failed-galleries/php-gallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-01-29 17:28:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Account deletion, password reset fixes

Browse source
This commit is contained in:
Michał 2022-09-20 10:12:32 +00:00
parent b0bb4a2e91
commit a465231eff
7 changed files with 285 additions and 165 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
account.php
View file

@ -28,7 +28,44 @@
<br>
<p>Don't leave! I'm with the science team!</p>
<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
<br>
<p>Be carefull!</p>
<button class="btn btn-bad" onclick="deleteAccount()">Delete account</button>
</div>
<script>
function deleteAccount() {
var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
var actionBox = "<form id='userDelete' method='POST'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (keep posts)</button>\
</form>\
<form id='userDeleteFull' method='POST'>\
<button id='accountDeleteSubmit' class='btn btn-bad' type='submit'><img class='svg' src='assets/icons/trash.svg'>Delete account (delete posts)</button>\
</form>";
flyoutShow(header, description, actionBox);
$("#userDelete").submit(function(event) {
event.preventDefault();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: false,
account_delete_submit: accountDeleteSubmit
});
});
$("#userDeleteFull").submit(function(event) {
event.preventDefault();
var accountDeleteSubmit = $("#accountDeleteSubmit").val();
$("#sniffle").load("app/account/account.php", {
delete_id: <?php echo $_SESSION['id']; ?>,
full: true,
account_delete_submit: accountDeleteSubmit
});
});
}
</script>
<?php
if ($user_info->is_admin($conn, $_SESSION['id'])) {
?>
@ -55,7 +92,7 @@
<div class="tabs">
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'logs')">Logs</button>
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'bans')">Bans</button>
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'users')">User settings</button>
<button class="btn btn-neutral tablinks" onclick="openTab(event, 'users')">Users</button>
</div>
<div id="logs" class="logs tabcontent">
@ -182,49 +219,51 @@
var confirm_password = $("#userConfirmPassword").val();
var submit = $("#userPasswordSubmit").val();
var userId = $("#userPasswordSubmit").val();
$("#sniffle").load("app/account/password_reset.php", {
$("#sniffle").load("app/account/account.php", {
new_password: new_password,
confirm_password: confirm_password,
id: userId,
submit: submit
password_reset_submit: submit
});
});
}
function userDelete(id, username) {
var header = "Are you very very sure?";
var description = "This CANNOT be undone, be very carefull with your decition...";
var actionBox = "<form id='' action='app/image/edit_description.php' method='POST'>\
<button class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (keep posts)</button>\
var description = "This CANNOT be undone, be very carefull with your decition... There is no second warning!";
var actionBox = "<form id='userDelete' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (keep posts)</button>\
</form>\
<form id='' action='app/image/edit_description.php' method='POST'>\
<button class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (delete posts)</button>\
<form id='userDeleteFull' method='POST'>\
<button id='userDeleteSubmit' class='btn btn-bad' type='submit' value='"+id+"'><img class='svg' src='assets/icons/trash.svg'>Delete user "+username+" (delete posts)</button>\
</form>";
flyoutShow(header, description, actionBox);
/*$("#descriptionConfirm").submit(function(event) {
$("#userDelete").submit(function(event) {
event.preventDefault();
var descriptionInput = $("#descriptionInput").val();
var id = $("#userDeleteSubmit").val();
var userDeleteSubmit = $("#userDeleteSubmit").val();
$("#sniffle").load("path/to/.php", {
id: id,
submit_delete: userDeleteSubmit
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: false,
account_delete_submit: userDeleteSubmit
});
});*/
/*$("#descriptionConfirm").submit(function(event) {
});
$("#userDeleteFull").submit(function(event) {
event.preventDefault();
var descriptionInput = $("#descriptionInput").val();
var id = $("#userDeleteSubmit").val();
var userDeleteSubmit = $("#userDeleteSubmit").val();
$("#sniffle").load("path/to/.php", {
id: id,
submit_delete: userDeleteSubmit
$("#sniffle").load("app/account/account.php", {
delete_id: id,
full: true,
account_delete_submit: userDeleteSubmit
});
});*/
});
}
function userToggleAdmin(id, username) {
var header = "With great power comes great responsibility...";
var description = "Do you trust this user? With admin permitions they can cause a whole lot of damage to this place, so make sure you're very very sure";
var actionBox = "<form id='toggleAdminConfirm' action='app/image/edit_description.php' method='POST'>\
var actionBox = "<form id='toggleAdminConfirm' method='POST'>\
<button id='toggleAdminSubmit' class='btn btn-bad' type='submit' value='"+id+"'>Make "+username+" powerfull!</button>\
</form>";

212
app/account/account.php
View file

@ -486,4 +486,216 @@ if (isset($_POST['toggle_admin'])) {
</script>
<?php
}
}
/*
|-------------------------------------------------------------
| Password Reset
|-------------------------------------------------------------
| I want to make it possible to reset the password without
| access to the account directly with an email reset link or
| something. I also want to confirm the password change with
| the old password in the future, as people forget passwords
| and people can get onto accounts. For now this is a shitty
| little system thats inplace for those who need it. Hopefully
| I can make something better in the future...
|-------------------------------------------------------------
*/
if (isset($_POST['password_reset_submit'])) {
$error = 0;
// Validate new password
if (empty(trim($_POST["new_password"]))) {
?>
<script>
sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} elseif(strlen(trim($_POST["new_password"])) < 6) {
?>
<script>
sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
?>
<script>
sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} else {
$confirm_password = trim($_POST["confirm_password"]);
if(empty($error) && ($new_password != $confirm_password)) {
?>
<script>
sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
if (isset($_POST['id']) && $user_info->is_admin($conn, $_SESSION["id"])) {
$user_id = $_POST['id'];
} elseif (empty($_POST['id'])) {
$user_id = $_SESSION["id"];
} else {
?>
<script>
sniffleAdd('Oopsie', 'An error occured while figuring out which user to change the password of... Are you an admin?', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
// Check for errors
if ($error <= 0) {
// Prepare for wack
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Setting up Password parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $user_id;
// Attempt to execute (sus)
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
if ($user_id == $_SESSION["id"]) {
// Check if password reset was done by user
session_destroy();
?>
<script>
sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', 'assets/icons/check.svg');
setTimeout(function(){window.location.href = "account/login.php";}, 2000);
</script>
<?php
} else {
// An admin has changed the password
?>
<script>
sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
}
}
/*
Account deletion
I hate dealing with stuffs being deleted
*/
if (isset($_POST['account_delete_submit'])) {
$error = 0;
if (isset($_POST['delete_id'])) {
if ($_POST['delete_id'] == 1) {
?>
<script>
sniffleAdd('Sussy', 'You cannot delete the owners account!!!!!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} elseif ($_POST['delete_id'] == $_SESSION['id']) {
$delete_id = $_SESSION['id'];
} elseif ($_POST['delete_id'] != $_SESSION['id'] && $_SESSION['id'] == 1) {
$delete_id = $_POST['delete_id'];
} else {
?>
<script>
sniffleAdd('Ono', 'You aren\'t privilaged enough to delete accounts!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
} else {
?>
<script>
sniffleAdd('Oopsie', 'We couldn\'t find the account that was requested to be deleted', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
if (empty($_POST['full']) || !isset($_POST['full'])) {
?>
<script>
sniffleAdd('Oopsie', 'Some error occured, unsure what to delete', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
if ($error <= 0) {
if ($_POST['full']) {
$image_request = mysqli_query($conn, "SELECT id, imagename FROM images WHERE author = '$delete_id'");
while ($image = mysqli_fetch_array($image_request)) {
if (is_file(dirname(__DIR__)."/images/".$image['imagename'])) {
unlink(dirname(__DIR__)."/images/".$image['imagename']);
}
if (is_file(dirname(__DIR__)."/images/thumbnails/".$image['imagename'])) {
unlink(dirname(__DIR__)."/images/thumbnails/".$image['imagename']);
}
if (is_file(dirname(__DIR__)."/images/previews/".$image['imagename'])) {
unlink(dirname(__DIR__)."/images/previews/".$image['imagename']);
}
mysqli_query($conn, "DELETE FROM images WHERE id = ".$image['id']);
}
?>
<script>
sniffleAdd('Progress', 'Deleted all images from the user', 'var(--green)', 'assets/icons/warning.svg');
flyoutClose();
</script>
<?php
}
mysqli_query($conn, "DELETE FROM users WHERE id = ".$delete_id);
if ($_POST['full']) {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account and all their posts')");
} else {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted a user account')");
}
?>
<script>
sniffleAdd('Goodbye!', 'Successfully deleted the user!', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
}
}

136
app/account/password_reset.php
View file

@ -1,136 +0,0 @@
<?php
/*
|-------------------------------------------------------------
| Password Reset
|-------------------------------------------------------------
| I want to make it possible to reset the password without
| access to the account directly with an email reset link or
| something. I also want to confirm the password change with
| the old password in the future, as people forget passwords
| and people can get onto accounts. For now this is a shitty
| little system thats inplace for those who need it. Hopefully
| I can make something better in the future...
|-------------------------------------------------------------
*/
// Initialize the session
session_start();
// Include server connection
include dirname(__DIR__)."/server/conn.php";
include dirname(__DIR__)."/app.php";
use App\Account;
$user_info = new Account();
if (isset($_POST['submit'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
// Validate new password
if (empty(trim($_POST["new_password"]))) {
?>
<script>
sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} elseif(strlen(trim($_POST["new_password"])) < 6) {
?>
<script>
sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
?>
<script>
sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
} else {
$confirm_password = trim($_POST["confirm_password"]);
if(empty($error) && ($new_password != $confirm_password)) {
?>
<script>
sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
}
if (isset($_POST['id']) && $user_info->is_admin($conn, $_SESSION["id"])) {
$user_id = $_POST['id'];
} elseif (empty($_POST['id'])) {
$user_id = $_SESSION["id"];
} else {
?>
<script>
sniffleAdd('Oopsie', 'An error occured while figuring out which user to change the password of... Are you an admin?', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error += 1;
}
// Check for errors
if ($error <= 0) {
// Prepare for wack
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Setting up Password parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $user_id;
// Attempt to execute (sus)
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
if ($user_id == $_SESSION["id"]) {
// Check if password reset was done by user
session_destroy();
?>
<script>
sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', 'assets/icons/check.svg');
setTimeout(function(){window.location.href = "account/login.php";}, 2000);
</script>
<?php
} else {
// An admin has changed the password
?>
<script>
sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--green)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
}
}

14
app/server/conn.php
View file

@ -2,14 +2,16 @@
/*
Connect to database
Dunno what else to put here lol
Make sure to enter your correct database details,
else it may cause issues with loading the page
*/
try {
$conn_ip = "192.168.0.79:3306";
$conn_username = "uwu";
$conn_password = "fennec621";
$conn_database = "gallery";
$conn_ip = "192.168.0.79:3306";
$conn_username = "uwu";
$conn_password = "fennec621";
$conn_database = "gallery";
try {
$conn = @mysqli_connect($conn_ip, $conn_username, $conn_password , $conn_database);
} catch (Exception $e) {
header("location: error.php?e=conn");

1
css/main.css
View file

@ -1019,6 +1019,7 @@ body * {
.btn:hover {
outline: #E8E3E3 0.2rem solid;
color: #E8E3E3;
cursor: pointer;
}
.btn:where(input[type=file])::-webkit-file-upload-button {
margin: -0.25rem 0.5rem -0.25rem -0.25rem;

2
css/main.scss
View file

@ -85,6 +85,8 @@ body {
&:hover {
outline: $white 0.2rem solid;
color: $fg;
cursor: pointer;
}
&:where(input[type="file"])::file-selector-button {

4
password-reset.php
View file

@ -40,10 +40,10 @@
var new_password = $("#newPassword").val();
var confirm_password = $("#confirmPassword").val();
var submit = $("#passwordSubmit").val();
$("#sniffle").load("app/account/password_reset.php", {
$("#sniffle").load("app/account/account.php", {
new_password: new_password,
confirm_password: confirm_password,
submit: submit
password_reset_submit: submit
});
});
</script>