Custom Admin Panel - Modifing info from DB's Editing/Deleteing and such

[Lukeidiot]

Well I've made a customer member system and needed a little guided assistance
for my new any up coming small business.

Link to admin panel: http://lockpick.lukeidiot.com/?go=adminpanel

It's mostly a rough draft, meaning not all of it has coding behind it yet. (which is why im requesting a bit of help from you guys.)

If you have any helpful information to post, please please feel free!

adminpanel.php:

PHP Code:

<p>Welcome to the Admin Cpanel: <?php
session_start();
echo '<b>'. $_COOKIE['username'].'</b>';
?>!</p>  
<p><em>Type the username you would like to edit</em><br><form method="post" action="">
    <input type="text" name="txt_admin_find_username">
      <input type="submit" name="Find" value="Find">
      <br>
  <?php if (isset($_POST['txt_admin_find_username']))
{
$txt_admin_find_username = $_POST['txt_admin_find_username'];
echo '<br>User Selected: <b>'.$_POST['txt_admin_find_username'].'</b><br />';
} 
else
{
echo '<br>Please select a user.';
} ?></form>
  <br>
Modify Account Type:<br>
<br>
<input name="type" type="radio" value="Customer"> 
      Customer
  <br>
  <input name="type" type="radio" value="Product Shipper"> 
Product Shipper
<br>
<input name="type" type="radio" value="Product Stock"> 
Product Stock
<br>
<input name="type" type="radio" value="Customer Service">
Customer Service<br>
<input name="type" type="radio" value="Admin"> 
Admin<br>
<input type="submit" name="Submit_type" value="Submit">
<br>
<br>
Modify<strong> </strong>Email:<br>
<input type="text" name="txt_email">
<input type="submit" name="Change_email" value="Change">
<br>
<br>
Modify Username:<br>
<input type="text" name="txt_username">
<input type="submit" name="Change_username" value="Change">
<br>
<br>
Current Amount: <strong>$145.03</strong><br>
Modify Payout:<br>
<input type="text" name="txt_payout">
<input type="submit" name="Change_payout" value="Change">
<br>
<br>
Delete User: 
<input type="submit" name="Change_payout2" value="Delete!">
<br>
<br>
<br>
</p>

[dclamp]

hackz0r: http://lukeidiot.com/lockpick/adminpanel.php

might want to take care of those errors, and not allow members to access that page directly.

[Lukeidiot]

hackz0r: http://lukeidiot.com/lockpick/adminpanel.php

might want to take care of those errors, and not allow members to access that page directly.

Yeah, its not officially an adminpanel yet.

I like to call it a rough draft.

[visualAd]

Again you need to fix the errors on the page like dclamp said it can pose a security risk. And the go= query string is also a security risk because you can type the name of any php file in there and have that shown.

Its no got making an insecure "first draft", an attacker won't say "ahhhh, I can exploit this site but the page is clearly a first draft so I will find someone else"