|
|
@@ -2,81 +2,125 @@ |
|
|
|
session_start(); |
|
|
|
require_once 'database.inc.php'; |
|
|
|
|
|
|
|
function register($user, $pass, $code) |
|
|
|
{ |
|
|
|
global $db; |
|
|
|
$q = $db->prepare("SELECT id, used, level FROM invites WHERE code = (:code)"); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
/* |
|
|
|
* |
|
|
|
* Utilitiy Functions |
|
|
|
* |
|
|
|
*/ |
|
|
|
|
|
|
|
function createSession($id, $username, $level) { |
|
|
|
$_SESSION['id'] = $id; |
|
|
|
$_SESSION['user'] = $username; |
|
|
|
$_SESSION['level'] = $level; |
|
|
|
redirect('/'); |
|
|
|
} |
|
|
|
|
|
|
|
function destroySession() { |
|
|
|
session_unset(); |
|
|
|
session_destroy(); |
|
|
|
redirect('/login'); |
|
|
|
} |
|
|
|
|
|
|
|
function checkSession($requiredLevel) { |
|
|
|
// Check that they are logged in |
|
|
|
if (!isset($_SESSION['id'])) |
|
|
|
redirect('/login'); |
|
|
|
|
|
|
|
// Check that they have the required access level |
|
|
|
if ($_SESSION['level'] > $requiredLevel) |
|
|
|
exit(header('HTTP/1.0 403 Forbidden')); |
|
|
|
} |
|
|
|
|
|
|
|
function redirect($uri) { |
|
|
|
$host = $_SERVER['HTTP_HOST']; |
|
|
|
exit(header('Location: https://'.$host.$uri)); |
|
|
|
} |
|
|
|
|
|
|
|
/* |
|
|
|
* |
|
|
|
* Core Functions |
|
|
|
* |
|
|
|
*/ |
|
|
|
|
|
|
|
function panel() { |
|
|
|
global $db; |
|
|
|
checkSession(3); |
|
|
|
|
|
|
|
include('./panel.php'); |
|
|
|
|
|
|
|
$q = $db->prepare("SELECT apikey FROM accounts WHERE user = (:user)"); |
|
|
|
$q->bindParam(':user', $_SESSION['user']); |
|
|
|
$q->execute(); |
|
|
|
$r = $q->fetch(); |
|
|
|
|
|
|
|
echo 'Your API Key is '.$r['apikey']; |
|
|
|
} |
|
|
|
|
|
|
|
function register($user, $pass, $code) { |
|
|
|
global $db; |
|
|
|
|
|
|
|
// Check if code exists, if it is used, and store it in $r for later use |
|
|
|
$q = $db->prepare("SELECT id, used, level FROM invites WHERE code = (:code) AND used = 0"); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
$q->execute(); |
|
|
|
$r = $q->fetch(); |
|
|
|
if ($q->rowCount() == 0) redirect('/register/index.html#fail'); |
|
|
|
|
|
|
|
// Check if username is used |
|
|
|
$q = $db->prepare("SELECT user FROM accounts WHERE user = (:user)"); |
|
|
|
$q->bindParam(':user', $user); |
|
|
|
$q->execute(); |
|
|
|
$result = $q->fetch(); |
|
|
|
|
|
|
|
// Check if code is used |
|
|
|
if ($result['used'] == '0') { |
|
|
|
// Check to see if the username is in use |
|
|
|
$q = $db->prepare("SELECT user FROM accounts WHERE user = (:user)"); |
|
|
|
$q->bindParam(':user', $user); |
|
|
|
$q->execute(); |
|
|
|
if (!($result = $q->fetch())) { |
|
|
|
// Add new account |
|
|
|
$q = $db->prepare("INSERT INTO accounts (user, pass, level, apikey) VALUES (:user, :pass, :level, :apikey)"); |
|
|
|
$q->bindParam(':user', $user); |
|
|
|
$q->bindParam(':level', $result['level']); |
|
|
|
$hash = password_hash($pass, PASSWORD_DEFAULT); |
|
|
|
$q->bindParam(':pass', $hash); |
|
|
|
$apikey = generateString(KEY_CHARSET, 32); |
|
|
|
$q->bindParam(':apikey', $apikey); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// Set the code as used |
|
|
|
$q = $db->prepare("UPDATE invites SET used = (:used),usedby = (:usedby) WHERE code = (:code)"); |
|
|
|
$q->bindValue(':used', '1'); |
|
|
|
$q->bindValue(':usedby', $user); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// Log them in |
|
|
|
$_SESSION['id'] = $result['id']; |
|
|
|
$_SESSION['user'] = $user; |
|
|
|
$_SESSION['level'] = $result['level']; |
|
|
|
header('Location: http://www.shimapan.rocks/includes/api.php?do=panel'); |
|
|
|
} else { |
|
|
|
header('Location: ../register/index.html#fail'); |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../register/index.html#fail'); |
|
|
|
} |
|
|
|
if ($q->rowCount() > 0) redirect('/register/index.html#fail'); |
|
|
|
|
|
|
|
// If the checks passed, create the account |
|
|
|
$q = $db->prepare("INSERT INTO accounts (user, pass, apikey, level) VALUES (:user, :pass, :apikey, :level)"); |
|
|
|
$q->bindParam(':user', $user); |
|
|
|
$q->bindParam(':pass', password_hash($pass, PASSWORD_DEFAULT)); |
|
|
|
$q->bindParam(':apikey', generateString(KEY_CHARSET, 32)); |
|
|
|
$q->bindParam(':level', $r['level']); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// Set the code as used |
|
|
|
$q = $db->prepare("UPDATE invites SET used = (:used), usedby = (:usedby) WHERE code = (:code)"); |
|
|
|
$q->bindValue(':used', 1); |
|
|
|
$q->bindValue(':usedby', $user); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// Log them in |
|
|
|
createSession($r['id'], $user, $r['level']); |
|
|
|
} |
|
|
|
|
|
|
|
function generate($level) |
|
|
|
{ |
|
|
|
global $db; |
|
|
|
if (isset($_SESSION['id'])) { |
|
|
|
if ($_SESSION['level'] < '3') { |
|
|
|
if (empty($level)) { |
|
|
|
include_once('./invite.php'); |
|
|
|
} else { |
|
|
|
if ($level > $_SESSION['level'] && $level < '4') { |
|
|
|
$q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)"); |
|
|
|
$code = generateString(CODE_CHARSET, 16); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
$q->bindParam(':level', $level); |
|
|
|
$q->bindParam(':issuer', $_SESSION['user']); |
|
|
|
$q->execute(); |
|
|
|
echo '<p>Generation Successful.</p><br> |
|
|
|
<p>Code: '.$code.'</p><br> |
|
|
|
<p>Access Level: '.$level.'</p>'; |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../login'); |
|
|
|
} |
|
|
|
function generate($level) { |
|
|
|
global $db; |
|
|
|
checkSession(2); |
|
|
|
|
|
|
|
// Display form if not generating an invite |
|
|
|
if (empty($level)) { |
|
|
|
include_once('./invite.php'); |
|
|
|
exit(); |
|
|
|
} |
|
|
|
|
|
|
|
// Check to make sure level is valid |
|
|
|
if ($level < $_SESSION['level'] || $level > 3) { |
|
|
|
echo 'Invalid Access Level.<br> |
|
|
|
Level must be greater than your current level, and less than 4.'; |
|
|
|
exit(); |
|
|
|
} |
|
|
|
|
|
|
|
// Create the invite code |
|
|
|
$q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)"); |
|
|
|
$code = generateString(CODE_CHARSET, 16); |
|
|
|
$q->bindParam(':code', $code); |
|
|
|
$q->bindParam(':level', $level); |
|
|
|
$q->bindParam(':issuer', $_SESSION['user']); |
|
|
|
$q->execute(); |
|
|
|
echo 'Generation Successful.<br> |
|
|
|
Code: '.$code.'<br> |
|
|
|
Access Level: '.$level; |
|
|
|
} |
|
|
|
|
|
|
|
function generateString($charset, $length) |
|
|
|
{ |
|
|
|
function generateString($charset, $length) { |
|
|
|
$string = ''; |
|
|
|
for ($i = 0; $i < $length; $i++) { |
|
|
|
$string .= $charset[rand(0, strlen($charset) - 1)]; |
|
|
@@ -84,122 +128,114 @@ function generateString($charset, $length) |
|
|
|
return $string; |
|
|
|
} |
|
|
|
|
|
|
|
function login($user, $pass) |
|
|
|
{ |
|
|
|
global $db; |
|
|
|
function login($user, $pass) { |
|
|
|
global $db; |
|
|
|
|
|
|
|
// Get the specified user's data |
|
|
|
$q = $db->prepare("SELECT pass, id, user, level FROM accounts WHERE user = (:user)"); |
|
|
|
$q->bindParam(':user', $user); |
|
|
|
$q->execute(); |
|
|
|
$result = $q->fetch(); |
|
|
|
|
|
|
|
if (password_verify($pass, $result['pass'])) { |
|
|
|
$_SESSION['id'] = $result['id']; |
|
|
|
$_SESSION['user'] = $result['user']; |
|
|
|
$_SESSION['level'] = $result['level']; |
|
|
|
header('Location: api.php?do=panel'); |
|
|
|
} else { |
|
|
|
header('Location: ../login/index.html#fail'); |
|
|
|
} |
|
|
|
$r = $q->fetch(); |
|
|
|
|
|
|
|
if (password_verify($pass, $r['pass'])) |
|
|
|
createSession($r['id'], $r['user'], $r['level']); |
|
|
|
else |
|
|
|
redirect('/login/index.html#fail'); |
|
|
|
} |
|
|
|
|
|
|
|
function delete($filename, $deleteid) |
|
|
|
{ |
|
|
|
if (isset($_SESSION['id'])) { |
|
|
|
if ($_SESSION['level'] < '4') { |
|
|
|
if (empty($filename)) { |
|
|
|
echo "Invalid Filename"; |
|
|
|
} else { |
|
|
|
global $db; |
|
|
|
$q = $db->prepare("SELECT filename, delid, id, user FROM files WHERE filename = (:filename)"); |
|
|
|
$q->bindParam(':filename', $filename); |
|
|
|
$q->execute(); |
|
|
|
$result = $q->fetch(); |
|
|
|
function delete($fileid) { |
|
|
|
global $db; |
|
|
|
checkSession(3); |
|
|
|
|
|
|
|
if ($_SESSION['level'] === '0' || $result['user'] === $_SESSION['user']) { |
|
|
|
$q = $db->prepare("DELETE FROM files WHERE id = (:id)"); |
|
|
|
$q->bindParam(':id', $result['id']); |
|
|
|
$q->execute(); |
|
|
|
unlink(SHIM_FILES_ROOT.$filename); |
|
|
|
echo "<br/>File deleted.<br/>"; |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level'; |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../login'); |
|
|
|
} |
|
|
|
if (empty($fileid)) { |
|
|
|
echo 'Invalid File.'; |
|
|
|
exit(); |
|
|
|
} |
|
|
|
|
|
|
|
// Get owner + filename |
|
|
|
$q = $db->prepare("SELECT filename, user FROM files WHERE id = (:id)"); |
|
|
|
$q->bindParam(':id', $fileid); |
|
|
|
$q->execute(); |
|
|
|
$r = $q->fetch(); |
|
|
|
|
|
|
|
// If they own it or are an admin |
|
|
|
if ($_SESSION['level'] <= 1 || $r['user'] == $_SESSION['user']) { |
|
|
|
// Remove it from the DB |
|
|
|
$q = $db->prepare("DELETE FROM files WHERE id = (:id)"); |
|
|
|
$q->bindParam(':id', $fileid); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// Delete the file |
|
|
|
unlink(SHIM_FILES_ROOT.$r['filename']); |
|
|
|
echo 'File deleted.'; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
function fetchFiles($date, $count, $keyword, $action) |
|
|
|
{ |
|
|
|
global $db; |
|
|
|
if (isset($_SESSION['id'])) { |
|
|
|
if ($_SESSION['level'] < '4') { |
|
|
|
include('./search.php'); |
|
|
|
|
|
|
|
if ($action === 'Fetch All') { |
|
|
|
if ($_SESSION['level'] === '0') { |
|
|
|
$q = $db->prepare("SELECT * FROM files ORDER BY id DESC LIMIT :count"); |
|
|
|
} else { |
|
|
|
$q = $db->prepare("SELECT * FROM files WHERE user = (:user) ORDER BY id DESC LIMIT :count"); |
|
|
|
$q->bindValue(':user', $_SESSION['user']); |
|
|
|
} |
|
|
|
$q->bindValue(':count', (int) $count, PDO::PARAM_INT); |
|
|
|
$q->execute(); |
|
|
|
function fetchFiles($method, $date, $count, $keyword) { |
|
|
|
global $db; |
|
|
|
checkSession(3); |
|
|
|
|
|
|
|
$i = 0; |
|
|
|
while ($row = $q->fetch()) { |
|
|
|
$i++; |
|
|
|
$bytes = $row['size']; |
|
|
|
$kilobytes = $row['size'] / 1000; |
|
|
|
echo '<tr><td>'.$row['id'].'</td> |
|
|
|
<td>'.strip_tags($row['originalname']).'</td> |
|
|
|
<td><a href="'.SHIM_FILE_URL.$row['filename'].'" target="_BLANK">'.$row['filename'].'</a> ('.$row['originalname'].')</td> |
|
|
|
<td>'.$bytes.' / '.$kilobytes.'</td> |
|
|
|
<td><a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=delete&action=remove&fileid='.$row['id'].'&filename='.$row['filename'].'" target="_BLANK">Remove</a></td></tr>'; |
|
|
|
} |
|
|
|
echo '<p>'.$i.' Files in total at being shown.</p>'; |
|
|
|
echo '</table>'; |
|
|
|
} elseif ($action === 'Fetch') { |
|
|
|
if ($_SESSION['level'] === '0') { |
|
|
|
$q = $db->prepare("SELECT * FROM files WHERE originalname LIKE (:keyword) AND date LIKE (:date) OR filename LIKE (:keyword) AND date LIKE (:date) ORDER BY id DESC LIMIT :count"); |
|
|
|
} else { |
|
|
|
$q = $db->prepare("SELECT * FROM files WHERE originalname LIKE (:keyword) AND date LIKE (:date) AND user = (:user) OR filename LIKE (:keyword) AND date LIKE (:date) AND user = (:userid) ORDER BY id DESC LIMIT :count"); |
|
|
|
$q->bindValue(':user', $_SESSION['user']); |
|
|
|
} |
|
|
|
$q->bindValue(':date', "%".$date."%"); |
|
|
|
$q->bindValue(':count', (int) $count, PDO::PARAM_INT); |
|
|
|
$q->bindValue(':keyword', "%".$keyword."%"); |
|
|
|
$q->execute(); |
|
|
|
include('./search.php'); |
|
|
|
|
|
|
|
$i = 0; |
|
|
|
while ($row = $q->fetch()) { |
|
|
|
$i++; |
|
|
|
$bytes = $row['size']; |
|
|
|
$kilobytes = $row['size'] / 1000; |
|
|
|
echo '<tr><td>'.$row['id'].'</td> |
|
|
|
<td>'.strip_tags($row['originalname']).'</td> |
|
|
|
<td><a href="'.SHIM_FILE_URL.$row['filename'].'" target="_BLANK">'.$row['filename'].'</a> ('.$row['originalname'].')</td> |
|
|
|
<td>'.$bytes.' / '.$kilobytes.'</td> |
|
|
|
<td><a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=delete&action=remove&fileid='.$row['id'].'&filename='.$row['filename'].'" target="_BLANK">Remove</a></td></tr>'; |
|
|
|
} |
|
|
|
echo '<p>'.$i.' Files in total at being shown.</p>'; |
|
|
|
echo '</table>'; |
|
|
|
} |
|
|
|
include('./footer.php'); |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../login'); |
|
|
|
} |
|
|
|
if (empty($method)) { |
|
|
|
include('./footer.php'); |
|
|
|
exit(); |
|
|
|
} |
|
|
|
|
|
|
|
if ($method == 'Fetch') { |
|
|
|
// Either fetch all files matching query, or only the user's files |
|
|
|
if ($_SESSION['level'] == 0) |
|
|
|
$q = $db->prepare('SELECT * FROM files WHERE (originalname LIKE (:keyword) AND date LIKE (:date)) OR (filename LIKE (:keyword) AND date LIKE (:date)) ORDER BY id DESC LIMIT :count'); |
|
|
|
else { |
|
|
|
$q = $db->prepare('SELECT * FROM files WHERE user = (:user) AND ((originalname LIKE (:keyword) AND date LIKE (:date)) OR (filename LIKE (:keyword) AND date LIKE (:date))) ORDER BY id DESC LIMIT :count'); |
|
|
|
$q->bindValue(':user', $_SESSION['user']); |
|
|
|
} |
|
|
|
|
|
|
|
$q->bindValue(':date', '%'.$date.'%'); |
|
|
|
$q->bindValue(':count', (int)$count, PDO::PARAM_INT); |
|
|
|
$q->bindValue(':keyword', '%'.$keyword.'%'); |
|
|
|
$q->execute(); |
|
|
|
} else if ($method == 'Fetch All') { |
|
|
|
// Either fetch all files or only the user's files |
|
|
|
if ($_SESSION['level'] == 0) |
|
|
|
$q = $db->prepare('SELECT * FROM files ORDER BY id DESC LIMIT :count'); |
|
|
|
else { |
|
|
|
$q = $db->prepare('SELECT * FROM files WHERE user = (:user) ORDER BY id DESC LIMIT :count'); |
|
|
|
$q->bindValue(':user', $_SESSION['user']); |
|
|
|
} |
|
|
|
|
|
|
|
$q->bindValue(':count', (int)$count, PDO::PARAM_INT); |
|
|
|
$q->execute(); |
|
|
|
} |
|
|
|
|
|
|
|
while ($r = $q->fetch()) { |
|
|
|
$id = $r['id']; |
|
|
|
$oname = strip_tags($r['originalname']); |
|
|
|
$fname = $r['filename']; |
|
|
|
$bytes = $r['size'].' B'; |
|
|
|
$temp = $r['size'] / 1000; |
|
|
|
$kilobytes = $temp.' KB'; |
|
|
|
$uploadDate = $r['date']; |
|
|
|
$uploader = $r['user']; |
|
|
|
|
|
|
|
echo '<tr> |
|
|
|
<td>'.$id.'</td> |
|
|
|
<td>'.$oname.'</td> |
|
|
|
<td><a href="'.SHIM_FILE_URL.$fname.'" target="_BLANK">'.$fname.'</a></td> |
|
|
|
<td>'.$uploadDate.'</td> |
|
|
|
<td>'.$uploader.'</td> |
|
|
|
<td>'.$bytes.' / '.$kilobytes.'</td> |
|
|
|
<td><a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=delete&fileid='.$id.'" target="_BLANK">Remove</a></td> |
|
|
|
</tr>'; |
|
|
|
} |
|
|
|
|
|
|
|
echo '<p>'.$q->rowCount().' files found.</p>'; |
|
|
|
echo '</table>'; |
|
|
|
|
|
|
|
include('./footer.php'); |
|
|
|
} |
|
|
|
|
|
|
|
function report($file, $reason) |
|
|
|
{ |
|
|
|
function report($file, $reason) { |
|
|
|
global $db; |
|
|
|
if (isset($_SESSION['id'])) { |
|
|
|
if ($_SESSION['level'] < '4') { |
|
|
@@ -212,7 +248,7 @@ function report($file, $reason) |
|
|
|
$result = $q->fetch(); |
|
|
|
|
|
|
|
if ($q->rowCount() != '0') { |
|
|
|
$q = $db->prepare(" header('Location: ../register/index.html#fail');INSERT INTO reports (hash, date, file, fileid, reporter, reason) VALUES (:hash, :date, :file, :fileid, :reporter, :reason)"); |
|
|
|
$q = $db->prepare("INSERT INTO reports (hash, date, file, fileid, reporter, reason) VALUES (:hash, :date, :file, :fileid, :reporter, :reason)"); |
|
|
|
$q->bindValue(':file', strip_tags($file)); |
|
|
|
$q->bindValue(':date', date('Y-m-d')); |
|
|
|
$q->bindValue(':reporter', $_SESSION['user']); |
|
|
@@ -221,69 +257,90 @@ function report($file, $reason) |
|
|
|
$q->bindValue(':reason', $reason); |
|
|
|
$q->execute(); |
|
|
|
echo 'Thank you, report has been sent. The file will be reviewed.'; |
|
|
|
} else { |
|
|
|
echo 'File does not exist.'; |
|
|
|
} |
|
|
|
} else echo 'File does not exist.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../login'); |
|
|
|
} |
|
|
|
} else echo 'Insufficient Access Level.'; |
|
|
|
} else header('Location: ../login'); |
|
|
|
} |
|
|
|
|
|
|
|
function mod($action, $date, $count, $why, $file, $keyword, $fileid, $hash, $orginalname) |
|
|
|
{ |
|
|
|
global $db; |
|
|
|
if (isset($_SESSION['id'])) { |
|
|
|
if ($_SESSION['level'] < '2') { |
|
|
|
switch ($action) { |
|
|
|
case "reports": |
|
|
|
$q = $db->prepare("SELECT * FROM reports WHERE status = '0'"); |
|
|
|
$q->execute(); |
|
|
|
function reports() { |
|
|
|
global $db; |
|
|
|
checkSession(1); |
|
|
|
|
|
|
|
$i = 0; |
|
|
|
include('./reports.php'); |
|
|
|
while ($row = $q->fetch()) { |
|
|
|
$i++; |
|
|
|
echo '<tr><td>'.$row['id'].'</td> |
|
|
|
<td><a href="'.SHIM_FILE_URL.strip_tags($row['file']).'" target="_BLANK">'.strip_tags($row['file']).'</td> |
|
|
|
<td>'.$row['fileid'].'</td> |
|
|
|
<td>'.$row['reporter'].'</td> |
|
|
|
<td>'.$row['status'].'</td> |
|
|
|
<td>'.$row['reason'].'</td> |
|
|
|
<td><a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=mod&action=remove&fileid='.$row['fileid'].'&file='.$row['file'].'" target="_BLANK">Remove File</a> |
|
|
|
<a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=mod&action=dismiss&fileid='.$row['fileid'].'&file='.$row['file'].'" target="_BLANK">Dismiss Report</a></td></tr>'; |
|
|
|
} |
|
|
|
echo '</table>'; |
|
|
|
include('./footer.php'); |
|
|
|
echo $i.' Reports in total at being shown.'; |
|
|
|
break; |
|
|
|
|
|
|
|
case "remove": |
|
|
|
delete($file, $fileid); |
|
|
|
$q = $db->prepare("DELETE FROM files WHERE id = (:id)"); |
|
|
|
$q->bindParam(':id', $fileid); |
|
|
|
$q->execute(); |
|
|
|
unlink(SHIM_FILES_ROOT.$file); |
|
|
|
$q = $db->prepare("UPDATE reports SET status = (:status) WHERE fileid = (:fileid)"); |
|
|
|
$q->bindValue(':status', '1'); |
|
|
|
$q->bindValue(':fileid', $fileid); |
|
|
|
$q->execute(); |
|
|
|
break; |
|
|
|
include('./reports.php'); |
|
|
|
|
|
|
|
case "dismiss": |
|
|
|
$q = $db->prepare("UPDATE reports SET status = (:status) WHERE fileid = (:fileid)"); |
|
|
|
$q->bindValue(':status', '2'); |
|
|
|
$q->bindValue('fileid', $fileid); |
|
|
|
$q->execute(); |
|
|
|
echo 'Report Dismissed.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
echo 'Insufficient Access Level.'; |
|
|
|
} |
|
|
|
} else { |
|
|
|
header('Location: ../login'); |
|
|
|
} |
|
|
|
} |
|
|
|
// Populate the table |
|
|
|
$q = $db->prepare("SELECT * FROM reports WHERE status = '0'"); |
|
|
|
$q->execute(); |
|
|
|
while ($r = $q->fetch()) { |
|
|
|
$id = $r['id']; |
|
|
|
$fileid = $r['fileid']; |
|
|
|
$filename = strip_tags($r['file']); |
|
|
|
$reporter = $r['reporter']; |
|
|
|
$status = $r['status']; |
|
|
|
$reason = strip_tags($r['reason']); |
|
|
|
|
|
|
|
echo '<tr> |
|
|
|
<td>'.$id.'</td> |
|
|
|
<td><a href="'.SHIM_FILE_URL.$filename.'" target="_BLANK">'.$filename.'</td> |
|
|
|
<td>'.$fileid.'</td> |
|
|
|
<td>'.$reporter.'</td> |
|
|
|
<td>'.$status.'</td> |
|
|
|
<td>'.$reason.'</td> |
|
|
|
<td><a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=acceptreport&id='.$id.'" target="_BLANK">Remove File</a> |
|
|
|
<a class="btn btn-default" href="'.SHIM_URL.'/includes/api.php?do=dismissreport&id='.$id.'" target="_BLANK">Dismiss Report</a></td> |
|
|
|
</tr>'; |
|
|
|
|
|
|
|
} |
|
|
|
echo '</table>'; |
|
|
|
|
|
|
|
include('./footer.php'); |
|
|
|
|
|
|
|
// Display report stats |
|
|
|
echo $q->rowCount().' Reports in total are being shown.<br>'; |
|
|
|
$q = $db->prepare("SELECT * FROM reports WHERE status != '0'"); |
|
|
|
$q->execute(); |
|
|
|
echo $q->rowCount().' Unshown reports filled.'; |
|
|
|
} |
|
|
|
|
|
|
|
function acceptreport($id) { |
|
|
|
global $db; |
|
|
|
checkSession(1); |
|
|
|
|
|
|
|
// Get file info |
|
|
|
$q = $db->prepare('SELECT file, fileid FROM reports WHERE id = (:id)'); |
|
|
|
$q->bindParam(':id', $id); |
|
|
|
$q->execute(); |
|
|
|
$r = $q->fetch(); |
|
|
|
$fileid = $r['fileid']; |
|
|
|
$filename = $r['file']; |
|
|
|
|
|
|
|
// Delete the file and remove from DB |
|
|
|
delete($fileid); |
|
|
|
$q = $db->prepare("DELETE FROM files WHERE id = (:id)"); |
|
|
|
$q->bindParam(':id', $fileid); |
|
|
|
$q->execute(); |
|
|
|
|
|
|
|
// MOVE TO delete(); |
|
|
|
unlink(SHIM_FILES_ROOT.$filename); |
|
|
|
|
|
|
|
// Update report status |
|
|
|
$q = $db->prepare("UPDATE reports SET status = (:status) WHERE id = (:id)"); |
|
|
|
$q->bindValue(':status', '1'); |
|
|
|
$q->bindValue(':id', $id); |
|
|
|
$q->execute(); |
|
|
|
} |
|
|
|
|
|
|
|
function dismissreport($id) { |
|
|
|
global $db; |
|
|
|
checkSession(1); |
|
|
|
|
|
|
|
// Update report status |
|
|
|
$q = $db->prepare('UPDATE reports SET status = (:status) WHERE id = (:id)'); |
|
|
|
$q->bindValue(':status', '2'); |
|
|
|
$q->bindValue('id', $id); |
|
|
|
$q->execute(); |
|
|
|
echo 'Report Dismissed.'; |
|
|
|
} |
|
|
|
|
|
|
|
?> |