speedie/keyload
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix wrong key being removed

Browse source
This commit is contained in:
Jacob 2023-10-02 01:46:16 +02:00
parent 17516d5174
commit 71a754f20e
2 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
admin.php
View file

@ -220,7 +220,7 @@ if ($Action == "files") {
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
} }
$html .= "\t\t\t\t\t</tr>\n"; $html .= "\t\t\t\t\t</tr>\n";
@ -254,7 +254,7 @@ if ($Action == "files") {
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID&type=0\">Remove</a></td>\n";
$html .= "\t\t\t\t\t</tr>\n"; $html .= "\t\t\t\t\t</tr>\n";
} }
@ -286,7 +286,7 @@ if ($Action == "files") {
$html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminIP\">$IP</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminUserAgent\">$UserAgent</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminKeyType\">$keyType</td>\n";
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID\">Remove</a></td>\n"; $html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-key.php?redir=admin&id=$ID&type=1\">Remove</a></td>\n";
$html .= "\t\t\t\t\t</tr>\n"; $html .= "\t\t\t\t\t</tr>\n";
} }

22
remove-key.php
View file

@ -15,6 +15,14 @@ if (!isset($_COOKIE[$cookieName]) || !isset($_COOKIE[$cookieTypeName])) {
die(); die();
} }
$AdminIsPrimary = 0;
$KeyIsPrimary = 0;
$AuthorizedRemoval = 0;
$Removed = 0;
$Redirect = "";
$id = 0;
$type = 0;
if (isset($_REQUEST['id'])) { if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id']; $id = $_REQUEST['id'];
} else { } else {
@ -22,11 +30,12 @@ if (isset($_REQUEST['id'])) {
die(); die();
} }
$AdminIsPrimary = 0; if (isset($_REQUEST['type'])) {
$KeyIsPrimary = 0; $type = $_REQUEST['type'];
$AuthorizedRemoval = 0; } else {
$Removed = 0; print "No type specified, is not safe to delete.";
$Redirect = ""; die();
}
if (isset($_REQUEST['redir'])) { if (isset($_REQUEST['redir'])) {
$Redirect = $_REQUEST['redir']; $Redirect = $_REQUEST['redir'];
@ -51,6 +60,7 @@ if ($AuthorizedRemoval != 1) {
$DatabaseQuery = $Database->query('SELECT * FROM keys'); $DatabaseQuery = $Database->query('SELECT * FROM keys');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($type != 0) break;
if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists if ($line['id'] == $id && $line['id'] != "" && $id != "") { // passed ID is a key that exists
if ($AuthorizedRemoval == 1) { if ($AuthorizedRemoval == 1) {
$Database->exec("DELETE FROM keys WHERE id='$id'"); $Database->exec("DELETE FROM keys WHERE id='$id'");
@ -66,6 +76,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
$DatabaseQuery = $Database->query('SELECT * FROM tkeys'); $DatabaseQuery = $Database->query('SELECT * FROM tkeys');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($type != 1) break;
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1) { // passed ID is a key that exists
if ($AuthorizedRemoval == 1) { if ($AuthorizedRemoval == 1) {
$Database->exec("DELETE FROM tkeys WHERE id='$id'"); $Database->exec("DELETE FROM tkeys WHERE id='$id'");
@ -81,6 +92,7 @@ while ($line = $DatabaseQuery->fetchArray()) {
$DatabaseQuery = $Database->query('SELECT * FROM admins'); $DatabaseQuery = $Database->query('SELECT * FROM admins');
while ($line = $DatabaseQuery->fetchArray()) { while ($line = $DatabaseQuery->fetchArray()) {
if ($type != 2) break;
if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists if ($line['id'] == $id && $line['id'] != "" && $id != "" && $Removed != 1 && $line['primaryadmin'] != 1) { // passed ID is a key that exists
if ($AuthorizedRemoval == 1 && $AdminIsPrimary == 1) { // in order to delete an admin key you must be a primary admin if ($AuthorizedRemoval == 1 && $AdminIsPrimary == 1) { // in order to delete an admin key you must be a primary admin
$Database->exec("DELETE FROM admins WHERE id='$id'"); $Database->exec("DELETE FROM admins WHERE id='$id'");