lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

added admin panel (let the gates of hell open)

Browse Source
This commit is contained in:
Lain Iwakura 2025-06-16 03:09:14 +03:00
parent f1713ad9a8
commit bf0536ac9c
No known key found for this signature in database
GPG Key ID: C7C18257F2ADC6F8
3 changed files with 151 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
main/admin.php Normal file
View File

@ -0,0 +1,146 @@
<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');
if (!isset($_SESSION['is_moderator']) || !$_SESSION['is_moderator']) {
header('Location: index.php');
exit;
}
$config = require 'config.php';
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$error = '';
$success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['action']) && isset($_POST['username'])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
if ($_POST['action'] === 'ban') {
$stmt = $db->prepare('UPDATE users SET is_blocked = 1 WHERE username = ?');
$stmt->execute([$username]);
$success = "User $username has been banned";
} elseif ($_POST['action'] === 'unban') {
$stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
$stmt->execute([$username]);
$success = "User $username has been unbanned";
}
}
}
$stmt = $db->query('SELECT username, is_blocked, is_moderator, created_at FROM users ORDER BY created_at DESC');
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Text0Nly - Admin Panel</title>
<link rel="stylesheet" href="styles.css">
<style>
.admin-table {
width: 100%;
border-collapse: collapse;
margin-top: 20px;
}
.admin-table th, .admin-table td {
padding: 8px;
border: 1px solid #ddd;
text-align: left;
}
.admin-table th {
background: #f5f5f5;
}
.ban-btn {
background: #dc3545;
color: white;
border: none;
padding: 4px 8px;
cursor: pointer;
border-radius: 4px;
}
.unban-btn {
background: #28a745;
color: white;
border: none;
padding: 4px 8px;
cursor: pointer;
border-radius: 4px;
}
.status-banned {
color: #dc3545;
}
.status-moderator {
color: #28a745;
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<h1>Admin Panel</h1>
<div class="header-buttons">
<a href="index.php">Back to chat</a>
</div>
</div>
<?php if ($error): ?>
<div class="error"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="success"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<table class="admin-table">
<thead>
<tr>
<th>Username</th>
<th>Status</th>
<th>Created</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['username']) ?></td>
<td>
<?php if ($user['is_blocked']): ?>
<span class="status-banned">Banned</span>
<?php elseif ($user['is_moderator']): ?>
<span class="status-moderator">Moderator</span>
<?php else: ?>
Active
<?php endif; ?>
</td>
<td><?= $user['created_at'] ?></td>
<td>
<?php if (!$user['is_moderator']): ?>
<form method="post" style="display:inline">
<input type="hidden" name="username" value="<?= htmlspecialchars($user['username']) ?>">
<?php if ($user['is_blocked']): ?>
<input type="hidden" name="action" value="unban">
<button type="submit" class="unban-btn">Unban</button>
<?php else: ?>
<input type="hidden" name="action" value="ban">
<button type="submit" class="ban-btn">Ban</button>
<?php endif; ?>
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>

3
main/index.php
View File

@ -84,6 +84,9 @@ try {
<a href="https://git.sr.ht/~iwakuralain/text0Nly" target="_blank" class="source-btn">Source code</a> <a href="https://git.sr.ht/~iwakuralain/text0Nly" target="_blank" class="source-btn">Source code</a>
<?php if (isset($_SESSION['username'])): ?> <?php if (isset($_SESSION['username'])): ?>
<span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span> <span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span>
<?php if (!empty($_SESSION['is_moderator'])): ?>
<a href="admin.php">Admin Panel</a>
<?php endif; ?>
<a href="?logout=1">Logout</a> <a href="?logout=1">Logout</a>
<?php else: ?> <?php else: ?>
<a href="login.php">Login</a> <a href="login.php">Login</a>

3
main/login.php
View File

@ -31,7 +31,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($username && $password) { if ($username && $password) {
try { try {
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?'); $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt, is_moderator FROM users WHERE username = ?');
$stmt->execute([$username]); $stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC); $user = $stmt->fetch(PDO::FETCH_ASSOC);
@ -45,6 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
$_SESSION['is_moderator'] = $user['is_moderator'];
header('Location: index.php'); header('Location: index.php');
exit; exit;
} else { } else {