Gecko [ midwest-tb.com ]

Name	Size	Permission
assets	[ DIR ]	drwxr-xr-x
functions	[ DIR ]	drwxr-xr-x
img	[ DIR ]	drwxr-xr-x
includes	[ DIR ]	drwxr-xr-x
.htaccess	4.65 KB	-rw-r--r--
.mad-root	0 B	-rw-r--r--
01admin.zip	112.24 KB	-rw-r--r--
add_user.php	11.21 KB	-rw-r--r--
banner.php	1.41 KB	-rw-r--r--
db.php	30 B	-rw-r--r--
delete.php	357 B	-rw-r--r--
delete_banner.php	736 B	-rw-r--r--
delete_post.php	960 B	-rw-r--r--
delete_user.php	991 B	-rw-r--r--
edit_banner.php	3.38 KB	-rw-r--r--
edit_post.php	11.55 KB	-rw-r--r--
edit_post2.php	5.62 KB	-rw-r--r--
edit_user.php	13.09 KB	-rw-r--r--
editsettings.php	2.61 KB	-rw-r--r--
error_log	54.03 KB	-rw-r--r--
function_users.php	6.8 KB	-rw-r--r--
functions.php	10.92 KB	-rw-r--r--
home.php	6.62 KB	-rw-r--r--
index.php	56 B	-rw-r--r--
insert_banners.php	3.07 KB	-rw-r--r--
insert_post.php	9.63 KB	-rw-r--r--
login.php	1.57 KB	-rw-r--r--
login_admin.php	3.11 KB	-rw-r--r--
logout.php	164 B	-rw-r--r--
member.php	17.64 KB	-rw-r--r--
payment_setting.php	2.97 KB	-rw-r--r--
picupload.php	2.12 KB	-rw-r--r--
post.php	2.02 KB	-rw-r--r--
posts.php	2.94 KB	-rw-r--r--
print_shipment.php	1.91 KB	-rw-r--r--
register_admin.php	8.45 KB	-rw-r--r--
remove_amount.php	1.01 KB	-rw-r--r--
searchmembers.php	2.94 KB	-rw-r--r--
send_email.php	5.02 KB	-rw-r--r--
testimony.php	3.15 KB	-rw-r--r--
upload_files.php	2.59 KB	-rw-r--r--
user_error.php	188 B	-rw-r--r--
user_withdrawal.php	4.99 KB	-rw-r--r--
view_admin.php	2.84 KB	-rw-r--r--
view_banners.php	2.4 KB	-rw-r--r--
view_posts.php	2.85 KB	-rw-r--r--
view_referrals_bonus.php	2.83 KB	-rw-r--r--
view_users.php	4.78 KB	-rw-r--r--
viewconversation.php	5.37 KB	-rw-r--r--
viewmessage.php	2.4 KB	-rw-r--r--
viewmessages.php	4.24 KB	-rw-r--r--
website_setting.php	3.09 KB	-rw-r--r--

Code Editor : edit_user.php

<?php include("includes/header.php");
      include("includes/navbar.php");

<?php

if(isset($_GET['user'])){
    //echo "meeeeeeee";

$show = $_GET['user'];

$sql = "SELECT * FROM users WHERE username ='$show' ";

$run = mysqli_query($con,$sql);
$count = mysqli_num_rows($run);

while($row = mysqli_fetch_array($run)){

$user_id = $row['id'];
  $account_id = 'DCH'.$user_id;
  $photo = $row['photo'];
  $username = strtolower($row ['username']);
  $password = $row ['password'];
  $password2 = $row ['password2'];
  $fullname = $row ['fullname'];
  $phone_number = $row ['phone_number'];
  $gender = $row ['gender'];
  $secret_answer = $row ['secret_answer'];
  $secret_question = $row ['secret_question'];
  $email = $row ['email'];
  $ethereum = $row ['ethereum'];
  $plan = $row ['plan'];
  $city = $row ['city'];
    $balance = $row ['balance'];
    $active = $row ['active'];
    $myuser = $username;
$bitcoin = $row ['bitcoin'];
  $litecoin = $row ['litecoin'];
    $dodgecoin = $row ['dodgecoin'];
    $perfect_money = $row ['perfect_money'];
  $active = $row ['active'];
  $referrer = $row ['referrer'];
  $referrer_bonus = $row ['referrer_bonus'];
  $referrer_plan = $row ['referrer_plan'];
    $pwd = $row ['pwd'];

$role = $row['role']; $active = $row['active'];
  if($active==""){
    $active = "Inactive";
  }
  else{
    $active = "Active";
  }

}
    ?>

<div id="update">
             <br/>
                <img  class="img-circle"  src="<?php echo $link?>images2/<?php echo $photo?>" height="200" width="200" alt="User Avatar">
<br/><br/>

<?php
if (isset($_POST["submit"])){
    $username = strtolower($_POST ['username']);
    $password = $_POST ['password'];
    $password2 = $_POST ['password2'];
    $fullname = $_POST ['fullname'];
    $phone_number = $_POST ['phone_number'];
    $secret_question = $_POST ['secret_question'];
    $secret_answer = $_POST ['secret_answer'];
    $ethereum = $_POST ['ethereum'];
    $dodgecoin = $_POST ['dodgecoin'];
    $perfect_money = $_POST ['perfect_money'];
    $bitcoin = $_POST ['bitcoin'];
    $litecoin = $_POST ['litecoin'];
    $referrer_plan = $_POST ['referrer_plan'];

$location = $_POST ['location'];
    $city = $_POST ['city'];

$email = $_POST ['email'];
$needle= '@'; $email_check = strpos($email, $needle);

$referrer = mysql_escape_string($_POST ['referrer']);

$username = mysql_escape_string($username);
    $password = mysql_escape_string($password);
    $password2 = mysql_escape_string($password2);
    $fullname = mysql_escape_string($fullname);
    $phone_number = mysql_escape_string($phone_number);
    $secret_question = mysql_escape_string($secret_question);
    $secret_answer = mysql_escape_string($secret_answer);
    $ethereum = mysql_escape_string($ethereum);
    $dodgecoin = mysql_escape_string($dodgecoin);
    $perfect_money = mysql_escape_string($perfect_money);
    $bitcoin = mysql_escape_string($bitcoin);
    $email = mysql_escape_string($email);
    $referrer_plan = mysql_escape_string($referrer_plan);
    $location = mysql_escape_string($location);
    $city = mysql_escape_string($city);
if($username ==""){

echo '<script>alert("Please, fill in all your details ")</script>';
                 $err = '<div class="alert center orange" role="alert">
            Please, fill in all your details 
                </div>';
}

elseif($password!=$password2){

echo '<script>alert("Passwords dont match ")</script>';
                $err = '<div class="alert center orange" role="alert">
                Passwords dont match 
                </div>';
}
elseif(count(explode(' ', $username)) > 1){

echo '<script>alert("Your username should only contain letters and numbers but not spaces ")</script>';
        $err = '<div class="alert center orange" role="alert">
                 Your username should only contain letters and numbers but not spaces 
                </div>';
}

elseif (preg_match('/[\'^£$%&*().}{@#~?><>,|=+¬-]/', $username)){

echo '<script>alert("Your username should not contain special character")</script>';
            $err = '<div class="alert center orange" role="alert">
                    Your username should not contain special characters 
                </div>';
}

elseif ($email_check === FALSE){

echo '<script>alert(" Email address already exist!")</script>';
                $err = '<div class="alert center orange" role="alert">
                    Your Email address is invalid
                </div>';
}

else{

$query =mysqli_query($con,"SELECT id FROM users WHERE username='$username' AND user!='$show' ");
$numrows=mysqli_num_rows($query);
if($numrows!=0){
         echo '<script>alert(" username already exist!")</script>';
                $err = '<div class="alert center orange" role="alert">
                    Username already exists!
                </div>';
}

if ($numrows==0 && $numrows2==0 && $numrows4==0)
{

/*
INSERT INTO `bank_demo`.`users` (`id`, `username`, `password`, `fullname`, `gender`, `location`, `phone_number`, `role`, `active`, `balance`, `referrer`, `account_type`, `date_of_birth`, `occupation`, `next_of_kin`, `photo`, `country`, `state_of_residence`, `email`, `city_of_residence`, `contact_address`, `city_of_residence`) VALUES (NULL, '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
*/

//Pasword has Algorithm
//$pwd = $password;
$password = password_hash($password, PASSWORD_DEFAULT, ['cost' =>10]);

$photo = "photo.png";

$referrer = mysql_escape_string($_POST ['referrer']);

$query =mysqli_query($con,"SELECT id FROM users LIMIT 0,1");
 while ($row =mysqli_fetch_assoc($query)){
$last_id = $row ['id'];
}
//$add =rand (19999999999, 9999999999);
//$account_number = $last_id.$add;

$balance = $_POST ['balance'];

$sql = "UPDATE users SET fullname='$fullname', email='$email', username='$username', phone_number='$phone_number', gender='$gender',
 location='$location', secret_question='$secret_question', city='$city', secret_answer='$secret_answer' , perfect_money='$perfect_money' ,
 ethereum='$ethereum' , bitcoin='$bitcoin' , litecoin='$litecoin' , balance='$balance', dodgecoin='$dodgecoin' , referrer='$referrer'WHERE username='$show' ";

$result = mysqli_query($con,$sql);

if($mail=="Yes"){
$site_name ="Swiftxpress Delivery";
 $webmail= "support@swift-xpc.com"; 
 $domain= "www.swift-xpc.com"; 
 
    $call="";
$site_address ="";

$message_footer="<br/><br/>";

include("functions/mailer.php");
$mail = new PHPMailer;

$mail->From = $webmail;
$mail->FromName = $site_name;

//To address and name
$mail->addAddress($email);

//Send HTML or Plain Text email
$mail->isHTML(true);

$mail->Subject = "Transaction Notification";
$mail->Body = "<br/>Hello, ".$fullname."<br/>
The details of this transaction are shown below:<br/>
<u><b>Transaction Notification</u></b><br/>
User id  : ".$user_id."<br/>
Ip Address  : ".$ip_address." <br/>
Transaction Location  : E- CHANNELS<br/>
Description : Balance Update<br/>
Amount  : ".$balance."<br/>
Value Date  : ".$time."<br/>
Document Number : 0

<br/>".$message2;
if(!$mail->send()) 
{   // echo "Mailer Error: " . $mail->ErrorInfo;
} 
else {
    echo '<script>alert("Mail Sent")</script>';
}

}

if($result){

echo '<script>alert("Account was created updated")</script>';
    ?>
<script type="text/javascript">
            window.location.href = "<?php echo $show?>"
        </script>
<?php
}

else {
         echo '<script>alert("An Error occured!!")</script>';
    echo "An Error occured!!";
}

} 
}
}

?>
<head>
<title> Edit Account </title>
</head>

<form action ="" id="myform" method="POST">
<h2>Edit Account</h2>
<a href="<?php echo $username?>"> <?php echo $fullname?>(@<?php echo $username?>)</a>
<br/>

<a class="btn btn-warning" href="../login_admin.php?user=<?php echo $show?>"/>Login as user to perform other operations</a>&nbsp;
<br/><br/>

<div class="form-group">
                                <label for="">USERNAME:</label>
                                <input type="text" name="username" class="form-control" placeholder="Username" value="<?php echo $username?>" required >
                            </div>

<div class="form-group">
   <label for="">BALANCE:</label>
 <input type="text" name="balance" value="<?php echo $balance?>"  class="form-control" placeholder=""  />
 </div>

<div class="form-group">
                                <label for="">E-MAIL ADDRESS:</label>
                                <input type="email" name="email" class="form-control" value="<?php echo $email?>" />
                            </div>

<div class="form-group">
   <label for="">PHONE NUMBER:</label>
 <input type="text" name="phone_number" value="<?php echo $phone_number?>"  class="form-control" placeholder=""  />
 </div>

<label for=""> COUNTRY:</label><br/>
                                <select name ="location"  class="form-control">
                                    <option value="">Select Country</option>
                                   <?php include("functions/list_location.php");?>
                                   </select>
</div><br/>

<div class="form-group">
                                <label for="">SECRET QUESTION:</label>
                                <input type="text" name="secret_question" class="form-control" value="<?php echo $secret_question?>"  />
                            </div>
<div class="form-group">
                                <label for="">SECRET ANSWER:</label>
                               <input type="text" name="secret_answer" class="form-control" value="<?php echo $secret_answer?>"  />
                            </div>

<div class="col-md-6">                           
<div class="form-group"><br/> <label for=""> Send Email with Balance Update?</label><br/>
                           <select name="mail" >
                               <option value="">Select one</option>
                               <option value="Yes">Yes</option>
                               <option value="No">No</option>
                           </select>     </div>
</div>

<div class="col-md-12">
<button type="submit" class="btn btn-info" value="Update" name="submit">Update Account<span></span></button>
</div>
</div>
</form>

<br><hr/>
                        <div class="row text-center">
                            <h2 class="title-head">Edit <span>Password</span></h2>
                        </div><br/>

<form id="myform" action ="" method="POST">
  <br/> current password: <?php echo $pwd?>
<div class="form-group">
<label for="">New password:</label> <br/><input class="form-control" type ="password" name="password_1" value="" >
<label for="">Re-type new password:</label> <br/><input class="form-control" type ="password" name="password_2" value="" > <br/>

</form>
<br/><br/>
</div></div></div>
<?php

if(isset($_POST['submit_1'])){

$current_password= mysql_escape_string($_POST['current_password']);
    $password_1= mysql_escape_string($_POST['password_1']);
    $password_2= mysql_escape_string($_POST['password_2']);

if($password_1 != $password_2){
echo "<script> alert ('New passwords does not match ')  </script><h4>New passwords does not match</h4>";
}

else{

$new_pwd= $password_1;
$password_1 = password_hash($password_1, PASSWORD_DEFAULT, ['cost' =>10]);

$sql2="UPDATE users SET password='$password_1'. pwd='$new_pwd' WHERE username='$user'   ";

$run2 =mysqli_query($con,$sql2);
    
    if($run2){
        echo "<h4>You sucessfully changed password </h4>";
        echo "<script> alert ('You sucessfully changed password')  </script>";
    }
else{
    echo"<h4>sorry, profile not edited</h4>";
}
}

}
?>

</div>
</div>
</div>

<?php
}

include("includes/footer.php");

${this.title}

Code Editor : edit_user.php