Add sessions and log deleting

2023-06-10 10:13:00 +02:00 · 2023-06-10 10:13:00 +02:00 · 5834a92a3f
commit 5834a92a3f
parent 2e2a56a751
2 changed files with 51 additions and 20 deletions
--- a/admin/api.php
+++ b/admin/api.php
@ -1,11 +1,18 @@
 <?php
+session_start();
 $action = $_POST['action'];
 $config = json_decode(file_get_contents("../data/config.json"), true);
-if (!empty($action) && $_POST["password"] == $config["admin_pwd"]){
+
+if ($_POST["password"] == $config["admin_pwd"] && $action == "verify"){
+    echo "OK";
+    $_SESSION["password"] = $_POST["password"];
+}
+
+if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){
    $mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]);

-    if ($action == "verify"){
-        echo "OK";
+    if ($action == "hassession"){
+        echo "YES";
    }

    if ($action == "get"){
@ -83,19 +90,26 @@ if (!empty($action) && $_POST["password"] == $config["admin_pwd"]){
        $stmt7->bind_result ($rowidx, $actionx, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);
        $stmt7->execute();
        $stmt7->store_result();
-        $out = "<table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th></tr>";
+        $out = "<table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";
        while ($stmt7->fetch()) {
            $action = htmlspecialchars($actionx);
            $link = htmlspecialchars($linkidx);
            $content = htmlspecialchars($contentidx);
            $nickname = htmlspecialchars($nicknamex);
            $ip = htmlspecialchars($ipx);
+            $rowid = htmlspecialchars($rowidx);
            $datetime = htmlspecialchars($datetimex);
-            $out = $out . "<tr><td>$action</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td></tr>";
+            $out = $out . "<tr><td>$action</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";
        }
        $out = $out . "</tbody></table>";
        echo $out;
    }
+    if ($action == "deletelog" && !empty($_POST["id"])){
+        $stmt5 = $mysqli->prepare("DELETE FROM Logs WHERE `ID` = ?");
+        $stmt5->bind_param('i', $_POST["id"]);
+        $stmt5->execute();
+        $stmt5->store_result();
+    }

 }
 else{
--- a/admin/index.html
+++ b/admin/index.html
@ -48,7 +48,6 @@
            $.post("api.php", 
            {
                action: "deletecontent", 
-                password: password, 
                id: name
            }, function( data ) {
                getcontents();
@ -58,8 +57,7 @@
        function getcontents(){
            $.post("api.php", 
            {
-                action: "getcontent", 
-                password: password
+                action: "getcontent"
            }, function( data ) {
                $("#contentlist").html(data);

@ -82,13 +80,32 @@
            $.post("api.php", 
            {
                action: "delete", 
-                password: password, 
                id: name
            }, function( data ) {
                getlinks();
            });
        }

+        function dellog(name){
+            $.post("api.php", 
+            {
+                action: "deletelog", 
+                id: name
+            }, function( data ) {
+                getlog();
+            });
+        }
+
+        function loadmgmt() {
+            getlinks();
+            getcontents();
+            getlog();
+            $("#pwdentry").fadeOut("fast", function(){
+                $("#indexmanagement").fadeIn("fast", function(){
+                });
+            });
+        }
+
        function verifyPassword(){
            password = $("#pwdbox").val();
            $.post("api.php", 
@ -97,13 +114,7 @@
                password: password
            }, function( data ) {
                if (data == "OK"){
-                    getlinks();
-                    getcontents();
-                    getlog();
-                    $("#pwdentry").fadeOut("slow", function(){
-                        $("#indexmanagement").fadeIn("slow", function(){
-                        });
-                    });
+                    loadmgmt();
                }
            });
        }
@ -111,8 +122,7 @@
        function getlinks(){
            $.post("api.php", 
            {
-                action: "get", 
-                password: password
+                action: "get"
            }, function( data ) {
                $("#linkslist").html(data);
                $("#addnickname").keyup(function(event) {
@ -139,8 +149,7 @@
            let id = $("#logid").val();
            $.post("api.php", 
            {
-                action: "getlog", 
-                password: password,
+                action: "getlog",
                id: id
            }, function( data ) {
                $("#loglist").html(data);
@ -152,6 +161,14 @@
            $("#submitpwd").click(verifyPassword);
            $("#logget").click(getlog);

+            $.post("api.php", 
+            {
+                action: "hassession"
+            }, function( data ) {
+                if (data == "YES"){
+                    loadmgmt();
+                }
+            });

            $("#logid").keyup(function(event) {
                if (event.keyCode === 13) {