View file orblog-master/private/pages/admin.php

File size: 5.88Kb
<?php
/*-----------------------------------------------------------------------------
    
  orblog - Simple blog for hidden networks.  
  
    Version:   0.1
    GitLab:    https://github.com/neuberon/orblog/
    Copyright: [email protected] 2020
    License:   http://www.apache.org/licenses/LICENSE-2.0

-----------------------------------------------------------------------------*/

/*--  Admin panel auth  -----------------------------------------------------*/
if($_GET['auth'] == 'sign_in')
{
  if($_POST['pass'] == PASS and $_POST['captcha'] == $_SESSION['captcha'])
    $_SESSION['admin'] = 1;
  else
    $_TPL['error'] = $_LANG['error_sign_in'];  
}
if($_GET['auth'] == 'sign_out')
    $_SESSION['admin'] = 0;  

/*--  Admin panel actions  --------------------------------------------------*/
if($_GET['action'] == 'add_post' and $_SESSION['admin'])       // Add post
{  
  $query = 'INSERT INTO `posts`
                  (time, category, title, desc, text, tags)
                  VALUES
                  ("'.time().'",
                  "'.$_POST['category'].'",
                  "'.$_POST['title'].'",
                  "'.$_POST['desc'].'",
                  "'.$_POST['text'].'",
                  "'.$_POST['tags'].'")';

  $sqlite -> exec($query);
  header('Location:'.URL); exit;
}

if($_GET['action'] == 'edit_post' and $_SESSION['admin'])      // Edit post
{  
  $query  = 'SELECT COUNT(*) FROM `comments` WHERE id = '.$_GET['post'];
  $count  =  $sqlite -> querySingle($query);
  
  $query  = 'UPDATE `posts` SET 
             category = '.$_POST['category'].',
             title = "'.$_POST['title'].'",
             desc = "'.$_POST['desc'].'",
             text = "'.$_POST['text'].'", 
             tags = "'.$_POST['tags'].'",             
             comments = '.$count.' 
             WHERE id = '.$_GET['post'];
  
  $sqlite -> exec($query);  
  
  header('Location:'.URL.'/index.php?view=post&id='.$_GET['post']); exit;
} 

if($_GET['action'] == 'delete_post' and $_SESSION['admin'])    // Del post
{ 
    $query  = 'DELETE FROM `posts` WHERE id = '.$_GET['id'];
    $sqlite -> exec($query);
    
    $query  = 'DELETE FROM `comments` WHERE id = '.$_GET['id'];
    $sqlite -> exec($query);
    
    header('Location:'.URL); exit;
}

if($_GET['action'] == 'add_category' and $_SESSION['admin'])   // Add category
{ 
  if (!$_POST['sort']) $_POST['sort'] = 0;
  $query = 'INSERT INTO `categories`
                  (sort, name)
                  VALUES
                  ('.$_POST['sort'].',
                  "'.$_POST['name'].'")';

  $sqlite -> exec($query);
  header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
}

if($_GET['action'] == 'edit_category' and $_SESSION['admin'])  // Edit category
{ 
  if($_POST['delete'])
  {
    $query  = 'DELETE FROM `categories` WHERE id = '.$_GET['id'];
    $sqlite -> exec($query);
    
    header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
  }  
  $query  = 'UPDATE `categories` SET 
             sort = '.$_POST['sort'].',
             name = "'.$_POST['name'].'"              
             WHERE id = '.$_GET['id'];
  $sqlite -> exec($query);

  header('Location:'.URL.'index.php?view=admin&page=categories'); exit;
}

if($_GET['action'] == 'delete_comment' and $_SESSION['admin']) // Del comment
{
  $query  = 'DELETE FROM `comments` WHERE cid = '.$_GET['id'];
  $sqlite -> exec($query);
  
  $query  = 'SELECT COUNT(*) FROM `comments` WHERE id = '.$_GET['post'];
  $count  =  $sqlite -> querySingle($query);
  
  $query  = 'UPDATE `posts` SET comments = '.$count.' 
             WHERE id = '.$_GET['post'];
  $sqlite -> exec($query);  
  
  header('Location:'.$_SERVER['HTTP_REFERER']); exit;
} 

/*--  Pages  ----------------------------------------------------------------*/
$_TPL['title'] = $_LANG['admin'].' | '.TITLE;
include_template('header');

if(!$_SESSION['admin'])                                        // Login
{
  $_SESSION['captcha'] = gen_captcha();
  include_template('sign_in');
}
else if($_GET['page'] == 'add_post')                           // Add post
{   
  $_TPL['category_select'] = select_categories($category_dump);
  
  include_template('admin_header');
  include_template('add_post');
}
else if($_GET['page'] == 'categories')                         // Categories
{   
  include_template('admin_header');
  include_template('categories_header');
    
  view_edit_categories($category_dump);
      
  include_template('categories');
}
else if($_GET['page'] == 'comments')                           // Comments
{   
  $parser = new Parsedown();
  $parser -> setSafeMode(true);

  $query  = 'SELECT * FROM `comments` LIMIT 50';
  $result = $sqlite -> query($query);

  include_template('admin_header');
  include_template('comments');
  view_comments($result);
}
else if($_GET['page'] == 'edit_post')                          // Edit post
{   
  $result    = $sqlite -> query('SELECT * FROM `posts` WHERE id='.$_GET['id']);
  $post_data = $result -> fetchArray(SQLITE3_ASSOC);
  
  $_TPL['id']         = $post_data['id'];  
  $_TPL['category']   = $post_data['category'];
  $_TPL['title']      = $post_data['title'];
  $_TPL['title']      = $post_data['title'];
  $_TPL['desc']       = $post_data['desc'];
  $_TPL['text']       = $post_data['text'];
  $_TPL['tags']       = $post_data['tags']; 

  if($post_data['category'])    
    $_TPL['category_name']   = category_name($post_data['category']);
  else $_TPL['category_name'] = $_LANG['without_cat'];
  
  $_TPL['category_select'] = select_categories($category_dump);
  
  include_template('admin_header');
  include_template('edit_post');
}
else                                                           // Admin inddex
{ 
  $query            = 'SELECT COUNT(*) FROM `posts`';
  $_TPL['posts'] =  $sqlite -> querySingle($query); 
  
  $query            = 'SELECT COUNT(*) FROM `comments`';
  $_TPL['comments'] =  $sqlite -> querySingle($query);

  include_template('admin_header'); 
  include_template('admin_index');
}