PHP - Admin News Control Panel | Issues
Hi Everybody i am working on admin panel but right now i encounter a problem i can't edit i also can't delete news but insert is working maybe somebody can help me find mistake and fix it up .
You can visit web and see what is what Admin Panel http://faksx.sytes.net/blogs/?page=cp Admin Panels news management http://faksx.sytes.net/blogs/?page=news_cp user andis |pw andis (don't try hack it won't work) Here is code i . if ($_POST['submit']) { $id = (int)$_POST['id']; $news_title = mysql_real_escape_string($_POST['news_title']); $news_category = mysql_real_escape_string($_POST['news_category']); $news_short_text = mysql_real_escape_string($_POST['news_short_text']); $news_text = mysql_real_escape_string($_POST['news_text']); $news_title = htmlentities($_POST['news_title']); $news_category = htmlentities($_POST['news_category']); $news_short_text = htmlentities($_POST['news_short_text']); $news_text = htmlentities($_POST['news_text']); if (!empty($id)) { $sql = ("UPDATE news SET news_title = '$news_title', news_category = '$news_category', news_short_text = '$news_short_text', news_text = '$news_text' WHERE id = '$id' "); } else { $sql = "INSERT INTO news (news_title,news_category,news_short_text,news_text,news_author,news_date) VALUES ('".$news_title."','".$news_category."','".$news_short_text."','".$news_text."','".$_SESSION[u_nick]."','".$last_time_seen."')"; mysql_query($sql) or die (mysql_error()); } } if($_GET['edit'] == 1) { $id = (int)$_GET['id']; $sql = ("DELETE FROM news WHERE id = '$id'"); mysql_query($sql) or die (mysql_error()); } if ($_GET['edit'] == 1) { $id = (int)$_GET['id']; $sql = ("SELECT * FROM news WHERE id = '$id'"); $date = mysql_query($sql) or die (mysql_error()); $row = mysql_fetch_array($date); $edit_title = $row['news_title']; $edit_group = $row['news_category']; $edit_short_text = $row['news_short_text']; $edit_text = $row['news_text']; $edit_id = (int)$row['id']; } mysqlutf8(); $sql = ("SELECT * FROM news"); $date = mysql_query($sql) or die (mysql_error()); echo '<select>'; while($row = mysql_fetch_array($date)) { echo "<option value='$row[id]'>".$row[news_title].'</option>' ; } #" <a href='/blogs/?page=comment&id=".$row['id']."'>Comment</a> " #"<a href='/blogs/?page=news_cp&edit=id=".$row['id']."'>" echo '</select>'."<a href='/blogs/?page=news_cp&edit&id=".$row['id']."'><input type='button' name='edit' id='button2' value='Edit' /></a> <a href='/blogs/?page=news_cp&delete&id=".$row['id']."'><input type='button' name='delete' id='button3' value='Delete' /></a>"; echo "<form id='form1' name='submit' method='post'> <p>Virsrakts <label for='textfield'></label> </p> <p> <input type='text' name='news_title' value='$news_title'> </p> <p>Ziņu Gruppa</p> <p> <label for='select'></label> <select name='news_category' value='$edit_group'> <option>News</option> <option>Bugs</option> </select> </p> <p>Teksts</p> <p> <label for='textfield2'></label> <textarea name='news_short_text' cols='50' rows='10' id='textfield2' value='$edit_short_text_text'></textarea> </p> <p>Pilns Teksts</p> <p> <label for='textfield3'></label> <textarea name='news_text' cols='70' rows='15' id='textfield3' value='$news_text'></textarea> </p> <p> <input type='submit' name='submit' id='button' value='Pievienot' /> <input type='reset' name='reset' id='button4' value='Reset' /> </p> </form>"; } Similar Tutorialswell i have a problem... i have a website running and anyone can get to the admin control panel login page by going to "mywebsite.com/admin" how can i hide this or change it so that they cant get to it unless they know it...? problem 2... when u visit my website... its shows in the url the path of the file for example... "mywebsite.com/register.php" when on the register page or like "mywebsite.com/sells.php" if on the sells page... how can i hide it so that only my website name is showing and not the path of the file? Well lately I've decided to split the big script in admin.php(admin control panel file) into several smaller script files such as admin_index.php, admin_settings.php and admin_createuser.php. I was thinking about this idea of locating all menus/submenus to the left hand side of the page and use an iframe to load info from any admin script files. This way the admin can access everything without having to be directed to a different url. I believe this is what Vbulletin has been doing for its ACP(they may have used javascript though), and I have a few questions to ask: 1. Is this a feasible idea, especially if I choose not to use javascript? 2. Is it safe to design admin control panel this way for a PHP script? If not, please lemme know possible security issues? 3. Is it possible to restrict direct access to other admin type script files, but allow access if they are loaded in iframe? Please do lemme know, thanks. please i need tutorial to learn me how to create admin panel like jommla or other >>> please dont late to answer this is my first topic Hello,
I am making a UCP to go along side a game server. The game server adds a mysql row when a account is created and places the password under Whirlpool encryption.
I am looking for someone who can help me make a basic login page that needs to enter a user name and password, with the password then encrypting to Whirlpool or whatever needs to be done for the login to be a success.
I am a total new guy to HTML / PHP scripting and looking to do this as a learning project.
what am i doing wrong? Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /****/*****/*/domains/klikertje.nl/public_html/adminpaneel/index.php on line 123 script of adminpaneel/index.php <?php include("../config.php"); include('../cronjobs.php'); $gebruikersnaam = "robin"; //De gewenste gebruikernaam $wachtwoord = "rg953gejFDI3c"; //Het gewenste wachtwoord if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_USER']) == 0){ if(preg_match('/^[a-zA-Z ]+$/D', $_SERVER['PHP_AUTH_PW']) == 0){ if($_SERVER['PHP_AUTH_USER'] != $gebruikersnaam || $_SERVER['PHP_AUTH_PW'] != $wachtwoord) { header("WWW-Authenticate: Basic realm=\"Beveiliging\""); header("HTTP/1.0 401 Unauthorized"); echo "Je bent niet ingelogd! Probeer het <A HREF=\"javascript:location.reload();\">opnieuw</A>."; exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>MiljoenenMail</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="keywords" content="miljoenenmail" /> <meta name="description" content="MiljoenenMail" /> <meta http-equiv="content-language" content="nl" /> <link href="../css/style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="containermain"> <div id="headercontainer"> <div id="headerleft"> <div id="logo"><img src="../images/miljoenenmaillogo.png"></div> <div id="menu"> <ul> <li class="first"><a href="index.php">Algemeen</a></li> <li><a href="afmelden.php">Uitloggen</a></li> <li><a href="profile.php">profiel</a></li> <li><a href="payout.php">Uitbetaling</a></li> </ul> </div> </div> <div id="headerright"> <center><i>Welkom Beheerder</i></center> <table border="0" width="235px" style="margin-top: 5px;" height="85px"> <tr><td><img src="images/parel.png" alt="Parel" /></td><td style="text-align:left;">Parels: <?=$gebruiker->parels?></td><td><img src="images/eurosymbol.png" alt="Euro" /></td><td style="text-align:left;"><?=$gebruiker->saldo?></td></tr> <tr><td><img src="images/klikmissie.png" alt="Kliknissie" /></td><td style="text-align:left;">Klikmissie</td><td><img src="images/wallet.png" alt="Uitbetalen"/></td><td style="text-align:left;">Uitbetalen</td></tr> <tr><td><img src="images/message.png" alt="Berichten" /></td><td style="text-align:left;">Berichten: <b><?=$gebruiker->berichten?></b></td><td><img src="images/nl_flag.png" alt="" /></td><td style="text-align:left;">Nederland</td></tr> 2 </table> </div> </div> <div id="floatheader"></div> <div id="tab_understroke"></div> <div id="container"> <div id="rechtscontainer"> <div id="topblue"></div> <div id="main"> <p><strong><h2>AdminPaneel</h2></strong></p> <hr /> <form name="form1" method="post" action=""> <table border="0"> <tr> <td>de nieuws/voorpagina wijzigen:</td> <?php if(!isset($_POST['Submit'])) { ?> <td><input name="nieuws" type="text" size="20" <?php if(isset($nieuws->inhoud)) { ?>value="<?=$nieuws->inhoud?>"<?php } ?>></td> </tr> <tr> <td colspan="2"> <input type="submit" name="Submit" value="Opslaan"> </td> </tr> </table> </form> <?php } else { if(isset($_POST['nieuws']) OR $_POST['nieuws'] !== $nieuws->inhoud ) { mysql_query("UPDATE cmssysteem SET inhoud='".$_POST['nieuws']."'"); } echo "bedankt voor je wijzigingen ze zijn succesvol opgeslagen en veel plezier verder met de site admin ;)"; } ?> </div> <div id="right"> <div class="title">Statistieken</div> <div class="right_content"> Aantal leden: <?=$leden?><br /> Leden online: <?=$leden?><br /> Totaal aantal parels: <?=$totaalparels?><br /> € 532,00 uitgekeerd! </div> </div> </div> <div id="float"></div> <div id="footer"></div> </div> </div> <center><table border="0" width="861px"> <tr><td align="left"><pre>© 2010 Miljoenenmail.nl</pre></td><td align="right"><pre>made by: Ismail Metaich</pre></td></tr> </table></center> </body> </html> <? } else { echo "<html><body>$_SERVER['PHP_AUTH_PW'] bevat cijfers of speciale tekens alleen letters mogelijk!</html></body>" } } else { echo "$_SERVER['PHP_AUTH_USER'] bevat cijfers of speciale tekens alleen letters mogelijk!"; } ?> Hi again PhpFreakz, yet again I have some issues with my PHP part of my website. Hello, I've just made a News system for a website i've been working on using, It has all been going fine-and-dandy. Until... My boss has asked me to add in a simple Login feature so people don't have to type there names in every form they fill-out when they use the website, My major problem is I can't get the news field to display the Login "Username" in the news, It's kind of a head-ache. (This is all for an intranet site). Sorry for the super long-ness in the post, just not sure where to look first to fix this problem :S. Please let me know if any other information is needed. Thanks! Login: Code: [Select] <?php include 'header.php'; ?> <form name="form1" method="post" action="checklogin.php"> <table id="formcss"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="myusername" type="text" id="myusername"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="mypassword" type="text" id="mypassword"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> <?php include 'footer.php'; ?> check login Code: [Select] <?php include 'header.php'; ?> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="admins"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_success.php"); } else { echo "Wrong Username or Password<p>"; echo "</p><a href=http://nrsdiskstation/login.php>Go Back</a>"; } ?> <?php include 'footer.php'; ?> News Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="admin"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // get value of id that sent from address bar $id=$_GET['id']; "SELECT column_name1, column_name2 FROM table_name"; // Retrieve data from database $sql="SELECT * FROM $tbl_name WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <?php include 'header.php'; ?> <form name="form1" method="post" action="news_ac.php"> <table id="formcss" width="100%" border="0" cellspacing="1" cellpadding="3" align="center"> <tr> <td colspan="2" align="center"><strong>New News</strong></td> </tr> <tr> <td width="71">Title</td> <td width="301"><input name="title" type="text" id="title"></td> </tr> <tr> <td>News Type</td> <td> <select name="picture" id="picture"> <option value="">None</option> <option value="<img src=http://nrsdiskstation/Images/urgent.png align=right valign=top>">Attention</option> <option value="<img src=http://nrsdiskstation/Images/about.png align=right valign=top>">About</option> <option value="<img src=http://nrsdiskstation/Images/dots.png align=right valign=top>">Information</option> </select> </td> </tr> <tr> <td>News</td> <td> <textarea rows="4" cols="33" name="news"></textarea> </td> </tr> <input name="date" type="hidden" id="date" value="<?php echo date('g:i - d/m/Y'); ?>"> <input name="byuser" type="hidden" id="byuser" value="<? echo $rows['myusername']; ?>"> <tr> <td colspan="2" align="center"><input type="submit" name="Submit" value="Submit"></td> </tr> </table> </form> <?php include 'footer.php'; ?> News_Ac Code: [Select] <?php include 'header.php'; ?> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="News"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $title=$_POST['title']; $news=$_POST['news']; $byuser=$_POST['byuser']; $picture=$_POST['picture']; $date=$_POST['date']; // Insert data into mysql $data_no=$_GET['id']; $sql="INSERT INTO $tbl_name(`title`, `news`, `byuser`, `picture`, `date`)VALUES('$title', '$news', '$byuser', '$picture', '$date')"; $result=mysql_query($sql); // if successfully insert data into database, displays message "Successful". if($result) { echo "Successful<BR><a href='index.php'>Back to Index</a>"; } else { echo "ERROR 1<br>"; echo "Query: {$sql}<br>\n"; echo "Error: " . mysql_error(); } ?> <?php include 'footer.php'; ?> News display: Code: [Select] <?php include 'header.php'; ?> <strong>Intranet System </strong> <a href="http://nrsdiskstation/news.php">(Post new news)</a><br> <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="test"; // Database name $tbl_name="News"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Retrieve data from database $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <table id="formcss" align="center"> <tr><Td> <strong><? echo $rows['title']; ?></strong> </td></tr> <tr><td> <? echo $rows['picture']; ?> <? echo $rows['news']; ?> </tr></td> <tr><td align="right"> <h6><? echo $rows['byuser']; ?> @ <? echo $rows['date']; ?><br><a href="news_update.php?id=<? echo $rows['id']; ?>">edit</a> last edited on: <? echo $rows['editdate']; ?></h6> </td></td> </table> <br><br><br> <? // close while loop } // close connection mysql_close(); ?> <?php include 'footer.php'; ?> hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance Hey guys.
The problem is like that:
I have a panel that shows live statistics on a game called Samp , and i used the template Ace Admin boostrap , and the theme is not showing , the template doesen't work , but i have all the necesary files ,css and all
Those are my files:
http://i.imgur.com/CF0kebR.jpg http://i.imgur.com/7quVxHJ.jpg Footer: http://pastebin.com/NAi6EHg4 Header: http://pastebin.com/GmBriy8G hi
I use dreamweaver cc and I make a recordset ,so I need to create a dynamic table but the data panel and data object panel not appear
can any one help me please
So i got my login down and the cookies, kinda set up my problem is how do i make the admin panle save the true/false in the string in settings.php id like do do it with a drop down menu to enable/disable it. any help? Code download I get this error: Code: [Select] Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\user\user.php on line 5 code: user.php: Code: [Select] <?php $get = (isset($_GET['id'])); //this means that user.php?id=1 would mean $get = 1. Note: This is not SQL Inject protected. $users = mysql_query("SELECT * FROM users WHERE id='".$get."'"); while ($row = mysql_fetch_array($users)) { echo ' Id = '.$row['id'].' Name = '.$row['name'].' Username = '.$row['username'].' Password = '.$row['password'].' Reg. on = '.$row['date'].' '; } ?> <html> <body> <form action='user.php' method='GET'> Username: <input type='text' value=''> <input type='submit' value='submit'> </form> <?php //what goes here? ?> </body> </html> Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php Here is my script: <?php include ("connection.php"); session_start(); // Collect data from form and save in variables //See if any info was submitted $Username = $_GET['Username']; //Clean data - trim space $Username = trim ( $Username); //Check its ok - if not then add an error message to the error string if (empty($Username)) $errorString = $errorString."<br>Please supply Username."; //See if any info was submitted $Password = $_GET['Password']; //Clean data - trim space $Password = trim ( $Password); //Check its ok - if not then add an error message to the error string if (empty($Password)) $errorString = $errorString."<br>Please supply Password."; // Query to search the user table $query= "SELECT * FROM Users WHERE Username='$Username' AND Password='$Password'"; // Run query through connection $result = mysql_query ($query); $row = mysql_fetch_assoc($result); // if rows found set authenticated user to the user name entered if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"] = $Username; $_SESSION['UserID'] = $row['UserID']; // Relocate to the logged-in page header("Location: loggedon.php"); } else // login failed redirect back to login page with error message { $_SESSION["message"] = "Could not connect as $Username " ; header("Location: login.php"); } ?> Thank you Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Hey guys, I've set up a database with a login and logout script for my site.. There is a TINYINT value called admin and it either equals 1 or 0 depending on whether the user is an admin or not.. The registration script works perfectly to create the table value and the login script works fine for the site.. The question I had was if I wanted to add a link to the bottom of every page that said: Go to Administration Panel and make it only viewable by ADMINS I figured this little script would work.. Here would be the end of the page: Code: [Select] <br /> <center>Copyright © 2010 <a href="http://www.website.com">www.WEBSITE.com</a></center> <?php include('includes/start_admincheck.php'); ?> <center><a href="<?php echo $homedir .'admin.php'; ?>">Go to Administration Panel</a></center> <?php include('includes/end_admincheck.php'); ?> </body> </html> Inside start_admincheck.php I have: (NOTE: $cUsername refers to a setcookie and $cAdmin does as well.. They are defined on my Variable page included at the top.) Code: [Select] <?php include('variables/variables.php'); ?> <?php mysql_connect("$mysql_hostname", "$mysql_username", "$mysql_password") or die(mysql_error()); mysql_select_db("$mysql_database") or die(mysql_error()); if(isset($cUsername)) { $check = mysql_query("SELECT * FROM users WHERE username = '$cUsername'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (($cAdmin == 1) && ($info['admin'] == 1)) { ?> And this is the end_admincheck.php Code: [Select] <?php include('variables/variables.php'); ?> <?php } else die(); } } else die(); ?> ?> I get this Parse error thrown at the bottom of the page: Code: [Select] Parse error: syntax error, unexpected $end in /*******/includes/start_admincheck.php on line 15 Naturally I would checkout line 15 in start_admincheck.php, but normally when I get an $end error it is the last line of the code and leaves me lost.. Something I'm missing guys? As always, thanks in advance Hallo I have a problem.
This is my code:
<?php include 'connect.php'; ?> <html> <head> <title>Admin Insert page!</title> </head> <body> <?php error_reporting(-1);ini_set('display_errors',1); if (isset($_POST['submit'])){ $name = $_POST['name']; $password = $_POST['password']; $result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'"); $num = mysql_num_rows($result); if($num == 0){ echo "Bad login, go <a href='login.php'>back</a>"; }else{ session_start(); $_SESSION['name'] = $name; header("Location: admin.php"); } }else{ ?> <form action='login.php' methody='post'> Username: <input type='text' name='name'/><br /> Password: <input type='password' name='password'/><br /> <input type='submit' name='submit' value='Login' /> </body> </html>I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you. Edited by Artur, 19 October 2014 - 12:11 PM. Hey, in a nutshell the only thing in admin.php is the ability to moderate unapproved images, however, once approved, the "Approve Delete" links are still on screen. How it works is a user uploads an image, the filename is added to mysql and the image is added to uploads/ once I Approve an image, the image is then moved to img/ to display on the index.php (to prevent porn and anything that doesn't belong to the general public). I know what's happening, because I've got while loops to display the image while looping through the mysql database, so once the image is moved, the links are still on screen, displaying an "Approve Delete" for every image in the database. Also another thing that happens is the images on index.php are blank until approved. How can I work around this? Here is the index.php when an image hasn't been approved: http://www.xodiac.net/1.png And here is the admin.php displaying Approve and Delete once an image has been approved: http://www.xodiac.net/2.png Hey, So i have an admin.php page that lists all of the users in the database and im wondering how i can add functions so the administrator can delete / ban the user from the webpage i'm not sure on how you would select the user?
Hello, Do you know where I can download a nice looking PHP admin dashboard for free? Thanks in advance for the help Hi, I am new here 🙂 I have been learning PHP and am currently working on my own OOP MVC CMS. I am up to the stage where I would like to start working on the admin area, but I am not sure how best to organise things. Should I create admin specific Controllers and Models? In Views, should I create a sub directory Admin, and place all admin view templates within it? Are there any good books on OOP/MVC you would recommend?
|