Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such
Well I've made a customer member system and needed a little guided assistance
for my new any up coming small business.
Link to admin panel: http://lockpick.lukeidiot.com/?go=adminpanel
It's mostly a rough draft, meaning not all of it has coding behind it yet. (which is why im requesting a bit of help from you guys.)
If you have any helpful information to post, please please feel free!
adminpanel.php:
PHP Code:
<p>Welcome to the Admin Cpanel: <?php
session_start();
echo '<b>'. $_COOKIE['username'].'</b>';
?>!</p>
<p><em>Type the username you would like to edit</em><br><form method="post" action="">
<input type="text" name="txt_admin_find_username">
<input type="submit" name="Find" value="Find">
<br>
<?php if (isset($_POST['txt_admin_find_username']))
{
$txt_admin_find_username = $_POST['txt_admin_find_username'];
echo '<br>User Selected: <b>'.$_POST['txt_admin_find_username'].'</b><br />';
}
else
{
echo '<br>Please select a user.';
} ?></form>
<br>
Modify Account Type:<br>
<br>
<input name="type" type="radio" value="Customer">
Customer
<br>
<input name="type" type="radio" value="Product Shipper">
Product Shipper
<br>
<input name="type" type="radio" value="Product Stock">
Product Stock
<br>
<input name="type" type="radio" value="Customer Service">
Customer Service<br>
<input name="type" type="radio" value="Admin">
Admin<br>
<input type="submit" name="Submit_type" value="Submit">
<br>
<br>
Modify<strong> </strong>Email:<br>
<input type="text" name="txt_email">
<input type="submit" name="Change_email" value="Change">
<br>
<br>
Modify Username:<br>
<input type="text" name="txt_username">
<input type="submit" name="Change_username" value="Change">
<br>
<br>
Current Amount: <strong>$145.03</strong><br>
Modify Payout:<br>
<input type="text" name="txt_payout">
<input type="submit" name="Change_payout" value="Change">
<br>
<br>
Delete User:
<input type="submit" name="Change_payout2" value="Delete!">
<br>
<br>
<br>
</p>
Re: Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such
hackz0r: http://lukeidiot.com/lockpick/adminpanel.php
might want to take care of those errors, and not allow members to access that page directly.
Re: Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such
Quote:
Originally Posted by dclamp
Yeah, its not officially an adminpanel yet.
I like to call it a rough draft. :)
Re: Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such
Again you need to fix the errors on the page like dclamp said it can pose a security risk. And the go= query string is also a security risk because you can type the name of any php file in there and have that shown.
Its no got making an insecure "first draft", an attacker won't say "ahhhh, I can exploit this site but the page is clearly a first draft so I will find someone else" :D
