prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $username));
$user = $statement->fetch();
$_SESSION['userid'] = $user['id'];
$_SESSION['email'] = $user['email'];
$_SESSION['username'] = $user['username'];
$_SESSION['givenName'] = $user['givenName'];
$_SESSION['lastName'] = $user['lastName'];
$_SESSION['activated'] = $user['activated'];
$_SESSION['updated_at'] = $user['updated_at'];
$_SESSION['isadmin'] = $user['isadmin'];
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! ');
}
echo 'heres the admin world
';
$showForm = true;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "Enter the username";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "no user found";
} else {
//check if theres a code already
$statement = $pdo->prepare("UPDATE users SET isadmin = '1' WHERE id = :userid");
$result = $statement->execute(array('userid' => $user['id']));
echo 'Successfully granted ';
echo $user['username'];
echo ' ADMIN rights.
';
$showForm = false;
}
}
}
if($showForm):
?>
Give Admin Rights!
Please enter the username below.
';
echo '';
?>