Add removal of keys from administrator panel
This commit is contained in:
parent
51f17e8174
commit
335c00bf37
179
admin.php
179
admin.php
|
@ -8,6 +8,7 @@ include "core.php";
|
||||||
include "config.php";
|
include "config.php";
|
||||||
include "create-table.php";
|
include "create-table.php";
|
||||||
|
|
||||||
|
$Action = "";
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
$Primary = 0;
|
$Primary = 0;
|
||||||
|
|
||||||
|
@ -19,6 +20,12 @@ if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!isset($_REQUEST['action'])) {
|
||||||
|
$Action = "files";
|
||||||
|
} else {
|
||||||
|
$Action = $_REQUEST['action'];
|
||||||
|
}
|
||||||
|
|
||||||
// in case admin keys are disabled
|
// in case admin keys are disabled
|
||||||
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
if (!$enableAdminKeys || $enableAdminKeys == "false") {
|
||||||
header('Location: /');
|
header('Location: /');
|
||||||
|
@ -45,6 +52,178 @@ if ($Authorized != 1) {
|
||||||
$html = "";
|
$html = "";
|
||||||
$html = printHeader($html);
|
$html = printHeader($html);
|
||||||
|
|
||||||
|
$html .= "\t\t\t<h1>Administrator panel</h1>\n";
|
||||||
|
$html .= "\t\t\t\t<div class=\"adminLinks\">\n";
|
||||||
|
$html .= "\t\t\t\t\t<span id='adminSpan' class='title'>\n";
|
||||||
|
|
||||||
|
if ($Action == "files") {
|
||||||
|
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\" id='sel'>Files</a>\n";
|
||||||
|
} else {
|
||||||
|
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=files\">Files</a>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($Action == "keys") {
|
||||||
|
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\" id='sel'>Keys</a>\n";
|
||||||
|
} else {
|
||||||
|
$html .= "\t\t\t\t\t\t<a href=\"/admin.php?action=keys\">Keys</a>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t</span>\n";
|
||||||
|
$html .= "\t\t\t\t</div>\n";
|
||||||
|
|
||||||
|
if ($Action == "files") {
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM uploads');
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t<table class=\"adminFileView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminFilename\">Filename</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminUploadDate\">Upload date</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminKeyID\">Key ID</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
$ID = $line['id'];
|
||||||
|
$Filename = $line['file'];
|
||||||
|
$uploadDate = $line['uploaddate'];
|
||||||
|
$keyID = $line['keyid'];
|
||||||
|
|
||||||
|
if ($line['keytype'] == 0) {
|
||||||
|
$keyType = "Key";
|
||||||
|
} else if ($line['keytype'] == 1) {
|
||||||
|
$keyType = "Temporary";
|
||||||
|
} else if ($line['keytype'] == 2) {
|
||||||
|
$keyType = "Administrator";
|
||||||
|
} else {
|
||||||
|
$keyType = "Unknown";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminFileView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"adminID-$ID\">$ID</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminFilename\">$Filename</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUploadDate\">$uploadDate</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKeyID\">$keyID</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t</table>\n";
|
||||||
|
} else if ($Action == "keys") {
|
||||||
|
$html .= "\t\t\t\t<p class=\"adminWarning\">Administrator keys are not visible.</p>\n";
|
||||||
|
$html .= "\t\t\t\t<table class=\"adminKeyView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminID\">ID</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminKey\">Key</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminNumberOfUploads\">Uploads</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminUploadsLeft\">Uploads left</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminLastUsed\">Last used</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminIssued\">Issued</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminIP\">IP</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminUserAgent\">User agent</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<th class=\"adminKeyType\">Key type</th>\n";
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($Primary != 1) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
$ID = $line['id'];
|
||||||
|
$Key = $line['key'];
|
||||||
|
$NumberOfUploads = $line['numberofuploads'];
|
||||||
|
$UploadsLeft = "";
|
||||||
|
$LastUsed = $line['lastused'];
|
||||||
|
$Issued = $line['issued'];
|
||||||
|
$IP = $line['ip'];
|
||||||
|
$UserAgent = $line['useragent'];
|
||||||
|
|
||||||
|
$keyType = "Administrator";
|
||||||
|
$UploadsLeft = "∞";
|
||||||
|
|
||||||
|
if ($line['primaryadmin'] == 1) {
|
||||||
|
$keyType = "Primary Administrator";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-2-$ID\">$ID</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||||
|
|
||||||
|
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
$ID = $line['id'];
|
||||||
|
$Key = $line['key'];
|
||||||
|
$NumberOfUploads = $line['numberofuploads'];
|
||||||
|
$UploadsLeft = "";
|
||||||
|
$LastUsed = $line['lastused'];
|
||||||
|
$Issued = $line['issued'];
|
||||||
|
$IP = $line['ip'];
|
||||||
|
$UserAgent = $line['useragent'];
|
||||||
|
|
||||||
|
$keyType = "Key";
|
||||||
|
$UploadsLeft = "∞";
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-0-$ID\">$ID</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$DatabaseQuery = $Database->query('SELECT * FROM tkeys');
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
$ID = $line['id'];
|
||||||
|
$Key = $line['key'];
|
||||||
|
$NumberOfUploads = $line['numberofuploads'];
|
||||||
|
$UploadsLeft = "";
|
||||||
|
$LastUsed = $line['lastused'];
|
||||||
|
$Issued = $line['issued'];
|
||||||
|
$IP = $line['ip'];
|
||||||
|
$UserAgent = $line['useragent'];
|
||||||
|
|
||||||
|
$keyType = "Temporary";
|
||||||
|
$UploadsLeft = $line['uploadsleft'];
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t\t<tr class=\"adminKeyView\">\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminID\" id=\"id-1-$ID\">$ID</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKey\">$Key</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminNumberOfUploads\">$NumberOfUploads</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUploadsLeft\">$UploadsLeft</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminLastUsed\">$LastUsed</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIssued\">$Issued</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
|
||||||
|
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n";
|
||||||
|
$html .= "\t\t\t\t\t</tr>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$html .= "\t\t\t\t</table>\n";
|
||||||
|
}
|
||||||
|
|
||||||
$html = printFooter($html);
|
$html = printFooter($html);
|
||||||
|
|
||||||
print "$html";
|
print "$html";
|
||||||
|
|
|
@ -11,6 +11,7 @@ function createTables($sqlDB) {
|
||||||
* id (INTEGER PRIMARY KEY)
|
* id (INTEGER PRIMARY KEY)
|
||||||
* key (TEXT)
|
* key (TEXT)
|
||||||
* primaryadmin (INT)
|
* primaryadmin (INT)
|
||||||
|
* numberofuploads (INT)
|
||||||
* lastused (TEXT)
|
* lastused (TEXT)
|
||||||
* issued (TEXT)
|
* issued (TEXT)
|
||||||
* ip (TEXT)
|
* ip (TEXT)
|
||||||
|
|
37
index.css
37
index.css
|
@ -13,16 +13,6 @@
|
||||||
padding-right: 5px;
|
padding-right: 5px;
|
||||||
}
|
}
|
||||||
|
|
||||||
.bar input {
|
|
||||||
padding-top: 2px;
|
|
||||||
padding-bottom: 2px;
|
|
||||||
border-color: #363636;
|
|
||||||
border-width: 0px;
|
|
||||||
background-color: #363636;
|
|
||||||
color: #f0eee4;
|
|
||||||
width: 100%
|
|
||||||
}
|
|
||||||
|
|
||||||
.title {
|
.title {
|
||||||
color: #f0eee4;
|
color: #f0eee4;
|
||||||
padding-left: 2px;
|
padding-left: 2px;
|
||||||
|
@ -61,6 +51,33 @@ footer {
|
||||||
text-align: center;
|
text-align: center;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.content table {
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.content td, th {
|
||||||
|
padding-left: 10px;
|
||||||
|
padding-right: 10px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.adminLinks {
|
||||||
|
width: 100%;
|
||||||
|
margin: 0px;
|
||||||
|
padding: 5px;
|
||||||
|
padding-left: 10px;
|
||||||
|
padding-right: 10px;
|
||||||
|
background-color: #363636;
|
||||||
|
}
|
||||||
|
|
||||||
|
.adminWarning {
|
||||||
|
color: #ffff00;
|
||||||
|
}
|
||||||
|
|
||||||
|
#sel {
|
||||||
|
text-decoration: underline;
|
||||||
|
color: #f0eee4;
|
||||||
|
}
|
||||||
|
|
||||||
a {
|
a {
|
||||||
color: #89bfff;
|
color: #89bfff;
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
|
|
|
@ -10,6 +10,7 @@ include "core.php";
|
||||||
|
|
||||||
$Authorized = 0;
|
$Authorized = 0;
|
||||||
$KeyType = 0;
|
$KeyType = 0;
|
||||||
|
$Redirect = "";
|
||||||
|
|
||||||
if (isset($_REQUEST['redir'])) {
|
if (isset($_REQUEST['redir'])) {
|
||||||
$Redirect = $_REQUEST['redir'];
|
$Redirect = $_REQUEST['redir'];
|
||||||
|
|
|
@ -7,10 +7,11 @@
|
||||||
include "config.php";
|
include "config.php";
|
||||||
include "create-table.php";
|
include "create-table.php";
|
||||||
|
|
||||||
if (isset($_REQUEST['key'])) {
|
if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
|
||||||
$Key = $_REQUEST['key'];
|
header('Location: login.php?redir=admin');
|
||||||
} else {
|
die();
|
||||||
print "No key specified.";
|
} else if ($_COOKIE[$cookieTypeName] != 2) { // not allowed
|
||||||
|
header('Location: /');
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -25,22 +26,29 @@ $AdminIsPrimary = 0;
|
||||||
$KeyIsPrimary = 0;
|
$KeyIsPrimary = 0;
|
||||||
$AuthorizedRemoval = 0;
|
$AuthorizedRemoval = 0;
|
||||||
$Removed = 0;
|
$Removed = 0;
|
||||||
|
$Redirect = "";
|
||||||
|
|
||||||
|
if (isset($_REQUEST['redir'])) {
|
||||||
|
$Redirect = $_REQUEST['redir'];
|
||||||
|
}
|
||||||
|
|
||||||
$Database = createTables($sqlDB);
|
$Database = createTables($sqlDB);
|
||||||
|
|
||||||
// check if the key we passed is an admin key and if it's a primary admin key
|
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
$DatabaseQuery = $Database->query('SELECT * FROM admins');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
|
||||||
if ($Key == $line['key']) {
|
|
||||||
if ($line['primaryadmin'] == 1) {
|
|
||||||
$AdminIsPrimary = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
|
if ($line['key'] == $_COOKIE[$cookieName] && $_COOKIE[$cookieName] != "" && $line['key'] != "" && ($enableKeys || $enableKeys == "true")) {
|
||||||
$AuthorizedRemoval = 1;
|
$AuthorizedRemoval = 1;
|
||||||
|
$AdminIsPrimary = $line['primaryadmin'];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// not authorized
|
||||||
|
if ($AuthorizedRemoval != 1) {
|
||||||
|
header('Location: /');
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
$DatabaseQuery = $Database->query('SELECT * FROM keys');
|
||||||
while ($line = $DatabaseQuery->fetchArray()) {
|
while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
|
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
|
||||||
|
@ -86,9 +94,10 @@ while ($line = $DatabaseQuery->fetchArray()) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($AuthorizedRemoval != 1) {
|
if ($Redirect == "admin") {
|
||||||
print "You aren't authorized to perform this action.";
|
header("Location: admin.php?action=keys");
|
||||||
die();
|
} else {
|
||||||
|
header("Location: /");
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in a new issue