3words/ucp.php

<?php
/* This file is part of 3words
 * 
 * (c) 2014 Leafcat Coding -- http://leafc.at
 * 
 * License: AGPLv3, see LICENSE for full license text
 *
 * This file was touched by:
 *  - nilsding  <nilsding@nilsding.org>
 *
 * Oh, and before I forget...
 *     ________  __________ __    ____  __  ______ 
 *    / ____/ / / / ____/ //_/   / __ \/ / / / __ \
 *   / /_  / / / / /   / ,<     / /_/ / /_/ / /_/ / with
 *  / __/ / /_/ / /___/ /| |   / ____/ __  / ____/   a
 * /_/    \____/\____/_/ |_|  /_/   /_/ /_/_/     cactus!
 *
 * Thanks for listening.
 */

include_once 'config.php';

function check_privileges($ajax = false) {
  if (!$_SESSION['logged_in']) {
    if ($ajax) {
      echo json_encode(array("success" => false));
    } else {
      $_SESSION['flash'] = "Einloggen um fortzufahren.";
      header('Location: ucp.php?page=login');
    }
    exit();
  }
}

switch ($_GET['page']) {
  case "ajax": {
    check_privileges(true);
    $response = array("success" => false);
    switch ($_GET['action']) {
      case "delete-word": {
        if (isset($_GET['id'])) {
          if (is_numeric($_GET['id'])) {
            $id = (int) $_GET['id'];
            if ($sql->query("DELETE FROM `words` WHERE `id`=" . $id . ";")) {
              $response["success"] = true;
            }
          }
        }
        break;
      }
    }
    echo json_encode($response);
    exit();
    break;
  }
  case "login": {
    if ($_SESSION['logged_in']) {
      $_SESSION['flash'] = "Du bist bereits eingeloggt.";
      header('Location: ucp.php');
      exit();
    }
    if (!isset($_POST['login'])) {
      $tpl->draw("login");
    } else {
      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
      $username = $res['value'];
      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc();
      $password = $res['value'];
      $post_pass = crypt($_POST['password'], $password);
      if (($_POST['username'] === $username) && ($post_pass === $password)) {
        // successful login
        $_SESSION['logged_in'] = true;
        $_SESSION['flash'] = "Erfolgreich eingeloggt.";
        header('Location: ucp.php');
        exit();
      } else {
        // failed login
        $_SESSION['flash'] = "Falscher Name oder Passwort";
        header('Location: ucp.php?page=login');
        exit();
      }
    }
    break;
  }
  case "logout": {
    check_privileges();
    
    session_destroy();
    session_start();
    $_SESSION['flash'] = "Erfolgreich ausgeloggt.";
    header('Location: index.php');
    exit();
    break;
  }
  case "settings": {
    check_privileges();
    
    if (!isset($_POST['action'])) {
      $tpl->draw("settings");
    } else {
      switch ($_POST['action']) {
        case "generic": {
          if (isset($_POST['sitename'])) {
            $sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(trim($_POST['sitename'])) . "' WHERE `key`='sitename'");
          }
          if (isset($_POST['recent_check'])) {
            $sql->query("UPDATE `config` SET `value`='true' WHERE `key`='recent_public'");
          } else {
            $sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'");
          }
          if (isset($_POST['recent_count'])) {
            if (is_numeric($_POST['recent_count'])) {
              $sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'");
            }
          }
          $_SESSION['flash'] = "Änderungen erfolgreich gespeichert.";
          header('Location: ucp.php?page=settings');
          exit();
          break;
        }
        case "password": {
          if (isset($_POST['password_change']) && isset($_POST['password_verify'])) {
            if ($_POST['password_change'] === $_POST['password_verify']) {
              if (strlen($_POST['password_change']) > 3) {
                $sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';");
                $_SESSION['flash'] = "Passwort erfolgreich geändert.";
                header('Location: ucp.php?page=settings');
                exit();
              }
            }
          }
          $_SESSION['flash'] = "Das Passwort stimmt nicht überein oder ist zu kurz.";
          header('Location: ucp.php?page=settings');
          exit();
          break;
        }
        default: {
          $tpl->draw("settings");
        }
      }
    }
    break;
  }
  case "inbox":
  default: {
    check_privileges();
    
    $sql_str = "SELECT `id`, `word1`, `word2`, `word3`, `author`, `new` FROM `words` ORDER BY `id` DESC;";
    $res = $sql->query($sql_str);
    
    $words = array();
    
    while ($r = $res->fetch_assoc()) {
      array_push($words, array(
        "id"     =>  $r['id'],
        "word1"  =>  $r['word1'],
        "word2"  =>  $r['word2'],
        "word3"  =>  $r['word3'],
        "author" =>  $r['author'],
        "new"    => ($r['new'] == 1 ? true : false)
      ));
    }
    
    $sql_str = "UPDATE `words` SET `new` = 0;";
    $sql->query($sql_str);
    
    $tpl->assign("words", $words);
    $tpl->draw("inbox");
  }
}
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`<?php`
			`/* This file is part of 3words`
			`*`
			`* (c) 2014 Leafcat Coding -- http://leafc.at`
			`*`
			`* License: AGPLv3, see LICENSE for full license text`
			`*`
			`* This file was touched by:`
			`* - nilsding <nilsding@nilsding.org>`
			`*`
			`* Oh, and before I forget...`
			`* ________ __________ __ ____ __ ______`
			`* / ____/ / / / ____/ //_/ / __ \/ / / / __ \`
			`* / /_ / / / / / / ,< / /_/ / /_/ / /_/ / with`
			`* / __/ / /_/ / /___/ /\| \| / ____/ __ / ____/ a`
			`* /_/ \____/\____/_/ \|_\| /_/ /_/ /_/_/ cactus!`
			`*`
			`* Thanks for listening.`
			`*/`

			`include_once 'config.php';`

select id 2014-08-18 18:13:34 +02:00			`function check_privileges($ajax = false) {`
added login thing 2014-08-18 15:30:09 +02:00			`if (!$_SESSION['logged_in']) {`
select id 2014-08-18 18:13:34 +02:00			`if ($ajax) {`
			`echo json_encode(array("success" => false));`
			`} else {`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Einloggen um fortzufahren.";`
select id 2014-08-18 18:13:34 +02:00			`header('Location: ucp.php?page=login');`
			`}`
added login thing 2014-08-18 15:30:09 +02:00			`exit();`
			`}`
			`}`

added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`switch ($_GET['page']) {`
select id 2014-08-18 18:13:34 +02:00			`case "ajax": {`
			`check_privileges(true);`
			`$response = array("success" => false);`
			`switch ($_GET['action']) {`
			`case "delete-word": {`
			`if (isset($_GET['id'])) {`
			`if (is_numeric($_GET['id'])) {`
			`$id = (int) $_GET['id'];`
			if ($sql->query("DELETE FROM `words` WHERE `id`=" . $id . ";")) {
			`$response["success"] = true;`
			`}`
			`}`
			`}`
			`break;`
			`}`
			`}`
			`echo json_encode($response);`
added ability to remove words 2014-08-18 18:26:47 +02:00			`exit();`
select id 2014-08-18 18:13:34 +02:00			`break;`
			`}`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`case "login": {`
added login thing 2014-08-18 15:30:09 +02:00			`if ($_SESSION['logged_in']) {`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Du bist bereits eingeloggt.";`
added login thing 2014-08-18 15:30:09 +02:00			`header('Location: ucp.php');`
			`exit();`
			`}`
			`if (!isset($_POST['login'])) {`
			`$tpl->draw("login");`
			`} else {`
			$res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
			`$username = $res['value'];`
			$res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc();
			`$password = $res['value'];`
			`$post_pass = crypt($_POST['password'], $password);`
			`if (($_POST['username'] === $username) && ($post_pass === $password)) {`
			`// successful login`
			`$_SESSION['logged_in'] = true;`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Erfolgreich eingeloggt.";`
added login thing 2014-08-18 15:30:09 +02:00			`header('Location: ucp.php');`
			`exit();`
			`} else {`
			`// failed login`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Falscher Name oder Passwort";`
added login thing 2014-08-18 15:30:09 +02:00			`header('Location: ucp.php?page=login');`
			`exit();`
			`}`
			`}`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`break;`
			`}`
			`case "logout": {`
added login thing 2014-08-18 15:30:09 +02:00			`check_privileges();`

added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`session_destroy();`
			`session_start();`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Erfolgreich ausgeloggt.";`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`header('Location: index.php');`
added some exit() 2014-08-18 15:08:15 +02:00			`exit();`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`break;`
			`}`
			`case "settings": {`
added login thing 2014-08-18 15:30:09 +02:00			`check_privileges();`

changing settings is now possible 2014-08-18 17:49:20 +02:00			`if (!isset($_POST['action'])) {`
			`$tpl->draw("settings");`
			`} else {`
			`switch ($_POST['action']) {`
			`case "generic": {`
			`if (isset($_POST['sitename'])) {`
			$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(trim($_POST['sitename'])) . "' WHERE `key`='sitename'");
			`}`
			`if (isset($_POST['recent_check'])) {`
			$sql->query("UPDATE `config` SET `value`='true' WHERE `key`='recent_public'");
			`} else {`
			$sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'");
			`}`
			`if (isset($_POST['recent_count'])) {`
			`if (is_numeric($_POST['recent_count'])) {`
			$sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'");
			`}`
			`}`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Änderungen erfolgreich gespeichert.";`
changing settings is now possible 2014-08-18 17:49:20 +02:00			`header('Location: ucp.php?page=settings');`
			`exit();`
			`break;`
			`}`
			`case "password": {`
			`if (isset($_POST['password_change']) && isset($_POST['password_verify'])) {`
			`if ($_POST['password_change'] === $_POST['password_verify']) {`
			`if (strlen($_POST['password_change']) > 3) {`
			$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';");
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Passwort erfolgreich geändert.";`
changing settings is now possible 2014-08-18 17:49:20 +02:00			`header('Location: ucp.php?page=settings');`
			`exit();`
			`}`
			`}`
			`}`
German translation 2015-08-13 17:23:12 +02:00			`$_SESSION['flash'] = "Das Passwort stimmt nicht überein oder ist zu kurz.";`
changing settings is now possible 2014-08-18 17:49:20 +02:00			`header('Location: ucp.php?page=settings');`
			`exit();`
			`break;`
			`}`
			`default: {`
			`$tpl->draw("settings");`
			`}`
			`}`
			`}`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`break;`
			`}`
			`case "inbox":`
			`default: {`
added login thing 2014-08-18 15:30:09 +02:00			`check_privileges();`

order by 2014-08-18 18:14:05 +02:00			$sql_str = "SELECT `id`, `word1`, `word2`, `word3`, `author`, `new` FROM `words` ORDER BY `id` DESC;";
you can now view the inbox 2014-08-18 16:03:17 +02:00			`$res = $sql->query($sql_str);`

			`$words = array();`

			`while ($r = $res->fetch_assoc()) {`
			`array_push($words, array(`
select id 2014-08-18 18:13:34 +02:00			`"id" => $r['id'],`
you can now view the inbox 2014-08-18 16:03:17 +02:00			`"word1" => $r['word1'],`
			`"word2" => $r['word2'],`
			`"word3" => $r['word3'],`
			`"author" => $r['author'],`
			`"new" => ($r['new'] == 1 ? true : false)`
			`));`
			`}`

			$sql_str = "UPDATE `words` SET `new` = 0;";
			`$sql->query($sql_str);`

			`$tpl->assign("words", $words);`
added a flash and also some basic UCP code 2014-08-18 15:07:41 +02:00			`$tpl->draw("inbox");`
			`}`
			`}`