...

View Full Version : Admin Panel Gone Wrong



Jesuspwnt
12-24-2007, 01:12 PM
Hi, yesturday i made an admin panel for a CMS im working on.
the admin panel is protected by a .htaccess & .htpasswd file authentication + user authentication which is all dealt with by php and stored in my database.

Anyway, as i said i've only just created it hence i've only got a few icons for the actual panel itsself.

heres the code for the admin panel index.php


$catid = mysql_real_escape_string($_GET['catid']);

if($catid == "1"){
$admin_title = "Content Management";
}elseif($catid == "2"){
$admin_title = "User Management";
}elseif($catid == "3"){
$admin_title = "System_Management";
}

$admin = mysql_query("SELECT * FROM administration WHERE catid='{$catid}'");
$admin = mysql_fetch_array($admin);
echo " <td valign=\"top\">\n";
echo " <table class=\"news_tbl\" cellspacing=\"0\">\n <tr>\n <td class=\"news_title\">".$admin_title."</td>\n </tr>\n";
echo "<Tr><Td>";
$i = 0;
while($admin = mysql_fetch_array(mysql_query("SELECT * FROM administration WHERE catid='{$catid}' ORDER BY name ASC"))){
if($i == 0){
echo "<tr>";
}
echo "<td class=\"icon\"><a href=\"index.php?module=".$admin['id']."\"><img src=\"/themes/".$site['theme']."/images/administration/".$admin['icon']."\" alt=\"".$admin['name']."\"><br />";
echo $admin['name']."</a></td>";
if($i == "4"){
echo "</tr>";
$i = "0";
}
$i++;
}

i inserted a admin "module" today named : Users.
with this information:


INSERT INTO `ccurityo_cms`.`administration` (
`id` ,
`name` ,
`file_location` ,
`auth` ,
`icon` ,
`catid`
)
VALUES (
NULL , 'users', 'users.php', 'U', 'UsersFolderIcon.png', '2'
);

Yet all i get is a continous flood of



<td class="icon"><a href="index.php?module=1"><img src="UsersFolderIcon.png" alt="users"><br />users</a></td>


Any ideas of what's wrong?

SeeIT Solutions
12-24-2007, 01:30 PM
Because you have got the while loop doing the query over and over.

Try this.


$result = mysql_query("SELECT * FROM administration WHERE catid='{$catid}' ORDER BY name ASC");
while($admin = mysql_fetch_array($result)){
if($i == 0){
echo "<tr>";
}
echo "<td class=\"icon\"><a href=\"index.php?module=".$admin['id']."\"><img src=\"/themes/".$site['theme']."/images/administration/".$admin['icon']."\" alt=\"".$admin['name']."\"><br />";
echo $admin['name']."</a></td>";
if($i == "4"){
echo "</tr>";
$i = "0";
}
$i++;
}

Jesuspwnt
12-24-2007, 01:35 PM
ahhh, i see now, thanks alot! :D

Jesuspwnt
12-24-2007, 02:21 PM
uh oh, another problem.

my logout page is for some reason not working..

i created a quick like 10 lines of code when i created to end ALL sessions, yet when i log out from an admin account, i can still delete posts, any ideas?


foreach($_SESSION as $name=>$value){
$_SESSION[$name]=NULL;
}
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}

Mwnciau
12-24-2007, 02:46 PM
Try using session_destroy (http://uk2.php.net/manual/en/function.session-destroy.php)

Jesuspwnt
12-24-2007, 02:52 PM
oops i must have forgotten to include that in my copy and paste :P, that is in the script too lol, promise :P

SeeIT Solutions
12-24-2007, 02:53 PM
I'd use...


unset($_COOKIE,$_SESSION);



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum