-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathadmin.php
More file actions
93 lines (75 loc) · 2.6 KB
/
Copy pathadmin.php
File metadata and controls
93 lines (75 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
session_start();
require_once 'core/template.class.php';
require_once 'core/database.class.php';
require_once 'core/auth.class.php';
$template = new Template('theme/');
//Если отправил запрос на вход
if ( isset($_POST['userName']) && isset($_POST['userPass']))
{
$userName = $_POST['userName'];
$userPass = md5($_POST['userPass'] + $_POST['userName'][1]);
$status = 'admin';
$db = new SafeMySQL();
$user = $db->getAll("SELECT * FROM users WHERE user_login = ?s AND user_rights = ?s", $userName, $status);
$auth = new AuthClass( $user[0]['user_login'], $user[0]['user_password'] );
if ( !$auth->auth($userName, $userPass) )
{
$template->set("login", "<div class='alert alert-danger'>Неверный логин или пароль</div>");
$template->display("login");
}else //если верный логин и пароль
{
header("Location: admin.php");
}
}else //если не отсылал запросы на вход
{
//если уже авторизированы
if ( isset($_SESSION['is_auth']) )
{
$photo = isset($_POST['photo'])? $_POST['photo']: null;
$vk = isset($_POST['vk'])? $_POST['vk']: null;
$faculty = isset($_POST['faculty'])? $_POST['faculty']: null;
$kurs = isset($_POST['kurs'])? $_POST['kurs']: null;
if ($photo && $vk && $faculty && $kurs)
{
require_once 'core/shield.class.php';
$hack = new Shield();
$hack->check();
$db = new SafeMySQL();
require_once 'core/database.class.php';
$db->query('INSERT INTO profiles (profile_photo, profile_vk, profile_faculty, profile_kurs) VALUES (?s, ?s, ?s, ?s)', $photo, $vk, $faculty, $kurs);
die('OK');
}
$do = isset($_GET['do'])? $_GET['do']: null;
switch ($do)
{
case 'exit':
$auth = new AuthClass(null, null);
$auth->out();
header('Location: index.php');
break;
case 'feedback':
$db = new SafeMySQL();
$template->display('admin_head');
$feedback = $db->getAll('SELECT * FROM feedback ORDER BY feedback_id DESC LIMIT 20');
if (!$feedback)
echo 'Нет отзывов';
foreach ($feedback as $value)
{
$template->set('id', $value['feedback_id']);
$template->set('name', $value['feedback_name']);
$template->set('email', $value['feedback_email']);
$template->set('message', $value['feedback_message']);
$template->display('feedback_out');
}
break;
default:
$template->display('admin_head');
$template->display('add');
}
$template->display('admin_foot');
}else
{
$template->display('login');
}
}