Menu
I have a very basic login to view an admin panel, but when I upgraded the PHP version of this website it no longer works.
Here is a link to the page
[url]http://site.odiz.biz/reviews/admin.php
The password is “password123”.
Here is the code, can anyone see why the upgrade screwed up the script? Btw, I did not write the script so go ahead and make fun of it if its not up to par.
[code=php]
<html>
<head>
<link rel=”stylesheet” type=”text/css” href=”style.css” />
</head>
<body>
<?php
session_start();
mysql_connect(“mysql”, “SivaBirdie”, “BirdMan71139”) or die(mysql_error());
mysql_select_db(“reviews”) or die(mysql_error());
if($_SESSION[loggedin] != “y”){
if($_POST[pass] == “password123”){
$_SESSION[loggedin] = “y”;
echo “<script>window.location = ‘admin.php’;</script>”;
}
else{
echo “<form action=’admin.php’ method=post>Password: <input class=’password’ type=’password’ name=’pass’><input class=’submit’ type=submit value=’Login’></form>”;
}
}
else {
if($_GET[c] == “”){
?>
<table height=”100%”><tr><td width=”100%” id=”admin-title” colspan=”2″><H1>Odiz.com Product Reviews Management</H1></td></tr><tr>
<td width=”25%” height=”100%” valign=”top” id=”admin-cell”>
<a href=”admin.php?c=app” target=”content”>New Approvals</a><br>
<a href=”admin.php?c=del” target=”content”>Delete Reviews</a><br>
<a href=”admin.php?c=appCp” target=”content”>Turn Approvals On Or Off</a><br>
</td>
<td wudth=”75%” height=”100%”>
<iframe
src =””
width=”100%” height=”100%” name=”content” id=”frame”>
</iframe>
</td>
</tr></table>
<?php
}
else if($_GET[c] == “del”){
echo”<h1>Delete Area</h1><br><br>”;
if($_GET[p] == “”){
$q = mysql_query(“SELECT * FROM Reviews”);
$array[0] = “”;
while($r = mysql_fetch_array($q)){
foreach ($array as $arrayItem){
if($arrayItem == $r[id])$fail = y;
}
if($fail != “y”) $array[] = $r[id];
$fail = “”;
}
foreach($array as $id){
echo “<a href = ‘admin.php?c=del&p=”.$id.”‘>”.$id.”</a><br>”;
}
}
else if($_GET[num] == “”){
$q = mysql_query(“SELECT * FROM Reviews WHERE id=’$_GET[p]’ ORDER BY num ASC”);
while($r = mysql_fetch_array($q)){
echo “<a href=’admin.php?c=del&p=”.$_GET[p].”&num=”.$r[num].”‘>”.$r[name].”</a><br>”;
}
}
else{
if($_GET[con] == “y”){
mysql_query(“DELETE FROM Reviews WHERE id=’$_GET[p]’ AND num=’$_GET[num]'”) or die(mysql_error());
if($_GET[ref] == “app”) echo “<script>window.location = ‘admin.php?c=app’;</script>”;
else echo “<script>window.location = ‘admin.php?c=del’;</script>”;
}
else{
$q = mysql_query(“SELECT * FROM Reviews WHERE num=’$_GET[num]’ ORDER BY num ASC”);
while($r = mysql_fetch_array($q)){
$i = 1;
while($i <= 5){
if($r[star] >= $i) $starz .= “<img border=’0′ src=’star1.png’ width=’14’ height=’13’>”;
else $starz .= “<img border=’0′ src=’star2.png’ width=’14’ height=’13’>”;
$i++;
}
?>
<div id=”reviews”>
<div id=”reviews-name”><?php echo $r[name]; ?></div>
<div id=”reviews-rating”>Rating: <?php echo $starz; ?></div>
<div id=”reviews-comment”><?php echo $r[content]; ?></div>
<br>
<a href=’admin.php?c=del&con=y&p=<?php echo $_GET[p]; ?>&num=<?php echo $r[num]; ?>’>Delete</a>
<?
}
}
}
}
else if($_GET[c] == “app”){
$q = mysql_query(“SELECT * FROM Reviews WHERE app = ‘n'”);
$array[0] = “”;
while($r = mysql_fetch_array($q)){
foreach ($array as $arrayItem){
if($arrayItem == $r[id])$fail = y;
}
if($fail != “y”) $array[] = $r[id];
$fail = “”;
}
foreach($array as $id){
if($_GET[num] != “”) mysql_query(“UPDATE Reviews SET app = ‘y’ WHERE num = ‘$_GET[num]'”) or die(mysql_error());
echo “<hr>”.$id.”<br><hr>”;
$q2= mysql_query(“SELECT * FROM Reviews WHERE app = ‘n’ AND id = ‘$id'”);
while($r2 = mysql_fetch_array($q2)){
$i = 1;
while($i <= 5){
if($r2[star] >= $i) $starz .= “<img border=’0′ src=’star1.png’ width=’14’ height=’13’>”;
else $starz .= “<img border=’0′ src=’star2.png’ width=’14’ height=’13’>”;
$i++;
}
?>
<div id=”reviews”>
<div id=”reviews-name”><?php echo $r2[name]; ?></div>
<div id=”reviews-rating”>Rating: <?php echo $starz; ?></div>
<div id=”reviews-comment”><?php echo $r2[content]; ?></div>
<br>
<a href=’admin.php?c=app&num=<?php echo $r2[num]; ?>’>Approve</a> /
<a href=’admin.php?c=del&con=y&ref=app&p=<?php echo $r2[id]; ?>&num=<?php echo $r2[num]; ?>’>Delete</a>
<br><br>
<?
$starz = “”;
}
}
}
else if($_GET[c] == “appCp”){
$w = mysql_fetch_array(mysql_query(“SELECT * FROM app LIMIT 1”)) or die(mysql_error());
if($_GET[toggle] == “y”){
if($w[approved] == “y”) {
$t = “n”;
$nt = “y”;
}
if($w[approved] == “n”) {
$t = “y”;
$nt = “n”;
}
mysql_query(“UPDATE app SET approved = ‘$t’ WHERE approved = ‘$nt'”) or die(mysql_error());
echo “<script>window.location = ‘admin.php?c=appCp’;</script>”;
}
if($w[approved] == “y”){
echo “Approval is off, Turn it on? <a href=’admin.php?c=appCp&toggle=y’ > Yes </a>”;
}
if($w[approved] == “n”){
echo “Approval is on, Turn it off? <a href=’admin.php?c=appCp&toggle=y’ > Yes </a>”;
}
}
}
?>
</body>
</html>