Файл: admin.php
Строк: 452
<? session_start();
include('config.php');
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from config where adminpass ='$pass'";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$adminpass[]=$res["adminpass"];
}
$check = count($adminpass);
if($check>0) {
$valid_user = "Admin";
session_register("valid_user"); }
// session start here
?>
<html>
<head>
<title>IPCheck version 0.3 Admin Area</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#B6BFC7" link="#FFFFFF" vlink="#FFFFFF" alink="#FFFFFF">
<?
if(session_is_registered("valid_user")) {
if((!isset($action)) || (empty($action))) {
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from iplist order by ID desc";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$id[]=$res["ID"];
$aclass[]=$res["aclass"];
$bclass[]=$res["bclass"];
$cclass[]=$res["cclass"];
$dclass[]=$res["dclass"];
$level[]=$res["level"];
}
?>
<div align="center">
<table width="50%" border="1" bordercolor="#888FAC" background="#888FAC" height="94">
<tr valign="middle" bgcolor="#70658B">
<td bordercolor="#888FAC" colspan="3" height="2">
<div align="center"><b><font color="#FFFFFF"> <u>Current List with IPs</u></font></b></div>
</td>
</tr>
<tr valign="middle" bgcolor="#70658B">
<td bordercolor="#888FAC" colspan="3" height="2">
<div align="center"><b><font color="#FFFFFF" size =2> .:. <a href="admin.php?action=config">Config Area</a> .:. <a href="admin.php?action=add"> Add IP </a> .:.</font></b></div>
</td>
</tr>
<tr valign="middle" bgcolor="#70658B">
<td bordercolor="#888FAC" colspan="3" height="2">
<div align="center"><b><font size=2>
<?
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from config where id = 1";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$super[]=$res["name9"];
$admin[]=$res["name8"];
$users[]=$res["name7"];
$simple[]=$res["name0"];
}
?>
<font color="#00FFFF">[ <?echo $super[0];?> ]</font>
<font color="#3333FF">[ <?echo $admin[0];?> ]</font>
<font color="#FFFF00">[ <?echo $users[0];?> ] </font>
<font color="#FF3333">[ <?echo $simple[0];?> ]</font>
</font></b></div>
</td>
</tr>
<? for($i=0; $i<count($id)-1; $i++) {
if($level[$i]=='9') { $lvl = "<font color="#00FFFF">$super[0] </font>";}
if($level[$i]=="8") { $lvl = "<font color="#3333FF">$admin[0] </font>";}
if($level[$i]=="7") { $lvl = "<font color="#FFFF00">$users[0] </font>";}
if($level[$i]=='0') { $lvl = "<font color="#FF3333">$simple[0] </font>";}
?>
<tr bgcolor="<?if($i%2==0){echo "#6C7597";} else {echo "#A4A9BD";}?>">
<td colspan="2">
<div align="center"><font size="2" color="#FFFFFF"></font></div>
<div align="center"></div>
<div align="right"><b><center><font size="2" color="#FFFFFF">-<? echo $lvl."- <br> ".$aclass[$i].".".$bclass[$i].".".$cclass[$i].".".$dclass[$i];?></font></b><font size="2">
</font></div>
<div align="center"><font size="2"><a href="admin.php?action=del&id=<?echo $id[$i];?>"><b><img border=0 src=del.jpg></b></a> </center>
<!-- <a href="admin.php?action=edit&iid=<?echo $id[$i];?>"><b>EDiT</b></a> -->
</font></div>
</td>
</tr>
<? } ?>
<tr bgcolor="#70658B">
<td height="6" colspan="3">
<div align="center"><font size="2"></font></div>
<div align="center"><font size="2"></font></div>
<div align="center"></div>
<div align="center"><font size="2"><b><font color="#FFFFFF"> .:<a href="http://www.simhost.co.uk/forums/">
IPCheck version 0.3</a> by <a href="mailto:admin@simhost.co.uk">Symeon
Fasouliotis</a> :.</font></b></font></div>
</td>
</tr>
</table>
</div>
<? } ?>
<? if($action == "add") {
?>
<form method="post" action="admin.php?action=added">
<div align="center">Leave any field empty if you dont want to put a 4 class ip. <br> Example is shown below.
<p>Ip Class
<input type="text" name="aclass" maxlength="3" size="3" value="192">
.
<input type="text" name="bclass" maxlength="3" size="3" value="168">
.
<input type="text" name="cclass" maxlength="3" size="3" value="">
.
<input type="text" name="dclass" maxlength="3" size="3" value="">
Level
<?
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from config where id = 1";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$super[]=$res["name9"];
$admin[]=$res["name8"];
$users[]=$res["name7"];
$simple[]=$res["name0"];
}
?>
<select name="level">
<option value="9"><?echo $super[0];?></option>
<option value="8"><?echo $admin[0];?></option>
<option value="7"><?echo $users[0];?></option>
<option value="0" selected><?echo $simple[0];?> ( default ) </option>
</select>
</p>
<p>
<input type="submit" name="Submit" value="Add This Ip">
</p>
</div>
</form>
<?
}
if($action == "added"){
if($aclass == "") { $aclass = "*"; }
if($bclass == "") { $bclass = "*"; }
if($cclass == "") { $cclass = "*"; }
if($dclass == "") { $dclass = "*"; }
if($level == "") { $dclass = "0"; }
// Check so only unique fields added
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from iplist where (aclass ='$aclass') AND (bclass = '$bclass') AND (cclass = '$cclass') AND (dclass = '$dclass')";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$idcheck[]=$res["ID"];
}
if(count($idcheck) > 0) { echo "This IP is <u>already</u> added to the list! Please click ";
echo "<a href="admin.php"> here </a> to go back";
}
else {
@ $db = mysql_pconnect($server, $user, $password);
mysql_select_db($database);
$query = "insert into iplist values ('', '".$aclass."' ,'".$bclass."' ,'".$cclass."' ,'".$dclass."','".$level."' ) ";
$result = mysql_query($query);
Echo "<META HTTP-EQUIV="Refresh"
CONTENT="0;URL=admin.php"> ";
// META HERE
}
}
if($action=="del"){
@ $db = mysql_pconnect($server, $user, $password);
mysql_select_db($database);
$query = "DELETE FROM iplist WHERE ID='$id'";
$result = mysql_query($query);
Echo "<META HTTP-EQUIV="Refresh"
CONTENT="0;URL=admin.php"> ";
// META HERE
}
if($action == "config"){
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from config where id =1";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$id[]=$res["ID"];
$security_lvl[]=$res["security_level"];
$nine[]=$res["valid9"];
$eight[]=$res["valid8"];
$seven[]=$res["valid7"];
$zero[]=$res["valid0"];
$invld[]=$res["invalid"];
$namen[]=$res["name9"];
$namee[]=$res["name8"];
$names[]=$res["name7"];
$namez[]=$res["name0"];
$pass[]=$res["adminpass"];
}
?>
<form method="post" action="admin.php?action=configured">
<div align="center">
<p> </p>
<table width="84%" border="1" height="122" bordercolor="#666A8C">
<tr>
<td width="7%" height="250" rowspan="7" bgcolor="#666A8C"><font size="2"></font></td>
<td width="86%" height="2" bgcolor="#666A8C" valign="middle">
<div align="center">
<p align="center"><b><font color="#FFFFFF">Configuration Menu</font></b></p>
</div>
</td>
<td width="7%" height="250" rowspan="7" bgcolor="#666A8C"> </td>
</tr>
<tr>
<td width="86%" height="125">
<div align="center">
<p align="left"><font size="2"><u>Security level is the strictness of
the ip check
<select name="seclvl">
<option selected><?echo $security_lvl[0];?></option>
<option >1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</u></font></p>
</div>
<ul>
<li>
<div align="left"><font size="2">Level 4 = IP Must be exact! (Static)
</font></div>
</li>
<li>
<div align="left"><font size="2">Level 3 = C Class Check (eg. 123.123.123.*)</font></div>
</li>
<li>
<div align="left"><font size="2"> Level 2 = B Class Check (eg. 123.123.*.*)
</font></div>
</li>
<li>
<div align="left"><font size="2">Level 1 = A Class Check (eg. 123.*.*.*)</font></div>
</li>
</ul>
</td>
</tr>
<tr>
<td width="86%" bgcolor="#666A8C">
<div align="center"><b><font color="#FFFFFF">User Levels</font></b></div>
</td>
</tr>
<tr>
<td width="86%" height="182">
<div align="center">
<p align="left">Rename Top Level to
<input type="text" name="superadmin" size="14" value="<?echo $namen[0];?>">
File
<input type="text" name="superadminfile" size="14" value="<?echo $nine[0];?>">
</p>
<p align="left">Rename Semi-Top Level to
<input type="text" name="admin" size="14" value="<?echo $namee[0];?>">
File
<input type="text" name="adminfile" size="14" value="<?echo $eight[0];?>">
</p>
<p align="left">Rename High-Line Level to
<input type="text" name="superuser" size="14" value="<?echo $names[0];?>">
File
<input type="text" name="superuserfile" size="14" value="<?echo $seven[0];?>">
</p>
<p align="left">Rename Low Level to
<input type="text" name="simpleuser" size="14" value="<?echo $namez[0];?>">
File
<input type="text" name="simpleuserfile" size="14" value="<?echo $zero[0];?>">
</p>
</div>
</td>
</tr>
<tr>
<td width="86%" height="14">
<div align="center">Invalid File
<input type="text" name="invalidfile" size="14" value="<?echo $invld[0];?>">
<div align="center">Admin Password
<input type="text" name="apass" size="14" value="<?echo $pass[0];?>">
</div>
</div>
</td>
</tr>
<tr>
<td width="86%" height="8">
<div align="center">
<input type="submit" name="Submit2" value="Update Settings">
</div>
</td>
</tr>
<tr>
<td width="86%" bgcolor="#666A8C" height="7">
<div align="center"><font color="#FFFFFF" size="2"><b>.: <a href="http://www.simhost.co.uk/forums/">IPCheck
version 0.3</a> by <a href="mailto:admin@simhost.co.uk">Symeon Fasouliotis</a>
:.</b></font></div>
</td>
</tr>
</table>
</div>
</FORM>
<?
}
if($action == "configured") {
@ $db = mysql_pconnect($server, $user, $password);
mysql_select_db($database);
$query = "update config set security_level='$seclvl',name9='$superadmin', name8='$admin', name7='$superuser', name0 ='$simpleuser', valid9='$superadminfile', valid8='$adminfile', valid7='$superuserfile', valid0 ='$simpleuserfile', invalid='$invalidfile', adminpass='$apass' where ID=1";
$result = mysql_query($query);
Echo "<META HTTP-EQUIV="Refresh"
CONTENT="0;URL=admin.php"> ";
}
} // sessions end here
else
{
echo "<form method="post" action="admin.php">";
echo "Admin Password : <input type="password" name="pass">";
echo "<input type="submit" name="Submit" value="Proceed to Admin Area">";
echo "</form>";
}
if($action == "edit") {
if($iid) {
$connection = mysql_connect($server, $user, $password);
$db = mysql_select_db($database, $connection);
$sql = "select * from iplist where id = '$iid'";
$result = mysql_query($sql, $connection);
while($res=mysql_fetch_array($result)) {
$id[]=$res["ID"];
$ac[]=$res["aclass"];
$bc[]=$res["bclass"];
$cc[]=$res["cclass"];
$dc[]=$res["dclass"];
$lev[]=$res["level"];
}
?>
<form method="post" action="admin.php?action=editted">
<div align="center">Leave any field empty if you dont want to put a 4 class ip or put a star (*).
<p>Ip Class
<input type="text" name="aclass" maxlength="3" size="3" value="<?echo $ac[0];?>">
.
<input type="text" name="bclass" maxlength="3" size="3" value="<?echo $bc[0];?>">
.
<input type="text" name="cclass" maxlength="3" size="3" value="<?echo $cc[0];?>">
.
<input type="text" name="dclass" maxlength="3" size="3" value="<?echo $dc[0];?>">
Level <select>
<option selected> <?echo $lev[0];?> </option>
<option> 1 </option>
<option> 2 </option>
<option> 3 </option>
<option> 4 </option>
</select><br>
<br><center> <input type="submit" name="Submit" value="Update Ip List">
</form>
<?
}
else { Echo "Wrong format of URL. Click back and click on a proper link!"; }
}
?>
</body>
</html>