PHP / MYSQL Admin Panel [Basic-ish]

**Nightmare** · 01-10-2009 04:05 PM

Okay so, I have this client, his name is chillaxx, many of you know him, most of you hate him, some of you don't.

He and his friend asked me to code a script for their call of duty ladder, eventually itll be like twl. The script was to use a mixture of mysql and php to have functions such as, add team, remove team, update team, viewteam, viewprofile, and incorporate minimal security for the admin panel at this time. I spanned this code out through about 10 files. Most of which are classes. The only credit I feel is due here is smitteh, with whom I coded the core.php class file for a seperate project, which just goes to show that even in php, you can reuse old code

-=-=-=-=-=-=-=-=-=
Class: Core.php
-=-=-=-=-=-=-=-=-=

PHP Code:


<?php
    class CMySQL{

        private $dbUser = "???";
        private $dbPass = "???";
        private $dbname = "???";
        
        private $error = 0;
        private $errormessage = "";

        private function DisplayError( $errormsg )
        {
            switch( $this->error )
            {// kgo
                case 1:
                    echo "MySQL connection error.";
                    break;
                case 2:
                    echo "MySQL database selection error.";
                    break;
                case 3:
                    echo $errormsg;
                    break;
            }
        }

        private function OpenConnection( )
        {
            mysql_connect( "???", $this->dbUser , $this->dbPass );
            
            $this->DisplayError( mysql_error() );

        }
        
        private function OpenDatabase( $db )
        {

            mysql_select_db( $db ) or $this->error = 2;
                
            $this->DisplayError( mysql_error() );
        }
         
        private function CloseConnection()
        { 
            mysql_close();
        }
            
        public function Query( $query )
        {
            $this->OpenConnection( );
            
            $this->OpenDatabase( $this->dbname );
            
            $result = mysql_query( $query ) or $this->error = 3;
            
            $this->DisplayError( mysql_error() );
            
            $this->CloseConnection();
            
            return $result;
        }
    }
?>

-=-=-=-=-=-=-=-=-=
Class: cTeam.php
-=-=-=-=-=-=-=-=-=

PHP Code:


<?php

/*
#Script-> cTeam.php
#Author-> Josh Underwood
#Website-> www.VL-League.com
#Date|Time-> Friday, January 09 2009 | 12:12 PM
#Script Purpose-> cTeam.php will contain all primary functions, addteam, banteam, deleteteam, viewteam
*/

require_once('core.php');

Class cTeam extends CMySQL {
        
    public function addTeam($teamname, $adminxfire, $website) {
        $result = parent::Query("SELECT teamname FROM teams WHERE teamname = '$teamname'");
        
        if ( mysql_numrows( $result )> 0 ) {
            die( "That team name is taken, please try again" );
        }
        
        parent::Query("INSERT INTO teams VALUE('$TeamID','$teamname','$adminxfire','$website')");
        echo "Completed!";
    }
        
    public function removeTeam($TeamID) {
        $result = parent::Query("SELECT teamname FROM teams WHERE teamid = '$TeamID'");
        
        if ( mysql_numrows( $result )> 0 ) {
            parent::Query("DELETE FROM teams WHERE teamid = '$TeamID'");
            die( "Team deletion success" );
        }
    }
    
    public function viewTeam($teamname) {
        $result = parent::Query("SELECT * FROM teams WHERE teamname = '$teamname'");

        $row = mysql_fetch_array($result);
        echo "Team ID: " . $row[0] . "<br>";
        echo "Team Name: " . $row[1] . "<br>";
        echo "Admin XFire: " . $row[2] . "<br>";
        echo "Team Website: " . $row[3] . "<br>";
    }
    
    public function updateTeam( $TeamID, $teamname, $adminxfire, $website )    {
        parent::Query("UPDATE teams SET teamname = '$teamname', adminxfire = '$adminxfire', website = '$website' WHERE teamid = '$TeamID'");
    }
}
?>

-=-=-=-=-=-=-=-=-=
Class: index.php
-=-=-=-=-=-=-=-=-=

PHP Code:


<?php

$uIP = $_SERVER['REMOTE_ADDR'];

if ( $uIP != "???" && $uIP != "???" && $uIP != "???" )
    die("Access Denied, Not administrator");

?>
<html>
    <head>
        <title>VL-League.com :: Admin Control Panel</title>
        <style type='text/css'>
        body {
        background-color: #C0C0C0;
        }
        </style>
    </head>
    
<body>

    <h1>Admin Control Panel</h1>
    <hr>
    <form action="addTeam.php" method="post">
    <p>
    Desired Team Name:<br>
    <input type=text name="teamname"><br>
    Team Leaders XFire:<br>
    <input type=text name="adminxfire"><br>
    Team Website Address: (Including http://www.)<br>
    <input type=text name="website">
    <input type=submit value="Add Team">
    </p>
    </form>
    <br><br>
    <form action="viewTeam.php" method="post">
    Enter Team Name:<br>    
    <input type=text name="teamname">
    <input type=submit value="View Team">
    </form>
    <br><br>
    <form action="removeTeam.php" method="post">
    Enter Team ID:<br>    
    <input type=text name="id">
    <input type=submit value="Remove Team">
    </form>
    <form action="updateTeam.php" method="post">
    <p>
    New Team Name:<br>
    <input type=text name="teamname"><br>
    New Leaders XFire:<br>
    <input type=text name="adminxfire"><br>
    New Website Address: (Including http://www.)<br>
    <input type=text name="website"><br>
    Enter Team ID:<br>
    <input type=text name="teamid"><br>
    <input type=submit value="Update Team">
    </p>
    </form>
    
    <table border="1">
    <tr>
    <th>Team Name:</th>
    <th>Team ID:</th>
    </tr>
    <?php 
    require_once('cTeam.php');
    $Team = new CTeam;
    $MySQL = new CMySQL;
    $result_name = $MySQL->Query("SELECT teamname FROM teams");
    $result_id = $MySQL->Query("SELECT TeamID FROM teams");

    for ( $count = 0; $count < mysql_num_rows($result_name); $count++) {
        echo "<tr><td>" . "<a href='./viewprofile.php?pID=" . mysql_result($result_id, $count) . "'>" . mysql_result($result_name, $count) . "</a>" . "</td> ";
        echo "<td> " . mysql_result($result_id, $count) . "</td></tr> ";
    }
    ?>
</table>
    
</body>
</html>

-=-=-=-=-=-=-=-=-=
Class: addTeam.php, removeTeam.php, updateTeam.php, viewTeam.php
-=-=-=-=-=-=-=-=-=

PHP Code:


<?php
require_once('cTeam.php');
$Team = new cTeam;
$TeamName = $_REQUEST['teamname'];
$AdminXFire = $_REQUEST['adminxfire'];
$Website = $_REQUEST['website'];
$Team->addTeam($TeamName, $AdminXFire, $Website);
echo "<a href='???'>Click to Return</a>";
?>

<?php
require_once('cTeam.php');
$TeamID = $_REQUEST['id'];
$Team = new CTeam;
$Team->removeTeam($TeamID);
?>

<?php
#update team
require_once('cTeam.php');
$Team = new cTeam;

$teamname = $_REQUEST['teamname'];
$adminxfire = $_REQUEST['adminxfire'];
$website = $_REQUEST['website'];
$id = $_REQUEST['teamid'];
$Team->updateTeam($id,$teamname,$adminxfire,$website);

?>

<?php
require_once('cTeam.php');
$Team = new cTeam;
$TeamName = $_REQUEST['teamname'];
$Team->viewTeam($TeamName);
?>

-=-=-=-=-=-=-=-=-=
Class: viewprofile.php
-=-=-=-=-=-=-=-=-=

PHP Code:


<?php

#row[0] = teamid;
#row[1] = teamname;
#row[2] = adminxfire;
#row[3] = website;
#row[4] and above are empty;

require_once('cTeam.php');

$sql = new CMySQL;
$pID = $_REQUEST['pID'];

    $result = $sql->Query("SELECT * FROM teams WHERE teamid = '$pID'");

if ( mysql_num_rows($result)< 1)
    die( "Invalid team id" );

    $row = mysql_fetch_array($result);
    
?>
<html>
    <head>
        <title><?echo$row[1];?></title>
    </head>
<body>
<b>Team ID: </b> <i><?echo$row[0];?></i><br>
<b>Team Name: </b> <i><?echo$row[1];?></i><br>
<b>Admin XFire: </b> <i><?echo$row[2];?></i> | <u> <a href="xfire:add_friend?user=<?echo$row[2]?>">Add to xfire</a> </u><br>
<b>Team Website: </b> <i><a href="<?echo$row[3];?>" target="_blank"><?echo$row[3];?></a></i><br>
</body>
</html>