کد PHP:
<?php
include_once('function.php');
if(isset($_GET['logout']))
{
logout();
}
//if the user has not logged in
if(!isLoggedInReseller($secret_reseller))
{
header('Location: login.php');
die();
}
$reseller = $_SESSION['un_reseller'];
if(isset($_POST['view'])){
if(count($_POST['sel'])==0){die_error("هیچ اکانتی انتخاب نشده اشت");}
foreach($_POST['sel'] as $username){
$conn= mysql_connect($db_address,$db_username,$db_password);
if (!$conn)
{
die_error('خطا در اتصال به بانک اطلاعات');
}
mysql_select_db($db_name)or die_error('خطا در اتصال به بانک اطلاعات');
mysql_query("SET character_set_results=utf8 , character_set_client=utf8 , character_set_connection=utf8 , character_set_database=utf8 , character_set_server=utf8");
$sql = "SELECT * FROM `account` WHERE `username`= '".$username."'";
$result=mysql_query($sql);
$accdb = mysql_fetch_array($result);
if($accdb['owner']!=$reseller) die_error("شما به این بخش دسترسی ندارید");
mysql_close($conn);
if($_POST['gaction']=='disable'){
accountedit($adminpassword,$adminport,$*****address,$username, "","","","0","");
}elseif($_POST['gaction']=='enable'){
accountedit($adminpassword,$adminport,$*****address,$username, "","","","1","");
}elseif($_POST['gaction']=='delete'){
$conn= mysql_connect($db_address,$db_username,$db_password);
if (!$conn)
{
die_error('خطا در اتصال به بانک اطلاعات');
}
mysql_select_db($db_name)or die_error('خطا در اتصال به بانک اطلاعات');
mysql_query("SET character_set_results=utf8 , character_set_client=utf8 , character_set_connection=utf8 , character_set_database=utf8 , character_set_server=utf8");
$sql = "SELECT * FROM `account` WHERE `username`='$username'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
$used = $row['used'];
$test = $row['test'];
/*if($test == '1'){
$reseller_sql = "SELECT * FROM `reseller` WHERE `username`='$reseller'";
$reseller_result=mysql_query($reseller_sql);
$reseller_row = mysql_fetch_array($reseller_result);
$resellerused = $reseller_row['testused']-1;
$sql = "UPDATE `reseller` SET `used`='$resellerused' WHERE `username`='$reseller';";
$result=mysql_query($sql);
}*/
$sql="DELETE FROM `account` WHERE `username`='$username'";
mysql_query($sql);
mysql_close($conn);
accountdelete($adminpassword,$adminport,$*****address,$username);
}elseif($_POST['gaction']=='add'){
$addcredit = $_POST['addcredit'];
if(!is_num($addcredit) || $addcredit<=0){die_error("اعتبار درست وارد نشده");}
$conn= mysql_connect($db_address,$db_username,$db_password);
if (!$conn)
{
die_error('خطا در اتصال به بانک اطلاعات');
}
mysql_select_db($db_name)or die_error('خطا در اتصال به بانک اطلاعات');
mysql_query("SET character_set_results=utf8 , character_set_client=utf8 , character_set_connection=utf8 , character_set_database=utf8 , character_set_server=utf8");
//Reseller
$sql="SELECT * FROM `reseller` WHERE `username`='$reseller'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
//check credit
$left = $row['credit']-$row['used'];
if($left<$addcredit){die_error("اعتبار شما از اعتبار ساخت اکانت کمتر است <br/> اعتبار شما : <b>$left</b> | اعتبار مورد نیاز : <b>$addcredit</b>");}
$used = $row['used']+$addcredit;
//New USER Credit
$sql = "SELECT * FROM `account` WHERE `username`='$username';";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
$credit = $row['credit'];
$credit = $credit+$addcredit*30;
$expire = "";
if($row['use']){
$accInfo = file_get_contents($ccpath."AccInfo.ini");
preg_match_all("#User\d+\]([^\[]+)\[#", $accInfo."[", $acc);
foreach($acc[1] as $accdetails){
preg_match_all("#UserName=([^(\r\n)]+)\r\n#", $accdetails, $extracted_username);
if($extracted_username[1][0]!=$username){continue;}
preg_match_all("#DisableDateTime=([^(\r\n)]+)\r\n#", $accdetails, $disabledatetime);
preg_match("#\d{4}-\d{2}-\d{2}#",$disabledatetime[1][0],$expire);
$expire = $expire[0];
}
if(strtotime($expire)>strtotime(date("Y-m-d"))){
$expire= date("Y-m-d", 60*60*24*30*$addcredit+strtotime($expire));
}else{
$expire = date("Y-m-d", mktime (0,0,0,date('m')+$addcredit,date('d'),date('Y')));
}
}
accountedit($adminpassword,$adminport,$*****address,$username, "",$expire,"00:00:00","","");
$sql = "UPDATE `account` SET `credit`='$credit' WHERE `username`='$username';";
$result=mysql_query($sql);
mysql_close($conn);
}else if($_POST['gaction']=='sendmail'){
$conn= mysql_connect($db_address,$db_username,$db_password);
if (!$conn)
{
die_error('خطا در اتصال به بانک اطلاعات');
}
mysql_select_db($db_name)or die_error('خطا در اتصال به بانک اطلاعات');
mysql_query("SET character_set_results=utf8 , character_set_client=utf8 , character_set_connection=utf8 , character_set_database=utf8 , character_set_server=utf8");
$sql = "SELECT * FROM `account` WHERE `username`='$username';";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
$sql_reseller = "SELECT * FROM `reseller` WHERE `username`='$reseller'";
$result_reseller=mysql_query($sql_reseller);
$row_reseller = mysql_fetch_array($result_reseller);
htmlmail($row['email'],$row_reseller['email'],$_POST['subject'],$_POST['msg']);
mysql_close($conn);
}
}
die_msg('درخواست دریافت شد');
die();
}
if(!isset($_POST['filter'])){
$context = stream_context_create(array(
'http' => array(
'header' => "Authorization: Basic " . base64_encode("admin:$adminpassword")
)
));
/*
$stat = file_get_contents("http://$*****address:$adminport", false, $context);
preg_match('#(Total connections in account/Total users in account - )([^<]+)<br>#',$stat,$connectionuser);
preg_match('#(Total connections online/Total users online - )([^<]+)<br>#',$stat,$connectionuseronline);
preg_match('#(Total bandwidth - )([^<]+)<br>#',$stat,$totalbw);
preg_match('#(Server Time: )([^<]+)</p>#',$stat,$servetime);
echo_msg("
تعداد اکانت ها/تعداد کانکشن ها در اکانت : <b>$connectionuser[2]</b><br/>
یوزر آنلاین/تعداد کانکشن آنلاین : <b>$connectionuseronline[2]</b><br/>
کل پهنای باند : <b>$totalbw[2]</b><br/>
زمان سرور : <b>$servetime[2]</b>
");*/
?>
<div class="ui-state-hover" style="margin-top: 20px; padding: 0 .7em;"> <p>
<form name="filterform" id="filterform" action="view.php" method="post">
وضعیت : <select size="1" name="enable">
<option value="1">فعال</option>
<option value="0">غیر فعال</option>
</select>
انقضای خودکار :
<select size="1" name="autodisable">
<option value="1">فعال</option>
<option value="0">غیر فعال</option>
</select>
<input type="submit" value="*****">
<input type="hidden" name="filter" id="filter" value="filter">
<input type="input" name="username_search" id="username_search" size="25"> <input type="submit" name="searchusername" value="جستجو بر اساس نام کاربری" onclick='document.getElementById("filter").value="searchusername"'>|
<input type="input" name="email_search" id="email_search" size="25"><input type="submit" name="searchemail" value="جستجو بر اساس ایمیل" onclick='document.getElementById("filter").value="searchemail"'>
<form>
</p> </div>
<br/>
<div id="result_filter">
<?php
} //end if(!isset($_POST['filter']))
?>
<div id="result_view"></div><br/>
<form name="view" id="view" action="view.php" method="post">
<input type="hidden" name="gaction" id="gaction" value="">
<input type="submit" name="disable" value="غیر فعال" onclick='document.getElementById("gaction").value="disable"'>
<input type="submit" name="enable" value="فعال" onclick='document.getElementById("gaction").value="enable"'>
<input type="submit" name="delete" value="حذف" onclick='document.getElementById("gaction").value="delete"'> |
<input type="input" name="addcredit" value="0"size="4">
<input type="submit" name="add" value="افزودن اعتبار" onclick='document.getElementById("gaction").value="add"'> |
<input type="checkbox" name="checkAll" id="checkAll" onclick="jqCheckAll2( this.id, 'sel[]' )">انتخاب همه
<br/><br/>
موضوع : <input type="input" name="subject" size="100"><br/>
پیام : <textarea rows="5" cols="100" name="msg">
ولی تو اسکریپت وقتی این صفحه رو باز میکنم ی چیزاییش نیست مثل اینکه اشتباه دیکد میکنم