysqli_fetch_assoc($result); $userName = $row['user_name']; $isValid = 1; } ?> <div class="popup" style="width:480px"> <div class="widget"> <form id="frmDel" name="frmDel"> <div class="card"> <div class="card-header">Deactivate User</div> </div> <div id="widgetDel_B" style="padding:15px 25px"> <? if($isValid == 1) { ?> You are about to deactivate User: <b><?=$userName?></b> <? } ?> </div> <div id="widgetDel_F" style="border-top:1px solid #ebedf2;padding:20px 15px;"> <div class="col"> <button type="submit" class="btn btn-primary" onclick="return chkDelUser()">Confirm</button> <div id="panelStatus" class="float-right text-sm text-danger" style="margin-top:5px" align="right"></div> </div> </div> <input type="hidden" id="delId" name="delId" value="<?=$userId?>" /> <input type="hidden" id="act" name="act" value="delete" /> </form> </div> </div> <? } // Search Form if ($act == 'search') { ?> <ol class="breadcrumb mt-4 mb-3"> <li class="breadcrumb-item"><a href="dashboard.php">Dashboard</a></li> <li class="breadcrumb-item active">CMS Users</li> </ol> <form id="frmSearch" name="frmSearch"> <? if ($gUserAdmin) { ?> <button type="button" class="btn btn-secondary mb-2 float-right" onclick="addUser()"><i class="fas fa-plus"></i> Add New User</button> <br clear="all" /> <? } ?> <div class="card"> <div class="card-header">Search Users</div> <div class="card-body"> <div class="form-inline"> <div class="form-group mr-2"> <label for="srcIsActive" class="col-form-label-sm">Status</label> <div class="form-check form-check-inline ml-0 ml-sm-4"> <label class="form-control radio-inline border-0 pl-1"><input type="radio" id="srcIsActive" name="srcIsActive" value="1"> Active</label> <label class="form-control radio-inline border-0 pl-1"><input type="radio" id="srcIsActive" name="srcIsActive" value="0"> Inactive</label> <label class="form-control radio-inline border-0 pl-1"><input type="radio" id="srcIsActive" name="srcIsActive" value="" CHECKED> All</label> </div> </div> <div class="col text-right"> <button type="submit" class="btn btn-primary mt-2 mt-sm-0" onclick="return searchUser()">Show</button> </div> </div> </div> </div> <input type="hidden" id="act" name="act" value="searchResults" /> </form> <div id="panelSearch"></div> <? } // Search Result if ($act == 'searchResults') { $pageNum = isset($_POST["pageNum"]) ? $_POST["pageNum"] : 1; $srcIsActive = isset($_POST["srcIsActive"]) ? $_POST["srcIsActive"] : ''; $numRecords = 50; $startOrder = (($pageNum - 1) * $numRecords); $sql = "SELECT SQL_CALC_FOUND_ROWS * FROM users WHERE user_id>0"; if ($srcIsActive == '0') $sql .= " AND is_active=0"; if ($srcIsActive == '1') $sql .= " AND is_active=1"; $sql .= " ORDER BY user_name LIMIT " . $startOrder . "," . ($numRecords+1); $result = mysqli_query($dbpro, $sql); $numRows = mysqli_num_rows($result); $sql = "SELECT FOUND_ROWS()"; $resultCount = mysqli_query($dbpro, $sql); $rowCount = mysqli_fetch_array($resultCount); $totalCount = $rowCount[0]; if ($numRows == 0) { echo '<div class="m-2">No results found!</div>'; } else { ?> <table class="table table-sm mt-3"> <thead class="thead-light"> <tr> <th width="20"></th> <th>User</th> <th>Email</th> <th>Phone</th> <th>Admin</th> <th>Status</th> <? if ($gUserAdmin) { ?> <th width="30"></th> <th width="30"></th> <? } ?> </tr> </thead> <? $j = 0; for ($i=0;$i<$numRows;$i++) { if ($i < $numRecords) { $row = mysqli_fetch_array($result); $userId = $row['user_id']; $userName = $row['user_name']; $userEmail = $row['user_email']; $userPhone = $row['user_phone']; $isAdmin = $row['is_admin']; $isActive = $row['is_active']; $txtStatus = ($isActive) ? 'Active' : '<span class="text-danger">Inactive</span>'; $j += 1; ?> <tr> <th><?=$startOrder+$i+1?>.</th> <td><?=$userName?></td> <td><?=$userEmail?></td> <td><?=$userPhone?></td> <td><? if ($isAdmin == 1) { ?>Yes<? } ?></td> <td><?=$txtStatus?></td> <? if ($gUserAdmin) { ?> <td align="center" title="Edit User"><i data-id="<?=$userId?>" class="editRow cursorHand far fa-edit fa-lg"></i></td> <td align="center" title="Deactivate User"><? if ($txtStatus == 'Active') { ?><i data-id="<?=$userId?>" class="delRow cursorHand far fa-trash-alt fa-lg"></i><? } ?></td> <? } ?> </tr> <? } } ?> </table> <div id="listingPageNum" class="float-left text-success" data-pagenum="<?=$pageNum?>">Showing <?=$startOrder+1?> to <?=$startOrder+$j?> of <?=$totalCount?> entries</div> <div class="float-right" align="right"> <? if ($pageNum > 1) { ?><button class="btn btn-warning" onclick="return searchUser(<?=$pageNum-1?>)"><</button><? } ?> <? if ($numRows > $numRecords) { ?><button class="btn btn-warning" style="margin-left:5px" onclick="return searchUser(<?=$pageNum+1?>)">></button><? } ?> </div> <div class="cleaner"></div> <br> <br> <? } ?> <script type="text/javascript"> $(function () { $('.editRow').magnificPopup({ type: 'ajax', closeBtnInside: true, ajax: { settings: { method: 'POST', url: 'process/get.section.user.php' } }, callbacks: { elementParse: function(item){ postData = { act: 'editForm', id: $(item.el[0]).data('id') } this.st.ajax.settings.data = postData; } } }); $('.delRow').magnificPopup({ type: 'ajax', closeBtnInside: true, ajax: { settings: { method: 'POST', url: 'process/get.section.user.php' } }, callbacks: { elementParse: function(item){ postData = { act: 'delForm', id: $(item.el[0]).data('id') } this.st.ajax.settings.data = postData; } } }); }); </script> <? }