i have this code
<?php
//adminuserman.php
$dbhost="localhost";
$dbname="prima";
$dbusername="";
$dbuserpassword="";
$default_dbname="prima";
$MYSQL_ERRNO = '';
$MYSQL_ERROR = '';
$registered = 'registered_users';
$default_order_by = 'regFullname';
$records_per_page = 10;
$default_sort_order = 'ASC';
$new_win_width = 600;
$new_win_height = 400;
$access_log_tablename = 'access_log';
$link_id = db_connect($dbname='prima');
mysql_select_db("prima");
mysql_close($link_id);
function db_connect()
{
global $dbhost, $dbname, $dbusername, $dbuserpassword, $default_dbname;
global $MYSQL_ERRNO,$MYSQL_ERROR;
$link_id=@mysql_connect($dbhost,$dbusername,$dbuserpassword);
if (!$link_id)
{
$MYSQL_ERRNO=0;
$MYSQL_ERROR= " Connection failed to the host $dbhost";
return 0;
}
else if (empty($dbname) && !@mysql_select_db($default_dbname) )
{
$MYSQL_ERRNO= mysql_errno();
$MYYSQL_ERROR= mysql_error();
return 0;
}
else if (!empty($dbname) && !@mysql_select_db($dbname) )
{
$MYSQL_ERRNO= mysql_errno();
$MYYSQL_ERROR= mysql_error();
return 0;
}
else
{
return $link_id;
}
}
function html_header()
{
?>
<HEAD></HEAD>
<BODY link="#336699" bgcolor="#d7dfe8" text="#000000">
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
function open_window(url) {
var NEW_WIN = null;
NEW_WIN = window.open ("", "RecordViewer",
"toolbar=no,width="+
<?php echo $new_win_width ?>+
",height="+<?php echo $new_win_height?>+
",directories=no,status=no,
scrollbars=yes,resize=no,menubar=no");
NEW_WIN.location.href = url;
}
//-->
</SCRIPT>
<TITLE>User Record Viewer</TITLE>
<p align="center"><br></p>
<p align="center"><u><font size="5">PRImA ONLINE DATABASE</font></u></p>
<p align="center"><br></p>
<p align="left"><br><u><font size="4">Registration of Users</font></u></p>
<p align="justify"><br><br>
<p align="center">
<?php
}
function html_footer()
{
?>
</BODY>
<?php
}
function sql_error()
{
global $MYSQL_ERRNO, $MYSQL_ERROR;
if(empty($MYSQL_ERROR)) {
$MYSQL_ERRNO = mysql_errno();
$MYSQL_ERROR = mysql_error();
}
echo "$MYSQL_ERRNO: $MYSQL_ERROR";
return "$MYSQL_ERRNO: $MYSQL_ERROR";
}
function error_message($msg)
{
echo "<SCRIPT>alert(\"Error: $msg\");history.go(-1)</SCRIPT>";
}
function user_message($msg, $url='') {
html_header();
if(empty($url))
echo "<SCRIPT>alert(\"$msg\");history.go(-1)</SCRIPT>";
else echo "<SCRIPT>alert(\"$msg\");self.location.href='$url'</SCRIPT>";
html_footer();
exit;
}
function list_records() {
global $default_dbname, $registered;
global $default_sort_order, $default_order_by, $records_per_page;
global $sort_order, $order_by, $cur_page;
global $PHP_SELF;
$link_id = db_connect($default_dbname);
if(!$link_id) error_message(sql_error());
$query = "SELECT count(*) FROM $registered";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$query_data = mysql_fetch_row($result);
$total_num_user = $query_data[0];
if(!$total_num_user) error_message('No User Found!');
$page_num = $cur_page + 1;
$total_num_page = $last_page_num
= ceil($total_num_user/$records_per_page);
html_header();
echo "<CENTER><H3>$total_num_user users found. Displaying the page
$page_num out of $last_page_num.</H3></CENTER>\n";
if(empty($order_by)) {
$order_by_str = "ORDER BY $default_order_by";
$order_by = $default_order_by;
}
else $order_by_str = "ORDER BY $order_by";
if(empty($sort_order)) {
$sort_order_str = $org_sort_order = $default_sort_order;
$sort_order = 'DESC';
}
else {
$sort_order_str = $org_sort_order = $sort_order;
if($sort_order == 'DESC') $sort_order = 'ASC';
else $sort_order = 'DESC';
}
if(empty($cur_page)) {
$cur_page = 0;
}
$limit_str = "LIMIT ". $cur_page * $records_per_page .
", $records_per_page";
$query = "SELECT regID, regUsername, regFullname FROM $registered
$order_by_str $sort_order_str $limit_str";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
?>
<DIV ALIGN="CENTER">
<TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
<TR>
<TH WIDTH="25%" NOWRAP>
<A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=regID"; ?>">
User Number
</A>
</TH>
<TH WIDTH="25%" NOWRAP>
<A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=regUsername"; ?>">
User ID
</A>
</TH>
<TH WIDTH="25%" NOWRAP>
<A HREF="<?php echo "$PHP_SELF?action=list_records&sort_order=$sort_order&order_by=regFullname"; ?>">
User Name
</A>
</TH>
<TH WIDTH="25%" NOWRAP>Action</TH>
</TR>
<?php
while($query_data = mysql_fetch_array($result)) {
$regID = $query_data["regID"];
$regUsername = $query_data["regUsername"];
$regFullname = $query_data["regFullname"];
echo "<TR>\n";
echo "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$regID</TD>\n";
echo "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$regUsername</TD>\n";
echo "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">$regFullname</TD>\n";
echo "<TD WIDTH=\"25%\" ALIGN=\"CENTER\">
<A HREF=\"javascript:open_window('$PHP_SELF?action=view_record®Username=$regUsername');\">View</A>
<A HREF=\"$PHP_SELF?action=delete_record®Username=$regUsername\" onClick=\"return confirm('Are you sure?');\">Delete</A></TD>\n";
echo "</TR>\n";
}
?>
</TABLE>
</DIV>
<?php
echo "<BR>\n";
echo "<STRONG><CENTER>";
if($page_num > 1) {
$prev_page = $cur_page - 1;
echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=0\">[Top]</A>";
echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$prev_page\">[Prev]</A>";
}
if($page_num < $total_num_page) {
$next_page = $cur_page + 1;
$last_page = $total_num_page - 1;
echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$next_page\">[Next]</A>";
echo "<A HREF=\"$PHP_SELF?action=list_records&sort_order=$org_sort_order&order_by=$order_by&cur_page=$last_page\">[Bottom]</A>";
}
echo "</STRONG></CENTER>";
html_footer();
}
function delete_record() {
global $default_dbname, $registered, $access_log_tablename;
global $regUsername;
if(empty($regUsername)) error_message('Empty Username!');
$link_id = db_connect($default_dbname);
if(!$link_id) error_message(sql_error());
$query = "DELETE FROM $registered WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$num_rows = mysql_affected_rows($link_id);
if($num_rows != 1) error_message("No such user: $regUsername");
$query = "DELETE FROM $access_log_tablename WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
user_message("All records regarding $regUsername have been trashed!");
}
function edit_record() {
global $default_dbname, $registered, $access_log_tablename;
global $regUsername, $new_regUsername, $regUsername, $regFullname, $regPass,
$regEmail, $regProfile, $regDate, $regAccesstime;
if(empty($regUsername)) error_message('Empty Username!');
$link_id = db_connect($default_dbname);
if(!$link_id) error_message(sql_error());
$field_str = '';
if($regUsername != $new_regUsername) $field_str = " regUsername = '$new_regUsername', ";
if(!empty($regPass)) {
$field_str .= " regPass = password('$regPass') ";
}
$field_str .= " regFullname = '$regFullname', ";
$field_str .= " regEmail = '$regEmail', ";
$field_str .= " regProfile = '$regProfile', ";
$field_str .= " regDate = '$regDate', ";
$field_str .= " regAccesstime = '$regAccesstime' ";
$query = "UPDATE $registered SET $field_str WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$num_rows = mysql_affected_rows($link_id);
if(!$num_rows) error_message("Nothing changed!");
if($regUsername != $new_regUsername) {
$query = "UPDATE $access_log_tablename SET regUsername = '$new_regUsername'
WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
user_message("All records regarding $regUsername have been changed!",
"$PHP_SELF?action=view_record®Username=$new_regUsername");
}
else {
user_message("All records regarding $regUsername have been changed!");
}
}
function edit_log_record() {
global $default_dbname, $access_log_tablename;
global $regUsername, $org_page, $new_page, $visitcount, $accessdate;
if(empty($regUsername)) error_message('Empty Username!');
$link_id = db_connect($default_dbname);
if(!$link_id) error_message(sql_error());
$field_str = '';
$field_str .= " page = '$new_page', ";
$field_str .= " visitcount = $visitcount, ";
$field_str .= " accessdate = '$accessdate' ";
$query = "UPDATE $access_log_tablename SET $field_str
WHERE regUsername = '$regUsername'
AND page = '$org_page'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$num_rows = mysql_affected_rows($link_id);
if(!$num_rows) error_message("Nothing changed!");
user_message("All records regarding $regUsername have been changed!");
}
function view_record() {
global $default_dbname, $registered, $access_log_tablename;
global $regUsername;
global $PHP_SELF;
if(empty($regUsername)) error_message('Empty Username!');
$link_id = db_connect($default_dbname);
if(!$link_id) error_message(sql_error());
$query = "SELECT regID, regUsername, regFullname, regEmail, regProfile, regDate,
date_format(regDate, '%M, %e, %Y')
as formatted_regDate,
regAccesstime, date_format(regAccesstime, '%M, %e, %Y')
as formatted_regAccesstime
FROM $registered WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
$query_data = mysql_fetch_array($result);
$regID = $query_data["regID"];
$regUsername = $query_data["regUsername"];
$regFullname = $query_data["regFullname"];
$regEmail = $query_data["regEmail"];
$regProfile = $query_data["regProfile"];
$regDate = $query_data["regDate"];
$formatted_regDate = $query_data["formatted_regDate"];
$regAccesstime = $query_data["regAccesstime"];
$formatted_regAccesstime = $query_data["formatted_regAccesstime"];
html_header();
echo "<CENTER><H3>
Record for User No.$regID - $regUsername($regFullname)
</H3></CENTER>";
?>
<FORM METHOD="POST" ACTION="<?php echo $PHP_SELF; ?>">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="edit_record">
<INPUT TYPE="HIDDEN" NAME="regUsername" VALUE="<? echo $regUsername; ?>">
<DIV ALIGN="CENTER"><CENTER>
<TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
<TR>
<TH WIDTH="30%" NOWRAP>User ID</TH>
<TD WIDTH="70%">
<INPUT TYPE="TEXT" NAME="new_regUsername"
VALUE="<?php echo $regUsername; ?>"
SIZE="8" MAXLENGTH="8"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>User Password</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="regPass" SIZE="15"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Full Name</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="regFullname"
VALUE="<?php echo $regFullname; ?>" SIZE="20"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Email</TH>
<TD WIDTH="70%"><INPUT TYPE="TEXT" NAME="regEmail" SIZE="20"
VALUE="<?php echo $regEmail; ?>"></TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Profile</TH>
<TD WIDTH="70%">
<TEXTAREA ROWS="5" COLS="40" NAME="regProfile">
<?php echo htmlspecialchars($regProfile); ?>
</TEXTAREA>
</TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Register Date</TH>
<TD WIDTH="70%">
<INPUT TYPE="TEXT" NAME="regDate" SIZE="10" MAXLENGTH="10"
VALUE="<?php echo $regDate; ?>">
<?php echo $formatted_regDate;?>
</TD>
</TR>
<TR>
<TH WIDTH="30%" NOWRAP>Last Access Time</TH>
<TD WIDTH="70%">
<INPUT TYPE="TEXT" NAME="regAccesstime" SIZE="14" MAXLENGTH="14"
VALUE="<?php echo $regAccesstime; ?>">
<?php echo $formatted_regAccesstime; ?>
</TD>
</TR>
<TR>
<TH WIDTH="100%" COLSPAN="2" NOWRAP>
<INPUT TYPE="SUBMIT" VALUE="Change User Record">
<INPUT TYPE="RESET" VALUE="Reset">
</TH>
</TR>
</TABLE>
</CENTER></DIV>
</FORM>
<?php
echo "<HR SIZE=\"2\" WIDTH=\"90%\">\n";
$query = "SELECT page, visitcount, accessdate,
date_format(accessdate, '%M, %e, %Y') as formatted_accessdate
FROM $access_log_tablename WHERE regUsername = '$regUsername'";
$result = mysql_query($query);
if(!$result) error_message(sql_error());
if(!mysql_num_rows($result))
echo "<CENTER>No access log record for $regUsername ($regUsername).</CENTER>";
else {
echo "<CENTER>Access log record(s) for $regUsername ($regUsername).</CENTER>";
?>
<DIV ALIGN="CENTER"><CENTER>
<TABLE BORDER="1" WIDTH="90%" CELLPADDING="2">
<TR>
<TH WIDTH="20%" NOWRAP>Page</TH>
<TH WIDTH="20%" NOWRAP>Hits</TH>
<TH WIDTH="30%" NOWRAP>Last Access</TH>
<TH WIDTH="30%" NOWRAP>Action</TH>
</TR>
<?php
while($query_data = mysql_fetch_array($result)) {
$page = $query_data["page"];
$visitcount = $query_data["visitcount"];
$accessdate = $query_data["accessdate"];
$formatted_accessdate = $query_data["formatted_accessdate"];
echo "<FORM METHOD=\"POST\" ACTION=\$PHP_SELF\">";
echo "<INPUT TYPE=\"HIDDEN\" NAME=\"action\"
VALUE=\"edit_log_record\">";
echo "<INPUT TYPE=\"HIDDEN\" NAME=\"regUsername\" VALUE=\"$regUsername\">";
echo "<INPUT TYPE=\"HIDDEN\" NAME=\"org_page\" VALUE=\"$page\">";
echo "<TR>\n";
echo "<TD WIDTH=\"20%\"><INPUT TYPE=\"TEXT\"
NAME=\"new_page\" SIZE=\"30\" VALUE=\"$page\"></TD>\n";
echo "<TD WIDTH=\"20%\" ALIGN=\"CENTER\">
<INPUT TYPE=\"TEXT\" NAME=\"visitcount\" SIZE=\"3\"
VALUE=\"$visitcount\"></TD>\n";
echo "<TD WIDTH=\"30%\" ALIGN=\"CENTER\">
<INPUT TYPE=\"TEXT\" NAME=\"accessdate\" SIZE=\"14\"
MAXLENGTH=\"14\" VALUE=\"$accessdate\">
<BR>$formatted_accessdate</TD>\n";
echo "<TD WIDTH=\"30%\" ALIGN=\"CENTER\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"Change\">
<INPUT TYPE=\"RESET\" VALUE=\"Reset\"></TD>\n";
echo "</TR>\n";
echo "</FORM>\n";
}
?>
</TR>
</TABLE>
</CENTER></DIV>
<?php
}
html_footer();
}
switch($action) {
case "edit_record":
edit_record();
break;
case "edit_log_record":
edit_log_record();
break;
case "delete_record":
delete_record();
break;
case "view_record":
view_record();
break;
default:
list_records();
break;
}
?>
but when somebody press the view button it should open a new window.Unforunately it doesn't and i dont know why.
if somebody know what wrong plzz help me
