This repository has been archived by the owner on May 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 35
/
staff.php
executable file
·144 lines (129 loc) · 5.4 KB
/
staff.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<?php
session_start();
ob_start();
if (!isset($_SESSION['logged'])) {
header('Location: index.php');
die();
}
$staffPerms = $_SESSION['perms'];
$user = $_SESSION['user'];
if ($staffPerms['superUser'] != '1') {
header('Location: lvlError.php');
die();
}
include 'header/header.php';
?>
<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
<h1 style = "margin-top: 70px">Staff Menu</h1>
<p class="page-header">Staff menu of the panel, allows you to see and delete staff members.</p>
<div class="btn-group" role="group" aria-label="...">
<FORM METHOD="LINK" ACTION="addStaff.php">
<INPUT class='btn btn-primary btn-outline' TYPE="submit" VALUE="New Staff User">
</FORM>
</div>
<div class="btn-group" role="group" aria-label="...">
<FORM METHOD="LINK" ACTION="whitelist.php">
<INPUT class='btn btn-primary btn-outline' TYPE="submit" VALUE="Whitelist Staff User">
</FORM>
</div>
<div class="btn-group" role="group" aria-label="...">
<INPUT class='btn btn-primary btn-outline'data-toggle="modal" data-target="#myModal" id="deletePan" name=delete VALUE="Reset Entire Panel">
</div>
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<h4 class="modal-title" id="myModalLabel">Reset Entire Panel</h4>
</div>
<div class="modal-body">
Are you sure you want to reset the entire panel?
</div>
<div class="modal-footer">
<FORM METHOD="LINK" ACTION="delete.php">
<button type="submit" class="btn btn-danger">Reset</button>
<button type="button" class="btn btn-primary btn-outline" data-dismiss="modal">Close</button>
</form>
</div>
</div>
</div>
</div>
<br><br>
<?php
if ($staffPerms['superUser'] != '1') {
header('Location: lvlError.php');
}
include 'verifyPanel.php';
loginconnect();
$sqlget = 'SELECT * FROM users';
$sqldata = mysqli_query($dbconL, $sqlget) or die('Connection could not be established');
if (isset($_POST['delete'])) {
$sql = "DELETE FROM users WHERE ID='$_POST[hidden]'";
mysqli_query($dbconL, $sql);
echo '<div class="alert alert-success" role="alert"><a href="#" class="alert-link">Staff account deleted!</a></div>';
}
if (isset($_POST['update'])) {
if ($_POST['password'] == '') {
$UpdateQ = "UPDATE users SET username='$_POST[username]' WHERE ID='$_POST[hidden]'";
mysqli_query($dbconL, $UpdateQ);
echo '<div class="alert alert-success" role="alert"><a href="#" class="alert-link">Username updated!</a></div>';
} else {
$password = $_POST['password'];
$pass = hash('sha256', $password);
$UpdateQ = "UPDATE users SET username='$_POST[username]', password='$pass' WHERE ID='$_POST[hidden]'";
mysqli_query($dbconL, $UpdateQ);
echo '<div class="alert alert-success" role="alert"><a href="#" class="alert-link">Password and/or username updated!</a></div>';
}
}
?>
<div class="table-responsive">
<table class="table table-striped" style = "margin-top: -10px">
<thead>
<tr>
<th>Username</th>
<th>Password</th>
<th>Delete</th>
<th>Update</th>
<th>Permissions</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($sqldata, MYSQLI_ASSOC)) {
echo '<form action=staff.php method=post>';
echo '<tr>';
echo '<td>'."<input class='form-control' type=text name=username value=".$row['username'].' </td>';
echo '<td>'."<input class='form-control' type=text name=password placeholder='New password' </td>";
echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=delete value=Delete".' </td>';
echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=update value=Update".' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=hidden value='.$row['ID'].' </td>';
echo '</form>';
echo '<form action=permissions.php method=post>';
echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=edit value=Edit".' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=hiddenId value='.$row['ID'].' </td>';
echo '</form>';
echo '</tr>';
}
echo '</table></div>';
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>
<script src="dist/js/bootstrap.min.js"></script>
<!-- Just to make our placeholder images work. Don't actually copy the next line! -->
<script src="../../assets/js/vendor/holder.min.js"></script>
<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<script src="../../assets/js/ie10-viewport-bug-workaround.js"></script>
</body>
</html>