speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add removal of keys from administrator panel

Browse source
This commit is contained in:
Jacob 2023-10-01 01:28:14 +02:00
parent 51f17e8174
commit 335c00bf37
5 changed files with 231 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

179
admin.php
View file

@ -8,6 +8,7 @@ include "core.php";
include "config.php";
include "create-table.php";
$Action = "";
$Authorized = 0;
$Primary = 0;
@ -19,6 +20,12 @@ if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
die();
}
if (!isset($_REQUEST['action'])) {
$Action = "files";
} else {
$Action = $_REQUEST['action'];
}
// in case admin keys are disabled
if (!$enableAdminKeys || $enableAdminKeys == "false") {
header('Location: /');
@ -45,6 +52,178 @@ if ($Authorized != 1) {
$html = "";
$html = printHeader($html);
$html .= "\t\t\t<h1>Administrator panel</h1>\n";
$html .= "\t\t\t\t<div class=\"adminLinks\">\n";
$html .= "\t\t\t\t\t<span id='adminSpan' class='title'>\n";
if ($Action == "files") {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\" id='sel'>Files</a>\n";
} else {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\">Files</a>\n";
}
if ($Action == "keys") {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\" id='sel'>Keys</a>\n";
} else {
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\">Keys</a>\n";
}
$html .= "\t\t\t\t\t</span>\n";
$html .= "\t\t\t\t</div>\n";
if ($Action == "files") {
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
$html .= "\t\t\t\t<table class=\"adminFileView\">\n";
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminFilename\">Filename</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUploadDate\">Upload date</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyID\">Key ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
$html .= "\t\t\t\t\t</tr>\n";
while ($line = $DatabaseQuery->fetchArray()) {
$ID = $line['id'];
$Filename = $line['file'];
$uploadDate = $line['uploaddate'];
$keyID = $line['keyid'];
if ($line['keytype'] == 0) {
$keyType = "Key";
} else if ($line['keytype'] == 1) {
$keyType = "Temporary";
} else if ($line['keytype'] == 2) {
$keyType = "Administrator";
} else {
$keyType = "Unknown";
}
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"adminID-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminFilename\">$Filename</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadDate\">$uploadDate</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyID\">$keyID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t</tr>\n";
}
$html .= "\t\t\t\t</table>\n";
} else if ($Action == "keys") {
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator keys are not visible.</p>\n";
$html .= "\t\t\t\t<table class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKey\">Key</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminNumberOfUploads\">Uploads</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUploadsLeft\">Uploads left</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminLastUsed\">Last used</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminIssued\">Issued</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminIP\">IP</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminUserAgent\">User agent</th>\n";
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
$html .= "\t\t\t\t\t</tr>\n";
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($Primary != 1) {
break;
}
$ID = $line['id'];
$Key = $line['key'];
$NumberOfUploads = $line['numberofuploads'];
$UploadsLeft = "";
$LastUsed = $line['lastused'];
$Issued = $line['issued'];
$IP = $line['ip'];
$UserAgent = $line['useragent'];
$keyType = "Administrator";
$UploadsLeft = "";
if ($line['primaryadmin'] == 1) {
$keyType = "Primary Administrator";
}
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-2-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
}
$html .= "\t\t\t\t\t</tr>\n";
}
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
$ID = $line['id'];
$Key = $line['key'];
$NumberOfUploads = $line['numberofuploads'];
$UploadsLeft = "";
$LastUsed = $line['lastused'];
$Issued = $line['issued'];
$IP = $line['ip'];
$UserAgent = $line['useragent'];
$keyType = "Key";
$UploadsLeft = "";
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-0-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
$html .= "\t\t\t\t\t</tr>\n";
}
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) {
$ID = $line['id'];
$Key = $line['key'];
$NumberOfUploads = $line['numberofuploads'];
$UploadsLeft = "";
$LastUsed = $line['lastused'];
$Issued = $line['issued'];
$IP = $line['ip'];
$UserAgent = $line['useragent'];
$keyType = "Temporary";
$UploadsLeft = $line['uploadsleft'];
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$ID\">$ID</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
$html .= "\t\t\t\t\t</tr>\n";
}
$html .= "\t\t\t\t</table>\n";
}
$html = printFooter($html);
print "$html";

1
create-table.php
View file

@ -11,6 +11,7 @@ function createTables($sqlDB) {
* id (INTEGER PRIMARY KEY)
* key (TEXT)
* primaryadmin (INT)
* numberofuploads (INT)
* lastused (TEXT)
* issued (TEXT)
* ip (TEXT)

37
index.css
View file

@ -13,16 +13,6 @@
padding-right: 5px;
}
.bar input {
padding-top: 2px;
padding-bottom: 2px;
border-color: #363636;
border-width: 0px;
background-color: #363636;
color: #f0eee4;
width: 100%
}
.title {
color: #f0eee4;
padding-left: 2px;
@ -61,6 +51,33 @@ footer {
text-align: center;
}
.content table {
width: 100%;
}
.content td, th {
padding-left: 10px;
padding-right: 10px;
}
.adminLinks {
width: 100%;
margin: 0px;
padding: 5px;
padding-left: 10px;
padding-right: 10px;
background-color: #363636;
}
.adminWarning {
color: #ffff00;
}
#sel {
text-decoration: underline;
color: #f0eee4;
}
a {
color: #89bfff;
text-decoration: none;

1
login.php
View file

@ -10,6 +10,7 @@ include "core.php";
$Authorized = 0;
$KeyType = 0;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];

37
remove-key.php
View file

@ -7,10 +7,11 @@
include "config.php";
include "create-table.php";
if (isset($_REQUEST['key'])) {
$Key = $_REQUEST['key'];
} else {
print "No key specified.";
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
header('Location: login.php?redir=admin');
die();
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
header('Location: /');
die();
}
@ -25,22 +26,29 @@ $AdminIsPrimary = 0;
$KeyIsPrimary = 0;
$AuthorizedRemoval = 0;
$Removed = 0;
$Redirect = "";
if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir'];
}
$Database = createTables($sqlDB);
// check if the key we passed is an admin key and if it's a primary admin key
$DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) {
if ($Key == $line['key']) {
if ($line['primaryadmin'] == 1) {
$AdminIsPrimary = 1;
}
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
$AuthorizedRemoval = 1;
$AdminIsPrimary = $line['primaryadmin'];
break;
}
}
// not authorized
if ($AuthorizedRemoval != 1) {
header('Location: /');
die();
}
$DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) {
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
@ -86,9 +94,10 @@ while ($line = $DatabaseQuery->fetchArray()) {
}
}
if ($AuthorizedRemoval != 1) {
print "You aren't authorized to perform this action.";
die();
if ($Redirect == "admin") {
header("Location: admin.php?action=keys");
} else {
header("Location: /");
}
?>