From 5834a92a3f8fb11ebd28041dc36aba59f1557f7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= <bruno@brn.systems>
Date: Sat, 10 Jun 2023 10:13:00 +0200
Subject: [PATCH] Add sessions and log deleting

---
 admin/api.php    | 24 +++++++++++++++++++-----
 admin/index.html | 47 ++++++++++++++++++++++++++++++++---------------
 2 files changed, 51 insertions(+), 20 deletions(-)
diff --git a/admin/api.php b/admin/api.php
index 60421b8..b40de78 100644
--- a/admin/api.php
+++ b/admin/api.php
@@ -1,11 +1,18 @@
 <?php
+session_start();
 $action = $_POST['action'];
 $config = json_decode(file_get_contents("../data/config.json"), true);
-if (!empty($action) && $_POST["password"] == $config["admin_pwd"]){
+
+if ($_POST["password"] == $config["admin_pwd"] && $action == "verify"){
+    echo "OK";
+    $_SESSION["password"] = $_POST["password"];
+}
+
+if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){
     $mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]);
 
-    if ($action == "verify"){
-        echo "OK";
+    if ($action == "hassession"){
+        echo "YES";
     }
 
     if ($action == "get"){
@@ -83,19 +90,26 @@ if (!empty($action) && $_POST["password"] == $config["admin_pwd"]){
         $stmt7->bind_result ($rowidx, $actionx, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);
         $stmt7->execute();
         $stmt7->store_result();
-        $out = "<table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th></tr>";
+        $out = "<table><tbody><tr><th>Action</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";
         while ($stmt7->fetch()) {
             $action = htmlspecialchars($actionx);
             $link = htmlspecialchars($linkidx);
             $content = htmlspecialchars($contentidx);
             $nickname = htmlspecialchars($nicknamex);
             $ip = htmlspecialchars($ipx);
+            $rowid = htmlspecialchars($rowidx);
             $datetime = htmlspecialchars($datetimex);
-            $out = $out . "<tr><td>$action</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td></tr>";
+            $out = $out . "<tr><td>$action</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";
         }
         $out = $out . "</tbody></table>";
         echo $out;
     }
+    if ($action == "deletelog" && !empty($_POST["id"])){
+        $stmt5 = $mysqli->prepare("DELETE FROM Logs WHERE `ID` = ?");
+        $stmt5->bind_param('i', $_POST["id"]);
+        $stmt5->execute();
+        $stmt5->store_result();
+    }
 
 }
 else{
diff --git a/admin/index.html b/admin/index.html
index 134528d..0eeb038 100644
--- a/admin/index.html
+++ b/admin/index.html
@@ -48,7 +48,6 @@
             $.post("api.php", 
             {
                 action: "deletecontent", 
-                password: password, 
                 id: name
             }, function( data ) {
                 getcontents();
@@ -58,8 +57,7 @@
         function getcontents(){
             $.post("api.php", 
             {
-                action: "getcontent", 
-                password: password
+                action: "getcontent"
             }, function( data ) {
                 $("#contentlist").html(data);
 
@@ -82,13 +80,32 @@
             $.post("api.php", 
             {
                 action: "delete", 
-                password: password, 
                 id: name
             }, function( data ) {
                 getlinks();
             });
         }
 
+        function dellog(name){
+            $.post("api.php", 
+            {
+                action: "deletelog", 
+                id: name
+            }, function( data ) {
+                getlog();
+            });
+        }
+
+        function loadmgmt() {
+            getlinks();
+            getcontents();
+            getlog();
+            $("#pwdentry").fadeOut("fast", function(){
+                $("#indexmanagement").fadeIn("fast", function(){
+                });
+            });
+        }
+
         function verifyPassword(){
             password = $("#pwdbox").val();
             $.post("api.php", 
@@ -97,13 +114,7 @@
                 password: password
             }, function( data ) {
                 if (data == "OK"){
-                    getlinks();
-                    getcontents();
-                    getlog();
-                    $("#pwdentry").fadeOut("slow", function(){
-                        $("#indexmanagement").fadeIn("slow", function(){
-                        });
-                    });
+                    loadmgmt();
                 }
             });
         }
@@ -111,8 +122,7 @@
         function getlinks(){
             $.post("api.php", 
             {
-                action: "get", 
-                password: password
+                action: "get"
             }, function( data ) {
                 $("#linkslist").html(data);
                 $("#addnickname").keyup(function(event) {
@@ -139,8 +149,7 @@
             let id = $("#logid").val();
             $.post("api.php", 
             {
-                action: "getlog", 
-                password: password,
+                action: "getlog",
                 id: id
             }, function( data ) {
                 $("#loglist").html(data);
@@ -152,6 +161,14 @@
             $("#submitpwd").click(verifyPassword);
             $("#logget").click(getlog);
 
+            $.post("api.php", 
+            {
+                action: "hassession"
+            }, function( data ) {
+                if (data == "YES"){
+                    loadmgmt();
+                }
+            });
 
             $("#logid").keyup(function(event) {
                 if (event.keyCode === 13) {

Action	Date and Time	Nickname	Link	Content	IP	Button
$action	$datetime	$nickname	$link	$content	$ip
$action	$datetime	$nickname	$link	$content	$ip