Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<html><head>
2
<title>Admin Login Script</title>
3
<link href="ShoutBoxFiles/shout.css" rel="stylesheet" type="text/css" />
4
</head>
5
<body>
6
<?php
7
 
8
include 'ShoutBoxFiles/shoutoptions.php';
9
#Holds our database info
10
 
11
include 'ShoutBoxFiles/shoutfunctions.php';
12
#we use the function dbinsans in this file
13
 
14
if ($_POST['submit']!=NULL)
15
#if the submit button has been pressed
16
{
17
$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die("Unable to connect!");
18
#connect
19
 
20
mysql_select_db ($dbname);
21
#select the database
22
 
23
$requete = "SELECT * FROM ShoutAdmin"; 
24
#our query
25
 
26
$result = mysql_query ($requete, $db); 
27
#sending the query
28
 
29
if ($result->username==NULL)
30
#if there is no row returned (Admin is not in database)
31
{
32
$PW = md5(dbinsans($_POST['password']));
33
#md5 encryption on the password
34
 
35
$USER = dbinsans($_POST['username']);
36
#only doing the dbinsans to block holes hackers exploit
37
 
38
$LEVEL = 'Admin';
39
# Setting user level to Admin...
40
 
41
$sql = "INSERT INTO ShoutAdmin (level, username, password) VALUES ('$LEVEL', '$USER', '$PW')"; 
42
#Creates the insert query string.
43
 
44
mysql_query($sql, $db); 
45
echo 'Thank you for setting the values, now you can login!<br />';
46
}
47
else
48
{
49
echo 'Sorry there already is an admin.';
50
#In case someone tries to post to this page... Crafty people...
51
}
52
}
53
 
54
$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die("Unable to connect!");
55
#Connect to the database
56
 
57
mysql_select_db ($dbname);
58
#Select database
59
 
60
mysql_query("
61
CREATE TABLE IF NOT EXISTS `ShoutAdmin` (
62
  `id` int(11) NOT NULL auto_increment,
63
  `level` text NOT NULL,
64
  `password` text NOT NULL,
65
  `username` text NOT NULL,
66
  UNIQUE KEY `id` (`id`)
67
) TYPE=MyISAM AUTO_INCREMENT=0
68
");
69
#If the shoutadmin table does not exist build it.. Autosetup code
70
 
71
mysql_query("
72
CREATE TABLE IF NOT EXISTS `ShoutBox` (
73
  `ID` int(11) NOT NULL auto_increment,
74
  `IP` text NOT NULL,
75
  `Name` text NOT NULL,
76
  `Date` int(11) NOT NULL default '0',
77
  `Message` text NOT NULL,
78
  `URL` text NOT NULL,
79
  KEY `ID` (`ID`)
80
) TYPE=MyISAM AUTO_INCREMENT=0
81
");
82
#If the shoutbox table does not exist build it.. Autosetup code
83
 
84
mysql_query("
85
CREATE TABLE IF NOT EXISTS `ShoutBoxBanned` (
86
`ID` INT NOT NULL AUTO_INCREMENT ,
87
`IP` TEXT NOT NULL ,
88
INDEX ( `ID` ) 
89
)
90
");
91
#If the shoutboxbanned table does not exist build it.. Autosetup code
92
 
93
 
94
$requete = "SELECT * FROM ShoutAdmin";
95
#select all the rows from shoutadmin
96
 
97
$result = mysql_query ($requete, $db); 
98
#returns result
99
 
100
$article = mysql_fetch_object($result);
101
#creates an object from result
102
 
103
if ($article->username==NULL)
104
#if there isn't a user in the admin table
105
{
106
echo 'You currently do not have an Admin, please enter the following information...<br />'; 
107
?>
108
 
109
<form method="post" name="shoutbox" action="<?php echo $_SERVER['SCRIPT_NAME'];?>" />
110
<span class="shoutinput">User Name : </span><br /><input type="text" name="username" /><br />
111
<br />
112
<span class="shoutinput">Choose Password (Case Sensitive) : </span><br /><input type="password" name="password" /><br />
113
<br />
114
<input type="submit" name="submit" value="Submit" />
115
</form>
116
 
117
<?php
118
 
119
}
120
else
121
{
122
#Already have an admin.
123
 
124
?>
125
 
126
<form method="post" name="shoutbox" action="ShoutBoxFiles/login.php" />
127
<span class="shoutinput">Your User Name : </span><br /><input type="text" name="username" /><br />
128
<br />
129
<span class="shoutinput">Enter Your Password (Case Sensitive) : </span><br /><input type="password" name="password" /><br />
130
<br />
131
<input type="submit" name="submit" value="Submit" />
132
</form>
133
 
134
<?php
135
 
136
}
137
?>
138
</body>
139
</html>