1
0
orblog-legacy/private/pages/admin.php

202 lines
6.5 KiB
PHP
Raw Normal View History

2024-07-13 18:19:16 +02:00
<?php
/*-----------------------------------------------------------------------------
orblog - Simple blog for hidden networks.
Version: 0.1
Git: https://code.fossee.net/chicory/orblog-legacy
Copyright: chicory@fossee.net 2020
License: http://www.apache.org/licenses/LICENSE-2.0
-----------------------------------------------------------------------------*/
/*-- Admin panel auth -----------------------------------------------------*/
if($_GET['auth'] == 'sign_in')
{
if($_POST['pass'] == PASS and $_POST['captcha'] == $_SESSION['captcha'])
$_SESSION['admin'] = 1;
else
$_TPL['error'] = $_LANG['error_sign_in'];
}
if($_GET['auth'] == 'sign_out')
$_SESSION['admin'] = 0;
/*-- Admin panel actions --------------------------------------------------*/
if($_GET['action'] == 'add_post' and $_SESSION['admin']) // Add post
{
$query = 'INSERT INTO `posts`
(time, category, title, desc, text, tags)
VALUES
(:time, :cat, :title, :desc, :text, :tags)';
$stmt = $sqlite -> prepare($query);
$stmt -> bindValue(':time', time(), SQLITE3_INTEGER);
$stmt -> bindValue(':cat', $_POST['category'], SQLITE3_INTEGER);
$stmt -> bindValue(':title', $_POST['title'], SQLITE3_TEXT);
$stmt -> bindValue(':desc', $_POST['desc'], SQLITE3_TEXT);
$stmt -> bindValue(':text', $_POST['text'], SQLITE3_TEXT);
$stmt -> bindValue(':tags', $_POST['tags'], SQLITE3_TEXT);
$stmt->execute();
header('Location:'.URL); exit;
}
if($_GET['action'] == 'edit_post' and $_SESSION['admin']) // Edit post
{
$query = 'SELECT COUNT(*) FROM `comments` WHERE id = '.$_GET['post'];
$count = $sqlite -> querySingle($query);
$query = 'UPDATE `posts` SET
category = :cat,
title = :title,
desc = :desc,
text = :text,
tags = :tags,
comments = :count
WHERE id = :id';
$stmt = $sqlite -> prepare($query);
$stmt -> bindValue(':cat', $_POST['category'], SQLITE3_INTEGER);
$stmt -> bindValue(':title', $_POST['title'], SQLITE3_TEXT);
$stmt -> bindValue(':desc', $_POST['desc'], SQLITE3_TEXT);
$stmt -> bindValue(':text', $_POST['text'], SQLITE3_TEXT);
$stmt -> bindValue(':tags', $_POST['tags'], SQLITE3_TEXT);
$stmt -> bindValue(':count', $count, SQLITE3_INTEGER);
$stmt -> bindValue(':id', $_GET['post'], SQLITE3_INTEGER);
$stmt->execute();
header('Location:'.URL.'/index.php?view=post&id='.$_GET['post']); exit;
}
if($_GET['action'] == 'delete_post' and $_SESSION['admin']) // Del post
{
$query = 'DELETE FROM `posts` WHERE id = '.$_GET['id'];
$sqlite -> exec($query);
$query = 'DELETE FROM `comments` WHERE id = '.$_GET['id'];
$sqlite -> exec($query);
header('Location:'.URL); exit;
}
if($_GET['action'] == 'add_category' and $_SESSION['admin']) // Add category
{
if (!$_POST['sort']) $_POST['sort'] = 0;
$query = 'INSERT INTO `categories`
(sort, name)
VALUES
('.$_POST['sort'].',
"'.$_POST['name'].'")';
$sqlite -> exec($query);
header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
}
if($_GET['action'] == 'edit_category' and $_SESSION['admin']) // Edit category
{
if($_POST['delete'])
{
$query = 'DELETE FROM `categories` WHERE id = '.$_GET['id'];
$sqlite -> exec($query);
header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
}
$query = 'UPDATE `categories` SET
sort = '.$_POST['sort'].',
name = "'.$_POST['name'].'"
WHERE id = '.$_GET['id'];
$sqlite -> exec($query);
header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
}
if($_GET['action'] == 'delete_comment' and $_SESSION['admin']) // Del comment
{
$query = 'DELETE FROM `comments` WHERE cid = '.$_GET['id'];
$sqlite -> exec($query);
$query = 'SELECT COUNT(*) FROM `comments` WHERE id = '.$_GET['post'];
$count = $sqlite -> querySingle($query);
$query = 'UPDATE `posts` SET comments = '.$count.'
WHERE id = '.$_GET['post'];
$sqlite -> exec($query);
header('Location:'.$_SERVER['HTTP_REFERER']); exit;
}
/*-- Pages ----------------------------------------------------------------*/
$_TPL['title'] = $_LANG['admin'].' | '.TITLE;
include_template('header');
if(!$_SESSION['admin']) // Login
{
$_SESSION['captcha'] = gen_captcha();
include_template('sign_in');
}
else if($_GET['page'] == 'add_post') // Add post
{
$_TPL['category_select'] = select_categories($category_dump);
include_template('admin_header');
include_template('add_post');
}
else if($_GET['page'] == 'categories') // Categories
{
include_template('admin_header');
include_template('categories_header');
view_edit_categories($category_dump);
include_template('categories');
}
else if($_GET['page'] == 'comments') // Comments
{
$parser = new Parsedown();
$parser -> setSafeMode(true);
$query = 'SELECT * FROM `comments` LIMIT 50';
$result = $sqlite -> query($query);
include_template('admin_header');
include_template('comments');
view_comments($result);
}
else if($_GET['page'] == 'edit_post') // Edit post
{
$result = $sqlite -> query('SELECT * FROM `posts` WHERE id='.$_GET['id']);
$post_data = $result -> fetchArray(SQLITE3_ASSOC);
$_TPL['id'] = $post_data['id'];
$_TPL['category'] = $post_data['category'];
$_TPL['title'] = $post_data['title'];
$_TPL['title'] = $post_data['title'];
$_TPL['desc'] = $post_data['desc'];
$_TPL['text'] = $post_data['text'];
$_TPL['tags'] = $post_data['tags'];
if($post_data['category'])
$_TPL['category_name'] = category_name($post_data['category']);
else $_TPL['category_name'] = $_LANG['without_cat'];
$_TPL['category_select'] = select_categories($category_dump);
include_template('admin_header');
include_template('edit_post');
}
else // Admin inddex
{
$query = 'SELECT COUNT(*) FROM `posts`';
$_TPL['posts'] = $sqlite -> querySingle($query);
$query = 'SELECT COUNT(*) FROM `comments`';
$_TPL['comments'] = $sqlite -> querySingle($query);
include_template('admin_header');
include_template('admin_index');
}