2024-01-02 03:55:23 +01:00
|
|
|
<?php session_start();
|
|
|
|
include "core.php";
|
|
|
|
include "config.php";
|
|
|
|
|
|
|
|
$id = -1;
|
|
|
|
|
2024-02-04 22:43:39 +01:00
|
|
|
$History = "false";
|
2024-02-05 19:01:24 +01:00
|
|
|
$Request = "false";
|
2024-01-02 03:55:23 +01:00
|
|
|
$Redirect = "";
|
|
|
|
$AuthorizedCreation = 0;
|
|
|
|
|
|
|
|
if (isset($_REQUEST['redir'])) {
|
|
|
|
$Redirect = htmlspecialchars($_REQUEST['redir']);
|
|
|
|
}
|
|
|
|
|
2024-02-04 22:43:39 +01:00
|
|
|
if (isset($_REQUEST['history'])) {
|
|
|
|
$History = htmlspecialchars($_REQUEST['history']);
|
|
|
|
}
|
2024-02-05 19:01:24 +01:00
|
|
|
if (isset($_REQUEST['request'])) {
|
|
|
|
$Request = htmlspecialchars($_REQUEST['request']);
|
|
|
|
}
|
2024-02-04 22:43:39 +01:00
|
|
|
|
2024-01-02 03:55:23 +01:00
|
|
|
if (isset($_REQUEST['id'])) {
|
2024-02-04 22:43:39 +01:00
|
|
|
$id = htmlspecialchars($_REQUEST['id']);
|
2024-01-02 03:55:23 +01:00
|
|
|
} else {
|
|
|
|
if ($Redirect == "admin") {
|
|
|
|
header("Location: admin.php?e=endpoint");
|
|
|
|
} else if ($Redirect == "edit") {
|
|
|
|
header("Location: edit.php?e=endpoint&action=articles");
|
|
|
|
} else {
|
|
|
|
header("Location: /");
|
|
|
|
}
|
|
|
|
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database = createTables($sqlDB);
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
|
|
|
|
|
|
|
if (!isset($_SESSION['username']) || !isset($_SESSION['password']) || !isset($_SESSION['type'])) {
|
|
|
|
header('Location: login.php?redir=admin');
|
|
|
|
die();
|
2024-02-05 21:46:50 +01:00
|
|
|
} else if (htmlspecialchars($_SESSION['type']) != 2) { // not allowed
|
2024-01-02 03:55:23 +01:00
|
|
|
header('Location: /');
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
2024-02-05 21:46:50 +01:00
|
|
|
if ($line['username'] == htmlspecialchars($_SESSION['username']) && htmlspecialchars($_SESSION['username']) != "" && $line['password'] == htmlspecialchars($_SESSION['password']) && $line['usertype'] == 2) {
|
2024-01-02 03:55:23 +01:00
|
|
|
$AuthorizedCreation = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-02-05 21:46:50 +01:00
|
|
|
$Username = htmlspecialchars($_SESSION['username']);
|
2024-01-02 03:55:23 +01:00
|
|
|
|
|
|
|
// not authorized
|
|
|
|
if ($AuthorizedCreation != 1) {
|
|
|
|
header('Location: /');
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
2024-02-05 19:01:24 +01:00
|
|
|
if ($History == "false" && $Request == "false") {
|
2024-02-04 22:43:39 +01:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM pages');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
if ($line['id'] == $id && $id != -1) {
|
|
|
|
$File = $line['file'];
|
|
|
|
$Directory = dirname($File);
|
|
|
|
|
|
|
|
if (is_file($File)) {
|
|
|
|
unlink($File);
|
|
|
|
|
|
|
|
if (is_dir($Directory)) {
|
|
|
|
rmdir($Directory);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("DELETE FROM pages WHERE id='$id'");
|
|
|
|
|
2024-02-05 19:01:24 +01:00
|
|
|
// also delete requests
|
|
|
|
$ModDatabaseQuery = $Database->query('SELECT * FROM requests');
|
|
|
|
while ($mline = $ModDatabaseQuery->fetchArray()) {
|
|
|
|
if ($mline['pageid'] == $id && $id != -1) {
|
|
|
|
$File = $mline['file'];
|
|
|
|
$Directory = dirname($File);
|
|
|
|
|
|
|
|
if (is_file($File)) {
|
|
|
|
unlink($File);
|
|
|
|
|
|
|
|
if (is_dir($Directory)) {
|
|
|
|
rmdir($Directory);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("DELETE FROM requests WHERE pageid='$id'");
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// also delete history
|
|
|
|
$HistDatabaseQuery = $Database->query('SELECT * FROM history');
|
|
|
|
while ($hline = $HistDatabaseQuery->fetchArray()) {
|
|
|
|
if ($hline['pageid'] == $id && $id != -1) {
|
|
|
|
$File = $hline['file'];
|
|
|
|
$Directory = dirname($File);
|
|
|
|
|
|
|
|
if (is_file($File)) {
|
|
|
|
unlink($File);
|
|
|
|
|
|
|
|
if (is_dir($Directory)) {
|
|
|
|
rmdir($Directory);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("DELETE FROM history WHERE pageid='$id'");
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-02-04 22:43:39 +01:00
|
|
|
break;
|
2024-01-02 03:55:23 +01:00
|
|
|
}
|
|
|
|
}
|
2024-02-05 19:01:24 +01:00
|
|
|
} else if ($Request == "true") {
|
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM requests');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
if ($line['id'] == $id && $id != -1) {
|
|
|
|
$File = $line['file'];
|
|
|
|
$Directory = dirname($File);
|
|
|
|
|
|
|
|
if (is_file($File)) {
|
|
|
|
unlink($File);
|
|
|
|
|
|
|
|
if (is_dir($Directory)) {
|
|
|
|
rmdir($Directory);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("DELETE FROM requests WHERE id='$id'");
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if ($History == "true") {
|
2024-02-04 22:43:39 +01:00
|
|
|
$DatabaseQuery = $Database->query('SELECT * FROM history');
|
|
|
|
while ($line = $DatabaseQuery->fetchArray()) {
|
|
|
|
if ($line['id'] == $id && $id != -1) {
|
|
|
|
$File = $line['file'];
|
|
|
|
$Directory = dirname($File);
|
2024-01-02 03:55:23 +01:00
|
|
|
|
2024-02-04 22:43:39 +01:00
|
|
|
if (is_file($File)) {
|
|
|
|
unlink($File);
|
|
|
|
|
|
|
|
if (is_dir($Directory)) {
|
|
|
|
rmdir($Directory);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$Database->exec("DELETE FROM history WHERE id='$id'");
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2024-01-02 03:55:23 +01:00
|
|
|
|
|
|
|
if ($Redirect == "admin") {
|
|
|
|
header("Location: admin.php?action=users");
|
|
|
|
} else if ($Redirect == "edit") {
|
2024-02-04 22:43:39 +01:00
|
|
|
if ($History == "true") {
|
|
|
|
header("Location: edit.php?action=history&id=$id");
|
2024-02-05 19:01:24 +01:00
|
|
|
} else if ($Request == "true") {
|
|
|
|
header("Location: edit.php?action=requests&id=$id");
|
2024-02-04 22:43:39 +01:00
|
|
|
} else {
|
|
|
|
header("Location: edit.php?action=articles");
|
|
|
|
}
|
2024-01-02 03:55:23 +01:00
|
|
|
} else {
|
|
|
|
header("Location: /");
|
|
|
|
}
|
|
|
|
|
|
|
|
die();
|
|
|
|
|
|
|
|
?>
|