Forum/admin.php at master · deobfuscate/Forum · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
	define("TITLE", "Categories");
	include("includes/header.php");

	if (!isset($u) || !isLoggedin($u,$dbc) || getUserRole($u, $dbc) > 0 || getUserRole($u, $dbc) == -1)
		die("Unauthorized");

	if (isset($_POST['forum_name']) && !empty($_POST['forum_name'])) {
		$forum_name = htmlspecialchars($_POST['forum_name']);
		$query = "UPDATE settings SET value = ? WHERE settings.setting = 'forum_name'";
		$stmt = $dbc->prepare($query);
		$stmt->bind_param("s", $forum_name);
		if ($stmt->execute())
			print "		<p>Forum Name changed successfully.</p>\n";
		else
			print "		<p>Failed to change Forum Name.</p>\n";
	}
	if (isset($_POST['max_topics']) && !empty($_POST['max_topics'])) {
		$max_topics = htmlspecialchars($_POST['max_topics']);
		$query = "UPDATE settings SET value = ? WHERE settings.setting = 'max_topics'";
		$stmt = $dbc->prepare($query);
		$stmt->bind_param("s", $max_topics);
		if ($stmt->execute())
			print "		<p>Max topics changed successfully.</p>\n";
		else
			print "		<p>Failed to change Max topics.</p>\n";
	}
	if (isset($_POST['max_posts']) && !empty($_POST['max_posts'])) {
		$max_posts = htmlspecialchars($_POST['max_posts']);
		$query = "UPDATE settings SET value = ? WHERE settings.setting = 'max_posts'";
		$stmt = $dbc->prepare($query);
		$stmt->bind_param("s", $max_posts);
		if ($stmt->execute())
			print "		<p>Max posts changed successfully.</p>\n";
		else
			print "		<p>Failed to change Max posts.</p>\n";
	}
?>
		<p><a href="userlist.php">View user list</a></p>
        <form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" name="register">
<?php
		$query = "SELECT settings.value FROM settings WHERE settings.setting = 'forum_name' LIMIT 1";
		$stmt = $dbc->prepare($query);
		$stmt->execute();
		$result = $stmt->get_result();
		if ($result->num_rows > 0) {
			$r = $result->fetch_assoc();
			print "			<p>Forum Name:<br><input name=\"forum_name\" type=\"text\" size=\"32\" id=\"forum_name\" value=\"{$r["value"]}\" autofocus></p>\n";
		}
		else {
			print "			<p>Forum Name:<br><input name=\"forum_name\" type=\"text\" size=\"32\" id=\"forum_name\" autofocus></p>\n";
		}

		$query = "SELECT settings.value FROM settings WHERE settings.setting = 'max_topics' LIMIT 1";
		$stmt = $dbc->prepare($query);
		$stmt->execute();
		$result = $stmt->get_result();
		if ($result->num_rows > 0) {
			$r = $result->fetch_assoc();
			print "			<p>Max topics to display on topic list:<br><input name=\"max_topics\" type=\"number\" size=\"5\" id=\"max_name\" value=\"{$r["value"]}\"></p>\n";
		}
		else {
			print "			<p>Max topics to display on topic list:<br><input name=\"max_topics\" type=\"number\" size=\"5\" id=\"max_name\"></p>\n";
		}

		$query = "SELECT settings.value FROM settings WHERE settings.setting = 'max_posts' LIMIT 1";
		$stmt = $dbc->prepare($query);
		$stmt->execute();
		$result = $stmt->get_result();
		if ($result->num_rows > 0) {
			$r = $result->fetch_assoc();
			print "			<p>Max posts to display on thread page:<br><input name=\"max_posts\" type=\"number\" size=\"5\" id=\"max_posts\" value=\"{$r["value"]}\"></p>\n";
		}
		else {
			print "			<p>Max posts to display on thread page:<br><input name=\"max_posts\" type=\"number\" size=\"5\" id=\"max_posts\"></p>\n";
		}

?>
			<p><button>Save</button></p>
		</form>
<?php
	include("includes/footer.php");
?>