2023-06-09 21:45:45 +02:00
< ? php
2023-06-10 10:13:00 +02:00
session_start ();
2023-06-09 21:45:45 +02:00
$action = $_POST [ 'action' ];
2023-06-10 09:10:10 +02:00
$config = json_decode ( file_get_contents ( " ../data/config.json " ), true );
2023-06-10 10:13:00 +02:00
if ( $_POST [ " password " ] == $config [ " admin_pwd " ] && $action == " verify " ){
echo " OK " ;
$_SESSION [ " password " ] = $_POST [ " password " ];
}
if ( ! empty ( $action ) && $_SESSION [ " password " ] == $config [ " admin_pwd " ]){
2023-06-10 09:10:10 +02:00
$mysqli = new mysqli ( $config [ " mysqlhost " ], $config [ " mysqluser " ], $config [ " mysqlpass " ], $config [ " mysqldb " ]);
2023-06-09 21:45:45 +02:00
2023-06-10 10:13:00 +02:00
if ( $action == " hassession " ){
echo " YES " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
if ( $action == " getlinks " ){
2023-06-12 16:13:17 +02:00
$stmt1 = $mysqli -> prepare ( " SELECT `LinkID`, `ContentID`, `Nickname` FROM Links; " );
2023-06-10 09:10:10 +02:00
$stmt1 -> bind_result ( $linkid , $contentid , $nickname );
$stmt1 -> execute ();
$stmt1 -> store_result ();
$out = " <table><tbody><tr><th>ID</th><th>Content ID</th><th>Nickname</th><th>Button</th></tr> " ;
while ( $stmt1 -> fetch ()) {
$id = htmlspecialchars ( $linkid );
$nickname = htmlspecialchars ( $nickname );
$contentid = htmlspecialchars ( $contentid );
2023-06-10 13:59:08 +02:00
$out = $out . " <tr><td><input id= \" addid_ $id\ " placeholder = \ " ID \" value= \" $id\ " ></ td ></ td >< td >< input id = \ " addcontentid_ $id\ " value = \ " $contentid\ " placeholder = \ " Content ID \" ></td><td><input id= \" addnickname_ $id\ " value = \ " $nickname\ " placeholder = \ " Nickname \" ></td><td><button onclick= \" uplinkthis(' $id ') \" >Update</button><button onclick= \" delthis(' $id ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
$out = $out . " <tr><td><input id= \" addid \" placeholder= \" ID \" ></td><td><input id= \" addcontentid \" placeholder= \" Content ID \" ></td><td><input id= \" addnickname \" placeholder= \" Nickname \" ></td><td><button id= \" linkadder \" onclick= \" justadd() \" >Add</button></td></tr> " ;
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
if ( $action == " deletelink " && ! empty ( $_POST [ " id " ])){
2023-06-12 16:13:17 +02:00
$stmt2 = $mysqli -> prepare ( " DELETE FROM Links WHERE `LinkID` = ?; " );
2023-06-10 09:10:10 +02:00
$stmt2 -> bind_param ( 's' , $_POST [ " id " ]);
$stmt2 -> execute ();
$stmt2 -> store_result ();
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
if ( $action == " addlink " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " contentid " ]) && ! empty ( $_POST [ " nickname " ])){
2023-06-10 09:10:10 +02:00
$stmt3 = $mysqli -> prepare ( " INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?); " );
$stmt3 -> bind_param ( 'sss' , $_POST [ " id " ], $_POST [ " contentid " ], $_POST [ " nickname " ]);
$stmt3 -> execute ();
$stmt3 -> store_result ();
2023-06-09 21:45:45 +02:00
}
if ( $action == " getcontent " ){
2023-06-12 16:13:17 +02:00
$stmt4 = $mysqli -> prepare ( " SELECT `ContentID`, `Content` FROM Content; " );
2023-06-10 13:59:08 +02:00
$stmt4 -> bind_result ( $contentid , $content );
2023-06-10 09:10:10 +02:00
$stmt4 -> execute ();
$stmt4 -> store_result ();
2023-06-10 13:59:08 +02:00
$out = " <table><tbody><tr><th>Content ID</th><th>Content</th><th>Button</th></tr> " ;
2023-06-10 09:10:10 +02:00
while ( $stmt4 -> fetch ()) {
$id = htmlspecialchars ( $contentid );
2023-06-10 13:59:08 +02:00
$content = htmlspecialchars ( $content );
$out = $out . " <tr><td><input id= \" addidc_ $id\ " placeholder = \ " Content ID \" value= \" $id\ " ></ td ></ td >< td >< textarea id = \ " addcontentc_ $id\ " placeholder = \ " Content \" > $content </textarea></td><td><button onclick= \" upcthis(' $id ') \" >Update</button><button onclick= \" delcthis(' $id ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
$out = $out . " <tr><td><input id= \" addidc \" placeholder= \" Content ID \" ></td><td><textarea id= \" addcontentc \" placeholder= \" Content \" ></textarea></td><td><button id= \" contentadder \" onclick= \" justaddc() \" >Add</button></td></tr> " ;
2023-06-10 09:10:10 +02:00
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
if ( $action == " deletecontent " && ! empty ( $_POST [ " id " ])){
2023-06-12 16:13:17 +02:00
$stmt5 = $mysqli -> prepare ( " DELETE FROM Content WHERE `ContentID` = ?; " );
2023-06-10 09:10:10 +02:00
$stmt5 -> bind_param ( 's' , $_POST [ " id " ]);
$stmt5 -> execute ();
$stmt5 -> store_result ();
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
if ( $action == " addcontent " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " content " ])){
$stmt6 = $mysqli -> prepare ( " INSERT INTO Content (`ContentID`, `Content`) VALUES (?, ?); " );
$stmt6 -> bind_param ( 'ss' , $_POST [ " id " ], $_POST [ " content " ]);
2023-06-10 09:10:10 +02:00
$stmt6 -> execute ();
$stmt6 -> store_result ();
2023-06-09 21:45:45 +02:00
}
2023-06-10 13:59:08 +02:00
if ( $action == " setlink " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " contentid " ]) && ! empty ( $_POST [ " nickname " ]) && ! empty ( $_POST [ " idwhere " ])){
$stmt9 = $mysqli -> prepare ( " UPDATE Links SET `LinkID` = ?, `ContentID` = ?, `Nickname` = ? WHERE `LinkID` = ?; " );
$stmt9 -> bind_param ( 'ssss' , $_POST [ " id " ], $_POST [ " contentid " ], $_POST [ " nickname " ], $_POST [ " idwhere " ]);
$stmt9 -> execute ();
2023-06-12 14:53:06 +02:00
$stmt9 -> store_result ();
2023-06-10 13:59:08 +02:00
}
if ( $action == " setcontent " && ! empty ( $_POST [ " id " ]) && ! empty ( $_POST [ " content " ]) && ! empty ( $_POST [ " idwhere " ])){
$stmt8 = $mysqli -> prepare ( " UPDATE Content SET `ContentID` = ?, `Content` = ? WHERE `ContentID` = ?; " );
$stmt8 -> bind_param ( 'sss' , $_POST [ " id " ], $_POST [ " content " ], $_POST [ " idwhere " ]);
$stmt8 -> execute ();
$stmt8 -> store_result ();
}
2023-06-10 09:46:33 +02:00
if ( $action == " getlog " ){
$idcko = $_POST [ " id " ];
if ( empty ( $idcko ) || $idcko == " * " ){
2023-06-12 16:14:47 +02:00
$query = " SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs ORDER BY Timestamp DESC; " ;
2023-06-10 09:46:33 +02:00
$stmt7 = $mysqli -> prepare ( $query );
}
else {
2023-06-12 16:14:47 +02:00
$query = " SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR `ContentID` = ? OR `Nickname` = ? OR `IP` = ? OR `ExtraInfo` = ? OR `Action` = ? OR `Datetime` = ? ORDER BY Timestamp DESC; " ;
2023-06-10 09:48:29 +02:00
$stmt7 = $mysqli -> prepare ( $query );
2023-06-12 14:42:42 +02:00
$stmt7 -> bind_param ( " sssssss " , $idcko , $idcko , $idcko , $idcko , $idcko , $idcko , $idcko );
2023-06-10 09:46:33 +02:00
}
2023-06-12 14:42:42 +02:00
$stmt7 -> bind_result ( $rowidx , $actionx , $extrainfox , $linkidx , $contentidx , $datetimex , $timestampx , $nicknamex , $ipx );
2023-06-10 09:10:10 +02:00
$stmt7 -> execute ();
$stmt7 -> store_result ();
2023-06-12 14:42:42 +02:00
$out = " <table><tbody><tr><th>Action</th><th>Extra info</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr> " ;
2023-06-10 09:10:10 +02:00
while ( $stmt7 -> fetch ()) {
$action = htmlspecialchars ( $actionx );
$link = htmlspecialchars ( $linkidx );
2023-06-12 14:42:42 +02:00
$extrainfo = htmlspecialchars ( $extrainfox );
2023-06-10 09:10:10 +02:00
$content = htmlspecialchars ( $contentidx );
$nickname = htmlspecialchars ( $nicknamex );
$ip = htmlspecialchars ( $ipx );
2023-06-10 10:13:00 +02:00
$rowid = htmlspecialchars ( $rowidx );
2023-06-10 09:10:10 +02:00
$datetime = htmlspecialchars ( $datetimex );
2023-06-12 14:42:42 +02:00
$out = $out . " <tr><td> $action </td><td> $extrainfo </td><td> $datetime </td><td> $nickname </td><td> $link </td><td> $content </td><td> $ip </td><td><button onclick= \" dellog(' $rowid ') \" >Delete</button></td></tr> " ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
$out = $out . " </tbody></table> " ;
echo $out ;
2023-06-09 21:45:45 +02:00
}
2023-06-10 14:12:10 +02:00
if ( $action == " clrlog " && ! empty ( $_POST [ " id " ])){
$idcko = $_POST [ " id " ];
if ( empty ( $idcko ) || $idcko == " * " ){
2023-06-12 16:13:17 +02:00
$query = " DELETE FROM Logs; " ;
2023-06-10 14:12:10 +02:00
$stmt10 = $mysqli -> prepare ( $query );
}
else {
2023-06-12 16:13:17 +02:00
$query = " DELETE FROM Logs WHERE `ID` = ?; " ;
2023-06-10 14:12:10 +02:00
$stmt10 = $mysqli -> prepare ( $query );
$stmt10 -> bind_param ( " i " , $idcko );
}
$stmt10 -> execute ();
$stmt10 -> store_result ();
2023-06-10 10:13:00 +02:00
}
2023-06-09 21:45:45 +02:00
}
2023-06-10 09:10:10 +02:00
else {
echo " ERROR " ;
}
2023-06-09 21:45:45 +02:00
?>