-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadmins.php
127 lines (121 loc) · 6.34 KB
/
admins.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php require_once("include/sessions.php"); ?>
<?php require_once("include/db.php"); ?>
<?php require_once("include/functions.php"); ?>
<?php require_once("include/admin_navigation.php"); ?>
<?php confirm_login(); ?>
<?php
//ob_start();
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($connection, $_POST['username']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$confirm_password = mysqli_real_escape_string($connection, $_POST['confirm_password']);
date_default_timezone_set("Europe/London");
$currentTime = time();
// $dateTime = strftime("%Y-%m-%d %H:%M:%S", $currentTime);
$dateTime = strftime("%B-%d-%Y %H:%M:%S", $currentTime);
$addedby = $_SESSION['username'];
$username = mysqli_real_escape_string($connection, $_POST['username']);
if(empty($username) || empty($password) || empty($confirm_password)){
$_SESSION['error_message'] = "All fields must be filled out";
redirect_to("admins.php");
}elseif(strlen($password) < 4){
$_SESSION['error_message'] = "Password must be atleast 4 characters";
redirect_to("admins.php");
}elseif($password !== $confirm_password){
$_SESSION['error_message'] = "Password/confirm password must be the same";
redirect_to("admins.php");
}else{
/* Encrypt password using password_hash which is a one-way encrypting algorithm, it also handles
the generation of salt included in the password. Bcrypt is used by default to generate the hash,Argon2 can
be use aswell.
Use the bcrypt algorithm (default as of PHP 5.5.0). Note that this constant is designed to change over
time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using
this identifier can change over time. Therefore, it is recommended to store the result in a database column
that can expand beyond 60 characters (255 characters would be a good choice)
*/
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO registration (datetime, username, password, addedby)
VALUES('$dateTime', '$username', '$hashed_password', '$addedby')";
$execute = mysqli_query($connection, $query);
if($execute){
$_SESSION['success_message'] = "Admin Added Successfully";
redirect_to("admins.php");
}else{
$_SESSION['error_message'] = "Something went wrong";
redirect_to("admins.php");
}
}
}
//ob_end_clean();
?>
<?php require_once("include/admin_header.php"); ?>
<div class="container-fluid">
<div class="row">
<div class="col-sm-2">
<br> <br>
<?php echo admin_nav(); ?>
</div>
<div class="col-sm-10">
<h1>Manage Admins Access</h1>
<div> <?php echo error_message();
echo success_message();
?></div>
<div>
<form action="admins.php" method="POST">
<fieldset>
<div class="form-group">
<!--fieldInfo is a user created class -->
<label for="username"><span class="fieldInfo">Username:</span></label>
<input type="text" name="username" class="form-control" id="username" placeholder="Enter username">
</div>
<div class="form-group">
<!--fieldInfo is a user created class -->
<label for="password"><span class="fieldInfo">Password:</span></label>
<input type="password" name="password" class="form-control" id="password" placeholder="Enter Password">
</div>
<div class="form-group">
<!--fieldInfo is a user created class -->
<label for="confirm_password"><span class="fieldInfo">Name:</span></label>
<input type="password" name="confirm_password" class="form-control" id="confirm_password" placeholder="Retype Password">
</div>
<br>
<input type="submit" class="btn btn-success btn-block" name="submit" value="Add New Site Administrator">
<br><br>
</fieldset>
</form>
</div>
<div class="table-responsive">
<table class="table table-striped table-hover">
<tr>
<th>Sr No.</th>
<th>Date & Time</th>
<th>Admin Name</th>
<th>Added By</th>
<th>Action</th>
</tr>
<?php
$query = "SELECT * FROM registration ORDER BY id DESC";
$result = mysqli_query($connection, $query);
// variable used to track the while loop below
$SrNo = 0;
while($rows = mysqli_fetch_array($result)):
$id = $rows['id'];
$dateTime = $rows['datetime'];
$username = $rows['username'];
$addedby = $rows['addedby'];
$SrNo++;
?>
<tr>
<td><?php echo $SrNo; ?></td>
<td><?php echo $dateTime; ?></td>
<td><?php echo $username; ?></td>
<td><?php echo $addedby; ?></td>
<th><a href="delete_admin.php?id=<?php echo $id; ?>" class="btn btn-danger">Delete</a></th>
</tr>
<?php endwhile;?>
</table>
</div>
</div>
</div> <!-- Ending of row -->
</div> <!-- Ending of container -->
<?php require_once("include/admin_footer.php"); ?>