PK

ADDRLIN : /home/questend/.trash/amazingworld.questend.com/tour-admin/
FLL :
Current File : /home/questend/.trash/amazingworld.questend.com/tour-admin/create.php

<?php
// Start session and check permissions
   ob_start();
   error_reporting(E_ALL ^ E_NOTICE);
   @session_start();
   ini_set('allow_url_include',1);    
   date_default_timezone_set("Asia/Kolkata");
   set_time_limit(600);
   ini_set('max_execution_time',600);

   header("X-Frame-Options: DENY");
   header("X-Content-Type-Options: nosniff");
   header("X-XSS-Protection: 1; mode=block");

   require_once 'includes/settings/PDODB.php';
   include 'includes/modules/functions.php';
   
   $function = new FUNCTIONS();
    // Redirect if not logged in as super admin
    /*if (empty($_SESSION['tourAdminId']) || !isSuperAdmin($_SESSION['tourAdminId'])) {
        header("Location: ../login.php");
        exit();
    }*/

// Initialize variables
$error_msg = '';
$success_msg = '';

// Process form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['btnCreateAdmin'])) {
    $username = trim($_POST['username'] ?? '');
    $email = trim($_POST['email'] ?? '');
    $password = $_POST['password'] ?? '';
    $confirm_password = $_POST['confirm_password'] ?? '';

    // Validate inputs
    if (empty($username) || empty($email) || empty($password) || empty($confirm_password)) {
        $error_msg = "All fields are required.";
    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error_msg = "Please enter a valid email address.";
    } elseif (strlen($username) < 4 || strlen($username) > 50) {
        $error_msg = "Username must be between 4 and 50 characters.";
    } elseif (strlen($password) < 8) {
        $error_msg = "Password must be at least 8 characters long.";
    } elseif ($password !== $confirm_password) {
        $error_msg = "Passwords do not match.";
    } else {
        try {
	        $pdodb = PDODB::getInstance();
	        
	        // Check if username or email exists
            $pdodb = PDODB::getInstance();
	        $checkQuery = "SELECT id FROM `admin` WHERE (email='$email' OR username='$username') LIMIT 1";
	       
            $result = $pdodb->query($checkQuery);
	        
	        if (count($result) > 0) {
	            $error_msg = "Username or email already exists.";
	        } else {
	            // Hash the password
	            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
	            
	            // Insert new admin
	            $insertQuery = "INSERT INTO `admin` SET username = '$username', email = '$email', password = '$hashedPassword'";
	            $stmt = $pdodb->query($insertQuery);
	            
	            
	            $success_msg = "Admin account created successfully!";
	            $username = $email = '';
	        }
	        
	        PDODB::closeInstance();
	    } catch (PDOException $e) {
	        error_log("Admin creation error: " . $e->getMessage());
	        $error_msg = "A system error occurred. Please try again later.";
	    }
    }
}

// Helper function to check if user is super admin
function isSuperAdmin($adminId) {
    // Implement your logic to check if admin has super admin privileges
    // This might involve checking another table or column
    return true; // Modify as needed
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Create Admin Account</title>
    <style>
        body { font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto; padding: 20px; }
        .error { color: red; }
        .success { color: green; }
        .form-group { margin-bottom: 15px; }
        label { display: block; margin-bottom: 5px; }
        input[type="text"], input[type="email"], input[type="password"] {
            width: 100%; padding: 8px; box-sizing: border-box;
        }
        button { padding: 10px 15px; background: #4CAF50; color: white; border: none; cursor: pointer; }
        button:hover { background: #45a049; }
    </style>
</head>
<body>
    <h1>Create New Admin Account</h1>
    
    <?php if (!empty($error_msg)): ?>
        <div class="error"><?php echo htmlspecialchars($error_msg); ?></div>
    <?php endif; ?>
    
    <?php if (!empty($success_msg)): ?>
        <div class="success"><?php echo htmlspecialchars($success_msg); ?></div>
    <?php endif; ?>
    
    <form method="post" action="">
        <div class="form-group">
            <label for="username">Username:</label>
            <input type="text" id="username" name="username" value="<?php echo htmlspecialchars($username ?? ''); ?>" required>
        </div>
        
        <div class="form-group">
            <label for="email">Email:</label>
            <input type="email" id="email" name="email" value="<?php echo htmlspecialchars($email ?? ''); ?>" required>
        </div>
        
        <div class="form-group">
            <label for="password">Password:</label>
            <input type="password" id="password" name="password" required>
            <small>Minimum 8 characters with uppercase, lowercase and numbers</small>
        </div>
        
        <div class="form-group">
            <label for="confirm_password">Confirm Password:</label>
            <input type="password" id="confirm_password" name="confirm_password" required>
        </div>
        
        <button type="submit" name="btnCreateAdmin">Create Admin</button>
    </form>
</body>
</html>


PK 99
E-SHOP || DASHBOARD
404

Page Not Found

It looks like you found a glitch in the matrix...

← Back to Home