170 lines
5.1 KiB
PHP
170 lines
5.1 KiB
PHP
<?php
|
|
/* This file is part of 3words
|
|
*
|
|
* (c) 2014 Leafcat Coding -- http://leafc.at
|
|
*
|
|
* License: AGPLv3, see LICENSE for full license text
|
|
*
|
|
* This file was touched by:
|
|
* - nilsding <nilsding@nilsding.org>
|
|
*
|
|
* Oh, and before I forget...
|
|
* ________ __________ __ ____ __ ______
|
|
* / ____/ / / / ____/ //_/ / __ \/ / / / __ \
|
|
* / /_ / / / / / / ,< / /_/ / /_/ / /_/ / with
|
|
* / __/ / /_/ / /___/ /| | / ____/ __ / ____/ a
|
|
* /_/ \____/\____/_/ |_| /_/ /_/ /_/_/ cactus!
|
|
*
|
|
* Thanks for listening.
|
|
*/
|
|
|
|
include_once 'config.php';
|
|
|
|
function check_privileges($ajax = false) {
|
|
if (!$_SESSION['logged_in']) {
|
|
if ($ajax) {
|
|
echo json_encode(array("success" => false));
|
|
} else {
|
|
$_SESSION['flash'] = "Log in to continue.";
|
|
header('Location: ucp.php?page=login');
|
|
}
|
|
exit();
|
|
}
|
|
}
|
|
|
|
switch ($_GET['page']) {
|
|
case "ajax": {
|
|
check_privileges(true);
|
|
$response = array("success" => false);
|
|
switch ($_GET['action']) {
|
|
case "delete-word": {
|
|
if (isset($_GET['id'])) {
|
|
if (is_numeric($_GET['id'])) {
|
|
$id = (int) $_GET['id'];
|
|
if ($sql->query("DELETE FROM `words` WHERE `id`=" . $id . ";")) {
|
|
$response["success"] = true;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
echo json_encode($response);
|
|
exit();
|
|
break;
|
|
}
|
|
case "login": {
|
|
if ($_SESSION['logged_in']) {
|
|
$_SESSION['flash'] = "You're already logged in.";
|
|
header('Location: ucp.php');
|
|
exit();
|
|
}
|
|
if (!isset($_POST['login'])) {
|
|
$tpl->draw("login");
|
|
} else {
|
|
$res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
|
|
$username = $res['value'];
|
|
$res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc();
|
|
$password = $res['value'];
|
|
$post_pass = crypt($_POST['password'], $password);
|
|
if (($_POST['username'] === $username) && ($post_pass === $password)) {
|
|
// successful login
|
|
$_SESSION['logged_in'] = true;
|
|
$_SESSION['flash'] = "You are now logged in.";
|
|
header('Location: ucp.php');
|
|
exit();
|
|
} else {
|
|
// failed login
|
|
$_SESSION['flash'] = "Wrong user name or password";
|
|
header('Location: ucp.php?page=login');
|
|
exit();
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
case "logout": {
|
|
check_privileges();
|
|
|
|
session_destroy();
|
|
session_start();
|
|
$_SESSION['flash'] = "Sucessfully logged out";
|
|
header('Location: index.php');
|
|
exit();
|
|
break;
|
|
}
|
|
case "settings": {
|
|
check_privileges();
|
|
|
|
if (!isset($_POST['action'])) {
|
|
$tpl->draw("settings");
|
|
} else {
|
|
switch ($_POST['action']) {
|
|
case "generic": {
|
|
if (isset($_POST['sitename'])) {
|
|
$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(trim($_POST['sitename'])) . "' WHERE `key`='sitename'");
|
|
}
|
|
if (isset($_POST['recent_check'])) {
|
|
$sql->query("UPDATE `config` SET `value`='true' WHERE `key`='recent_public'");
|
|
} else {
|
|
$sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'");
|
|
}
|
|
if (isset($_POST['recent_count'])) {
|
|
if (is_numeric($_POST['recent_count'])) {
|
|
$sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'");
|
|
}
|
|
}
|
|
$_SESSION['flash'] = "Successfully saved changes.";
|
|
header('Location: ucp.php?page=settings');
|
|
exit();
|
|
break;
|
|
}
|
|
case "password": {
|
|
if (isset($_POST['password_change']) && isset($_POST['password_verify'])) {
|
|
if ($_POST['password_change'] === $_POST['password_verify']) {
|
|
if (strlen($_POST['password_change']) > 3) {
|
|
$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';");
|
|
$_SESSION['flash'] = "Successfully changed password.";
|
|
header('Location: ucp.php?page=settings');
|
|
exit();
|
|
}
|
|
}
|
|
}
|
|
$_SESSION['flash'] = "The passwords did not match or your password is shorter than 3 characters.";
|
|
header('Location: ucp.php?page=settings');
|
|
exit();
|
|
break;
|
|
}
|
|
default: {
|
|
$tpl->draw("settings");
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
case "inbox":
|
|
default: {
|
|
check_privileges();
|
|
|
|
$sql_str = "SELECT `id`, `word1`, `word2`, `word3`, `author`, `new` FROM `words` ORDER BY `id` DESC;";
|
|
$res = $sql->query($sql_str);
|
|
|
|
$words = array();
|
|
|
|
while ($r = $res->fetch_assoc()) {
|
|
array_push($words, array(
|
|
"id" => $r['id'],
|
|
"word1" => $r['word1'],
|
|
"word2" => $r['word2'],
|
|
"word3" => $r['word3'],
|
|
"author" => $r['author'],
|
|
"new" => ($r['new'] == 1 ? true : false)
|
|
));
|
|
}
|
|
|
|
$sql_str = "UPDATE `words` SET `new` = 0;";
|
|
$sql->query($sql_str);
|
|
|
|
$tpl->assign("words", $words);
|
|
$tpl->draw("inbox");
|
|
}
|
|
} |