admin/34540-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adminli girişli

Browse Source
This commit is contained in:
Flatlogic Bot 2025-10-03 08:23:05 +00:00
parent 24c0e7b2b3
commit 4cc7352047
8 changed files with 272 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
add_user.php Normal file
View File

@ -0,0 +1,22 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
header('Location: index.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$pdo = db();
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->execute([$username, $hashed_password]);
header('Location: admin.php');
exit;
}
?>

117
admin.php
View File

@ -1,40 +1,115 @@
<?php
session_start();
require_once 'db/config.php';
// Check if user is logged in and is an admin
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
header('Location: index.php');
exit;
}
$pdo = db();
// Fetch all users except the current admin
$stmt = $pdo->prepare("SELECT * FROM users WHERE id != ?");
$stmt->execute([$_SESSION['user_id']]);
$users = $stmt->fetchAll();
?>
<!DOCTYPE html>
<html lang="en">
<html lang="tr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Panel</title>
<title>Admin Paneli</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="container my-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1>Admin Paneli</h1>
<a href="index.php" class="btn btn-secondary">Ana Sayfaya Dön</a>
</div>
<div class="row">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h3>Admin Panel</h3>
</div>
<div class="card mb-4">
<div class="card-header">Şifre Değiştir</div>
<div class="card-body">
<h5 class="card-title">Logo Management</h5>
<p class="card-text">Upload a new logo for the site. The current logo will be replaced. The file should be a PNG, JPG, or GIF.</p>
<?php if (isset($_GET['success'])): ?>
<div class="alert alert-success">Logo uploaded successfully!</div>
<?php elseif (isset($_GET['error'])): ?>
<div class="alert alert-danger">Error uploading logo: <?php echo htmlspecialchars($_GET['error']); ?></div>
<?php endif; ?>
<form action="upload.php" method="post" enctype="multipart/form-data">
<form action="change_password.php" method="post">
<div class="mb-3">
<label for="logoFile" class="form-label">Select image:</label>
<input class="form-control" type="file" name="logoFile" id="logoFile" required>
<label for="new_password" class="form-label">Yeni Şifre</label>
<input type="password" name="new_password" class="form-control" required>
</div>
<button type="submit" class="btn btn-primary">Upload Logo</button>
<button type="submit" class="btn btn-primary">Şifreyi Güncelle</button>
</form>
</div>
<div class="card-footer text-center">
<a href="/" class="btn btn-secondary">Back to Home</a>
</div>
<div class="card">
<div class="card-header">Logo Yükle</div>
<div class="card-body">
<form action="admin.php" method="post" enctype="multipart/form-data">
<div class="mb-3">
<label for="logo" class="form-label">Logo seçin (PNG, JPG, GIF, SVG):</label>
<input class="form-control" type="file" id="logo" name="logo" accept="image/png,image/jpeg,image/gif,image/svg+xml" required>
</div>
<button type="submit" class="btn btn-primary">Yükle</button>
</form>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card">
<div class="card-header">Kullanıcı Ekle</div>
<div class="card-body">
<form action="add_user.php" method="post">
<div class="mb-3">
<label for="username" class="form-label">Kullanıcı Adı</label>
<input type="text" name="username" class="form-control" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Şifre</label>
<input type="password" name="password" class="form-control" required>
</div>
<button type="submit" class="btn btn-primary">Kullanıcı Ekle</button>
</form>
</div>
</div>
</div>
</div>
<div class="card mt-4">
<div class="card-header">Kullanıcıları Yönet</div>
<div class="card-body">
<form action="update_permissions.php" method="post">
<table class="table">
<thead>
<tr>
<th>Kullanıcı Adı</th>
<th>Görüntüleme</th>
<th>Ekleme</th>
<th>Silme</th>
<th>Düzenleme</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?php echo htmlspecialchars($user['username']); ?></td>
<td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_view]" <?php echo $user['can_view'] ? 'checked' : ''; ?>></td>
<td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_add]" <?php echo $user['can_add'] ? 'checked' : ''; ?>></td>
<td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_delete]" <?php echo $user['can_delete'] ? 'checked' : ''; ?>></td>
<td><input type="checkbox" name="permissions[<?php echo $user['id']; ?>][can_edit]" <?php echo $user['can_edit'] ? 'checked' : ''; ?>></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<button type="submit" class="btn btn-primary">Yetkileri Kaydet</button>
</form>
</div>
</div>
</div>
</body>

21
change_password.php Normal file
View File

@ -0,0 +1,21 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
header('Location: index.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$new_password = $_POST['new_password'];
$hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
$pdo = db();
$stmt = $pdo->prepare("UPDATE users SET password = ? WHERE id = ?");
$stmt->execute([$hashed_password, $_SESSION['user_id']]);
header('Location: admin.php');
exit;
}
?>

131
index.php
View File

@ -1,57 +1,23 @@
<?php
// Mock data for the contact directory
$contacts = [
[
"Cust.Code" => "C001",
"Ticari Unvan" => "Flatlogic Inc.",
"Sehir" => "New York",
"Ad" => "John",
"Soyad" => "Doe",
"Telefon" => "123-456-7890",
"E-posta" => "john.doe@example.com",
"Grup Adı" => "VIP",
],
[
"Cust.Code" => "C002",
"Ticari Unvan" => "Google LLC",
"Sehir" => "Mountain View",
"Ad" => "Jane",
"Soyad" => "Smith",
"Telefon" => "987-654-3210",
"E-posta" => "jane.smith@example.com",
"Grup Adı" => "Technology",
],
[
"Cust.Code" => "C003",
"Ticari Unvan" => "Microsoft Corp.",
"Sehir" => "Redmond",
"Ad" => "Peter",
"Soyad" => "Jones",
"Telefon" => "555-123-4567",
"E-posta" => "peter.jones@example.com",
"Grup Adı" => "Software",
],
[
"Cust.Code" => "C004",
"Ticari Unvan" => "Apple Inc.",
"Sehir" => "Cupertino",
"Ad" => "Mary",
"Soyad" => "Johnson",
"Telefon" => "555-987-6543",
"E-posta" => "mary.j@example.com",
"Grup Adı" => "Hardware",
],
[
"Cust.Code" => "C005",
"Ticari Unvan" => "Amazon.com, Inc.",
"Sehir" => "Seattle",
"Ad" => "David",
"Soyad" => "Williams",
"Telefon" => "555-555-5555",
"E-posta" => "david.w@example.com",
"Grup Adı" => "e-Commerce",
]
];
session_start();
require_once 'db/config.php';
$is_logged_in = isset($_SESSION['user_id']);
$user_permissions = [];
$contacts = [];
if ($is_logged_in) {
$pdo = db();
$stmt = $pdo->prepare("SELECT can_view, can_add, can_delete, can_edit, is_admin FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user_permissions = $stmt->fetch();
if ($user_permissions['can_view']) {
$stmt = $pdo->query("SELECT * FROM contacts");
$contacts = $stmt->fetchAll();
}
}
?>
<!DOCTYPE html>
<html lang="tr">
@ -75,22 +41,22 @@ $contacts = [
</head>
<body>
<?php if ($is_logged_in && $user_permissions['can_view']): ?>
<nav class="navbar navbar-expand-lg navbar-light bg-white sticky-top">
<div class="container-fluid">
<a class="navbar-brand d-flex align-items-center" href="/">
<a class="navbar-brand" href="/">
<?php
$logo_path = glob('assets/images/logo.*');
if ($logo_path) {
echo '<img src="' . $logo_path[0] . '?v=' . time() . '" alt="Logo" style="max-height: 40px; margin-right: 10px;">';
$logo_path = 'assets/images/logo.png';
if (file_exists($logo_path)) {
echo '<img src="' . $logo_path . '?v=' . time() . '" alt="Logo" style="max-height: 40px; margin-right: 10px;">';
} else {
echo '<i class="bi bi-book-half me-2"></i>';
}
?>
<i class="bi bi-book-half me-2"></i>
rehber
</a>
<div class="ms-auto">
<a href="/admin.php" class="btn btn-outline-secondary btn-sm">
<i class="bi bi-gear-fill me-1"></i> Admin Panel
</a>
<div class="d-flex">
<a href="logout.php" class="btn btn-outline-secondary">Çıkış Yap</a>
</div>
</div>
</nav>
@ -99,9 +65,11 @@ $contacts = [
<div class="d-flex justify-content-between align-items-center mb-4 flex-wrap">
<h1 class="h2">Contact Directory</h1>
<div class="d-flex gap-2">
<?php if ($user_permissions['can_add']): ?>
<button class="btn btn-primary">
<i class="bi bi-plus-circle me-2"></i>Add Record
</button>
<?php endif; ?>
<button class="btn btn-outline-secondary">
<i class="bi bi-box-arrow-up-right me-2"></i>Export
</button>
@ -143,8 +111,12 @@ $contacts = [
<td><a href="mailto:<?php echo htmlspecialchars($contact['E-posta']); ?>"><?php echo htmlspecialchars($contact['E-posta']); ?></a></td>
<td><span class="badge bg-secondary bg-opacity-25 text-dark"><?php echo htmlspecialchars($contact['Grup Adı']); ?></span></td>
<td class="text-end">
<?php if ($user_permissions['can_edit']): ?>
<a href="#" class="action-icon me-2" data-bs-toggle="tooltip" title="Edit"><i class="bi bi-pencil-square"></i></a>
<?php endif; ?>
<?php if ($user_permissions['can_delete']): ?>
<a href="#" class="action-icon" data-bs-toggle="tooltip" title="Delete"><i class="bi bi-trash"></i></a>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
@ -159,6 +131,41 @@ $contacts = [
<small>Built with Flatlogic Generator</small>
</footer>
<?php if ($user_permissions['is_admin']): ?>
<div style="position: fixed; bottom: 10px; left: 10px; z-index: 1030;">
<a href="admin.php" class="btn btn-outline-secondary btn-sm">
<i class="bi bi-gear"></i> Admin Panel
</a>
</div>
<?php endif; ?>
<?php else: ?>
<div class="container">
<div class="row justify-content-center align-items-center vh-100">
<div class="col-md-6 text-center">
<h1 class="mb-4">Seyidoğlu Asistan Rehber Sistemine Hoşgeldiniz</h1>
<div class="card">
<div class="card-body">
<h5 class="card-title">Giriş Yap</h5>
<?php if (isset($_GET['error'])): ?>
<div class="alert alert-danger">Kullanıcı adı veya şifre hatalı.</div>
<?php endif; ?>
<form action="login.php" method="post">
<div class="mb-3">
<input type="text" name="username" class="form-control" placeholder="Kullanıcı Adı" required>
</div>
<div class="mb-3">
<input type="password" name="password" class="form-control" placeholder="Şifre" required>
</div>
<button type="submit" class="btn btn-primary">Giriş</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php endif; ?>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
<script src="assets/js/main.js"></script>
</body>

25
login.php Normal file
View File

@ -0,0 +1,25 @@
<?php
session_start();
require_once 'db/config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
$stmt->execute([$username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['is_admin'] = $user['is_admin'];
header('Location: index.php');
exit;
} else {
header('Location: index.php?error=1');
exit;
}
}
?>

7
logout.php Normal file
View File

@ -0,0 +1,7 @@
<?php
session_start();
session_unset();
session_destroy();
header('Location: index.php');
exit;
?>

31
update_permissions.php Normal file
View File

@ -0,0 +1,31 @@
<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
header('Location: index.php');
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$permissions = $_POST['permissions'];
$pdo = db();
foreach ($permissions as $user_id => $perms) {
$can_view = isset($perms['can_view']) ? 1 : 0;
$can_add = isset($perms['can_add']) ? 1 : 0;
$can_delete = isset($perms['can_delete']) ? 1 : 0;
$can_edit = isset($perms['can_edit']) ? 1 : 0;
$stmt = $pdo->prepare("
UPDATE users
SET can_view = ?, can_add = ?, can_delete = ?, can_edit = ?
WHERE id = ?
");
$stmt->execute([$can_view, $can_add, $can_delete, $can_edit, $user_id]);
}
header('Location: admin.php');
exit;
}
?>

54
upload.php
View File

@ -1,54 +0,0 @@
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['logoFile'])) {
$targetDir = "assets/images/";
// Ensure the target directory exists
if (!is_dir($targetDir)) {
mkdir($targetDir, 0775, true);
}
$original_filename = $_FILES["logoFile"]["name"];
$imageFileType = strtolower(pathinfo($original_filename, PATHINFO_EXTENSION));
// Use a consistent name for the logo file to make it easy to reference
$targetFile = $targetDir . "logo." . $imageFileType;
// Check if image file is a actual image or fake image
$check = getimagesize($_FILES["logoFile"]["tmp_name"]);
if($check === false) {
header("Location: admin.php?error=File is not an image.");
exit;
}
// Allow certain file formats
$allowed_types = ["jpg", "png", "jpeg", "gif"];
if(!in_array($imageFileType, $allowed_types)) {
header("Location: admin.php?error=Sorry, only JPG, JPEG, PNG & GIF files are allowed.");
exit;
}
// Before uploading, remove any old logo files to avoid conflicts
$existing_logos = glob($targetDir . "logo.*_old");
foreach ($existing_logos as $old_logo) {
unlink($old_logo);
}
// Check if a logo already exists and rename it
$current_logo_path = glob($targetDir . "logo.*_old");
if (!empty($current_logo_path)) {
rename($current_logo_path[0], $targetDir . "logo." . pathinfo($current_logo_path[0], PATHINFO_EXTENSION) . "_old");
}
// Try to upload file
if (move_uploaded_file($_FILES["logoFile"]["tmp_name"], $targetFile)) {
header("Location: admin.php?success=1");
exit;
} else {
header("Location: admin.php?error=Sorry, there was an error uploading your file.");
exit;
}
} else {
// Redirect back to admin page if accessed directly
header("Location: admin.php");
exit;
}
?>