diff --git a/admin/api.php b/admin/api.php index 9bbb386..0242590 100644 --- a/admin/api.php +++ b/admin/api.php @@ -1,106 +1,95 @@ IDContent IDNicknameButton"; - foreach($stranky as $idx => $arr) { - $id = htmlspecialchars($idx); - $nickname = htmlspecialchars($arr["nickname"]); - $contentid = htmlspecialchars($arr["contentid"]); - $out = $out . "$id$contentid$nickname"; - } - $out = $out . ""; - $out = $out . ""; - echo $out; + $stmt1 = $mysqli->prepare("SELECT `LinkID`, `ContentID`, `Nickname` FROM Links"); + $stmt1->bind_result($linkid, $contentid, $nickname); + $stmt1->execute(); + $stmt1->store_result(); + $out = ""; + while ($stmt1->fetch()) { + $id = htmlspecialchars($linkid); + $nickname = htmlspecialchars($nickname); + $contentid = htmlspecialchars($contentid); + $out = $out . ""; } + $out = $out . ""; + $out = $out . "
IDContent IDNicknameButton
$id$contentid$nickname
"; + echo $out; } if ($action == "delete" && !empty($_POST["id"])){ - if ($_POST["password"] == $config["admin_pwd"]){ - $stranky = json_decode(file_get_contents("../data/pageindex.json"), true); - unset($stranky[$_POST["id"]]); - file_put_contents("../data/pageindex.json", json_encode($stranky, JSON_PRETTY_PRINT)); - } + $stmt2 = $mysqli->prepare("DELETE FROM Links WHERE `LinkID` = ?"); + $stmt2->bind_param('s', $_POST["id"]); + $stmt2->execute(); + $stmt2->store_result(); } if ($action == "set" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"])){ - if ($_POST["password"] == $config["admin_pwd"]){ - $stranky = json_decode(file_get_contents("../data/pageindex.json"), true); - $tmp = array("contentid"=>$_POST["contentid"], "nickname"=>$_POST["nickname"]); - $stranky[$_POST["id"]] = $tmp; - file_put_contents("../data/pageindex.json", json_encode($stranky, JSON_PRETTY_PRINT)); - } + $stmt3 = $mysqli->prepare("INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?);"); + $stmt3->bind_param('sss', $_POST["id"], $_POST["contentid"], $_POST["nickname"]); + $stmt3->execute(); + $stmt3->store_result(); } if ($action == "getcontent"){ - if(!file_exists("../data/contents.json")){ - file_put_contents("../data/contents.json", "{}"); - } - if ($_POST["password"] == $config["admin_pwd"]){ - $contents = json_decode(file_get_contents("../data/contents.json"), true); - $out = ""; - foreach($contents as $idx => $content) { - $id = htmlspecialchars($idx); - $content = htmlspecialchars($content); - $out = $out . ""; - } - $out = $out . ""; - $out = $out . "
Content IDContentButton
$id$content
"; - echo $out; + $stmt4 = $mysqli->prepare("SELECT `ContentID`, `Content` FROM Content"); + $stmt4->bind_result ($contentid, $content); + $stmt4->execute(); + $stmt4->store_result(); + $out = ""; + while ($stmt4->fetch()) { + $id = htmlspecialchars($contentid); + $content = htmlspecialchars($content); + $out = $out . ""; } + $out = $out . ""; + $out = $out . "
Content IDContentButton
$id$content
"; + echo $out; } if ($action == "deletecontent" && !empty($_POST["id"])){ - if ($_POST["password"] == $config["admin_pwd"]){ - $contents = json_decode(file_get_contents("../data/contents.json"), true); - unset($contents[$_POST["id"]]); - file_put_contents("../data/contents.json", json_encode($contents, JSON_PRETTY_PRINT)); - } + $stmt5 = $mysqli->prepare("DELETE FROM Content WHERE `ContentID` = ?"); + $stmt5->bind_param('s', $_POST["id"]); + $stmt5->execute(); + $stmt5->store_result(); } if ($action == "setcontent" && !empty($_POST["id"]) && !empty($_POST["content"])){ - if ($_POST["password"] == $config["admin_pwd"]){ - $contents = json_decode(file_get_contents("../data/contents.json"), true); - $contents[$_POST["id"]] = $_POST["content"]; - file_put_contents("../data/contents.json", json_encode($contents, JSON_PRETTY_PRINT)); - } + $stmt6 = $mysqli->prepare("INSERT INTO Content (`ContentID`, `Content`) VALUES (?, ?);"); + $stmt6->bind_param('ss', $_POST["id"], $_POST["content"]); + $stmt6->execute(); + $stmt6->store_result(); } if ($action == "getlog"&& !empty($_POST["id"])){ - if(!file_exists("../data/logs.json")){ - file_put_contents("../data/logs.json", "{}"); - } - if ($_POST["password"] == $config["admin_pwd"]){ - $logy = json_decode(file_get_contents("../data/logs.json"), true)[$_POST["id"]]; - $out = ""; - foreach($logy as $arr) { - $action = htmlspecialchars($arr["action"]); - $link = htmlspecialchars($arr["link"]); - $nickname = htmlspecialchars($arr["nickname"]); - $ip = htmlspecialchars($arr["ip"]); - $datetime = htmlspecialchars($arr["datetime"]); - $out = $out . ""; - } - $out = $out . "
ActionDate and TimeNicknameLinkIP
$action$datetime$nickname$link$ip
"; - echo $out; + $stmt7 = $mysqli->prepare("SELECT `ID`, `Action`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs"); + $stmt7->bind_result ($rowidx, $actionx, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx); + $stmt7->execute(); + $stmt7->store_result(); + $out = ""; + while ($stmt7->fetch()) { + $action = htmlspecialchars($actionx); + $link = htmlspecialchars($linkidx); + $content = htmlspecialchars($contentidx); + $nickname = htmlspecialchars($nicknamex); + $ip = htmlspecialchars($ipx); + $datetime = htmlspecialchars($datetimex); + $out = $out . ""; } + $out = $out . "
ActionDate and TimeNicknameLinkContentIP
$action$datetime$nickname$link$content$ip
"; + echo $out; } } +else{ + echo "ERROR"; +} ?> \ No newline at end of file diff --git a/index.php b/index.php index ded7785..1de18d7 100644 --- a/index.php +++ b/index.php @@ -4,53 +4,39 @@ $idcko = $_GET['id']; if (!empty($idcko)){ + $config = json_decode(file_get_contents("data/config.json"), true); + $mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]); + $ipcka = $_SERVER['REMOTE_ADDR']; + $curdate = date("H:i:s d.m.Y"); - if(!file_exists("data/logs.json")){ - file_put_contents("data/logs.json", "{}"); + $stmt1 = $mysqli->prepare("SELECT `LinkID`, `ContentID`, `Nickname` FROM `Links` WHERE `LinkID` = ?"); + $stmt1->bind_param("s", $idcko); + $stmt1->bind_result($linkid, $contentid, $nickname); + $stmt1->execute(); + $stmt1->store_result(); + if ($stmt1->num_rows() < 1) { + die("Nonexistent link"); } - - if(!file_exists("data/pageindex.json")){ - file_put_contents("data/pageindex.json", "{}"); - } - - if(!file_exists("data/contents.json")){ - file_put_contents("data/contents.json", "{}"); - } - - $stranky = json_decode(file_get_contents("data/pageindex.json"), true); - $contents = json_decode(file_get_contents("data/contents.json"), true); - $logs = json_decode(file_get_contents("data/logs.json"), true); - - - $alllog = "data/all.log"; - - if(array_key_exists($idcko, $stranky)){ - - $entry = $stranky[$idcko]; - - if (!array_key_exists($entry["contentid"], $contents)){ + while ($stmt1->fetch()) { + $stmt2 = $mysqli->prepare("SELECT `Content` FROM Content WHERE `ContentID` = ?"); + $stmt2->bind_param("s", $contentid); + $stmt2->bind_result ($content); + $stmt2->execute(); + $stmt2->store_result(); + if ($stmt2->num_rows() < 1) { die("Faulty link"); } - - $content = $contents[$entry["contentid"]]; - $nickname = $entry["nickname"]; - $logmessage = "Success from $nickname($idcko), IP: $ipcka\n"; - if (!array_key_exists($idcko, $logs)){ - $logs[$idcko] = []; + while ($stmt2->fetch()) { + $action = "Success"; + $stmt3 = $mysqli->prepare("INSERT INTO Logs (`Action`, `LinkID`, `ContentID`, `Datetime`, `Nickname`, `IP`) VALUES (?, ?, ?, ?, ?, ?);"); + $stmt3->bind_param('ssssss', $action, $idcko, $contentid, $curdate, $nickname, $ipcka); + $stmt3->execute(); + $stmt3->store_result(); + echo $content; } - $logs[$idcko][] = array("action"=>"Success", "datetime"=>date("H:i:s d.m.Y"), "link"=>$idcko, "nickname"=>$nickname, "ip"=>$ipcka); - - file_put_contents("data/logs.json", json_encode($logs, JSON_PRETTY_PRINT)); - file_put_contents($alllog, $logmessage, FILE_APPEND); - - echo $content; } - - else{ - die("Nonexistent link"); - } } else{ die("No link");