contentdispenser/admin/api.php

<?php
session_start();
$action = $_POST['action'];
$config = json_decode(file_get_contents("../data/config.json"), true);

if ($_POST["password"] == $config["admin_pwd"] && $action == "verify"){
    echo "OK";
    $_SESSION["password"] = $_POST["password"];
}

if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){
    $mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]);

    if ($action == "hassession"){
        echo "YES";
    }

    if ($action == "getlinks"){
        $stmt1 = $mysqli->prepare("SELECT `LinkID`, `ContentID`, `Nickname` FROM Links;");
        $stmt1->bind_result($linkid, $contentid, $nickname);
        $stmt1->execute();
        $stmt1->store_result();
        $out = "<table><tbody><tr><th>ID</th><th>Content ID</th><th>Nickname</th><th>Button</th></tr>";
        while ($stmt1->fetch()) {
            $id = htmlspecialchars($linkid);
            $nickname = htmlspecialchars($nickname);
            $contentid = htmlspecialchars($contentid);
            $out = $out . "<tr><td><input id=\"addid_$id\" placeholder=\"ID\" value=\"$id\"></td></td><td><input id=\"addcontentid_$id\" value=\"$contentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname_$id\" value=\"$nickname\" placeholder=\"Nickname\"></td><td><button onclick=\"uplinkthis('$id')\">Update</button><button onclick=\"delthis('$id')\">Delete</button></td></tr>";
        }
        $out = $out . "<tr><td><input id=\"addid\" placeholder=\"ID\"></td><td><input id=\"addcontentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname\" placeholder=\"Nickname\"></td><td><button id=\"linkadder\" onclick=\"justadd()\">Add</button></td></tr>";
        $out = $out . "</tbody></table>";
        echo $out;
    }

    if ($action == "deletelink" && !empty($_POST["id"])){
        $stmt2 = $mysqli->prepare("DELETE FROM Links WHERE `LinkID` = ?;");
        $stmt2->bind_param('s', $_POST["id"]);
        $stmt2->execute();
        $stmt2->store_result();
    }
    
    if ($action == "addlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"])){
        $stmt3 = $mysqli->prepare("INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?);");
        $stmt3->bind_param('sss', $_POST["id"], $_POST["contentid"], $_POST["nickname"]);
        $stmt3->execute();
        $stmt3->store_result();
    }

    if ($action == "getcontent"){
        $stmt4 = $mysqli->prepare("SELECT `ContentID`, `Content` FROM Content;");
        $stmt4->bind_result ($contentid, $content);
        $stmt4->execute();
        $stmt4->store_result();
        $out = "<table><tbody><tr><th>Content ID</th><th>Content</th><th>Button</th></tr>";
        while ($stmt4->fetch()) {
            $id = htmlspecialchars($contentid);
            $content = htmlspecialchars($content);

            $out = $out . "<tr><td><input id=\"addidc_$id\" placeholder=\"Content ID\" value=\"$id\"></td></td><td><textarea id=\"addcontentc_$id\" placeholder=\"Content\">$content</textarea></td><td><button onclick=\"upcthis('$id')\">Update</button><button onclick=\"delcthis('$id')\">Delete</button></td></tr>";
        }
        $out = $out . "<tr><td><input id=\"addidc\" placeholder=\"Content ID\"></td><td><textarea id=\"addcontentc\" placeholder=\"Content\"></textarea></td><td><button id=\"contentadder\" onclick=\"justaddc()\">Add</button></td></tr>";
        $out = $out . "</tbody></table>";
        echo $out;
    }

    if ($action == "deletecontent" && !empty($_POST["id"])){
        $stmt5 = $mysqli->prepare("DELETE FROM Content WHERE `ContentID` = ?;");
        $stmt5->bind_param('s', $_POST["id"]);
        $stmt5->execute();
        $stmt5->store_result();
    }
    
    if ($action == "addcontent" && !empty($_POST["id"]) && !empty($_POST["content"])){
        $stmt6 = $mysqli->prepare("INSERT INTO Content (`ContentID`,  `Content`) VALUES (?, ?);");
        $stmt6->bind_param('ss', $_POST["id"], $_POST["content"]);
        $stmt6->execute();
        $stmt6->store_result();
    }

    if ($action == "setlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"]) && !empty($_POST["idwhere"])){
        $stmt9 = $mysqli->prepare("UPDATE Links SET `LinkID` = ?, `ContentID` = ?, `Nickname` = ? WHERE `LinkID` = ?;");
        $stmt9->bind_param('ssss', $_POST["id"], $_POST["contentid"], $_POST["nickname"], $_POST["idwhere"]);
        $stmt9->execute();
        $stmt9->store_result();
    }

    if ($action == "setcontent" && !empty($_POST["id"]) && !empty($_POST["content"]) && !empty($_POST["idwhere"])){
        $stmt8 = $mysqli->prepare("UPDATE Content SET `ContentID` = ?, `Content` = ? WHERE `ContentID` = ?;");
        $stmt8->bind_param('sss', $_POST["id"], $_POST["content"], $_POST["idwhere"]);
        $stmt8->execute();
        $stmt8->store_result();
    }

    if ($action == "getlog"){
        $idcko = $_POST["id"];
        if (empty($idcko)||$idcko == "*"){
            $query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs ORDER BY Timestamp DESC;";
            $stmt7 = $mysqli->prepare($query);
        }
        else{
            $query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR `ContentID` = ? OR `Nickname` = ? OR `IP` = ? OR `ExtraInfo` = ? OR `Action` = ? OR `Datetime` = ?  ORDER BY Timestamp DESC;";
            $stmt7 = $mysqli->prepare($query);
            $stmt7->bind_param("sssssss", $idcko, $idcko, $idcko, $idcko, $idcko, $idcko, $idcko);
        }
        $stmt7->bind_result ($rowidx, $actionx, $extrainfox, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);
        $stmt7->execute();
        $stmt7->store_result();
        $out = "<table><tbody><tr><th>Action</th><th>Extra info</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";
        while ($stmt7->fetch()) {
            $action = htmlspecialchars($actionx);
            $link = htmlspecialchars($linkidx);
            $extrainfo = htmlspecialchars($extrainfox);
            $content = htmlspecialchars($contentidx);
            $nickname = htmlspecialchars($nicknamex);
            $ip = htmlspecialchars($ipx);
            $rowid = htmlspecialchars($rowidx);
            $datetime = htmlspecialchars($datetimex);
            $out = $out . "<tr><td>$action</td><td>$extrainfo</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";
        }
        $out = $out . "</tbody></table>";
        echo $out;
    }

    if ($action == "clrlog" && !empty($_POST["id"])){
        $idcko = $_POST["id"];
        if (empty($idcko)||$idcko == "*"){
            $query = "DELETE FROM Logs;";
            $stmt10 = $mysqli->prepare($query);
        }
        else{
            $query = "DELETE FROM Logs WHERE `ID` = ?;";
            $stmt10 = $mysqli->prepare($query);
            $stmt10->bind_param("i", $idcko);
        }
        $stmt10->execute();
        $stmt10->store_result();
    }

}
else{
    echo "ERROR";
}
?>
update 2023-06-09 21:45:45 +02:00			`<?php`
Add sessions and log deleting 2023-06-10 10:13:00 +02:00			`session_start();`
update 2023-06-09 21:45:45 +02:00			`$action = $_POST['action'];`
update to mysql 2023-06-10 09:10:10 +02:00			`$config = json_decode(file_get_contents("../data/config.json"), true);`
Add sessions and log deleting 2023-06-10 10:13:00 +02:00
			`if ($_POST["password"] == $config["admin_pwd"] && $action == "verify"){`
			`echo "OK";`
			`$_SESSION["password"] = $_POST["password"];`
			`}`

			`if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){`
update to mysql 2023-06-10 09:10:10 +02:00			`$mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]);`
update 2023-06-09 21:45:45 +02:00
Add sessions and log deleting 2023-06-10 10:13:00 +02:00			`if ($action == "hassession"){`
			`echo "YES";`
update 2023-06-09 21:45:45 +02:00			`}`

add editability 2023-06-10 13:59:08 +02:00			`if ($action == "getlinks"){`
edit api.php 2023-06-12 16:13:17 +02:00			$stmt1 = $mysqli->prepare("SELECT `LinkID`, `ContentID`, `Nickname` FROM Links;");
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt1->bind_result($linkid, $contentid, $nickname);`
			`$stmt1->execute();`
			`$stmt1->store_result();`
			`$out = "<table><tbody><tr><th>ID</th><th>Content ID</th><th>Nickname</th><th>Button</th></tr>";`
			`while ($stmt1->fetch()) {`
			`$id = htmlspecialchars($linkid);`
			`$nickname = htmlspecialchars($nickname);`
			`$contentid = htmlspecialchars($contentid);`
add editability 2023-06-10 13:59:08 +02:00			`$out = $out . "<tr><td><input id=\"addid_$id\" placeholder=\"ID\" value=\"$id\"></td></td><td><input id=\"addcontentid_$id\" value=\"$contentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname_$id\" value=\"$nickname\" placeholder=\"Nickname\"></td><td><button onclick=\"uplinkthis('$id')\">Update</button><button onclick=\"delthis('$id')\">Delete</button></td></tr>";`
update 2023-06-09 21:45:45 +02:00			`}`
update to mysql 2023-06-10 09:10:10 +02:00			`$out = $out . "<tr><td><input id=\"addid\" placeholder=\"ID\"></td><td><input id=\"addcontentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname\" placeholder=\"Nickname\"></td><td><button id=\"linkadder\" onclick=\"justadd()\">Add</button></td></tr>";`
			`$out = $out . "</tbody></table>";`
			`echo $out;`
update 2023-06-09 21:45:45 +02:00			`}`

add editability 2023-06-10 13:59:08 +02:00			`if ($action == "deletelink" && !empty($_POST["id"])){`
edit api.php 2023-06-12 16:13:17 +02:00			$stmt2 = $mysqli->prepare("DELETE FROM Links WHERE `LinkID` = ?;");
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt2->bind_param('s', $_POST["id"]);`
			`$stmt2->execute();`
			`$stmt2->store_result();`
update 2023-06-09 21:45:45 +02:00			`}`

add editability 2023-06-10 13:59:08 +02:00			`if ($action == "addlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"])){`
update to mysql 2023-06-10 09:10:10 +02:00			$stmt3 = $mysqli->prepare("INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?);");
			`$stmt3->bind_param('sss', $_POST["id"], $_POST["contentid"], $_POST["nickname"]);`
			`$stmt3->execute();`
			`$stmt3->store_result();`
update 2023-06-09 21:45:45 +02:00			`}`

			`if ($action == "getcontent"){`
edit api.php 2023-06-12 16:13:17 +02:00			$stmt4 = $mysqli->prepare("SELECT `ContentID`, `Content` FROM Content;");
add editability 2023-06-10 13:59:08 +02:00			`$stmt4->bind_result ($contentid, $content);`
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt4->execute();`
			`$stmt4->store_result();`
add editability 2023-06-10 13:59:08 +02:00			`$out = "<table><tbody><tr><th>Content ID</th><th>Content</th><th>Button</th></tr>";`
update to mysql 2023-06-10 09:10:10 +02:00			`while ($stmt4->fetch()) {`
			`$id = htmlspecialchars($contentid);`
add editability 2023-06-10 13:59:08 +02:00			`$content = htmlspecialchars($content);`

			`$out = $out . "<tr><td><input id=\"addidc_$id\" placeholder=\"Content ID\" value=\"$id\"></td></td><td><textarea id=\"addcontentc_$id\" placeholder=\"Content\">$content</textarea></td><td><button onclick=\"upcthis('$id')\">Update</button><button onclick=\"delcthis('$id')\">Delete</button></td></tr>";`
update 2023-06-09 21:45:45 +02:00			`}`
add editability 2023-06-10 13:59:08 +02:00			`$out = $out . "<tr><td><input id=\"addidc\" placeholder=\"Content ID\"></td><td><textarea id=\"addcontentc\" placeholder=\"Content\"></textarea></td><td><button id=\"contentadder\" onclick=\"justaddc()\">Add</button></td></tr>";`
update to mysql 2023-06-10 09:10:10 +02:00			`$out = $out . "</tbody></table>";`
			`echo $out;`
update 2023-06-09 21:45:45 +02:00			`}`

			`if ($action == "deletecontent" && !empty($_POST["id"])){`
edit api.php 2023-06-12 16:13:17 +02:00			$stmt5 = $mysqli->prepare("DELETE FROM Content WHERE `ContentID` = ?;");
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt5->bind_param('s', $_POST["id"]);`
			`$stmt5->execute();`
			`$stmt5->store_result();`
update 2023-06-09 21:45:45 +02:00			`}`

add editability 2023-06-10 13:59:08 +02:00			`if ($action == "addcontent" && !empty($_POST["id"]) && !empty($_POST["content"])){`
			$stmt6 = $mysqli->prepare("INSERT INTO Content (`ContentID`, `Content`) VALUES (?, ?);");
			`$stmt6->bind_param('ss', $_POST["id"], $_POST["content"]);`
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt6->execute();`
			`$stmt6->store_result();`
update 2023-06-09 21:45:45 +02:00			`}`

add editability 2023-06-10 13:59:08 +02:00			`if ($action == "setlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"]) && !empty($_POST["idwhere"])){`
			$stmt9 = $mysqli->prepare("UPDATE Links SET `LinkID` = ?, `ContentID` = ?, `Nickname` = ? WHERE `LinkID` = ?;");
			`$stmt9->bind_param('ssss', $_POST["id"], $_POST["contentid"], $_POST["nickname"], $_POST["idwhere"]);`
			`$stmt9->execute();`
fix another typo 2023-06-12 14:53:06 +02:00			`$stmt9->store_result();`
add editability 2023-06-10 13:59:08 +02:00			`}`

			`if ($action == "setcontent" && !empty($_POST["id"]) && !empty($_POST["content"]) && !empty($_POST["idwhere"])){`
			$stmt8 = $mysqli->prepare("UPDATE Content SET `ContentID` = ?, `Content` = ? WHERE `ContentID` = ?;");
			`$stmt8->bind_param('sss', $_POST["id"], $_POST["content"], $_POST["idwhere"]);`
			`$stmt8->execute();`
			`$stmt8->store_result();`
			`}`

fix log 2023-06-10 09:46:33 +02:00			`if ($action == "getlog"){`
			`$idcko = $_POST["id"];`
			`if (empty($idcko)\|\|$idcko == "*"){`
fix typo 2023-06-12 16:14:47 +02:00			$query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs ORDER BY Timestamp DESC;";
fix log 2023-06-10 09:46:33 +02:00			`$stmt7 = $mysqli->prepare($query);`
			`}`
			`else{`
fix typo 2023-06-12 16:14:47 +02:00			$query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR `ContentID` = ? OR `Nickname` = ? OR `IP` = ? OR `ExtraInfo` = ? OR `Action` = ? OR `Datetime` = ? ORDER BY Timestamp DESC;";
fix my stupidity 2023-06-10 09:48:29 +02:00			`$stmt7 = $mysqli->prepare($query);`
add action logging 2023-06-12 14:42:42 +02:00			`$stmt7->bind_param("sssssss", $idcko, $idcko, $idcko, $idcko, $idcko, $idcko, $idcko);`
fix log 2023-06-10 09:46:33 +02:00			`}`
add action logging 2023-06-12 14:42:42 +02:00			`$stmt7->bind_result ($rowidx, $actionx, $extrainfox, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);`
update to mysql 2023-06-10 09:10:10 +02:00			`$stmt7->execute();`
			`$stmt7->store_result();`
add action logging 2023-06-12 14:42:42 +02:00			`$out = "<table><tbody><tr><th>Action</th><th>Extra info</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";`
update to mysql 2023-06-10 09:10:10 +02:00			`while ($stmt7->fetch()) {`
			`$action = htmlspecialchars($actionx);`
			`$link = htmlspecialchars($linkidx);`
add action logging 2023-06-12 14:42:42 +02:00			`$extrainfo = htmlspecialchars($extrainfox);`
update to mysql 2023-06-10 09:10:10 +02:00			`$content = htmlspecialchars($contentidx);`
			`$nickname = htmlspecialchars($nicknamex);`
			`$ip = htmlspecialchars($ipx);`
Add sessions and log deleting 2023-06-10 10:13:00 +02:00			`$rowid = htmlspecialchars($rowidx);`
update to mysql 2023-06-10 09:10:10 +02:00			`$datetime = htmlspecialchars($datetimex);`
add action logging 2023-06-12 14:42:42 +02:00			`$out = $out . "<tr><td>$action</td><td>$extrainfo</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";`
update 2023-06-09 21:45:45 +02:00			`}`
update to mysql 2023-06-10 09:10:10 +02:00			`$out = $out . "</tbody></table>";`
			`echo $out;`
update 2023-06-09 21:45:45 +02:00			`}`
log clear add 2023-06-10 14:12:10 +02:00
			`if ($action == "clrlog" && !empty($_POST["id"])){`
			`$idcko = $_POST["id"];`
			`if (empty($idcko)\|\|$idcko == "*"){`
edit api.php 2023-06-12 16:13:17 +02:00			`$query = "DELETE FROM Logs;";`
log clear add 2023-06-10 14:12:10 +02:00			`$stmt10 = $mysqli->prepare($query);`
			`}`
			`else{`
edit api.php 2023-06-12 16:13:17 +02:00			$query = "DELETE FROM Logs WHERE `ID` = ?;";
log clear add 2023-06-10 14:12:10 +02:00			`$stmt10 = $mysqli->prepare($query);`
			`$stmt10->bind_param("i", $idcko);`
			`}`
			`$stmt10->execute();`
			`$stmt10->store_result();`
Add sessions and log deleting 2023-06-10 10:13:00 +02:00			`}`
update 2023-06-09 21:45:45 +02:00
			`}`
update to mysql 2023-06-10 09:10:10 +02:00			`else{`
			`echo "ERROR";`
			`}`
update 2023-06-09 21:45:45 +02:00			`?>`