jonas/online-bookmarks
1
0
Fork 0
Code Releases Activity
Files
03dca2fcae3026d049d4579bc31cc453bcd66dc1
online-bookmarks/admin.php
Stefan Frech dc8236ccb0 initial version
2023-02-12 11:35:30 +01:00

283 lines
6.5 KiB
PHP
Raw Blame History

<?php
require_once ('./header.php');
logged_in_only ();
$delete = set_post_string_var ('delete');
$create = set_post_string_var ('create');
$new_username = set_post_string_var ('new_username');
$new_password = set_post_string_var('new_password');
$new_admin = set_post_bool_var ('new_admin', false);
$existing_user = set_post_string_var ('existing_user');
$noconfirm = set_get_noconfirm ();
$message1 = '';
$message2 = '';
?>
<table class="caption">
<tr>
<td><span class="caption"><img src="./images/logo.png" alt=""> Admin Page</span>
</td>
<td class="captionright">
<div><?php object_count (); ?></div>
<div><?php print_footer (); ?></div>
</td>
</tr>
</table>
<table class="main">
<tr>
<td class="main1">
<table class="menu">
<tr>
<th class="menuhead">Bookmarks</th>
</tr>
<tr>
<td class="menu">
<a href="./index.php">My Bookmarks</a><br>
<a href="./shared.php">Shared Bookmarks</a><br>
</td>
</tr>
</table>
<br>
<table class="menu">
<tr>
<th class="menuhead">Tools</th>
</tr>
<tr>
<td class="menu">
<?php if (admin_only ()) { ?>
<a href="./admin.php">Admin</a><br>
<?php } ?>
<a href="./import.php">Import</a><br>
<a href="./export.php">Export</a><br>
<a href="./sidebar.php">View as Sidebar</a><br>
<a href="./settings.php">Settings</a><br>
<a href="javascript:chpw()">Change Password</a><br>
<a href="./index.php?logout=1">Logout</a><br>
</td>
</tr>
</table>
<td class="">
<img src="./images/spacer.gif" alt="" class="main2">
</td>
<td class="main4">
<?php
if (!admin_only ()) {
message ("You are not an Admin.");
}
if ($create == 'Create') {
if ($new_username == '' || $new_password == '') {
$message1 = 'Username and Password fields must not be empty.';
}
else if (check_username ($new_username)) {
$message1 = 'User already exists.';
}
else {
$query = sprintf ("INSERT INTO user (username, password, admin) VALUES ('%s', md5('%s'), '%d')",
$mysql->escape ($new_username),
$mysql->escape ($new_password),
$mysql->escape ($new_admin));
if ($mysql->query ($query)) {
$message1 = "User $new_username created.";
}
else {
message ($mysql->error);
}
unset ($new_password, $_POST['new_password']);
}
}
?>
<fieldset>
<legend>Create User</legend>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST">
<table>
<tr>
<td>Username:
</td>
<td>
<input type="text" name="new_username">
</td>
</tr>
<tr>
<td>Password:
</td>
<td>
<input type="password" name="new_password">
</td>
</tr>
<tr>
<td>Admin:
</td>
<td>
<input type="checkbox" name="new_admin" value="1">
</td>
</tr>
<tr>
<td>
</td>
<td>
<input type="submit" name="create" value="Create"> <?php echo $message1; ?>
</td>
</tr>
</table>
</form>
</fieldset>
<fieldset>
<legend>Delete User</legend>
<?php
if ($delete == 'Delete') {
if (check_username ($existing_user)) {
if ($noconfirm) {
$query = sprintf ("DELETE FROM user WHERE md5(username)=md5('%s')",
$mysql->escape ($existing_user));
if ($mysql->query ($query)) {
$message2 = "User $existing_user deleted.<br>";
}
else {
message ($mysql->error);
}
$query = sprintf ("DELETE FROM bookmark WHERE md5(user)=md5('%s')",
$mysql->escape ($existing_user));
if (!$mysql->query ($query)) {
message ($mysql->error);
}
$query = sprintf ("DELETE FROM folder WHERE md5(user)=md5('%s')",
$mysql->escape ($existing_user));
if (!$mysql->query ($query)) {
message ($mysql->error);
}
list_users ();
}
else {
?>
<p>Are you sure you want to delete the user <?php echo $existing_user; ?> and all it's Bookmarks and Folders?</p>
<form action="<?php echo $_SERVER['SCRIPT_NAME'] . "?noconfirm=1"; ?>" method="POST" name="userdelete">
<input type="hidden" name="existing_user" value="<?php echo $existing_user; ?>">
<input type="submit" name="delete" value="Delete">
<input type="button" value=" Cancel " onClick="self.location.href='./admin.php'">
</form>
<?php
}
}
else {
$message2 = 'User does not exist.';
list_users ();
}
}
else {
list_users ();
}
function list_users () {
global $mysql, $message2;;
?>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="POST">
<table>
<tr>
<td>
<div style="height: 200px; width: 300px; overflow:auto;">
<?php
$query = "SELECT username, admin FROM user ORDER BY username";
if ($mysql->query ($query)) {
while ($row = mysql_fetch_object ($mysql->result)) {
echo '<input type="radio" name="existing_user" value="'.$row->username.'">';
if ($row->admin) {
echo " <b>" . $row->username . "</b><br>\n";
}
else {
echo " " . $row->username . "<br>\n";
}
}
}
else {
message ($mysql->error);
}
?>
</div>
</td>
</tr>
<tr>
<td>
<input type="submit" name="delete" value="Delete">
<?php echo $message2; ?>
</td>
</tr>
</table>
</form>
<?php
}
?>
</fieldset>
<fieldset>
<legend>Version</legend>
<table>
<tr>
<td>This Version:</td>
<td><?php @readfile (ABSOLUTE_PATH . "VERSION"); ?></td>
</tr>
<tr>
<td><a href="http://www.frech.ch/online-bookmarks/" target="_new">Newest Version available:</a></td>
<td><a href="http://www.frech.ch/online-bookmarks/" target="_new"><?php echo check_version (); ?></a></td>
</tr>
</table>
<?php
function check_version () {
$version = null;
if ($fp = @fsockopen ("www.frech.ch", 80)) {
$get = "GET /online-bookmarks/bookmarks/VERSION HTTP/1.0\r\n\r\n";
$data = null;
fwrite ($fp, $get);
while (!feof ($fp)) {
$data .= fgets ($fp, 128);
}
fclose ($fp);
$pos = strpos($data, "\r\n\r\n") + 4;
$version = substr ($data, $pos, strlen ($data));
}
return $version;
}
?>
</fieldset>
</td>
</tr>
</table>
<?php
require_once (ABSOLUTE_PATH . 'footer.php');
?>
View Git Blame Copy Permalink