www.dev2.delv-in.com - UnknownSec 403

upload mass deface mass delete console info server
name : admin_users.php
 <?php

	include('ini.php');

	$Template = new Template;
	$Users = new Users;


	// update database =================
	$error = false;

	if ($_POST['submitBut'] == 'Save'){

		$search_arr = array("'", " ");
		$replace_arr = array("", "");
		$username = str_replace($search_arr, $replace_arr, strtolower($_POST['username']));

		if ($_POST['fName'] != '' && $_POST['lName'] != '' && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){

			if ($_POST['userID'] > 0){ // editing

				if ($_POST['pass1'] != ''){ // changing password

					if ($_POST['pass1'] != '' && ($_POST['pass1'] != $_POST['pass2'] || strlen($_POST['pass1']) < 8 || strlen($_POST['pass1']) > 12 || !preg_match("#[0-9]+#", $_POST['pass1']) || !preg_match("#[a-z]+#", $_POST['pass1']) || !preg_match("#[A-Z]+#", $_POST['pass1']) || !preg_match("#\W+#", $_POST['pass1']))){

                        $error = true;

                    }
				}

				if (strlen($username) < 8 ){

					$error = true;
				}
			}

		} else {

			$error = true;
		}

		if ($error == false){

			$Users->add_mod($_POST['userID'], $_POST['fName'], $_POST['lName'], $_POST['email'], $username, $_POST['pass1']);

		}

	} else if ($_POST['submitBut'] == 'Confirm Delete'){

		$Users->delete($_POST['userID'], '', '');
	}




	include('includes/admin_header.php');

	$Template = new Template;

	echo $Template->get_alerts('error');
	echo $Template->get_alerts('success');


	if ($_SESSION['LID'] > 0){

		// display views =====================

		if ($_POST['submitBut'] == 'Add User' || $_POST['submitBut'] == 'Edit' || ($_POST['submitBut'] == 'Save' && $error == true)){

			$Template->load('views/v_user_edit.php');

		} else if ($_POST['submitBut'] == 'Delete'){

			$Template->load('views/v_user_del.php');

		} else {

			$Template->load('views/v_users.php');
		}

	} else {

		echo "<div class='col-12 centre'>Please <a href='cms_login.php'>login</a>.</div>";
	}


// echo __line__.": GLOBALS: <pre>"; print_r($GLOBALS);
// echo "<br>SESSION: "; print_r($_SESSION); echo "</pre>";

	include('includes/admin_footer.php');

?>
UnknownSec Shell
