Code: Select all
<?php
require "backstageconfig.php";
require "backstagefunctions.php";
ob_start();
//if the login form is submitted
if(isset($_POST['submit']))
{
if(!$_POST['username'] || !$_POST['password'])
{
die('You did not fill in a required field.');
}
$username = mysql_real_escape_string ($_POST['username']);
$pass = md5 (mysql_real_escape_string ($_POST['password']));
$check = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$pass."' LIMIT 1") or die (mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$pass = md5(stripslashes($_POST['password']));
$info['password'] = stripslashes($info['password']);
if ($pass != $info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$username = stripslashes($username);
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = time();
$query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
if(isset($_SESSION['admin']))
if(isset($_GET['method']))
{
$func = $_GET['method'];
}
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
</head>
<body>
<div id=container>
<div class=header>
<table cellpadding="0" cellspacing="0" border="0" width="95%">
<tr>
<td width=110 align=center></td>
<td></td>
<td width=40 valign=bottom align=right>
<a href="#" onclick="">Home</a> | <a href="#" onclick="">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td>
</tr>
</table>
</div>
<div id=container2>
<div id=nav>
<?php if(isset($_SESSION['loggedin'])) { ?>
<h1>Character</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=biography">Biography</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=allies">Allies</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=rivals">Rivals</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=quotes">Quotes</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin'])) { ?>
<h1>Submit</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=roleplays">Roleplay</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=news">News</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=matches">Match</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=segments">Seg</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Handler</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=directory">Directory</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Booking</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=champions">Champions</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=booker">Booker</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=compiler">Compiler</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=archives">Archives</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Fed Admin</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=handlers">Handlers</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=characters">Characters</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=applications">Applications</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=events">Event Names</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=titles">Title Names</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=matchtypes">Match Types</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=divisions">Divisions</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=arenas">Arenas</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Site Admin</h1>
<ul>
<li><a href="#" onclick="backstagefunctions.php?method=templates">Templates</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=content">Content</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=bioconfig">Bio Configuration</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=newscat">News Categories</a></li>
<li><a href="#" onclick="backstagefunctions.php?method=menus">Menus</a></li>
</ul>
<?php } ?>
</div>
<div id=content>
<?php
if(isset($_GET['method']))
echo $func();
?>
</div>
<div id="footer">Backstage 1 © 2009
</div>
</div>
</div>
</body>
</html>
<?php
}
}
}
}
else
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
</head>
<body>
<div id=login>
<form method="POST" action="/mybackstage/backstage.php">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type="text" name="username" id="log" tabindex="1"></label></p>
<p><label>Password:<br><input type="password" name="password" id="pwd" tabindex="2"></label></p>
<p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4"></p>
</form>
</div>
</body>
</html>
<?php
}
?>