From 2738d4d6eaeb4f6cf0df2b889d7eb5074af0d528 Mon Sep 17 00:00:00 2001 From: Thies Mueller Date: Sun, 10 Jan 2021 15:10:04 +0100 Subject: [PATCH] hacky admin creation panel --- adminarea_admins.php | 19 +++++++++ adminarea_admins_give.php | 83 +++++++++++++++++++++++++++++++++++++++ adminarea_admins_take.php | 83 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 185 insertions(+) create mode 100644 adminarea_admins.php create mode 100644 adminarea_admins_give.php create mode 100644 adminarea_admins_take.php diff --git a/adminarea_admins.php b/adminarea_admins.php new file mode 100644 index 0000000..9e3cfc7 --- /dev/null +++ b/adminarea_admins.php @@ -0,0 +1,19 @@ + + + +Admin Area + + + + +'); +} +echo ''; +echo '' +echo '' +echo '

'; +echo ''; +?> diff --git a/adminarea_admins_give.php b/adminarea_admins_give.php new file mode 100644 index 0000000..8ea0810 --- /dev/null +++ b/adminarea_admins_give.php @@ -0,0 +1,83 @@ + + + +Admin Area + + + + +prepare("SELECT * FROM users WHERE username = :username"); +$result = $statement->execute(array('username' => $username)); +$user = $statement->fetch(); +$_SESSION['userid'] = $user['id']; +$_SESSION['email'] = $user['email']; +$_SESSION['username'] = $user['username']; +$_SESSION['givenName'] = $user['givenName']; +$_SESSION['lastName'] = $user['lastName']; +$_SESSION['activated'] = $user['activated']; +$_SESSION['updated_at'] = $user['updated_at']; +$_SESSION['isadmin'] = $user['isadmin']; + +if($_SESSION['isadmin'] == 0) { + die ('No rights for you! '); +} +echo ''; + +$showForm = true; + +if(isset($_GET['user']) ) { + if(!isset($_POST['username']) || empty($_POST['username'])) { + $error = "Enter the username"; + } else { + $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); + $result = $statement->execute(array('username' => $_POST['username'])); + $user = $statement->fetch(); + + if($user === false) { + $error = "no user found"; + } else { + + + //check if theres a code already + $statement = $pdo->prepare("UPDATE users SET isadmin = '1' WHERE id = :userid"); + $result = $statement->execute(array('userid' => $user['id'])); + + + + $showForm = false; + } + } +} + +if($showForm): +?> + +

Give Admin Rights!

+Please enter the username below.

+ + + +
+
+ +
+
+ +
+ + + +echo '

'; +echo ''; +?> diff --git a/adminarea_admins_take.php b/adminarea_admins_take.php new file mode 100644 index 0000000..2a698cf --- /dev/null +++ b/adminarea_admins_take.php @@ -0,0 +1,83 @@ + + + +Admin Area + + + + +prepare("SELECT * FROM users WHERE username = :username"); +$result = $statement->execute(array('username' => $username)); +$user = $statement->fetch(); +$_SESSION['userid'] = $user['id']; +$_SESSION['email'] = $user['email']; +$_SESSION['username'] = $user['username']; +$_SESSION['givenName'] = $user['givenName']; +$_SESSION['lastName'] = $user['lastName']; +$_SESSION['activated'] = $user['activated']; +$_SESSION['updated_at'] = $user['updated_at']; +$_SESSION['isadmin'] = $user['isadmin']; + +if($_SESSION['isadmin'] == 0) { + die ('No rights for you! '); +} +echo ''; + +$showForm = true; + +if(isset($_GET['user']) ) { + if(!isset($_POST['username']) || empty($_POST['username'])) { + $error = "Enter the username"; + } else { + $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); + $result = $statement->execute(array('username' => $_POST['username'])); + $user = $statement->fetch(); + + if($user === false) { + $error = "no user found"; + } else { + + + //check if theres a code already + $statement = $pdo->prepare("UPDATE users SET isadmin = '0' WHERE id = :userid"); + $result = $statement->execute(array('userid' => $user['id'])); + + + + $showForm = false; + } + } +} + +if($showForm): +?> + +

Take Admin Rights!

+Please enter the username below.

+ + + +
+
+ +
+
+ +
+ + + +echo '

'; +echo ''; +?>