-
Notifications
You must be signed in to change notification settings - Fork 0
/
action_page.php
72 lines (71 loc) · 2.33 KB
/
action_page.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
$USERNAME = 'admin';
$PASSWORD = '123456';
$AUTH_KEY = 'AUTH_KEY';
require_once "model/Message.php";
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
if ($_POST['action'] === 'postMessage') {
$name = $_POST['name'];
if (empty($name) || strlen($name) > 50 || empty($_POST['message'])) {
echo 'Please input valid data';
} else
try {
$objM = new Message();
$result = $objM->createMessage($_POST);
if ($result === true)
header('Location: /');
else
var_dump($result);
} catch (\Exception $e) {
echo $e->getMessage();
}
}
if ($_POST['action'] === 'adminLogin') {
if ($_POST['username'] === $USERNAME && $_POST['password'] === $PASSWORD) {
$token = md5($USERNAME . $PASSWORD);
setcookie($AUTH_KEY, $token, time() + 60 * 60);
header('Location: /');
}
echo 'Invalid username or password';
}
if ($_POST['action'] === 'adminLogout') {
setcookie($AUTH_KEY, null, time());
header('Location: /');
}
if ($_POST['action'] === 'deleteMessage') {
if (!checkAdmin())
die('Admin only');
$objM = new Message();
$result = $objM->deleteMessage($_POST);
if ($result === true)
header('Location: /');
else
var_dump($result);
}
if ($_POST['action'] === 'updateMessage') {
if (!checkAdmin())
die('Admin only');
$objM = new Message();
$result = $objM->updateMessage($_POST);
if ($result === true) {
$page = isset($_POST['page']) && is_numeric($_POST['page']) ? $_POST['page'] : 0;
$url = "/";
if ($page)
$url .= '?page=' . $page;
header('Location: ' . $url);
} else
var_dump($result);
}
exit;
}
function checkAdmin()
{
global $AUTH_KEY, $USERNAME, $PASSWORD;
if (isset($_COOKIE[$AUTH_KEY]) && $_COOKIE[$AUTH_KEY] === md5($USERNAME . $PASSWORD)) {
setcookie($AUTH_KEY, $_COOKIE[$AUTH_KEY], time() + 60 * 60);
return true;
}
return false;
}
if (strpos($_SERVER['REQUEST_URI'], 'action_page.php') !== false)
header('Location: /');