ordine_farmacisti/ADMIN/index.php

<?php

    session_start();

    @include '../cgi-bin/conn.conn';
    @include '../cgi-bin/functions.inc';
    @include '../cgi-bin/params.inc';

    $GLOBALS['getQ'][0]="home";
    $GLOBALS['conn'];

    $conn=@mysqli_connect($DATAhst,$DATAusr,$DATApwd,$DATAdtb);//or die("CONNECTION ERROR");
    @mysqli_set_charset($conn, "utf8");

    if(@$_GET['q']){
        $GLOBALS['getQ']=explode("/",$_GET['q']);
    }

    $BASE_URL = $BASE_URL."/ADMIN";


    if($_POST['usr'] && $_POST['pwd']){
        $q=mysqli_query($conn, "SELECT * FROM users WHERE usr='".$_POST['usr']."' AND pwd='".md5($_POST['pwd'])."'");
        if(mysqli_num_rows($q)){
            $_SESSION['ADMAUTH']=mysqli_fetch_array($q);
        }
    }

    if($getQ[0]=="logout"){
        unset($_SESSION['ADMAUTH']);
        session_destroy();
        header('Location: '.$BASE_URL);
    }

    //$_SESSION['ADMAUTH']=0;




    // TRIM ADVERTISEMENT
    $qa=mysqli_query($conn, "SELECT id,append FROM advertisement WHERE date < '".date("Y-m-d", strtotime("-3 months"))."'");
    while($ra=mysqli_fetch_array($qa)) {
        $qtf=mysqli_query($conn, "SELECT * FROM files WHERE id=".$ra['append']);
        while($rtf=mysqli_fetch_array($qtf)){
            @unlink("..".$rtf['path']."/".$rtf['filename']);
            mysqli_query($conn, "DELETE FROM files WHERE id=".$rtf['id']);
        }
        mysqli_query($conn, "DELETE FROM advertisement WHERE id = ".$ra['id']);
    }

?>



<!DOCTYPE html>
<html>
<head>

    <title>ADMIN | Ordine dei Farmacisti della Provincia di Salerno</title>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'>

    <base href="<?php echo $BASE_URL;?>/">

    <link href="<?php echo $BASE_URL;?>/../css/styles.css" rel="stylesheet" type="text/css"/>
    <link href="<?php echo $BASE_URL;?>/../css/admin.css" rel="stylesheet" type="text/css"/>
    <link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'>

</head>
<body class="admin">

    <?php
        @include 'header.php';
    ?>
    <section>
        <div id="MainContent" class="container px-2">
            <div class="row">
                <?php

                    if($_SESSION['ADMAUTH']) {
                        @include 'menu.php';
                        @include 'content.php';
                    } else {
                        @include 'login.php';
                    }

                ?>
            </div>
        </div>
    </section>

    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../node_modules/jquery/dist/jquery.min.js"></script>
    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../node_modules/jquery-colorbox/jquery.colorbox-min.js"></script>
    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../node_modules/tinymce/tinymce.min.js"></script>
    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../node_modules/jquery.datepicker-plus-css/jquery-datepicker.js"></script>
    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../node_modules/jquery-ui-datepicker-with-i18n/ui/i18n/jquery.ui.datepicker-it.js"></script>

    <script type="text/javascript" src="<?php echo $BASE_URL;?>/../js/scripts.js"></script>
    <script type="text/javascript" src="<?php echo $BASE_URL;?>/js/scripts.js"></script>


</body>
</html>


<?php
    @mysqli_close($conn);
?>