lain/mkach
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mkach/admin1337.php
Lain Iwakura 944f240e89
add admin
2025-07-24 07:11:31 +03:00

420 lines
14 KiB
PHP
Raw Blame History

<?php
session_start();
header('Content-Type: text/html; charset=utf-8');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
$config = require 'config.php';
if (isset($_GET['logout'])) {
unset($_SESSION['admin_authenticated']);
header('Location: admin.php');
exit;
}
if (!isset($_SESSION['admin_authenticated'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
if ($password === $config['admin']['password']) {
$_SESSION['admin_authenticated'] = true;
header('Location: admin.php');
exit;
} else {
$error = 'Неверный пароль';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
font-size: 16px;
}
.container {
text-align: center;
background: rgba(0,20,0,0.8);
padding: 40px;
border: 1px solid #0f0;
border-radius: 5px;
box-shadow: 0 0 20px rgba(0,255,0,0.3);
}
h1 { margin-bottom: 30px; font-size: 2.5em; }
.form-group { margin-bottom: 20px; }
input[type="password"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px;
font-size: 18px;
width: 300px;
text-align: center;
font-family: 'Courier New', monospace;
}
input[type="password"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.5);
}
button {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 15px 30px;
font-size: 16px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
button:hover {
background: #0f0;
color: #000;
}
.error {
color: #f00;
margin-top: 15px;
font-size: 14px;
}
</style>
</head>
<body>
<div class="container">
<h1>mkach - Админка</h1>
<form method="post">
<div class="form-group">
<input type="password" name="password" placeholder="Введите пароль админа" required>
</div>
<button type="submit">Войти</button>
</form>
<?php if (isset($error)): ?>
<div class="error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
</div>
</body>
</html>
<?php
exit;
}
try {
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec('SET NAMES utf8');
} catch (PDOException $e) {
die('Connection failed');
}
require_once 'logger.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_thread'])) {
$threadId = $_POST['delete_thread'];
try {
$db->beginTransaction();
$stmt = $db->prepare('DELETE FROM posts WHERE thread_id = ?');
$stmt->execute([$threadId]);
$stmt = $db->prepare('DELETE FROM threads WHERE thread_id = ?');
$stmt->execute([$threadId]);
$db->commit();
logAdminAction('DELETE_THREAD', "Thread ID: $threadId");
$success = 'Тред успешно удален';
} catch (PDOException $e) {
$db->rollBack();
$error = 'Ошибка при удалении треда';
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_post'])) {
$postId = $_POST['delete_post'];
if (!preg_match('/^\d{6}$/', $postId)) {
$error = 'Неверный формат номера сообщения';
} else {
try {
$stmt = $db->prepare('SELECT COUNT(*) FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
$exists = $stmt->fetchColumn();
if ($exists) {
$stmt = $db->prepare('DELETE FROM posts WHERE post_id = ?');
$stmt->execute([$postId]);
logAdminAction('DELETE_POST', "Post ID: $postId");
$success = 'Сообщение №' . $postId . ' успешно удалено';
} else {
$error = 'Сообщение №' . $postId . ' не найдено';
}
} catch (PDOException $e) {
$error = 'Ошибка при удалении сообщения';
}
}
}
try {
$stmt = $db->prepare('
SELECT t.*, b.name as board_name, COUNT(p.id) as post_count
FROM threads t
JOIN boards b ON t.board_id = b.board_id
LEFT JOIN posts p ON t.thread_id = p.thread_id
GROUP BY t.id
ORDER BY t.created_at DESC
');
$stmt->execute();
$threads = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt = $db->prepare('
SELECT p.*, t.title as thread_title, b.board_id
FROM posts p
JOIN threads t ON p.thread_id = t.thread_id
JOIN boards b ON t.board_id = b.board_id
ORDER BY p.created_at DESC
LIMIT 50
');
$stmt->execute();
$recentPosts = $stmt->fetchAll(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
die('Database error');
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>mkach - Админка</title>
<style>
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
background: #000;
color: #0f0;
font-family: 'Courier New', monospace;
padding: 20px;
font-size: 14px;
}
.container {
max-width: 1200px;
margin: 0 auto;
}
.header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 30px;
padding-bottom: 20px;
border-bottom: 1px solid #0f0;
}
h1 { font-size: 2em; }
.header-buttons a {
color: #0f0;
text-decoration: none;
margin-left: 20px;
padding: 10px 15px;
border: 1px solid #0f0;
transition: all 0.3s;
}
.header-buttons a:hover {
background: #0f0;
color: #000;
}
.message {
padding: 15px;
margin-bottom: 20px;
border: 1px solid;
}
.success {
background: rgba(0,255,0,0.1);
border-color: #0f0;
color: #0f0;
}
.error {
background: rgba(255,0,0,0.1);
border-color: #f00;
color: #f00;
}
.threads-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
}
.threads-table th,
.threads-table td {
padding: 10px;
text-align: left;
border-bottom: 1px solid #0f0;
}
.threads-table th {
background: rgba(0,255,0,0.1);
font-weight: bold;
}
.delete-btn {
background: #000;
border: 1px solid #f00;
color: #f00;
padding: 5px 10px;
cursor: pointer;
font-family: 'Courier New', monospace;
transition: all 0.3s;
}
.delete-btn:hover {
background: #f00;
color: #000;
}
.thread-title {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.thread-id {
font-family: monospace;
color: #0f0;
}
.delete-post-form {
background: rgba(0,255,0,0.05);
border: 1px solid #0f0;
padding: 20px;
margin-top: 30px;
}
.delete-post-form h2 {
margin-bottom: 20px;
color: #0f0;
}
.form-row {
display: flex;
align-items: center;
gap: 15px;
}
.form-row label {
font-weight: bold;
min-width: 150px;
}
.form-row input[type="text"] {
background: #000;
border: 1px solid #0f0;
color: #0f0;
padding: 10px;
font-family: 'Courier New', monospace;
font-size: 14px;
width: 120px;
text-align: center;
}
.form-row input[type="text"]:focus {
outline: none;
box-shadow: 0 0 10px rgba(0,255,0,0.3);
}
.post-message {
max-width: 300px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>mkach - Админка</h1>
<div class="header-buttons">
<a href="index.php">Главная</a>
<a href="?logout=1">Выход</a>
</div>
</div>
<?php if (isset($success)): ?>
<div class="message success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<?php if (isset($error)): ?>
<div class="message error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<h2>Управление тредами</h2>
<table class="threads-table">
<thead>
<tr>
<th>ID</th>
<th>Доска</th>
<th>Название</th>
<th>Постов</th>
<th>Создан</th>
<th>Действия</th>
</tr>
</thead>
<tbody>
<?php foreach ($threads as $thread): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($thread['thread_id']) ?></td>
<td>/<?= htmlspecialchars($thread['board_id']) ?>/</td>
<td class="thread-title"><?= htmlspecialchars($thread['title'] ?? 'Без названия') ?></td>
<td><?= $thread['post_count'] ?></td>
<td><?= date('d.m.Y H:i', strtotime($thread['created_at'])) ?></td>
<td>
<form method="post" style="display: inline;" onsubmit="return confirm('Удалить тред <?= htmlspecialchars($thread['thread_id']) ?>?')">
<input type="hidden" name="delete_thread" value="<?= htmlspecialchars($thread['thread_id']) ?>">
<button type="submit" class="delete-btn">Удалить</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<h2>Удаление сообщений</h2>
<div class="delete-post-form">
<form method="post" onsubmit="return confirm('Удалить сообщение №' + document.getElementById('post_id').value + '?')">
<div class="form-row">
<label for="post_id">Номер сообщения:</label>
<input type="text" id="post_id" name="delete_post" placeholder="123456" required pattern="[0-9]{6}" title="6-значный номер сообщения">
<button type="submit" class="delete-btn">Удалить сообщение</button>
</div>
</form>
</div>
<h2>Последние сообщения</h2>
<table class="threads-table">
<thead>
<tr>
<th>№</th>
<th>Тред</th>
<th>Доска</th>
<th>Сообщение</th>
<th>Время</th>
</tr>
</thead>
<tbody>
<?php foreach ($recentPosts as $post): ?>
<tr>
<td class="thread-id"><?= htmlspecialchars($post['post_id']) ?></td>
<td class="thread-title"><?= htmlspecialchars($post['thread_title'] ?? 'Без названия') ?></td>
<td>/<?= htmlspecialchars($post['board_id']) ?>/</td>
<td class="post-message">
<?php
$message = htmlspecialchars($post['message'] ?? '');
echo strlen($message) > 50 ? substr($message, 0, 50) . '...' : $message;
?>
</td>
<td><?= date('d.m.Y H:i', strtotime($post['created_at'])) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink