<?php
/* code by DQH - DDVIET.VN */
define('IN_DDU',1);
require_once('common.php');
if(!$userid || $userlv<2) go(URL);
$set['title'] = 'Admin Panel |';
$set['br'] = '> <a href="'.URL.'/admincp.php">Admin Panel</a>';
$mode = input($_GET['mode']);
headerpg($set);
echo '<div class="title">Admin Panel</div><div class="box">';
switch($mode){
/*action user */
case 'uac':
if(isset($_GET['del'])){
$del = intval($_GET['del']);
$idf = mysql_query("select id from users where id = '$del'");
if(mysql_num_rows($idf)>0){
$inf = mysql_fetch_assoc($idf);
rrmdir('data/ID'.$inf['id']);
mysql_query("delete from users where id = '$del'");
mysql_query("delete from files where userid = '$del'");
mysql_free_result($idf);
echo 'User was deleted ! <a href="?mode=users">Go to Manager Users</a>';
} else {
echo 'User does not exists ! <a href="javascript:history.go(-1)">Go to back</a>';
} // end num rows
}
/* edit */
elseif(isset($_GET['edit'])){
$edi = intval($_GET['edit']);
$idf = mysql_query("select mail,lv from users where id = '$edi'");
if(mysql_num_rows($idf)>0){
$inf = mysql_fetch_assoc($idf);
if(isset($_POST['change'])){
$mail = (strlen($_POST['mail'])>50) ? input(substr($_POST['mail'],0,50)) : input($_POST['mail']) ;
$lv = intval($_POST['lv']);
mysql_query("UPDATE users Set mail = '$mail', lv = '$lv' where id = '$edi'");
echo 'This user updated ! <a href="?mode=users">go to manager</a>';
} else {
echo '<form method="post">Mail User (max 50, auto cut):<br/><input type="text" name="mail" value="'.$inf['mail'].'" size="15"/><br>level (0 = banner,1 = user, 2 = admin): now user is : '.lvuser($inf['lv']).'<br><input type="text" name="lv" value="'.$inf['lv'].'" size="2"/><br/><input type="submit" name="change" value="Save"></form>';
}
} else {
echo 'User does not exists ! <a href="javascript:history.go(-1)">Go to back</a>';
}
} else {
echo '<a href="javascript:history.go(-1)">Go to back</a>';
}
break;
/* action files */
case 'action':
if(isset($_GET['del'])){
$del = intval($_GET['del']);
$idf = mysql_query("select name,size,userid from files where id = '$del'");
if(mysql_num_rows($idf)>0){
$inf = mysql_fetch_assoc($idf);
unlink('data/ID'.$inf['userid'].'/'.$inf['name']);
mysql_query("UPDATE users SET disk = disk-".bytetomb($inf['size'])." WHERE id = '$userid'");
mysql_query("delete from files where id = '$del'");
mysql_free_result($idf);
echo 'File was deleted ! <a href="?mode=manager">Go to Manager Files</a>';
} else {
echo 'File does not exists ! <a href="javascript:history.go(-1)">Go to back</a>';
} // end num rows
}
/* edit */
elseif(isset($_GET['edit'])){
$edi = intval($_GET['edit']);
$idf = mysql_query("select name,password,description,userid from files where id = '$edi'");
if(mysql_num_rows($idf)>0){
$inf = mysql_fetch_assoc($idf);
if(isset($_POST['change'])){
$pas = (strlen($_POST['pas'])>20) ? input(substr($_POST['pas'],0,20)) : input($_POST['pas']) ;
$des = (strlen($_POST['des'])>500) ? input(substr($_POST['des'],0,500)) : input($_POST['des']);
mysql_query("UPDATE files Set description = '$des', password = '$pas' where id = '$edi'");
echo 'This file updated ! <a href="?mode=manager">go to manager</a>';
} else {
echo '<form method="post">Description (max 500, auto cut):<br/><textarea name="des">'.$inf['description'].'</textarea><br>Password (max 20, auto cut):<br><input type="text" name="pas" value="'.$inf['password'].'" size="15"/><br/><input type="submit" name="change" value="Save"></form>';
}
} else {
echo 'File does not exists ! <a href="javascript:history.go(-1)">Go to back</a>';
}
} else {
echo '<a href="javascript:history.go(-1)">Go to back</a>';
}
break;
/* manager files */
case 'manager':
$queryFiles = mysql_query('select id,name,size from files order by `time` desc limit '.$j.', 10');
$queryNum = mysql_query('select id from files');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($f=mysql_fetch_assoc($queryFiles)){
echo '> <a href="?mode=action&del='.$f['id'].'">[x]</a> <a href="?mode=action&edit='.$f['id'].'">[s]</a><a href="'.URL.'/viewfile.php?id='.$f['id'].'">'.$f['name'].'</a> ('.size($f['size']).').<br>';
}
mysql_free_result($queryFiles);
mysql_free_result($queryNum);
paging($all,$page,10,URL.'/admincp.php?mode=manager&');
} else {
echo 'No file here !';
}
echo '</div>';
break;
case 'users':
$queryFiles = mysql_query('select id,mail,lv from users order by `id` asc limit '.$j.', 10');
$queryNum = mysql_query('select id from users');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($f=mysql_fetch_assoc($queryFiles)){
echo '> <a href="?mode=uac&del='.$f['id'].'">[x]</a> <a href="?mode=uac&edit='.$f['id'].'">[s]</a>'.$f['mail'].' ('.lvuser($f['lv']).').<br>';
}
mysql_free_result($queryFiles);
mysql_free_result($queryNum);
paging($all,$page,10,URL.'/admincp.php?mode=users&');
} else {
echo 'No file here !';
}
echo '</div>';
break;
case 'report':
$queryFiles = mysql_query('select id,name,size,report,userid from files where report >=1 order by `report` desc limit '.$j.', 10');
$queryNum = mysql_query('select id from files where report >=1');
if(mysql_num_rows($queryNum)>0){
$all = mysql_num_rows($queryNum);
while($f=mysql_fetch_assoc($queryFiles)){
echo '> <a href="?mode=action&del='.$f['id'].'">[x]</a> <a href="?mode=action&edit='.$f['id'].'">[s]</a><a href="'.URL.'/viewfile.php?id='.$f['id'].'">'.$f['name'].'</a> ('.size($f['size']).') by <a href="?mode=uac&edit='.$f['id'].'">'.nameu($f['userid']).'</a> <b>Have '.$f['report'].' user report</b>.<br>';
}
mysql_free_result($queryFiles);
mysql_free_result($queryNum);
paging($all,$page,10,URL.'/admincp.php?mode=report&');
} else {
echo 'No file here !';
}
echo '</div>';
break;
case 'set':
if(isset($_POST['change'])){
$name = input($_POST['name']);
$note = input($_POST['not']);
$header = input($_POST['header']);
$upmax = input($_POST['upmax']);
$op = intval($_POST['os']);
update('name',$name);
update('header',$header);
update('note',$note);
update('upmax',$upmax);
update('signup',$op);
echo 'Setting was updated ! <a href="?mode=set">Go to back</a>';
} else {
echo '
<form method="post">Name Site:<br/><input type="text" name="name" value="'.$set['name'].'" size="15"/><br>Notice (use HTML):<br><textarea name="not">'.stripslashes($set['note']).'</textarea><br>Header:<br><textarea name="header">'.stripslashes($set['header']).'</textarea><br>User space (ex: 1MB/1 user):<br/><input type="text" name="upmax" value="'.$set['upmax'].'" size="5"/> (Megabytes)<br/>Open Signup:<br><select name="os"><option value="1">Yes</option><option value="0">No</option></select><br> <input type="submit" name="change" value="Save"></form>
';
}
break;
default:
echo '
<b>Total Users:</b> '.mysql_result(mysql_query('SELECT COUNT(id) FROM users'),0).'<br/>
<b>Total Files:</b> '.mysql_result(mysql_query('SELECT COUNT(id) FROM files'),0).'<br/>
<b>Total Files Report:</b> '.mysql_result(mysql_query('SELECT COUNT(id) FROM files WHERE report >=1'),0).'</div>
<div class="box">• <a href="?mode=manager">Manager Files</a></div>
<div class="box">• <a href="?mode=report">Report Files</a></div>
<div class="box">• <a href="?mode=users">Manager Users</a></div>
<div class="box">• <a href="?mode=set">Setting</a></div>
<div class="box">• <a href="?mode=out">Sign Out</a></div>';
}
echo '</div>';
footerpg($set);
?>