Логин с pm, user list, admin-moderator панел и новини
За да станете админ си едитнете на user -а level-а си от 1 на 3.
Очакайте новините, модератори и "Забравена парола".
За да влезнете в админ панела пишете brbr.br/admin.php .
Има много промени затова ви давам направо линк .
Цялата система
В демото не са добавени новите промени.



демо
DEMO
и админ демо
DEMO

усер demo
пасс demo
и за админ са същите

Mysql Таблица

CREATE TABLE `users` (
`id` int(20) NOT NULL auto_increment,
`name` varchar(100) NOT NULL default '',
`username` varchar(64) NOT NULL default '',
`password` varchar(64) NOT NULL default '',
`email` varchar(64) NOT NULL default '',
`web` varchar(10000) NOT NULL default '',
`level` varchar(3) NOT NULL default '1',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;


Mysql Таблица на личните съобщения

CREATE TABLE `pmessages` (
`title` varchar(255) NOT NULL default 'Untitled Message',
`message` text NOT NULL,
`touser` varchar(255) NOT NULL default '',
`from` varchar(255) NOT NULL default '',
`unread` varchar(255) NOT NULL default 'unread',
`date` date NOT NULL default '0000-00-00',
`id` int(15) NOT NULL auto_increment,
`reply` varchar(15) NOT NULL default 'no',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;


connect.php
<?php
$host="localhost";
$dbusername="root";
$dbpassword="****";
$db="test";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
?>


register.html
<center><form action="register.php" method="post">
Name(optional)
<br><input type="text" name="name">
<br>UserName
<br><input type="text" name="username">
<br>Password
<br><input type="password" name="password">
<br>E-Mail
<br><input type="text" name="email">
<br>WebPage(optional)
<br><input type="text" name="web">
<br><input type="submit" name="submit" value="Register">
</form></center>


register.php
<?php
$name=$_POST[name];
$username=$_POST[username];
$password=$_POST[password];
$email=$_POST[email];
$web=$_POST[web];
$level=3;
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn)
or die("unable to select the database");
mysql_query("INSERT users (name, username, password, email, web, level) VALUES ( '$name', '$username', '$password', '$email', '$web', '$level')
")
or die("Registration unsuccess");
echo "<center>Registration Success! <a href='login.php'>Login</a></center>";
?>


login.html
<html>
<head>
<title>Login</title>
<script type="text/javascript">
function validate(){
if ((document.login.username.value=="")||
(document.login.password.value=="")){
alert ("Please Enter Username And password!")
return false
}
else
return true
}
</script>
</head>
<body>
<form action="login.php" name="login" method="post" onsubmit="return validate()">
<input name="login" type="hidden" value="1">
<table width="200" border="0">
<tr>
<td>Потребител</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Парола</td>
<td><input type="password" name="password"></td>
</tr>
<tr align="center">
<td colspan="2"><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>


login.php
<?php
ob_start();
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
session_register("username");
session_register("password");
header("location:pro.php");
}
else
{
echo "Username Or Password Is Inccorect";
}
ob_end_flush();
?>


pro.php
<?php
session_start();
if($_SESSION['username'])
{
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
echo '<center><a href="messages.php">Private Message </a><a href="members.php">Members</a><br>
<a href="changepassword.php">EditProfile </a><a href="logout.php">Logout</a><br></center>';
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


changepassword.php
<?php
session_start();
if($_SESSION['username'])
{
$sesusername = $_SESSION['username'];
echo '<center><a href="messages.php">Private Message </a><a

href="members.php">Members</a><br>
<a href="logout.php">Logout</a><br></center><center>
<form method="post" action="changepassword.php">
New password:<br>
<input type="password" name="password"><br>
<input type="submit" name="submit" value="Change password">
</form></center>
';
$password=$_POST['password'];
if($password=$_POST['password'])
{
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$query = "UPDATE `users` SET `password` = '$password' WHERE `username` =

'$sesusername' LIMIT 1 ";
$result = mysql_query($query, $db_conn);
echo "<center>Password Change";
}
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


members.php
<?php
session_start();
if($_SESSION['username'])
{
echo '
<center><a href="messages.php">Private Message </a><br>
<a href="changepassword.php">EditProfile </a><a

href="logout.php">Logout</a><br></center><center>
<br><form method="post" action="members.php">
<input type="text" name="search" size="20" maxlength="20">
<input type="Submit" name="Submit" value="Search">
</form>';
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$search = $_POST["search"];
$result = mysql_query("SELECT * FROM users where username LIKE '$search'");
while($r=mysql_fetch_array($result))
{
$id=$r["id"];
$name=$r["name"];
$username=$r["username"];
$email=$r["email"];
$web=$r["web"];
echo "<center>Results:<br><table border=1>

<tr><td>$id</td><td>$name</td><td>$username</td><td>$email</td><td>$web</td></

tr>";
}
$broinastranica = 20;
$pageNum = 1;
if(isset($_GET['page']))
{
$pageNum = $_GET['page'];
}
$redove = ($pageNum - 1) * $broinastranica;
$query = " SELECT id,name,username,email,web FROM users " .
" LIMIT $redove, $broinastranica";
$result = mysql_query($query) or die('Error, query failed');
echo "<center><table

border=1><tr><td>id</td><td>name</td><td>username</td><td>email</td><td>web</t

d></tr><tr>";
while($row = mysql_fetch_array($result))
{
echo

'<td>'.$row['id'].'</td><td>'.$row['name'].'</td><td>'.$row['username'].'</td>

<td>'.$row['email'].'</td><td>'.$row['web'].'</td></tr>';
}
echo"</table></center>";
$result = mysql_query($query) or die('Error, query failed');
$row = mysql_fetch_array($result, MYSQL_ASSOC);
$numrows = $row['numrows'];
$maxPage = ceil($numrows/$broinastranica);
$self = $_SERVER['PHP_SELF'];
$nomeranastranici = '';
for($page = 1; $page <= $maxPage; $page++)
{
if ($page == $pageNum)
{
$nomeranastranici .= " $page ";
}
else
{
$nomeranastranici .= " <a href=\"$self?page=$page\">$page</a> ";
}
}
if ($pageNum > 1)
{
$page = $pageNum - 1;
$predishna = " <a href=\"$self?page=$page\"> [<<] </a> ";
$parva = " <a href=\"$self?page=1\">[First]</a> ";
}
else
{
$predishna = ' ';
$parva = ' ';
}
if ($pageNum < $maxPage)
{
$page = $pageNum + 1;
$sledvashta = " <a href=\"$self?page=$page\"> [>>] </a> ";
$posledna = " <a href=\"$self?page=$maxPage\">[latter]</a> ";
}
else
{
$sledvashta = ' ';
$posledna = ' ';
}
echo $parva . $predishna . $nomeranastranici . $sledvashta . $posledna;
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


messages.php
<?php
session_start();
ob_start();
if($_SESSION['username'])
{
echo '<center><div align="center"><b><a href="?page=inbox">Inbox </a><a href="?page=write">New Message</a></b></div>
<a href="members.php">Members</a><br>
<a href="changepassword.php">EditProfile </a><a href="logout.php">Logout</a><br></center>';
$pmsesusername = $_SESSION['username'];
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
switch($_GET[page])
{
default:
break;
case 'write':
if (!$_POST[send])
{
echo ("<center><form method='POST' style='margin: 0px;'>To:*<br>
<select name='to'>
");
$getusers = mysql_query("SELECT * FROM users ORDER BY 'username' ASC");
while ($users = MySQL_Fetch_Array($getusers)) {
echo ("<center><option value='$users[username]'>$users[username]</option>");
}
echo ("<center>
</select>
<br>Message Subject:*
<br><input type='text' name='subject' size='20'>
<br>Message:*
<br><textarea rows='7' name='message' cols='35'></textarea>
<br><input type='submit' value='Submit' name='send'>
</form>
");
}
if ($_POST[to])
{
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
$send = mysql_query("INSERT INTO `pmessages` ( `title` , `message` ,
`touser` , `from` , `unread` ,
`date` ) VALUES ('$subject', '$message', '$to',
'$pmsesusername', 'unread', NOW())");
echo ("<center>Your message has been sent.");
}
break;
case 'delete':
if (!$_GET[msgid])
{
echo ("<center>Sorry, but this is an invalid message!");
}
else
{
$getmsg = mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
if ($msg[touser] != $pmsesusername)
{
echo ("<center>This message was not sent to you!");
}
else
{
$delete = mysql_query("delete from pmessages where id = '$_GET[msgid]'");
echo ("<center>Message Deleted");
}
}
break;
case 'inbox':
$get = mysql_query("SELECT * from pmessages where touser = '$pmsesusername' order by id desc");
echo ("
<table bgcolor='#dddddd' border='0' width='100%' cellspacing='0'>
<tr>
<td align='center'>Subject</td>
<td align='center' width='125'>From</td>
<td align='center' width='97'>Date</td>
<td width='25'>Delete</td>
</tr>
</table>
");
$nummessages = mysql_num_rows($get);
if ($nummessages == 0)
{
echo ("<center>You have 0 messages!");
}
else
{
echo("<table border='0' width='100%' cellspacing='1'>");
while ($messages = mysql_fetch_array($get))
{
echo ("<center>
<tr>
<td><a href='?page=view&msgid=$messages[id]'>");
if ($messages[reply] == yes)
{
echo ("<center>Reply to: ");
}
echo ("<center>$messages[title]</a></td>
<td width='125'>$messages[from]</td>
<td width='97'>$messages[date]</td>
<td width='25'><a href='?page=delete&msgid=$messages[id]'>Delete</a></td>
</tr>");
}
echo ("<center></table>");
}
break;
case 'view':
if (!$_GET[msgid])
{
echo ("<center>Invalid message!");
}
else
{
$getmsg= mysql_query("SELECT * from pmessages where id = '$_GET[msgid]'");
$msg = mysql_fetch_array($getmsg);
if ($msg[touser] == $pmsesusername)
{
if (!$_POST[message])
{
$markread = mysql_query("Update pmessages set unread = 'read' where id = '$_GET[msgid]'");
$msg[message] = nl2br(stripslashes("$msg[message]"));
echo ("<center>
<form method='POST' style='margin: 0px;'>
<b>From: $msg[from]</b><br><b>Subject: $msg[title]</b>
<b><br>Message:<br><u>$msg[message]</u></br></b>
<b>Reply:<br></b>
<center><textarea rows='6' name='message' cols='45'></textarea></center>
<input type='submit' value='Submit' name='send'>
</form>");
}
if ($_POST[message])
{
$message = htmlspecialchars(addslashes("$_POST[message]"));
$do = mysql_query("INSERT INTO `pmessages` ( `title` , `message` , `touser` , `from` , `unread` ,
`date`, `reply`) VALUES
('$msg[title]', '$message', '$msg[from]', '$pmsesusername',
'unread', NOW(), 'yes')");
echo ("<center>Your message has been sent");
}
}
}
break;
}
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


logout.php
<?php
session_unset();
header("Location:login.html");
?>


admin.php

<?php
session_start();
if($_SESSION['username'])
{
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$sesusername = $_SESSION['username'];
$userlevel = 3;
$sql="SELECT * FROM users WHERE username='$sesusername' and level='$userlevel'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
echo '<center><a href="userspassword.php">Change Users Password </a><a href="levels.php">Change Users Levels</a><br>
<a href="pro.php">Exit In AdminPanel </a><a href="members.php">Members </a><br><a href="logout.php">Logout</a></center>';
}
else
{
echo "Your Account Is Not Admin Please <a href='login.html'>Login</a> As Admin";
}
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


levels.php

<?php
session_start();
if($_SESSION['username'])
{
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$sesusername = $_SESSION['username'];
$userlevel = 3;
$sql="SELECT * FROM users WHERE username='$sesusername' and level='$userlevel'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
echo '<center><a href="userspassword.php">Change Users Password </a>
<a href="pro.php">Exit In AdminPanel</a><br><a href="members.php">Members </a><a href="logout.php">Logout</a></center>
<br><center><form action="levels.php" method="post">
UserName:
<br><input type="text" name="lusername">
<br>Level(max level is 3 and minimum is 1):
<br><input type="text" name="level">
<br><input type="submit" value="Change" name="send">
</form>';
$level=$_POST['level'];
$lusername=$_POST['lusername'];
if($level=$_POST['level'])
{
$query = "UPDATE `users` SET `level` = '$level' WHERE `username` = '$lusername' LIMIT 1 ";
$result = mysql_query($query, $db_conn);
echo "Level Changed";
}
}
else
{
echo "Your Account Is Not Admin Please <a href='login.html'>Login</a> As Admin";
}
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>


userspassword.php

<?php
session_start();
if($_SESSION['username'])
{
include "connect.php";
$db_conn = mysql_connect("$host", "$dbusername", "$dbpassword")
or die("unable to connect to the database");
mysql_select_db("$db", $db_conn) or die("unable to select the database");
$sesusername = $_SESSION['username'];
$userlevel = 3;
$sql="SELECT * FROM users WHERE username='$sesusername' and level='$userlevel'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
echo '<center><a href="levels.php">Change Users Levels </a>
<a href="pro.php">Exit In AdminPanel</a><br><a href="members.php">Members </a><a href="logout.php">Logout</a></center>
<br><center><form action="userspassword.php" method="post">
UserName:
<br><input type="text" name="lusername">
<br>Password:
<br><input type="text" name="password">
<br><input type="submit" value="Change" name="send">
</form>';
$password=$_POST['password'];
$lusername=$_POST['lusername'];
if($password=$_POST['password'])
{
$query = "UPDATE `users` SET `password` = '$password' WHERE `username` = '$lusername' LIMIT 1 ";
$result = mysql_query($query, $db_conn);
echo "Password Changed";
}
}
else
{
echo "Your Account Is Not Admin Please <a href='login.html'>Login</a> As Admin";
}
}
else
{
echo "Access Denied Please <a href='login.html'>Login</a>";
}
?>




/ Трябва да сте регистриран за да напишете коментар /
От: montana
23:30 06-03-2010
като се регна не мога да вляза в профила си, все ми пише

Access Denied Please Login
От: bazooka21
21:06 07-08-2010
Опитвам да вляза в модератори, но ми казва, че не съм логнат като админ.
И когато се регна като админ, и натиска логин, казва user name otr passwird incorrect!
Според мене има още какво да се доработи!
Иначе системата я бива!
От: tommy_nik
18:55 02-11-2010
привет благодаря за труда
но срщам следниа проблем след като изпратя саобщение до някой не излиза в кутията
От: vbox7_system32
10:26 03-11-2010
Амм Тази Таблица .sql Каде да я Сложа ..?
От: Nikolai555
17:09 04-04-2011
оХХ във един урок не work-a линка :@
От: Goduser
14:18 19-06-2011
не работи sql-a дава ми грешка
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
1