php-gallery/account.php

463 lines
18 KiB
PHP
Raw Normal View History

2022-09-21 13:37:45 +00:00
<?php require_once __DIR__."/app/required.php"; ?>
2022-09-21 13:02:38 +00:00
2022-07-25 17:28:55 +00:00
<!DOCTYPE html>
<html>
2022-08-15 10:56:05 +00:00
2022-07-25 17:28:55 +00:00
<head>
2022-09-21 13:37:45 +00:00
<?php require_once __DIR__."/assets/ui/header.php"; ?>
2022-07-25 17:28:55 +00:00
</head>
2022-08-15 10:56:05 +00:00
2022-07-25 17:28:55 +00:00
<body>
2022-08-15 10:56:05 +00:00
<?php
2022-09-21 13:37:45 +00:00
require_once __DIR__."/assets/ui/nav.php";
2022-09-12 14:15:16 +00:00
2022-09-21 13:02:38 +00:00
use App\Account;
use App\Diff;
2022-09-12 14:15:16 +00:00
2022-09-21 13:02:38 +00:00
$user_info = new Account();
$diff = new Diff();
2022-09-22 15:51:22 +00:00
$profile_info = $user_info->get_user_info($conn, $_SESSION['id']);
2022-08-15 10:56:05 +00:00
?>
2022-07-25 17:28:55 +00:00
2022-08-15 10:56:05 +00:00
<?php
2022-09-12 14:15:16 +00:00
if ($user_info->is_loggedin()) {
2022-08-15 10:56:05 +00:00
?>
2022-09-24 10:18:00 +00:00
<div class="defaultDecoration defaultSpacing defaultFonts">
2022-09-22 19:39:15 +00:00
<h2>Profile</h2>
2022-09-22 15:51:22 +00:00
<div class="pfp-upload">
<form id="pfpForm" method="POST" enctype="multipart/form-data">
2022-09-22 19:39:15 +00:00
<h3>Profile Picture</h3>
2022-09-22 15:51:22 +00:00
<input id="image" class="btn btn-neutral" type="file" placeholder="select image UwU">
<button id="pfpSubmit" class="btn btn-good" type="submit"><img class="svg" src="assets/icons/upload.svg">Upload Image</button>
</form>
<?php
if (is_file("images/pfp/".$profile_info['pfp_path'])) {
echo "<img src='images/pfp/".$profile_info['pfp_path']."'>";
} else {
echo "<img src='assets/no_image.png'>";
}
?>
<script>
$("#pfpForm").submit(function(event) {
event.preventDefault();
// Check if image avalible
var file = $("#image").val();
if (file != "") {
// Make form
var formData = new FormData();
// Get image
var image_data = $("#image").prop("files")[0];
formData.append("image", image_data);
// Submit data
var submit = $("#pfpSubmit").val();
formData.append("pfp_submit", submit);
// Upload the information
$.ajax({
url: 'app/account/account.php',
type: 'post',
data: formData,
contentType: false,
processData: false,
success: function(response) {
$("#sniffle").html(response);
}
});
// Empty values
$("#image").val("");
$("#submit").val("");
} else {
sniffleAdd('Gwha!', 'Pls provide image', 'var(--red)', 'assets/icons/file-search.svg');
}
});
</script>
</div>
<br>
<a href="profile.php?user=<?php echo $_SESSION['id']; ?>" class="btn btn-neutral">Go to profile</a>
</div>
2022-09-24 10:18:00 +00:00
<div class="warningDecoration defaultSpacing defaultFonts">
2022-09-22 19:39:15 +00:00
<h2>Account</h2>
2022-09-07 09:41:18 +00:00
<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
2022-09-20 10:20:18 +00:00
<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button>
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
2022-09-08 13:29:45 +00:00
</div>
2022-09-20 10:12:32 +00:00
<script>
function deleteAccount() {
var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition!!!";
var actionBox = "<button class='btn btn-bad' onclick='deleteAccountConfirm()'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
<button class='btn btn-bad' onclick='deleteAccountConfirmFull()'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>";
2022-09-20 10:12:32 +00:00
flyoutShow(header, description, actionBox);
}
function deleteAccountConfirm () {
var header = "Deleting just your account!";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDelete' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
</form>";
2022-09-20 10:12:32 +00:00
flyoutShow(header, description, actionBox);
$("#accountDelete").submit(function(event) {
2022-09-20 10:12:32 +00:00
event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
2022-09-20 10:12:32 +00:00
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: 'false',
account_password: accountDeletePassword,
2022-09-20 10:12:32 +00:00
account_delete_submit: accountDeleteSubmit
});
});
}
function deleteAccountConfirmFull () {
var header = "Deleting EVERYTHINGGGGG";
var description = "This is your last warning, so enter your password now.";
var actionBox = "<form id='accountDeleteFull' method='POST'>\
<input id='accountDeletePassword' class='btn btn-neutral' type='password' name='password' placeholder='Password'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#accountDeleteFull").submit(function(event) {
2022-09-20 10:12:32 +00:00
event.preventDefault();
var accountDeletePassword = $("#accountDeletePassword").val();
2022-09-20 10:12:32 +00:00
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: 'true',
account_password: accountDeletePassword,
2022-09-20 10:12:32 +00:00
account_delete_submit: accountDeleteSubmit
});
});
}
</script>
2022-09-08 13:29:45 +00:00
<?php
2022-09-16 16:39:13 +00:00
if ($user_info->is_admin($conn, $_SESSION['id'])) {
2022-09-14 14:08:50 +00:00
?>
2022-09-24 10:18:00 +00:00
<div class="defaultDecoration defaultSpacing defaultFonts">
2022-09-22 19:39:15 +00:00
<h2>Admin</h2>
2022-09-08 13:29:45 +00:00
<h3>Invite Codes</h3>
<?php
$token_request = mysqli_query($conn, "SELECT * FROM tokens WHERE used = 0");
while ($token = mysqli_fetch_array($token_request)) {
2022-09-14 14:08:50 +00:00
?>
<button onclick='copyCode()' class='btn btn-neutral'><?php echo $token['code']; ?></button>
<script>
function copyCode() {
navigator.clipboard.writeText("<?php echo $token['code']; ?>");
sniffleAdd("Info", "Invite code has been copied!", "var(--green)", "assets/icons/clipboard-text.svg");
}
</script>
<?php
}
2022-09-08 13:29:45 +00:00
?>
2022-09-14 14:08:50 +00:00
<br>
<div class="tabs">
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'logs')">Logs</button>
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'bans')">Bans</button>
2022-09-20 10:12:32 +00:00
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'users')">Users</button>
</div>
<div id="logs" class="logs tabcontent">
2022-09-16 16:39:13 +00:00
<div class="log">
<p>ID</p>
<p>User IP</p>
<p>Action</p>
<p>Time</p>
</div>
2022-09-14 14:08:50 +00:00
<?php
// Reading images from table
$logs_request = mysqli_query($conn, "SELECT * FROM logs ORDER BY id DESC");
while ($log = mysqli_fetch_array($logs_request)) {
?>
<div class="log">
<p><?php echo $log['id']; ?></p>
<p><?php echo $log['ipaddress']; ?></p>
<p><?php echo $log['action']; ?></p>
<?php
$log_time = new DateTime($log['time']);
2022-09-15 17:35:06 +00:00
echo "<p>" . $log_time->format('Y-m-d H:i:s T') . " | " . $diff->time($log['time']) . "</p>";
2022-09-15 15:40:12 +00:00
?>
</div>
<?php
}
?>
</div>
<div id="bans" class="bans tabcontent">
2022-09-16 16:39:13 +00:00
<div class="ban">
<p>ID</p>
<p>User IP</p>
<p>Reason</p>
<p>Lenght</p>
<p>Time</p>
</div>
2022-09-15 15:40:12 +00:00
<?php
// Reading images from table
$bans_request = mysqli_query($conn, "SELECT * FROM bans ORDER BY id DESC");
while ($ban = mysqli_fetch_array($bans_request)) {
if ($ban['permanent']) {
echo "<div class='ban perm'>";
} else {
echo "<div class='ban'>";
}
?>
<p><?php echo $ban['id']; ?></p>
<p><?php echo $ban['ipaddress']; ?></p>
<p><?php echo $ban['reason']; ?></p>
2022-09-15 17:13:36 +00:00
<p><?php echo $ban['length']; ?> mins</p>
2022-09-15 15:40:12 +00:00
<?php
$log_time = new DateTime($ban['time']);
2022-09-16 16:39:13 +00:00
echo "<p>" . $log_time->format('Y-m-d H:i:s T') . " | " . $diff->time($ban['time']) . "</p>";
2022-09-14 14:08:50 +00:00
?>
</div>
<?php
2022-09-08 13:29:45 +00:00
}
2022-09-14 14:08:50 +00:00
?>
</div>
<div id="users" class="user-settings tabcontent">
2022-09-16 16:39:13 +00:00
<div class="user">
<p>ID</p>
<p>Username</p>
<p>Last Modified</p>
<p>User Options</p>
<p></p>
<p></p>
</div>
<?php
// Reading images from table
$user_request = mysqli_query($conn, "SELECT * FROM users");
while ($user = mysqli_fetch_array($user_request)) {
if ($user['admin'] || $user['id'] == 1) {
echo "<div class='user is-admin'>";
} else {
echo "<div class='user'>";
}
?>
<p><?php echo $user['id']; ?></p>
<p><?php echo $user['username']; ?></p>
<?php
$user_time = new DateTime($user['created_at']);
echo "<p>" . $user_time->format('Y-m-d H:i:s T') . " | " . $diff->time($user['last_modified']) . "</p>";
2022-09-16 16:39:13 +00:00
if ($user['id'] == 1) {
?>
<button class="btn btn-neutral" style="outline: none;">Reset Password</button>
<button class="btn btn-neutral" style="outline: none;">Delete user</button>
<button class="btn btn-neutral" style="outline: none;">Toggle admin</button>
<?php
} else {
?>
2022-09-17 10:51:54 +00:00
<button id="userResetPassword" class="btn btn-bad" onclick="userResetPassword('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Reset Password</button>
2022-09-16 16:39:13 +00:00
<button id="userDeleteButton" class="btn btn-bad" onclick="userDelete('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Delete user</button>
<button id="userToggleAdmin" class="btn btn-bad" onclick="userToggleAdmin('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Toggle admin</button>
<?php
}
?>
</div>
<?php
}
?>
2022-09-19 19:21:57 +00:00
<script>
function userResetPassword(id, username) {
var header = "UwU whats the new passywassy code?";
var description = "Do this only if "+username+" has forgotten their password, DO NOT abuse this power";
var actionBox = "<form id='userResetPasswordForm' method='POST' enctype='multipart/form-data'>\
<input id='userNewPassword' class='btn btn-neutral' type='password' name='new_password' placeholder='New Password'>\
<input id='userConfirmPassword' class='btn btn-neutral' type='password' name='confirm_password' placeholder='Confirm Password'>\
<br>\
<button id='userPasswordSubmit' class='btn btn-bad' type='submit' name='reset' value='"+id+"'><img class='svg' src='assets/icons/password.svg'>Reset</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#userResetPasswordForm").submit(function(event) {
event.preventDefault();
var new_password = $("#userNewPassword").val();
var confirm_password = $("#userConfirmPassword").val();
var submit = $("#userPasswordSubmit").val();
var userId = $("#userPasswordSubmit").val();
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
2022-09-19 19:21:57 +00:00
new_password: new_password,
confirm_password: confirm_password,
id: userId,
2022-09-20 10:12:32 +00:00
password_reset_submit: submit
2022-09-19 19:21:57 +00:00
});
});
}
2022-09-19 19:21:57 +00:00
function userDelete(id, username) {
var header = "Are you very very sure?";
2022-09-20 10:12:32 +00:00
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
var actionBox = "<form id='userDelete' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (keep posts)</button>\
2022-09-19 19:21:57 +00:00
</form>\
2022-09-20 10:12:32 +00:00
<form id='userDeleteFull' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (delete posts)</button>\
2022-09-19 19:21:57 +00:00
</form>";
flyoutShow(header, description, actionBox);
2022-09-20 10:12:32 +00:00
$("#userDelete").submit(function(event) {
2022-09-19 19:21:57 +00:00
event.preventDefault();
2022-09-20 10:12:32 +00:00
var id = $("#userDeleteSubmit").val();
2022-09-19 19:21:57 +00:00
var userDeleteSubmit = $("#userDeleteSubmit").val();
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: false,
account_delete_submit: userDeleteSubmit
2022-09-19 19:21:57 +00:00
});
2022-09-20 10:12:32 +00:00
});
$("#userDeleteFull").submit(function(event) {
2022-09-19 19:21:57 +00:00
event.preventDefault();
2022-09-20 10:12:32 +00:00
var id = $("#userDeleteSubmit").val();
2022-09-19 19:21:57 +00:00
var userDeleteSubmit = $("#userDeleteSubmit").val();
2022-09-20 10:12:32 +00:00
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: true,
account_delete_submit: userDeleteSubmit
2022-09-19 19:21:57 +00:00
});
2022-09-20 10:12:32 +00:00
});
2022-09-19 19:21:57 +00:00
}
2022-09-19 19:21:57 +00:00
function userToggleAdmin(id, username) {
var header = "With great power comes great responsibility...";
var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure";
2022-09-20 10:12:32 +00:00
var actionBox = "<form id='toggleAdminConfirm' method='POST'>\
2022-09-25 15:49:11 +00:00
<button id='toggleAdminSubmit' class='btn btn-bad' type='submit' value='"+id+"'>Toggle "+username+"'s admin status</button>\
2022-09-19 19:21:57 +00:00
</form>";
flyoutShow(header, description, actionBox);
$("#toggleAdminConfirm").submit(function(event) {
event.preventDefault();
var toggleAdminSubmit = $("#toggleAdminSubmit").val();
$("#sniffle").load("app/account/account.php", {
id: toggleAdminSubmit,
toggle_admin: toggleAdminSubmit
});
});
}
</script>
2022-09-16 16:39:13 +00:00
</div>
2022-09-19 19:21:57 +00:00
<script>
function openTab(evt, tabName) {
var i, tabcontent, tablinks;
tabcontent = document.getElementsByClassName("tabcontent");
for (i = 0; i < tabcontent.length; i++) {
tabcontent[i].style.display = "none";
}
tablinks = document.getElementsByClassName("tablinks");
for (i = 0; i < tablinks.length; i++) {
tablinks[i].className = tablinks[i].className.replace(" active-tab", "");
}
document.getElementById(tabName).style.display = "flex";
evt.currentTarget.className += " active-tab";
}
</script>
2022-09-14 14:08:50 +00:00
</div>
2022-09-21 21:02:02 +00:00
<?php
2022-09-08 13:29:45 +00:00
}
2022-08-15 10:56:05 +00:00
} else {
?>
2022-09-24 10:18:00 +00:00
<div class="login-root defaultDecoration defaultSpacing defaultFonts">
<h2>Login</h2>
<p>Passwords are important to keep safe. Don't tell anyone your password, not even Fluffy!</p>
<br>
<form id="loginForm" method="POST" enctype="multipart/form-data">
<input id="loginUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
<input id="loginPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
<br>
2022-09-07 09:41:18 +00:00
<button id="loginSubmit" class="btn btn-good" type="submit" name="login"><img class="svg" src="assets/icons/sign-in.svg">Login</button>
</form>
2022-09-07 09:41:18 +00:00
<button class='btn btn-neutral' onclick="signupShow()"><img class="svg" src="assets/icons/sign-in.svg">Need an account?</button>
</div>
<script>
$("#loginForm").submit(function(event) {
event.preventDefault();
var username = $("#loginUsername").val();
var password = $("#loginPassword").val();
var submit = $("#loginSubmit").val();
2022-09-07 09:41:18 +00:00
$("#sniffle").load("app/account/account.php", {
username: username,
password: password,
submit_login: submit
});
});
</script>
2022-09-24 10:18:00 +00:00
<div class="signup-root defaultDecoration defaultSpacing defaultFonts" style="display: none;">
<h2>Make account</h2>
<p>And amazing things happened here...</p>
<br>
<form id="signupForm" method="POST" action="signup.php" enctype="multipart/form-data">
<input id="signupUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
<br>
<input id="signupPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
<input id="signupPasswordConfirm" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Re-enter Password">
<br>
<input id="signupToken" class="btn btn-neutral" type="text" name="token" placeholder="Invite Code">
<br>
2022-09-07 09:41:18 +00:00
<button id="signupSubmit" class="btn btn-good" type="submit" name="signup"><img class="svg" src="assets/icons/sign-in.svg">Sign Up</button>
</form>
2022-09-07 09:41:18 +00:00
<button class='btn btn-neutral' onclick="loginShow()"><img class="svg" src="assets/icons/sign-in.svg">I already got an account!</button>
</div>
<script>
$("#signupForm").submit(function(event) {
event.preventDefault();
var username = $("#signupUsername").val();
var password = $("#signupPassword").val();
var confirm_password = $("#signupPasswordConfirm").val();
var token = $("#signupToken").val();
var submit = $("#signupSubmit").val();
2022-09-07 09:41:18 +00:00
$("#sniffle").load("app/account/account.php", {
username: username,
password: password,
confirm_password: confirm_password,
token: token,
submit_signup: submit
});
});
</script>
<script>
function loginShow() {
document.querySelector(".login-root").style.display = "block";
document.querySelector(".signup-root").style.display = "none";
};
function signupShow() {
document.querySelector(".signup-root").style.display = "block";
document.querySelector(".login-root").style.display = "none";
};
</script>
2022-08-15 10:56:05 +00:00
<?php
}
?>
2022-07-25 17:28:55 +00:00
2022-09-21 13:37:45 +00:00
<?php require_once __DIR__."/assets/ui/footer.php"; ?>
2022-07-25 17:28:55 +00:00
</body>
2022-08-15 10:56:05 +00:00
</html>