php-gallery/account.php

<!DOCTYPE html>
<html>

<head>
	<?php require_once __DIR__."/ui/header.php"; ?>
</head>

<body>
	<?php
	require_once __DIR__."/ui/required.php";
	require_once __DIR__."/ui/nav.php";

	use App\Account;
	use App\Diff;

	$user_info = new Account();
	$diff = new Diff();
	?>

		<?php
		if ($user_info->is_loggedin()) {
		?>
			<div class="account-root">
				<h2>Settings</h2>
				<h3 class='space-top'>Account</h3>
				<p>Resetting your password regularly is a good way of keeping your account safe</p>
				<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
				<br>
				<p>Don't leave! I'm with the science team!</p>
				<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
			</div>
			<?php
				if ($user_info->is_admin($_SESSION['id'])) {
				?>
					<div class="admin-root">
						<h2>Admin controlls</h2>
						<h3>Invite Codes</h3>
						<?php
						$token_request = mysqli_query($conn, "SELECT * FROM tokens WHERE used = 0");
						while ($token = mysqli_fetch_array($token_request)) {
							?>
								<button onclick='copyCode()' class='btn btn-neutral'><?php echo $token['code']; ?></button>
								<script>
									function copyCode() {
										navigator.clipboard.writeText("<?php echo $token['code']; ?>");
										sniffleAdd("Info", "Invite code has been copied!", "var(--green)", "assets/icons/clipboard-text.svg");
									}
								</script>
							<?php
						}
						?>
						<br>
						<h3>Logs</h3>
						<div id=logs" class="logs">
							<?php
								// Reading images from table
								$logs_request = mysqli_query($conn, "SELECT * FROM logs ORDER BY id DESC");

								while ($log = mysqli_fetch_array($logs_request)) {
									?>
										<div class="log">
											<p><?php echo $log['id']; ?></p>
											<p><?php echo $log['ipaddress']; ?></p>
											<p><?php echo $log['action']; ?></p>
											<?php
												$log_time = new DateTime($log['time']);
												echo "<p>" . $log_time->format('d/m/Y H:i:s T') . "<br>" . $diff->time($log['time']) . "</p>";
											?>
										</div>
									<?php
								}
							?>
						</div>
						<br>
						<h3>Bans/Timeouts</h3>
						<div id="bans" class="bans">
							<?php
								// Reading images from table
								$bans_request = mysqli_query($conn, "SELECT * FROM bans ORDER BY id DESC");

								while ($ban = mysqli_fetch_array($bans_request)) {
									if ($ban['permanent']) {
										echo "<div class='ban perm'>";
									} else {
										echo "<div class='ban'>";
									}
									?>
											<p><?php echo $ban['id']; ?></p>
											<p><?php echo $ban['ipaddress']; ?></p>
											<p><?php echo $ban['reason']; ?></p>
											<p><?php echo $ban['length']; ?></p>
											<?php
												$log_time = new DateTime($ban['time']);
												echo "<p>" . $log_time->format('d/m/Y H:i:s T') . "<br>" . $diff->time($ban['time']) . "</p>";
											?>
										</div>
									<?php
								}
							?>
						</div>
					</div>
					<?php
				}
		} else {
		?>
			<div class="login-root">
				<h2>Login</h2>
				<p>Passwords are important to keep safe. Don't tell anyone your password, not even Fluffy!</p>
				<br>
				<form id="loginForm" method="POST" enctype="multipart/form-data">
					<input id="loginUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
					<input id="loginPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
					<br>
					<button id="loginSubmit" class="btn btn-good" type="submit" name="login"><img class="svg" src="assets/icons/sign-in.svg">Login</button>
				</form>
				<button class='btn btn-neutral' onclick="signupShow()"><img class="svg" src="assets/icons/sign-in.svg">Need an account?</button>
			</div>
			<script>
				$("#loginForm").submit(function(event) {
					event.preventDefault();
					var username = $("#loginUsername").val();
					var password = $("#loginPassword").val();
					var submit = $("#loginSubmit").val();
					$("#sniffle").load("app/account/account.php", {
						username: username,
						password: password,
						submit_login: submit
					});
				});
			</script>

			<div class="signup-root">
				<h2>Make account</h2>
				<p>And amazing things happened here...</p>
				<br>
				<form id="signupForm" method="POST" action="signup.php" enctype="multipart/form-data">
					<input id="signupUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
					<br>
					<input id="signupPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
					<input id="signupPasswordConfirm" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Re-enter Password">
					<br>
					<input id="signupToken" class="btn btn-neutral" type="text" name="token" placeholder="Invite Code">
					<br>
					<button id="signupSubmit" class="btn btn-good" type="submit" name="signup"><img class="svg" src="assets/icons/sign-in.svg">Sign Up</button>
				</form>
				<button class='btn btn-neutral' onclick="loginShow()"><img class="svg" src="assets/icons/sign-in.svg">I already got an account!</button>
			</div>
			<script>
				$("#signupForm").submit(function(event) {
					event.preventDefault();
					var username = $("#signupUsername").val();
					var password = $("#signupPassword").val();
					var confirm_password = $("#signupPasswordConfirm").val();
					var token = $("#signupToken").val();
					var submit = $("#signupSubmit").val();
					$("#sniffle").load("app/account/account.php", {
						username: username,
						password: password,
						confirm_password: confirm_password,
						token: token,
						submit_signup: submit
					});
				});
			</script>

			<script>
				function loginShow() {
					document.querySelector(".login-root").style.display = "block";
					document.querySelector(".signup-root").style.display = "none";
				};
				function signupShow() {
					document.querySelector(".signup-root").style.display = "block";
					document.querySelector(".login-root").style.display = "none";
				};
			</script>
		<?php
		}
		?>

	<?php require_once __DIR__."/ui/footer.php"; ?>
</body>

</html>
Fixing security issues 2022-07-25 17:28:55 +00:00			`<!DOCTYPE html>`
			`<html>`
a 2022-08-15 10:56:05 +00:00
Fixing security issues 2022-07-25 17:28:55 +00:00			`<head>`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`<?php require_once __DIR__."/ui/header.php"; ?>`
Fixing security issues 2022-07-25 17:28:55 +00:00			`</head>`
a 2022-08-15 10:56:05 +00:00
Fixing security issues 2022-07-25 17:28:55 +00:00			`<body>`
a 2022-08-15 10:56:05 +00:00			`<?php`
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`require_once __DIR__."/ui/required.php";`
			`require_once __DIR__."/ui/nav.php";`
Moved functions into classes 2022-09-12 14:15:16 +00:00
			`use App\Account;`
Working on temp ban system 2022-09-15 15:40:12 +00:00			`use App\Diff;`
Moved functions into classes 2022-09-12 14:15:16 +00:00
			`$user_info = new Account();`
Working on temp ban system 2022-09-15 15:40:12 +00:00			`$diff = new Diff();`
a 2022-08-15 10:56:05 +00:00			`?>`
Fixing security issues 2022-07-25 17:28:55 +00:00
a 2022-08-15 10:56:05 +00:00			`<?php`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`if ($user_info->is_loggedin()) {`
a 2022-08-15 10:56:05 +00:00			`?>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`<div class="account-root">`
Adding Json config 2022-09-08 13:29:45 +00:00			`<h2>Settings</h2>`
			`<h3 class='space-top'>Account</h3>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`<p>Resetting your password regularly is a good way of keeping your account safe</p>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`<br>`
			`<p>Don't leave! I'm with the science team!</p>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>`
Adding Json config 2022-09-08 13:29:45 +00:00			`</div>`
			`<?php`
Moved functions into classes 2022-09-12 14:15:16 +00:00			`if ($user_info->is_admin($_SESSION['id'])) {`
Logs section added 2022-09-14 14:08:50 +00:00			`?>`
Adding Json config 2022-09-08 13:29:45 +00:00			`<div class="admin-root">`
			`<h2>Admin controlls</h2>`
			`<h3>Invite Codes</h3>`
			`<?php`
			`$token_request = mysqli_query($conn, "SELECT * FROM tokens WHERE used = 0");`
			`while ($token = mysqli_fetch_array($token_request)) {`
Logs section added 2022-09-14 14:08:50 +00:00			`?>`
			`<button onclick='copyCode()' class='btn btn-neutral'><?php echo $token['code']; ?></button>`
			`<script>`
			`function copyCode() {`
			`navigator.clipboard.writeText("<?php echo $token['code']; ?>");`
			`sniffleAdd("Info", "Invite code has been copied!", "var(--green)", "assets/icons/clipboard-text.svg");`
			`}`
			`</script>`
			`<?php`
			`}`
Adding Json config 2022-09-08 13:29:45 +00:00			`?>`
Logs section added 2022-09-14 14:08:50 +00:00			`<br>`
			`<h3>Logs</h3>`
			`<div id=logs" class="logs">`
			`<?php`
			`// Reading images from table`
			`$logs_request = mysqli_query($conn, "SELECT * FROM logs ORDER BY id DESC");`

			`while ($log = mysqli_fetch_array($logs_request)) {`
			`?>`
			`<div class="log">`
			`<p><?php echo $log['id']; ?></p>`
			`<p><?php echo $log['ipaddress']; ?></p>`
			`<p><?php echo $log['action']; ?></p>`
			`<?php`
			`$log_time = new DateTime($log['time']);`
Working on temp ban system 2022-09-15 15:40:12 +00:00			`echo "<p>" . $log_time->format('d/m/Y H:i:s T') . "<br>" . $diff->time($log['time']) . "</p>";`
			`?>`
			`</div>`
			`<?php`
			`}`
			`?>`
			`</div>`
			`<br>`
			`<h3>Bans/Timeouts</h3>`
			`<div id="bans" class="bans">`
			`<?php`
			`// Reading images from table`
			`$bans_request = mysqli_query($conn, "SELECT * FROM bans ORDER BY id DESC");`

			`while ($ban = mysqli_fetch_array($bans_request)) {`
			`if ($ban['permanent']) {`
			`echo "<div class='ban perm'>";`
			`} else {`
			`echo "<div class='ban'>";`
			`}`
			`?>`
			`<p><?php echo $ban['id']; ?></p>`
			`<p><?php echo $ban['ipaddress']; ?></p>`
			`<p><?php echo $ban['reason']; ?></p>`
			`<p><?php echo $ban['length']; ?></p>`
			`<?php`
			`$log_time = new DateTime($ban['time']);`
			`echo "<p>" . $log_time->format('d/m/Y H:i:s T') . "<br>" . $diff->time($ban['time']) . "</p>";`
Logs section added 2022-09-14 14:08:50 +00:00			`?>`
			`</div>`
			`<?php`
Adding Json config 2022-09-08 13:29:45 +00:00			`}`
Logs section added 2022-09-14 14:08:50 +00:00			`?>`
			`</div>`
			`</div>`
			`<?php`
Adding Json config 2022-09-08 13:29:45 +00:00			`}`
a 2022-08-15 10:56:05 +00:00			`} else {`
			`?>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`<div class="login-root">`
			`<h2>Login</h2>`
			`<p>Passwords are important to keep safe. Don't tell anyone your password, not even Fluffy!</p>`
			`<br>`
			`<form id="loginForm" method="POST" enctype="multipart/form-data">`
			`<input id="loginUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">`
			`<input id="loginPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">`
			`<br>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<button id="loginSubmit" class="btn btn-good" type="submit" name="login"><img class="svg" src="assets/icons/sign-in.svg">Login</button>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`</form>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<button class='btn btn-neutral' onclick="signupShow()"><img class="svg" src="assets/icons/sign-in.svg">Need an account?</button>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`</div>`
			`<script>`
			`$("#loginForm").submit(function(event) {`
			`event.preventDefault();`
			`var username = $("#loginUsername").val();`
			`var password = $("#loginPassword").val();`
			`var submit = $("#loginSubmit").val();`
File reordering in progress 2022-09-07 09:41:18 +00:00			`$("#sniffle").load("app/account/account.php", {`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`username: username,`
			`password: password,`
			`submit_login: submit`
			`});`
			`});`
			`</script>`

			`<div class="signup-root">`
			`<h2>Make account</h2>`
			`<p>And amazing things happened here...</p>`
			`<br>`
			`<form id="signupForm" method="POST" action="signup.php" enctype="multipart/form-data">`
			`<input id="signupUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">`
			`<br>`
			`<input id="signupPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">`
			`<input id="signupPasswordConfirm" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Re-enter Password">`
			`<br>`
			`<input id="signupToken" class="btn btn-neutral" type="text" name="token" placeholder="Invite Code">`
			`<br>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<button id="signupSubmit" class="btn btn-good" type="submit" name="signup"><img class="svg" src="assets/icons/sign-in.svg">Sign Up</button>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`</form>`
File reordering in progress 2022-09-07 09:41:18 +00:00			`<button class='btn btn-neutral' onclick="loginShow()"><img class="svg" src="assets/icons/sign-in.svg">I already got an account!</button>`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`</div>`
			`<script>`
			`$("#signupForm").submit(function(event) {`
			`event.preventDefault();`
			`var username = $("#signupUsername").val();`
			`var password = $("#signupPassword").val();`
			`var confirm_password = $("#signupPasswordConfirm").val();`
			`var token = $("#signupToken").val();`
			`var submit = $("#signupSubmit").val();`
File reordering in progress 2022-09-07 09:41:18 +00:00			`$("#sniffle").load("app/account/account.php", {`
Merged login signup and account page into one 2022-09-06 18:15:59 +00:00			`username: username,`
			`password: password,`
			`confirm_password: confirm_password,`
			`token: token,`
			`submit_signup: submit`
			`});`
			`});`
			`</script>`

			`<script>`
			`function loginShow() {`
			`document.querySelector(".login-root").style.display = "block";`
			`document.querySelector(".signup-root").style.display = "none";`
			`};`
			`function signupShow() {`
			`document.querySelector(".signup-root").style.display = "block";`
			`document.querySelector(".login-root").style.display = "none";`
			`};`
			`</script>`
a 2022-08-15 10:56:05 +00:00			`<?php`
			`}`
			`?>`
Fixing security issues 2022-07-25 17:28:55 +00:00
Fixing directory and required file issues 2022-09-13 16:07:01 +00:00			`<?php require_once __DIR__."/ui/footer.php"; ?>`
Fixing security issues 2022-07-25 17:28:55 +00:00			`</body>`
a 2022-08-15 10:56:05 +00:00
			`</html>`