2023-06-09 21:45:45 +02:00
< ? php
2023-06-10 10:13:00 +02:00
session_start ();
2023-06-09 21:45:45 +02:00
$action = $_POST [ 'action' ];
2023-06-10 09:10:10 +02:00
$config = json_decode ( file_get_contents ( " ../data/config.json " ), true );
2023-06-10 10:13:00 +02:00
if ( $_POST [ " password " ] == $config [ " admin_pwd " ] && $action == " verify " ){
echo " OK " ;
$_SESSION [ " password " ] = $_POST [ " password " ];
}
if ( ! empty ( $action ) && $_SESSION [ " password " ] == $config [ " admin_pwd " ]){
2023-06-10 09:10:10 +02:00
$mysqli = new mysqli ( $config [ " mysqlhost " ], $config [ " mysqluser " ], $config [ " mysqlpass " ], $config [ " mysqldb " ]);
2023-06-09 21:45:45 +02:00
2023-06-10 10:13:00 +02:00
if ( $action == " hassession " ){
echo " YES " ;
2023-06-09 21:45:45 +02:00
}
if ( $action == " get " ){
2023-06-10 09:10:10 +02:00
$stmt1 = $mysqli -> prepare ( " SELECT `LinkID`, `ContentID`, `Nickname` FROM Links " );
$stmt1 -> bind_result ( $linkid , $contentid , $nickname );
$stmt1 -> execute ();
$stmt1 -> store_result ();
$out = " <table><tbody><tr><th>ID</th><th>Content ID</th><th>Nickname</th><th>Button</th></tr> " ;
while ( $stmt1 -> fetch ()) {
$id = htmlspecialchars ( $linkid );
$nickname = htmlspecialchars ( $nickname );
$contentid = htmlspecialchars ( $contentid );
$out = $out . " <tr><td> $id </td><td> $contentid </td><td> $nickname </td><td><button onclick= \" delthis(' $id ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
$out = $out . " <tr><td><input id= \" addid \" placeholder= \" ID \" ></td><td><input id= \" addcontentid \" placeholder= \" Content ID \" ></td><td><input id= \" addnickname \" placeholder= \" Nickname \" ></td><td><button id= \" linkadder \" onclick= \" justadd() \" >Add</button></td></tr> " ;
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
if ( $action == " delete " && ! empty ( $_POST [ " id " ])){
2023-06-10 09:10:10 +02:00
$stmt2 = $mysqli -> prepare ( " DELETE FROM Links WHERE `LinkID` = ? " );
$stmt2 -> bind_param ( 's' , $_POST [ " id " ]);
$stmt2 -> execute ();
$stmt2 -> store_result ();
2023-06-09 21:45:45 +02:00
}
if ( $action == " set " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " contentid " ]) && ! empty ( $_POST [ " nickname " ])){
2023-06-10 09:10:10 +02:00
$stmt3 = $mysqli -> prepare ( " INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?); " );
$stmt3 -> bind_param ( 'sss' , $_POST [ " id " ], $_POST [ " contentid " ], $_POST [ " nickname " ]);
$stmt3 -> execute ();
$stmt3 -> store_result ();
2023-06-09 21:45:45 +02:00
}
if ( $action == " getcontent " ){
2023-06-10 11:04:08 +02:00
$stmt4 = $mysqli -> prepare ( " SELECT `ContentID`, `Type`, `Content` FROM Content " );
$stmt4 -> bind_result ( $contentid , $type , $content );
2023-06-10 09:10:10 +02:00
$stmt4 -> execute ();
$stmt4 -> store_result ();
2023-06-10 11:08:49 +02:00
$out = " <table><tbody><tr><th>Content ID</th><th>Content</th><th>MIME type</th><th>Button</th></tr> " ;
2023-06-10 09:10:10 +02:00
while ( $stmt4 -> fetch ()) {
$id = htmlspecialchars ( $contentid );
2023-06-10 11:04:08 +02:00
if ( empty ( $type )){
$content = htmlspecialchars ( $content );
2023-06-10 11:08:49 +02:00
$type = " Normal text " ;
2023-06-10 11:04:08 +02:00
}
else {
$content = " Binary data " ;
}
2023-06-10 11:08:49 +02:00
$out = $out . " <tr><td> $id </td><td> $content </td><td> $type </td><td><button onclick= \" delcthis(' $id ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 11:04:08 +02:00
$out = $out . " <tr><td><input id= \" addidc \" placeholder= \" Content ID \" ></td><td><textarea id= \" addcontentc \" placeholder= \" Content \" ></textarea></td><td><input id= \" addtypec \" placeholder= \" MIME Type(when set the data must be Base64) \" ></td></td><td><button id= \" contentadder \" onclick= \" justaddc() \" >Add</button></td></tr> " ;
2023-06-10 09:10:10 +02:00
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
if ( $action == " deletecontent " && ! empty ( $_POST [ " id " ])){
2023-06-10 09:10:10 +02:00
$stmt5 = $mysqli -> prepare ( " DELETE FROM Content WHERE `ContentID` = ? " );
$stmt5 -> bind_param ( 's' , $_POST [ " id " ]);
$stmt5 -> execute ();
$stmt5 -> store_result ();
2023-06-09 21:45:45 +02:00
}
if ( $action == " setcontent " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " content " ])){
2023-06-10 11:04:08 +02:00
$stmt6 = $mysqli -> prepare ( " INSERT INTO Content (`ContentID`, `Type`, `Content`) VALUES (?, ?, ?); " );
if ( ! empty ( $_POST [ " type " ])){
$decoded = base64_decode ( $_POST [ " content " ]);
$stmt6 -> bind_param ( 'sss' , $_POST [ " id " ], $_POST [ " type " ], $decoded );
}
else {
$stmt6 -> bind_param ( 'sss' , $_POST [ " id " ], " " , $_POST [ " content " ]);
}
2023-06-10 09:10:10 +02:00
$stmt6 -> execute ();
$stmt6 -> store_result ();
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:46:33 +02:00
if ( $action == " getlog " ){
$idcko = $_POST [ " id " ];
if ( empty ( $idcko ) || $idcko == " * " ){
$query = " SELECT `ID`, `Action`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs " ;
$stmt7 = $mysqli -> prepare ( $query );
}
else {
$query = " SELECT `ID`, `Action`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? " ;
2023-06-10 09:48:29 +02:00
$stmt7 = $mysqli -> prepare ( $query );
2023-06-10 09:46:33 +02:00
$stmt7 -> bind_param ( " s " , $idcko );
}
2023-06-10 09:10:10 +02:00
$stmt7 -> bind_result ( $rowidx , $actionx , $linkidx , $contentidx , $datetimex , $timestampx , $nicknamex , $ipx );
$stmt7 -> execute ();
$stmt7 -> store_result ();
2023-06-10 10:13:00 +02:00
$out = " <table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr> " ;
2023-06-10 09:10:10 +02:00
while ( $stmt7 -> fetch ()) {
$action = htmlspecialchars ( $actionx );
$link = htmlspecialchars ( $linkidx );
$content = htmlspecialchars ( $contentidx );
$nickname = htmlspecialchars ( $nicknamex );
$ip = htmlspecialchars ( $ipx );
2023-06-10 10:13:00 +02:00
$rowid = htmlspecialchars ( $rowidx );
2023-06-10 09:10:10 +02:00
$datetime = htmlspecialchars ( $datetimex );
2023-06-10 10:13:00 +02:00
$out = $out . " <tr><td> $action </td><td> $datetime </td><td> $nickname </td><td> $link </td><td> $content </td><td> $ip </td><td><button onclick= \" dellog(' $rowid ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 10:13:00 +02:00
if ( $action == " deletelog " && ! empty ( $_POST [ " id " ])){
$stmt5 = $mysqli -> prepare ( " DELETE FROM Logs WHERE `ID` = ? " );
$stmt5 -> bind_param ( 'i' , $_POST [ " id " ]);
$stmt5 -> execute ();
$stmt5 -> store_result ();
}
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
else {
echo " ERROR " ;
}
2023-06-09 21:45:45 +02:00
?>