View file admin/index.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 16.51Kb 
<?php
session_start();
include('../includes/connect.php');
if(!$userid || $rights<2) go($url);


// Users Management

if(isset($_GET['users'])){
$title = 'Users';
include('header.php');
echo '<div class="title">Manage Users</div>';
$queryUsers = mysql_query('select id,files,rights,username from users order by `id` asc limit '.$j.', 10');
$queryNum = mysql_query('select id from users');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($user=mysql_fetch_assoc($queryUsers)){
echo '<div class="list">
Username: <a href="'.$url.'/user.php?id='.$user['id'].'"><b>'.$user['username'].'</b></a><br>
User ID: <b>'.$user['id'].'</b><br>
User Rank: <b>('.user_rights($user['rights']).')</b><br>
User Files: <b><a href="'.$url.'/user/?files&user='.$user['id'].'">'.$user['files'].'</a></b><br>
<a href="?user&del='.$user['id'].'">[delete]</a> <a href="?user&edit='.$user['id'].'">[edit]</a></div>';
}
mysql_free_result($queryUsers);
mysql_free_result($queryNum);
paging($all,$page,10,$url.'/admin/?users&');
} else {
echo '<div class="news">No Users Yet! <br><a href="?">Go back</a></div>';
}
include 'footer.php';
die();
}


if(isset($_GET['user'])){
$title = 'Manage Users';
include('header.php');


// Users action - Delete
if(isset($_GET['del'])){
$del = intval($_GET['del']);
echo '<div class="title">Delete '.username($del).'</div>';
$idu = mysql_query("select id from users where id = '$del'");
if(mysql_num_rows($idu)>0){
if (isset($_POST['submit'])) {
rrmdir('../data/user'.$inf['id']);
mysql_query("delete from users where id = '$del'");
mysql_query("delete from files where userid = '$del'");
mysql_free_result($idu);
echo '<div class="box">User has been deleted successfully! <br><a href="?users">Go back</a></div>';
} else {
echo '<div class="news">Are you sure that you want to delete this user (<b>'.username($del).'</b>) ? ' . '<form method="post">' . '<input type="submit" name="submit" value="Delete" />' . ' <a href="?users">Cancel</a></form></div>';
}
} else {
echo '<div class="news">User does not exists! <br><a href="?users">Go back</a></div>';
}
}

// Users action - Edit
elseif(isset($_GET['edit'])){
$edi = intval($_GET['edit']);
echo '<div class="title">Edit '.username($edi).'</div>';
$idu = mysql_query("select mail,rights,username from users where id = '$edi'");
if(mysql_num_rows($idu)>0){
$inf  = mysql_fetch_assoc($idu);
if(isset($_POST['change'])){
$mail = (strlen($_POST['mail'])>50) ? input(substr($_POST['mail'],0,50)) : input($_POST['mail']) ;
$rights = intval($_POST['rights']);
mysql_query("UPDATE users SET mail = '$mail', rights = '$rights' where id = '$edi'");
echo '<div class="menu">User Info has been updated successfully! <br/><a href="?users">Back to Users</a></div>';
} else {
echo '<div class="list"><form method="post">Username: <b>'.$inf['username'].'</b><br>E-mail:<br/><input type="text" name="mail" value="'.$inf['mail'].'" size="15"/><br>Rank: '.user_rights($inf['rights']).'<br/>Rank User: <br><select name="rights"><option value="0">Banned</option><br><option value="1">User</option><br><option value="2">Admin</option><br></select><br/><input type="submit" name="change" value="Save"></form></div>'; } } else {
echo '<div class="news">User does not exists! <br><a href="?users">Go back</a></div>';
}
}  else {
header("location: ?users");
}
include 'footer.php';
die();
}

// File management
if(isset($_GET['files'])){
$title = 'Files';
include('header.php');
echo '<div class="title">Manage Files</div>';
$queryFiles = mysql_query('select * from files order by `time` desc limit '.$j.', 10');
$queryNum = mysql_query('select id from files');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($file=mysql_fetch_assoc($queryFiles)){
$Filetag = fileExt($file['name']);
$name = $file['name'];
$name = str_replace(".$Filetag","",$name);
echo '
<div class="list">File: <a href="'.$url.'/load/file/'.$file['id'].'/'.hdm_converturl($name).'.html">'.$file['name'].'</a>
<br>File Size: '.size($file['size']).'
<br>Category: '.catname($file['catid']).'
<br>Uploader: '.username($file['userid']).'<br>
<a href="?file&move='.$file['id'].'">move</a> | <a href="?file&edit='.$file['id'].'">[edit]</a> | <a href="?file&del='.$file['id'].'"><font color="red">delete</font></a></div>';
}
mysql_free_result($queryFiles);
mysql_free_result($queryNum);
paging($all,$page,10,$url.'/admin/?files&');
} else {
echo '<div class="news">No files Uploaded yet! <br><a href="'.$url.'/user/upload.php">Upload Here</a></div>';
}
include 'footer.php';
die();
}

if(isset($_GET['file'])){
$title = 'Manage Files';
include('header.php');


// File actions - Delete
if(isset($_GET['del'])){
echo '<div class="title">Delete File</div>';
$del = intval($_GET['del']);
$idf = mysql_query("select * from files where id = '$del'");
if(mysql_num_rows($idf)>0){
if (isset($_POST['submit'])) {
$inf  = mysql_fetch_assoc($idf);
unlink('../data/user'.$inf['userid'].'/'.$inf['name']);
mysql_query("UPDATE users SET disk = disk-".bytetomb($inf['size'])." WHERE id = '$userid'");
mysql_query("delete from files where id = '$del'");
mysql_free_result($idf);
echo '<div class="news">File has been deleted! <br><a href="?files">Back to Files</a></div>';
} else {
echo '<div class="news">Are you sure that you want to delete <b>'.filename($del).'</b> file ?' . '<form method="post">' . '<input type="submit" name="submit" value="Delete" />' . ' <a href="?files">Cancel</a></form></div>';
}
} else {
echo '<div class="news">File does not exists! <br><a href="?files">Go back</a></div>';
}
}

// Files Actions - Edit
elseif(isset($_GET['edit'])){
echo '<div class="title">Edit File</div>';
$edi = intval($_GET['edit']);
$idf = mysql_query("select name,password,description,userid from files where id = '$edi'");
if(mysql_num_rows($idf)>0){
$inf  = mysql_fetch_assoc($idf);
if(isset($_POST['change'])){
$pas = (strlen($_POST['pas'])>20) ? input(substr($_POST['pas'],0,20)) : input($_POST['pas']) ;
$des = (strlen($_POST['des'])>100) ? input(substr($_POST['des'],0,100)) : input($_POST['des']);
mysql_query("UPDATE files Set description = '$des', password = '$pas' where id = '$edi'");
echo '<div class="menu">File has been updated! <br><a href="?files">Back to Files</a></div>';
} else {
echo '<div class="list">File: <b>'.filename($edi).'</b>
<form method="post">Description (max 100): <br/><textarea name="des">'.$inf['description'].'</textarea><br>Password (max 20):<br><input type="text" name="pas" value="'.$inf['password'].'" size="15"/><br/><input type="submit" name="change" value="Save"></form></div>';
}
} else {
echo '<div class="news">File does not exists! <br><a href="?files">Go back</a></div>';
}
}
// Files Actions - Move
elseif(isset($_GET['move'])){
echo '<div class="title">Move File</div>';
$move = intval($_GET['move']);
$idf = mysql_query("select * from files where id = '$move'");
if(mysql_num_rows($idf)>0){
$inf  = mysql_fetch_assoc($idf);
if(isset($_POST['m0ve'])){
$newcat = $_POST['newcat'];
if(!$newcat || $newcat == 0){
echo '<div class="news">Please Select file Category! <br/><a href="javascript:history.go(-1)">Go back</a></div>';
}
else
{ mysql_query("UPDATE files Set catid = '$newcat' where id = '$move'");
echo '<div class="menu">File has been moved to <b>'.catname($newcat).'</b> <br><a href="?files">Back to Files</a></div>';
}
} else {
echo '<div class="list">
<b>'.filename($move).'</b>
<form method="post">
Move to:<br>
<select name="newcat"><option value="0">Select Category</option>';
$queryCat = mysql_query("SELECT * FROM file_cat order by `name` asc");
while($cat_info = mysql_fetch_array($queryCat))
{ $id = $cat_info["id"];
$name = $cat_info["name"];
echo "<option value=\"$id\">$name</option>"; }
echo '</select><br>
<input type="submit" name="m0ve" value="Move File">
&nbsp;<a href="?files">Cancel</a>
</form></div>';
}
} else {
echo '<div class="news">File does not exists! <br><a href="?files">Go back</a></div>';
}
}   else {
header("location: ?files");
}
include 'footer.php';
die();
}


// Category management
if(isset($_GET['cats'])){
$title = 'Categories';
include('header.php');
echo '<div class="title">Manage Categories</div>
<div class="news" align="center">
<a href="?cat&new=add"><b>Add New Category</b></a></div>';
$queryCats = mysql_query('select id,name,img from file_cat order by `name` asc limit '.$j.', 10');
$queryNum = mysql_query('select id from file_cat');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($ct=mysql_fetch_assoc($queryCats)){
$cat_id = $ct['id'];
$img = $ct['img'];
if(!empty($img)) { $img= '<img src="'.$img.'" height="16" width="16"/>'; }
else { $img= '<img src="'.$url.'/images/folder.png" height="16" width="16"/>'; }
$reqCats = mysql_query("SELECT COUNT(*) FROM `files` WHERE `catid` = '$cat_id'");
$catfiles = mysql_result($reqCats, 0);
echo '<div class="list">'.$img.' <a href="'.$url.'/loads/'.$ct['id'].'/'.hdm_converturl($ct['name']).'.html">'.$ct['name'].'</a> ('.$catfiles.')<br><a href="?cat&del='.$ct['id'].'">[delete]</a> <a href="?cat&edit='.$ct['id'].'">[edit]</a></div>';
}
mysql_free_result($queryCats);
mysql_free_result($queryNum);
paging($all,$page,10,$url.'/admin/?cats&');
} else {
echo '<div class="news">No file Categories yet! <br><a href="?cat&new=add">Create New</a></div>';
}
include 'footer.php';
die();
}

if(isset($_GET['cat'])){
 $title = 'Manage Category';
include('header.php');

// Category Actions - Delete
if(isset($_GET['del'])){
echo '<div class="title">Delete Category</div>';
$del = intval($_GET['del']);
$cid = mysql_query("select name,img from file_cat where id = '$del'");
if(mysql_num_rows($cid)>0){
if (isset($_POST['submit'])) {
$cin  = mysql_fetch_assoc($cid);
mysql_query("delete from file_cat where id = '$del'"); mysql_query("delete from files where catid = '$del'");
mysql_free_result($cid);
echo '<div class="news">Category has been deleted! <br><a href="?cats">Category List</a></div>';
} else {
echo '<div class="news">Are you sure that you want to delete <b>'.catname($del).'</b> category with all included files?
<form method="post">
<input type="submit" name="submit" value="Delete" />
&nbsp;<a href="?files">Cancel</a></form></div>';
}
} else {
echo '<div class="news">Category does not exists! <br><a href="?cats">Go back</a></div>';
}
}

// Category Actions - Edit
elseif(isset($_GET['edit'])){
echo '<div class="title">Edit Category</div>';
$edi = intval($_GET['edit']);
$cid = mysql_query("select img,name,ext from file_cat where id = '$edi'");
if(mysql_num_rows($cid)>0){
$cin  = mysql_fetch_assoc($cid);
if(isset($_POST['change'])){
$img = $_POST['img'];
$ext = $_POST['ext'];
$name = $_POST['name'];
$checkcat = mysql_num_rows(mysql_query("select * from file_cat where name='$name'"));
if(empty($name) || strlen($name)<2)
{ echo '<div class="news">Category name cannot be empty or less than 3 characters <br><a href="?cats">Go back</a></div>'; }
elseif($checkcat>1) {
echo '<div class="news">Category Exist! Choose another name <br><a href="?cats">Go back</a></div>'; }
else
{ mysql_query("UPDATE file_cat Set name = '$name', img = '$img', ext = '$ext' where id = '$edi'");
echo '<div class="menu">Category has been updated successfully! <br><a href="?cats">Go back</a></div>';
}
} else {
echo '<div class="list"><center>Category: <b>'.catname($edi).'</b></center><form method="post">
Category Name<br/><input type="text" name="name" value="'.$cin['name'].'" size="15"/><br>
Category Image:<br><input type="text" name="img" value="'.$cin['img'].'" size="15"/><br>
Allowed type: jar, png, jpg, etc. or leave it blank for default extentions! <br>
<textarea name="ext">'.$cin['ext'].'</textarea><br/>
<input type="submit" name="change" value="Save">
</form></div>';
}
} else {
echo '<div class="news">Category does not exists! <br><a href="?cats">Go back</a></div>';
}
}
elseif(isset($_GET['new'])){
echo '<div class="title">New Category</div>';
if(isset($_POST['submit'])){
$name = $_POST["name"];
$img = $_POST["img"];
$ext = $_POST["ext"];
$checkcat = mysql_num_rows(mysql_query("select * from file_cat where name='$name'"));
if(empty($name) || strlen($name)<2)
{ echo '<div class="news">Category name cannot be empty or less than 3 characters! <br><a href="?cats">Go back</a></div>'; }
elseif($checkcat>0) {
echo '<div class="news">Category Exist! Choose another name <br><a href="?cats">Go back</a></div>'; }
else
{ $idc = insert('file_cat');
mysql_query("INSERT INTO file_cat (id,name, img,ext) VALUES ('$idc','{$name}', '{$img}','{$ext}')");
echo '<div class="menu">New Category has been created! <br><a href="?cats">Go back</a></div>';
}
}
else { echo '<div class="list"><form method="post">Category Name<br/><input type="text" name="name" value="" size="15"/><br>
Category Image:<br><input type="text" name="img" value="" size="15"/><br>
Allowed type: jar, png, jpg, etc. or leave it blank for default extentions! <br>
<textarea name="ext"></textarea><br/>
<input type="submit" name="submit" value="Create">
</form></div>';
}
}
else {
header("location: ?cats");
}
include 'footer.php';
die();
}


// Reported Files
if(isset($_GET['report'])){
$title = 'Reported Files';
include('header.php');
echo '<div class="title">Reported Files</div>';
$queryFiles = mysql_query('select id,name,size,report,userid from files where report >=1 order by `report` desc limit '.$j.', 10');
$queryNum = mysql_query('select id from files where report >=1');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($f=mysql_fetch_assoc($queryFiles)){
echo '<div class="list">
File: <a href="'.$url.'/file.php?id='.$f['id'].'">'.$f['name'].'</a><br>
Size: <b>'.size($f['size']).'</b> <br>
Uploaded by: <a href="'.$url.'/user.php?id='.$f['id'].'">'.username($f['userid']).'</a> <br>
Reported: <b>'.$f['report'].'</b> times.<br>
<a href="?file&del='.$f['id'].'">[delete]</a> <a href="?file&edit='.$f['id'].'">[edit]</a>
</div>';
}
mysql_free_result($queryFiles);
mysql_free_result($queryNum);
paging($all,$page,10,$url.'/admin/?report&');
} else {
echo '<div class="news">No file Reported yet!</div>';
}
include 'footer.php';
die();
}

// Site Settings
if(isset($_GET['set'])){
$title = 'System Settings';
include('header.php');
echo '<div class="title">Site Settings</div>';
if(isset($_POST['change'])){
$title = input($_POST['title']);
$news = input($_POST['news']);
$terms = input($_POST['terms']);
$about = input($_POST['about']);
$filemax = input($_POST['filemax']);
$upmax = input($_POST['upmax']);
$file_ext = input($_POST['file_ext']);
$registration = intval($_POST['registration']);
update('title',$title);
update('filemax',$filemax);
update('news',$news);
update('terms',$terms);
update('about',$about);
update('upmax',$upmax);
update('file_ext',$file_ext);
update('registration',$registration);
echo '<div class="box">Site Settings has been updated! <br><a href="?set">Go back</a></div>';
} else {
echo '
<div class="list"><form method="post">Site Title:<br/>
<input type="text" name="title" value="'.$set['title'].'" size="15"/><br>
Site news (HTML): <br><textarea name="news">'.stripslashes($set['news']).'</textarea><br>
Site terms (HTML): <br><textarea name="terms">'.stripslashes($set['terms']).'</textarea><br>
Site about (HTML): <br><textarea name="about">'.stripslashes($set['about']).'</textarea><br>
User Disk (each user):<br/><input type="text" name="upmax" value="'.$set['upmax'].'" size="5"/> (MB)<br>
Max Upload (each file): <br/><input type="text" name="filemax" value="'.$set['filemax'].'" size="5"/> (MB)<br>
Default File types: jar, zip, png, etc. <br>
<textarea name="file_ext">'.stripslashes($set['file_ext']).'</textarea><br>
Registration:<br><select name="registration"><option value="1">Open</option><option value="0">Closed</option></select><br> 
<input type="submit" name="change" value="Save">
</form></div>';
}
include 'footer.php';
die();
}

// Default
$title = 'System Panel';
include('header.php');
echo '<div class="title">System Panel</div> 
<div class="box">&bull; <a href="?users">Users Management</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM users'),0).')</div>
<div class="box">&bull; <a href="?cats">Category Management</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM file_cat'),0).')</div>
<div class="box">&bull; <a href="?files">Files Management</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM files'),0).')</div>
<div class="box">&bull; <a href="?report">Reported Files</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM files WHERE report >=1'),0).')</div>
<div class="box">&bull; <a href="?guide">Guide Management</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM guide'),0).')</div>
<div class="box">&bull; <a href="?contributors">Contributor List</a> ('.mysql_result(mysql_query('SELECT COUNT(id) FROM contributors'),0).')</div>
<div class="box">&bull; <a href="?set">General Settings</a></div>
<div class="box">&bull; <a href="../logout.php">LogOut</a></div>';
include ("footer.php");
?>