accountaccess == false) header("Location: index.php?err=You do not have permission to access account data!"); if($_GET['del']) { mysql_query("DELETE FROM `admin` WHERE `id`=".$_GET['del']); header("Location: admin.php"); } if($_POST["editId"]) { // TODO update this if(trim($_POST["password"])) mysql_query("UPDATE `admin` SET `username`='". mysql_real_escape_string($_POST['username']) ."', `password`='". hash('sha256',$_POST['password']) ."', `accountaccess`=". (($_POST['access'])?"1":"0") ." WHERE `id`=". $_POST['editId']) or die(mysql_error()); else mysql_query("UPDATE `admin` SET `username`='". mysql_real_escape_string($_POST['username']) ."', `accountaccess`=". (($_POST['access'])?"1":"0") ." WHERE `id`=". $_POST['editId']) or die(mysql_error()); header("Location: admin.php"); } if($_POST["username"] && !$_POST["editId"]) { mysql_query("INSERT INTO `admin` (`username`,`password`,`accountaccess`) VALUES ('". mysql_real_escape_string($_POST['username']) ."','". hash('sha256',$_POST['password']) ."',". (($_POST['access'])?"1":"0") .")") or die(mysql_error()); header("Location: admin.php"); } include("header.php"); ?>