2014-08-18 15:07:41 +02:00
< ? php
/* This file is part of 3 words
*
* ( c ) 2014 Leafcat Coding -- http :// leafc . at
*
* License : AGPLv3 , see LICENSE for full license text
*
* This file was touched by :
* - nilsding < nilsding @ nilsding . org >
*
* Oh , and before I forget ...
* ________ __________ __ ____ __ ______
* / ____ / / / / ____ / //_/ / __ \/ / / / __ \
* / / _ / / / / / / , < / / _ / / / _ / / / _ / / with
* / __ / / / _ / / / ___ / /| | / ____ / __ / ____ / a
* / _ / \____ / \____ / _ / | _ | / _ / / _ / / _ / _ / cactus !
*
* Thanks for listening .
*/
include_once 'config.php' ;
2014-08-18 18:13:34 +02:00
function check_privileges ( $ajax = false ) {
2014-08-18 15:30:09 +02:00
if ( ! $_SESSION [ 'logged_in' ]) {
2014-08-18 18:13:34 +02:00
if ( $ajax ) {
header ( 'Content-Type: application/javascript' );
echo json_encode ( array ( " success " => false ));
} else {
$_SESSION [ 'flash' ] = " Log in to continue. " ;
header ( 'Location: ucp.php?page=login' );
}
2014-08-18 15:30:09 +02:00
exit ();
}
}
2014-08-18 15:07:41 +02:00
switch ( $_GET [ 'page' ]) {
2014-08-18 18:13:34 +02:00
case " ajax " : {
check_privileges ( true );
header ( 'Content-Type: application/javascript' );
$response = array ( " success " => false );
switch ( $_GET [ 'action' ]) {
case " delete-word " : {
if ( isset ( $_GET [ 'id' ])) {
if ( is_numeric ( $_GET [ 'id' ])) {
$id = ( int ) $_GET [ 'id' ];
if ( $sql -> query ( " DELETE FROM `words` WHERE `id`= " . $id . " ; " )) {
$response [ " success " ] = true ;
}
}
}
break ;
}
}
echo json_encode ( $response );
break ;
}
2014-08-18 15:07:41 +02:00
case " login " : {
2014-08-18 15:30:09 +02:00
if ( $_SESSION [ 'logged_in' ]) {
$_SESSION [ 'flash' ] = " You're already logged in. " ;
header ( 'Location: ucp.php' );
exit ();
}
if ( ! isset ( $_POST [ 'login' ])) {
$tpl -> draw ( " login " );
} else {
$res = $sql -> query ( " SELECT `value` FROM `config` WHERE `key` = \" username \" ; " ) -> fetch_assoc ();
$username = $res [ 'value' ];
$res = $sql -> query ( " SELECT `value` FROM `config` WHERE `key` = \" password \" ; " ) -> fetch_assoc ();
$password = $res [ 'value' ];
$post_pass = crypt ( $_POST [ 'password' ], $password );
if (( $_POST [ 'username' ] === $username ) && ( $post_pass === $password )) {
// successful login
$_SESSION [ 'logged_in' ] = true ;
$_SESSION [ 'flash' ] = " You are now logged in. " ;
header ( 'Location: ucp.php' );
exit ();
} else {
// failed login
$_SESSION [ 'flash' ] = " Wrong user name or password " ;
header ( 'Location: ucp.php?page=login' );
exit ();
}
}
2014-08-18 15:07:41 +02:00
break ;
}
case " logout " : {
2014-08-18 15:30:09 +02:00
check_privileges ();
2014-08-18 15:07:41 +02:00
session_destroy ();
session_start ();
$_SESSION [ 'flash' ] = " Sucessfully logged out " ;
header ( 'Location: index.php' );
2014-08-18 15:08:15 +02:00
exit ();
2014-08-18 15:07:41 +02:00
break ;
}
case " settings " : {
2014-08-18 15:30:09 +02:00
check_privileges ();
2014-08-18 17:49:20 +02:00
if ( ! isset ( $_POST [ 'action' ])) {
$tpl -> draw ( " settings " );
} else {
switch ( $_POST [ 'action' ]) {
case " generic " : {
if ( isset ( $_POST [ 'sitename' ])) {
$sql -> query ( " UPDATE `config` SET `value`=' " . $sql -> real_escape_string ( trim ( $_POST [ 'sitename' ])) . " ' WHERE `key`='sitename' " );
}
if ( isset ( $_POST [ 'recent_check' ])) {
$sql -> query ( " UPDATE `config` SET `value`='true' WHERE `key`='recent_public' " );
} else {
$sql -> query ( " UPDATE `config` SET `value`='false' WHERE `key`='recent_public' " );
}
if ( isset ( $_POST [ 'recent_count' ])) {
if ( is_numeric ( $_POST [ 'recent_count' ])) {
$sql -> query ( " UPDATE `config` SET `value`=' " . ( int ) $_POST [ 'recent_count' ] . " ' WHERE `key`='recent_count' " );
}
}
$_SESSION [ 'flash' ] = " Successfully saved changes. " ;
header ( 'Location: ucp.php?page=settings' );
exit ();
break ;
}
case " password " : {
if ( isset ( $_POST [ 'password_change' ]) && isset ( $_POST [ 'password_verify' ])) {
if ( $_POST [ 'password_change' ] === $_POST [ 'password_verify' ]) {
if ( strlen ( $_POST [ 'password_change' ]) > 3 ) {
$sql -> query ( " UPDATE `config` SET `value`=' " . $sql -> real_escape_string ( crypt_password ( $_POST [ 'password_change' ], gen_salt ( 22 ))) . " ' WHERE `key`='password'; " );
$_SESSION [ 'flash' ] = " Successfully changed password. " ;
header ( 'Location: ucp.php?page=settings' );
exit ();
}
}
}
$_SESSION [ 'flash' ] = " The passwords did not match or your password is shorter than 3 characters. " ;
header ( 'Location: ucp.php?page=settings' );
exit ();
break ;
}
default : {
$tpl -> draw ( " settings " );
}
}
}
2014-08-18 15:07:41 +02:00
break ;
}
case " inbox " :
default : {
2014-08-18 15:30:09 +02:00
check_privileges ();
2014-08-18 18:13:34 +02:00
$sql_str = " SELECT `id`, `word1`, `word2`, `word3`, `author`, `new` FROM `words`; " ;
2014-08-18 16:03:17 +02:00
$res = $sql -> query ( $sql_str );
$words = array ();
while ( $r = $res -> fetch_assoc ()) {
array_push ( $words , array (
2014-08-18 18:13:34 +02:00
" id " => $r [ 'id' ],
2014-08-18 16:03:17 +02:00
" word1 " => $r [ 'word1' ],
" word2 " => $r [ 'word2' ],
" word3 " => $r [ 'word3' ],
" author " => $r [ 'author' ],
" new " => ( $r [ 'new' ] == 1 ? true : false )
));
}
$sql_str = " UPDATE `words` SET `new` = 0; " ;
$sql -> query ( $sql_str );
$tpl -> assign ( " words " , $words );
2014-08-18 15:07:41 +02:00
$tpl -> draw ( " inbox " );
}
}