Code: Select all
include ('database.php');
/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );
if (function_exists ( $f )) {
$f ();
} else {
die ( 'Error 404!' );
}
function getFormData($username, $table, $field){
$query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
while($row = mysql_fetch_assoc($query)){
return $row[$field];
}
}
Code: Select all
function handlers() {
print '<h1 class=backstage>Handler Management</h1><br />';
print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td width="30"> </td>';
print '<td align="center">Username</td>';
print '<td align="center">Surname</td>';
print '<td align="center">First Name</td>';
print '<td align="center">E-Mail</td>';
print '</tr>';
$query = "SELECT * FROM users ORDER BY `username`";
$result = mysql_query ( $query ); // Run The Query
if ($result) {
// Fetch and print all records.
$i = 0;
while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
$sClass = 'row2';
if ($i ++ & 1) {
$sClass = 'row1';
}
printf ( "<tr class=\"%s\">", $sClass );
print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
print '</tr>';
}
}
print '</table><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
Code: Select all
function edithandler() {
$query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
$result = mysql_query ( $query ); // Run The Query
$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
print '<h1 class=backstage>Handler Management</h1><br />';
print '<h2 class=backstage>Edit Handler Details</h2><br />';
print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
print '<table width="100%" class="table2">';
print '<tr>';
print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Surname:</td><td class=row3>';
print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Firstname:</td>';
print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Email:</td>';
print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>AIM:</td>';
print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>MSN:</td>';
print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Forum ID:</td>';
print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
print '</tr>';
print '<tr>';
print '<td class=rowheading>Account:</td>';
print '<td class=row3><select name=enabled class=selection>';
print '<option value=1>Enabled</option><option value=0>Disabled</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Administrator:</td>';
print '<td class=row3><select name=isadministrator class=selection>';
print '<option value=1>Yes</option><option value=0>No</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Default Character:</td>';
print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
print '</tr>';
print '</table><br />';
print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
print '<option value=0>- Select -</select> <input type=submit value="Add" class=button></form></h2><br />';
print '<br /><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}