-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadmin.php
123 lines (112 loc) · 3.55 KB
/
admin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
/*
* File: admin.php
* File Created: Monday, 30th September 2019
* Author: Syed Faraz Abrar
* -----
* Last Modified: Monday, 14th October 2019
* Modified By: Syed Faraz Abrar
* -----
* Purpose: The admin panel, only accessible to
* the administrative user. They can then
* lock or unlock user accounts, as well as
* delete them completely.
*/
require_once("db.php");
require_once("includes/check_session.php");
include("includes/handle_admin.php");
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<?php include_once("includes/includes.php"); ?>
</head>
<body>
<?php
// If the current user is not an admin, abort
if ($_SESSION["id"] != 1)
{
header("Location: /index.php");
die();
}
session_start();
include_once('includes/header.php');
?>
<div class="container">
<!-- Mad props to Jon for providing a table for us to use ^_^ -->
<!-- Search prompt for letting the admin search for a user by name -->
<h1>Search for users:</h1>
<form method="GET" action="./admin.php">
<div class="input-group mt-2 w-25">
<input type="text" class="form-control" placeholder="Name to search by" name="name" >
<div class="input-group-append">
<button class="btn btn-outline-secondary" type="submit" id="searchButton">Search</button>
</div>
</div>
</form>
<hr>
<!-- Draw a table of users for the admin to view, and also
have some fancy buttons to let the admin lock, unlock,
and delete user accounts -->
<h2>Results Found:</h2>
<table class="table">
<thead>
<th>ID</th>
<th>Name</th>
<th>Email</th>
<th>Locked?</th>
<th>Lock</th>
<th>Unlock</th>
<th>Delete Account</th>
</thead>
<tbody>
<?php
// If the GET variable "name" is set then use it to query for a specific user
if(isset($_GET["name"]))
{
$name = $_GET["name"];
$sql = "SELECT id, username, email, locked FROM Users where username='$name'";
}
else
{
// Otherwise just query for all users
$sql = "SELECT id, username, email, locked FROM Users";
}
$result = mysqli_query($db, $sql);
// Iterate through all results and output a list of users
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>$row[0]</td>";
echo "<td>$row[1]</td>";
echo "<td>$row[2]</td>";
echo "<td>$row[3]</td>";
// Add two buttons that act as lock and unlock buttons for each account
echo "<td>";
echo'<form action="" method="post">';
echo '<input type="hidden" name="id" value="'.$row[0].'"/>';
echo '<button name="lock" type="submit" value="lock" class="btn btn-danger"><i class="fas fa-times"></button></i>';
echo '</form>';
echo "</td>";
echo "<td>";
echo'<form action="" method="post">';
echo '<input type="hidden" name="id" value="'.$row[0].'"/>';
echo '<button name="unlock" type="submit" value="unlock" class="btn btn-success"><i class="fas fa-check"></button></i>';
echo'</form>';
echo "</td>";
// Add a button that lets the admin delete user accounts
echo "<td>";
echo'<form action="" method="post">';
echo '<input type="hidden" name="id" value="'.$row[0].'"/>';
echo '<button name="delete" type="submit" value="delete" class="btn btn-danger"><i class="fas fa-times"></button></i>';
echo'</form>';
echo "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
</div>
</body>
</html>