143 lines
7.1 KiB
PHP
143 lines
7.1 KiB
PHP
<?php
|
|
session_start();
|
|
$action = $_POST['action'];
|
|
$config = json_decode(file_get_contents("../data/config.json"), true);
|
|
|
|
if ($_POST["password"] == $config["admin_pwd"] && $action == "verify"){
|
|
echo "OK";
|
|
$_SESSION["password"] = $_POST["password"];
|
|
}
|
|
|
|
if (!empty($action) && $_SESSION["password"] == $config["admin_pwd"]){
|
|
$mysqli = new mysqli($config["mysqlhost"], $config["mysqluser"], $config["mysqlpass"], $config["mysqldb"]);
|
|
|
|
if ($action == "hassession"){
|
|
echo "YES";
|
|
}
|
|
|
|
if ($action == "getlinks"){
|
|
$stmt1 = $mysqli->prepare("SELECT `LinkID`, `ContentID`, `Nickname` FROM Links;");
|
|
$stmt1->bind_result($linkid, $contentid, $nickname);
|
|
$stmt1->execute();
|
|
$stmt1->store_result();
|
|
$out = "<table><tbody><tr><th>ID</th><th>Content ID</th><th>Nickname</th><th>Button</th></tr>";
|
|
while ($stmt1->fetch()) {
|
|
$id = htmlspecialchars($linkid);
|
|
$nickname = htmlspecialchars($nickname);
|
|
$contentid = htmlspecialchars($contentid);
|
|
$out = $out . "<tr><td><input id=\"addid_$id\" placeholder=\"ID\" value=\"$id\"></td></td><td><input id=\"addcontentid_$id\" value=\"$contentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname_$id\" value=\"$nickname\" placeholder=\"Nickname\"></td><td><button onclick=\"uplinkthis('$id')\">Update</button><button onclick=\"delthis('$id')\">Delete</button></td></tr>";
|
|
}
|
|
$out = $out . "<tr><td><input id=\"addid\" placeholder=\"ID\"></td><td><input id=\"addcontentid\" placeholder=\"Content ID\"></td><td><input id=\"addnickname\" placeholder=\"Nickname\"></td><td><button id=\"linkadder\" onclick=\"justadd()\">Add</button></td></tr>";
|
|
$out = $out . "</tbody></table>";
|
|
echo $out;
|
|
}
|
|
|
|
if ($action == "deletelink" && !empty($_POST["id"])){
|
|
$stmt2 = $mysqli->prepare("DELETE FROM Links WHERE `LinkID` = ?;");
|
|
$stmt2->bind_param('s', $_POST["id"]);
|
|
$stmt2->execute();
|
|
$stmt2->store_result();
|
|
}
|
|
|
|
if ($action == "addlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"])){
|
|
$stmt3 = $mysqli->prepare("INSERT INTO Links (`LinkID`, `ContentID`, `Nickname`) VALUES (?, ?, ?);");
|
|
$stmt3->bind_param('sss', $_POST["id"], $_POST["contentid"], $_POST["nickname"]);
|
|
$stmt3->execute();
|
|
$stmt3->store_result();
|
|
}
|
|
|
|
if ($action == "getcontent"){
|
|
$stmt4 = $mysqli->prepare("SELECT `ContentID`, `Content` FROM Content;");
|
|
$stmt4->bind_result ($contentid, $content);
|
|
$stmt4->execute();
|
|
$stmt4->store_result();
|
|
$out = "<table><tbody><tr><th>Content ID</th><th>Content</th><th>Button</th></tr>";
|
|
while ($stmt4->fetch()) {
|
|
$id = htmlspecialchars($contentid);
|
|
$content = htmlspecialchars($content);
|
|
|
|
$out = $out . "<tr><td><input id=\"addidc_$id\" placeholder=\"Content ID\" value=\"$id\"></td></td><td><textarea id=\"addcontentc_$id\" placeholder=\"Content\">$content</textarea></td><td><button onclick=\"upcthis('$id')\">Update</button><button onclick=\"delcthis('$id')\">Delete</button></td></tr>";
|
|
}
|
|
$out = $out . "<tr><td><input id=\"addidc\" placeholder=\"Content ID\"></td><td><textarea id=\"addcontentc\" placeholder=\"Content\"></textarea></td><td><button id=\"contentadder\" onclick=\"justaddc()\">Add</button></td></tr>";
|
|
$out = $out . "</tbody></table>";
|
|
echo $out;
|
|
}
|
|
|
|
if ($action == "deletecontent" && !empty($_POST["id"])){
|
|
$stmt5 = $mysqli->prepare("DELETE FROM Content WHERE `ContentID` = ?;");
|
|
$stmt5->bind_param('s', $_POST["id"]);
|
|
$stmt5->execute();
|
|
$stmt5->store_result();
|
|
}
|
|
|
|
if ($action == "addcontent" && !empty($_POST["id"]) && !empty($_POST["content"])){
|
|
$stmt6 = $mysqli->prepare("INSERT INTO Content (`ContentID`, `Content`) VALUES (?, ?);");
|
|
$stmt6->bind_param('ss', $_POST["id"], $_POST["content"]);
|
|
$stmt6->execute();
|
|
$stmt6->store_result();
|
|
}
|
|
|
|
if ($action == "setlink" && !empty($_POST["id"]) && !empty($_POST["contentid"]) && !empty($_POST["nickname"]) && !empty($_POST["idwhere"])){
|
|
$stmt9 = $mysqli->prepare("UPDATE Links SET `LinkID` = ?, `ContentID` = ?, `Nickname` = ? WHERE `LinkID` = ?;");
|
|
$stmt9->bind_param('ssss', $_POST["id"], $_POST["contentid"], $_POST["nickname"], $_POST["idwhere"]);
|
|
$stmt9->execute();
|
|
$stmt9->store_result();
|
|
}
|
|
|
|
if ($action == "setcontent" && !empty($_POST["id"]) && !empty($_POST["content"]) && !empty($_POST["idwhere"])){
|
|
$stmt8 = $mysqli->prepare("UPDATE Content SET `ContentID` = ?, `Content` = ? WHERE `ContentID` = ?;");
|
|
$stmt8->bind_param('sss', $_POST["id"], $_POST["content"], $_POST["idwhere"]);
|
|
$stmt8->execute();
|
|
$stmt8->store_result();
|
|
}
|
|
|
|
if ($action == "getlog"){
|
|
$idcko = $_POST["id"];
|
|
if (empty($idcko)||$idcko == "*"){
|
|
$query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs ORDER BY Timestamp DESC;";
|
|
$stmt7 = $mysqli->prepare($query);
|
|
}
|
|
else{
|
|
$query = "SELECT `ID`, `Action`, `ExtraInfo`, `LinkID`, `ContentID`, `Datetime`, `Timestamp`, `Nickname`, `IP` FROM Logs WHERE `LinkID` = ? OR `ContentID` = ? OR `Nickname` = ? OR `IP` = ? OR `ExtraInfo` = ? OR `Action` = ? OR `Datetime` = ? ORDER BY Timestamp DESC;";
|
|
$stmt7 = $mysqli->prepare($query);
|
|
$stmt7->bind_param("sssssss", $idcko, $idcko, $idcko, $idcko, $idcko, $idcko, $idcko);
|
|
}
|
|
$stmt7->bind_result ($rowidx, $actionx, $extrainfox, $linkidx, $contentidx, $datetimex, $timestampx, $nicknamex, $ipx);
|
|
$stmt7->execute();
|
|
$stmt7->store_result();
|
|
$out = "<table><tbody><tr><th>Action</th><th>Extra info</th><th>Date and Time</th><th>Nickname</th><th>Link</th><th>Content</th><th>IP</th><th>Button</th></tr>";
|
|
while ($stmt7->fetch()) {
|
|
$action = htmlspecialchars($actionx);
|
|
$link = htmlspecialchars($linkidx);
|
|
$extrainfo = htmlspecialchars($extrainfox);
|
|
$content = htmlspecialchars($contentidx);
|
|
$nickname = htmlspecialchars($nicknamex);
|
|
$ip = htmlspecialchars($ipx);
|
|
$rowid = htmlspecialchars($rowidx);
|
|
$datetime = htmlspecialchars($datetimex);
|
|
$out = $out . "<tr><td>$action</td><td>$extrainfo</td><td>$datetime</td><td>$nickname</td><td>$link</td><td>$content</td><td>$ip</td><td><button onclick=\"dellog('$rowid')\">Delete</button></td></tr>";
|
|
}
|
|
$out = $out . "</tbody></table>";
|
|
echo $out;
|
|
}
|
|
|
|
if ($action == "clrlog" && !empty($_POST["id"])){
|
|
$idcko = $_POST["id"];
|
|
if (empty($idcko)||$idcko == "*"){
|
|
$query = "DELETE FROM Logs;";
|
|
$stmt10 = $mysqli->prepare($query);
|
|
}
|
|
else{
|
|
$query = "DELETE FROM Logs WHERE `ID` = ?;";
|
|
$stmt10 = $mysqli->prepare($query);
|
|
$stmt10->bind_param("i", $idcko);
|
|
}
|
|
$stmt10->execute();
|
|
$stmt10->store_result();
|
|
}
|
|
|
|
}
|
|
else{
|
|
echo "ERROR";
|
|
}
|
|
?>
|