failed-galleries/php-gallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2024-12-28 02:16:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
php-gallery/account.php

405 lines
16 KiB
PHP
Raw Normal View History

Code cleanup in progress
2022-09-21 13:02:38 +00:00
<?php require_once __DIR__."/ui/required.php"; ?>
Fixing security issues
2022-07-25 17:28:55 +00:00
<!DOCTYPE html>
<html>
a
2022-08-15 10:56:05 +00:00
Fixing security issues
2022-07-25 17:28:55 +00:00
<head>
Fixing directory and required file issues
2022-09-13 16:07:01 +00:00
<?php require_once __DIR__."/ui/header.php"; ?>
Fixing security issues
2022-07-25 17:28:55 +00:00
</head>
a
2022-08-15 10:56:05 +00:00
Fixing security issues
2022-07-25 17:28:55 +00:00
<body>
a
2022-08-15 10:56:05 +00:00
<?php
Code cleanup in progress
2022-09-21 13:02:38 +00:00
require_once __DIR__."/ui/nav.php";
Moved functions into classes
2022-09-12 14:15:16 +00:00
Code cleanup in progress
2022-09-21 13:02:38 +00:00
use App\Account;
use App\Diff;
Moved functions into classes
2022-09-12 14:15:16 +00:00
Code cleanup in progress
2022-09-21 13:02:38 +00:00
$user_info = new Account();
$diff = new Diff();
a
2022-08-15 10:56:05 +00:00
?>
Fixing security issues
2022-07-25 17:28:55 +00:00
a
2022-08-15 10:56:05 +00:00
<?php
Moved functions into classes
2022-09-12 14:15:16 +00:00
if ($user_info->is_loggedin()) {
a
2022-08-15 10:56:05 +00:00
?>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
<div class="account-root">
Adding Json config
2022-09-08 13:29:45 +00:00
<h2>Settings</h2>
File reordering in progress
2022-09-07 09:41:18 +00:00
<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
I forgor
2022-09-20 10:20:18 +00:00
<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button>
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
Adding Json config
2022-09-08 13:29:45 +00:00
</div>
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
<script>
function deleteAccount() {
var header = "Are you very very sure?";
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
var description = "This CANNOT be undone, be very carefull with your decition!!!";
var actionBox = "<button class='btn btn-bad' onclick='deleteAccountConfirm()'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
<button class='btn btn-bad' onclick='deleteAccountConfirmFull()'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>";
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
flyoutShow(header, description, actionBox);
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
}
function deleteAccountConfirm () {
var header = "Deleting just your account!";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDelete' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
</form>";
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
flyoutShow(header, description, actionBox);
$("#accountDelete").submit(function(event) {
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
event.preventDefault();
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
var accountDeletePassword = $("#accountDeletePassword").val();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
full: 'false',
account_password: accountDeletePassword,
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
account_delete_submit: accountDeleteSubmit
});
});
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
}
function deleteAccountConfirmFull () {
var header = "Deleting EVERYTHINGGGGG";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDeleteFull' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#accountDeleteFull").submit(function(event) {
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
event.preventDefault();
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
var accountDeletePassword = $("#accountDeletePassword").val();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
full: 'true',
account_password: accountDeletePassword,
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
account_delete_submit: accountDeleteSubmit
});
});
}
</script>
Adding Json config
2022-09-08 13:29:45 +00:00
<?php
In progress admin page
2022-09-16 16:39:13 +00:00
if ($user_info->is_admin($conn, $_SESSION['id'])) {
Logs section added
2022-09-14 14:08:50 +00:00
?>
Adding Json config
2022-09-08 13:29:45 +00:00
<div class="admin-root">
<h2>Admin controlls</h2>
<h3>Invite Codes</h3>
<?php
$token_request = mysqli_query($conn, "SELECT * FROM tokens WHERE used = 0");
while ($token = mysqli_fetch_array($token_request)) {
Logs section added
2022-09-14 14:08:50 +00:00
?>
<button onclick='copyCode()' class='btn btn-neutral'><?php echo $token['code']; ?></button>
<script>
function copyCode() {
navigator.clipboard.writeText("<?php echo $token['code']; ?>");
sniffleAdd("Info", "Invite code has been copied!", "var(--green)", "assets/icons/clipboard-text.svg");
}
</script>
<?php
}
Adding Json config
2022-09-08 13:29:45 +00:00
?>
Tabs, oh and IT FUCKING CHECKS IF YOU'RE AN ADMIN NOW REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
2022-09-16 22:24:51 +00:00
Logs section added
2022-09-14 14:08:50 +00:00
<br>
Tabs, oh and IT FUCKING CHECKS IF YOU'RE AN ADMIN NOW REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
2022-09-16 22:24:51 +00:00
<div class="tabs">
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'logs')">Logs</button>
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'bans')">Bans</button>
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'users')">Users</button>
Tabs, oh and IT FUCKING CHECKS IF YOU'RE AN ADMIN NOW REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
2022-09-16 22:24:51 +00:00
</div>
<div id="logs" class="logs tabcontent">
In progress admin page
2022-09-16 16:39:13 +00:00
<div class="log">
<p>ID</p>
<p>User IP</p>
<p>Action</p>
<p>Time</p>
</div>
Logs section added
2022-09-14 14:08:50 +00:00
<?php
// Reading images from table
$logs_request = mysqli_query($conn, "SELECT * FROM logs ORDER BY id DESC");
while ($log = mysqli_fetch_array($logs_request)) {
?>
<div class="log">
<p><?php echo $log['id']; ?></p>
<p><?php echo $log['ipaddress']; ?></p>
<p><?php echo $log['action']; ?></p>
<?php
$log_time = new DateTime($log['time']);
fixy fixy
2022-09-15 17:35:06 +00:00
echo "<p>" . $log_time->format('Y-m-d H:i:s T') . " | " . $diff->time($log['time']) . "</p>";
Working on temp ban system
2022-09-15 15:40:12 +00:00
?>
</div>
<?php
}
?>
</div>
Tabs, oh and IT FUCKING CHECKS IF YOU'RE AN ADMIN NOW REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
2022-09-16 22:24:51 +00:00
<div id="bans" class="bans tabcontent">
In progress admin page
2022-09-16 16:39:13 +00:00
<div class="ban">
<p>ID</p>
<p>User IP</p>
<p>Reason</p>
<p>Lenght</p>
<p>Time</p>
</div>
Working on temp ban system
2022-09-15 15:40:12 +00:00
<?php
// Reading images from table
$bans_request = mysqli_query($conn, "SELECT * FROM bans ORDER BY id DESC");
while ($ban = mysqli_fetch_array($bans_request)) {
if ($ban['permanent']) {
echo "<div class='ban perm'>";
} else {
echo "<div class='ban'>";
}
?>
<p><?php echo $ban['id']; ?></p>
<p><?php echo $ban['ipaddress']; ?></p>
<p><?php echo $ban['reason']; ?></p>
Finalised Ban/Log system
2022-09-15 17:13:36 +00:00
<p><?php echo $ban['length']; ?> mins</p>
Working on temp ban system
2022-09-15 15:40:12 +00:00
<?php
$log_time = new DateTime($ban['time']);
In progress admin page
2022-09-16 16:39:13 +00:00
echo "<p>" . $log_time->format('Y-m-d H:i:s T') . " | " . $diff->time($ban['time']) . "</p>";
Logs section added
2022-09-14 14:08:50 +00:00
?>
</div>
<?php
Adding Json config
2022-09-08 13:29:45 +00:00
}
Logs section added
2022-09-14 14:08:50 +00:00
?>
</div>
Tabs, oh and IT FUCKING CHECKS IF YOU'RE AN ADMIN NOW REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
2022-09-16 22:24:51 +00:00
<div id="users" class="user-settings tabcontent">
In progress admin page
2022-09-16 16:39:13 +00:00
<div class="user">
<p>ID</p>
<p>Username</p>
<p>Last Modified</p>
<p>User Options</p>
<p></p>
<p></p>
</div>
<?php
// Reading images from table
$user_request = mysqli_query($conn, "SELECT * FROM users");
while ($user = mysqli_fetch_array($user_request)) {
if ($user['admin'] || $user['id'] == 1) {
echo "<div class='user is-admin'>";
} else {
echo "<div class='user'>";
}
?>
<p><?php echo $user['id']; ?></p>
<p><?php echo $user['username']; ?></p>
<?php
$user_time = new DateTime($user['created_at']);
Finish writing README and fix table names
2022-09-20 18:38:22 +00:00
echo "<p>" . $user_time->format('Y-m-d H:i:s T') . " | " . $diff->time($user['last_modified']) . "</p>";
In progress admin page
2022-09-16 16:39:13 +00:00
if ($user['id'] == 1) {
?>
<button class="btn btn-neutral" style="outline: none;">Reset Password</button>
<button class="btn btn-neutral" style="outline: none;">Delete user</button>
<button class="btn btn-neutral" style="outline: none;">Toggle admin</button>
<?php
} else {
?>
Password resest progress
2022-09-17 10:51:54 +00:00
<button id="userResetPassword" class="btn btn-bad" onclick="userResetPassword('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Reset Password</button>
In progress admin page
2022-09-16 16:39:13 +00:00
<button id="userDeleteButton" class="btn btn-bad" onclick="userDelete('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Delete user</button>
<button id="userToggleAdmin" class="btn btn-bad" onclick="userToggleAdmin('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Toggle admin</button>
<?php
}
?>
</div>
<?php
}
?>
Password resetting bruh
2022-09-19 19:21:57 +00:00
<script>
function userResetPassword(id, username) {
var header = "UwU whats the new passywassy code?";
var description = "Do this only if "+username+" has forgotten their password, DO NOT abuse this power";
var actionBox = "<form id='userResetPasswordForm' method='POST' enctype='multipart/form-data'>\
<input id='userNewPassword' class='btn btn-neutral' type='password' name='new_password' placeholder='New Password'>\
<input id='userConfirmPassword' class='btn btn-neutral' type='password' name='confirm_password' placeholder='Confirm Password'>\
<br>\
<button id='userPasswordSubmit' class='btn btn-bad' type='submit' name='reset' value='"+id+"'><img class='svg' src='assets/icons/password.svg'>Reset</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#userResetPasswordForm").submit(function(event) {
event.preventDefault();
var new_password = $("#userNewPassword").val();
var confirm_password = $("#userConfirmPassword").val();
var submit = $("#userPasswordSubmit").val();
var userId = $("#userPasswordSubmit").val();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
Password resetting bruh
2022-09-19 19:21:57 +00:00
new_password: new_password,
confirm_password: confirm_password,
id: userId,
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
password_reset_submit: submit
Password resetting bruh
2022-09-19 19:21:57 +00:00
});
});
}
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
Password resetting bruh
2022-09-19 19:21:57 +00:00
function userDelete(id, username) {
var header = "Are you very very sure?";
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
var actionBox = "<form id='userDelete' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (keep posts)</button>\
Password resetting bruh
2022-09-19 19:21:57 +00:00
</form>\
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
<form id='userDeleteFull' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (delete posts)</button>\
Password resetting bruh
2022-09-19 19:21:57 +00:00
</form>";
flyoutShow(header, description, actionBox);
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
$("#userDelete").submit(function(event) {
Password resetting bruh
2022-09-19 19:21:57 +00:00
event.preventDefault();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var id = $("#userDeleteSubmit").val();
Password resetting bruh
2022-09-19 19:21:57 +00:00
var userDeleteSubmit = $("#userDeleteSubmit").val();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: false,
account_delete_submit: userDeleteSubmit
Password resetting bruh
2022-09-19 19:21:57 +00:00
});
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
});
$("#userDeleteFull").submit(function(event) {
Password resetting bruh
2022-09-19 19:21:57 +00:00
event.preventDefault();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var id = $("#userDeleteSubmit").val();
Password resetting bruh
2022-09-19 19:21:57 +00:00
var userDeleteSubmit = $("#userDeleteSubmit").val();
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: true,
account_delete_submit: userDeleteSubmit
Password resetting bruh
2022-09-19 19:21:57 +00:00
});
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
});
Password resetting bruh
2022-09-19 19:21:57 +00:00
}
Password confirmation on account deletion
2022-09-20 13:06:41 +00:00
Password resetting bruh
2022-09-19 19:21:57 +00:00
function userToggleAdmin(id, username) {
var header = "With great power comes great responsibility...";
var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure";
Account deletion, password reset fixes
2022-09-20 10:12:32 +00:00
var actionBox = "<form id='toggleAdminConfirm' method='POST'>\
Password resetting bruh
2022-09-19 19:21:57 +00:00
<button id='toggleAdminSubmit' class='btn btn-bad' type='submit' value='"+id+"'>Make "+username+" powerfull!</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#toggleAdminConfirm").submit(function(event) {
event.preventDefault();
var toggleAdminSubmit = $("#toggleAdminSubmit").val();
$("#sniffle").load("app/account/account.php", {
id: toggleAdminSubmit,
toggle_admin: toggleAdminSubmit
});
});
}
</script>
In progress admin page
2022-09-16 16:39:13 +00:00
</div>
Password resetting bruh
2022-09-19 19:21:57 +00:00
<script>
function openTab(evt, tabName) {
var i, tabcontent, tablinks;
tabcontent = document.getElementsByClassName("tabcontent");
for (i = 0; i < tabcontent.length; i++) {
tabcontent[i].style.display = "none";
}
tablinks = document.getElementsByClassName("tablinks");
for (i = 0; i < tablinks.length; i++) {
tablinks[i].className = tablinks[i].className.replace(" active-tab", "");
}
document.getElementById(tabName).style.display = "flex";
evt.currentTarget.className += " active-tab";
}
</script>
Logs section added
2022-09-14 14:08:50 +00:00
</div>
Cleaning up some code stuffs
2022-09-17 19:59:58 +00:00
<?php // UwU
Adding Json config
2022-09-08 13:29:45 +00:00
}
a
2022-08-15 10:56:05 +00:00
} else {
?>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
<div class="login-root">
<h2>Login</h2>
<p>Passwords are important to keep safe. Don't tell anyone your password, not even Fluffy!</p>
<br>
<form id="loginForm" method="POST" enctype="multipart/form-data">
<input id="loginUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
<input id="loginPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
<br>
File reordering in progress
2022-09-07 09:41:18 +00:00
<button id="loginSubmit" class="btn btn-good" type="submit" name="login"><img class="svg" src="assets/icons/sign-in.svg">Login</button>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
</form>
File reordering in progress
2022-09-07 09:41:18 +00:00
<button class='btn btn-neutral' onclick="signupShow()"><img class="svg" src="assets/icons/sign-in.svg">Need an account?</button>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
</div>
<script>
$("#loginForm").submit(function(event) {
event.preventDefault();
var username = $("#loginUsername").val();
var password = $("#loginPassword").val();
var submit = $("#loginSubmit").val();
File reordering in progress
2022-09-07 09:41:18 +00:00
$("#sniffle").load("app/account/account.php", {
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
username: username,
password: password,
submit_login: submit
});
});
</script>
<div class="signup-root">
<h2>Make account</h2>
<p>And amazing things happened here...</p>
<br>
<form id="signupForm" method="POST" action="signup.php" enctype="multipart/form-data">
<input id="signupUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
<br>
<input id="signupPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
<input id="signupPasswordConfirm" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Re-enter Password">
<br>
<input id="signupToken" class="btn btn-neutral" type="text" name="token" placeholder="Invite Code">
<br>
File reordering in progress
2022-09-07 09:41:18 +00:00
<button id="signupSubmit" class="btn btn-good" type="submit" name="signup"><img class="svg" src="assets/icons/sign-in.svg">Sign Up</button>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
</form>
File reordering in progress
2022-09-07 09:41:18 +00:00
<button class='btn btn-neutral' onclick="loginShow()"><img class="svg" src="assets/icons/sign-in.svg">I already got an account!</button>
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
</div>
<script>
$("#signupForm").submit(function(event) {
event.preventDefault();
var username = $("#signupUsername").val();
var password = $("#signupPassword").val();
var confirm_password = $("#signupPasswordConfirm").val();
var token = $("#signupToken").val();
var submit = $("#signupSubmit").val();
File reordering in progress
2022-09-07 09:41:18 +00:00
$("#sniffle").load("app/account/account.php", {
Merged login signup and account page into one
2022-09-06 18:15:59 +00:00
username: username,
password: password,
confirm_password: confirm_password,
token: token,
submit_signup: submit
});
});
</script>
<script>
function loginShow() {
document.querySelector(".login-root").style.display = "block";
document.querySelector(".signup-root").style.display = "none";
};
function signupShow() {
document.querySelector(".signup-root").style.display = "block";
document.querySelector(".login-root").style.display = "none";
};
</script>
a
2022-08-15 10:56:05 +00:00
<?php
}
?>
Fixing security issues
2022-07-25 17:28:55 +00:00
Fixing directory and required file issues
2022-09-13 16:07:01 +00:00
<?php require_once __DIR__."/ui/footer.php"; ?>
Fixing security issues
2022-07-25 17:28:55 +00:00
</body>
a
2022-08-15 10:56:05 +00:00
</html>
Reference in a new issue Copy permalink