mirror of
https://git.sr.ht/~iwakuralain/text0Nly
synced 2025-07-27 15:36:11 +00:00
added admin panel (let the gates of hell open)
This commit is contained in:
Lain Iwakura
parent
f1713ad9a8
commit
bf0536ac9c
146
main/admin.php
Normal file
146
main/admin.php
Normal file
@ -0,0 +1,146 @@
|
||||
<?php
|
||||
session_start();
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('X-Frame-Options: DENY');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
header('Content-Security-Policy: default-src \'self\'');
|
||||
|
||||
if (!isset($_SESSION['is_moderator']) || !$_SESSION['is_moderator']) {
|
||||
header('Location: index.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$config = require 'config.php';
|
||||
$db = new PDO(
|
||||
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
|
||||
$config['db']['user'],
|
||||
$config['db']['pass']
|
||||
);
|
||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
$error = '';
|
||||
$success = '';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (isset($_POST['action']) && isset($_POST['username'])) {
|
||||
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
|
||||
|
||||
if ($_POST['action'] === 'ban') {
|
||||
$stmt = $db->prepare('UPDATE users SET is_blocked = 1 WHERE username = ?');
|
||||
$stmt->execute([$username]);
|
||||
$success = "User $username has been banned";
|
||||
} elseif ($_POST['action'] === 'unban') {
|
||||
$stmt = $db->prepare('UPDATE users SET is_blocked = 0 WHERE username = ?');
|
||||
$stmt->execute([$username]);
|
||||
$success = "User $username has been unbanned";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$stmt = $db->query('SELECT username, is_blocked, is_moderator, created_at FROM users ORDER BY created_at DESC');
|
||||
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Text0Nly - Admin Panel</title>
|
||||
<link rel="stylesheet" href="styles.css">
|
||||
<style>
|
||||
.admin-table {
|
||||
width: 100%;
|
||||
border-collapse: collapse;
|
||||
margin-top: 20px;
|
||||
}
|
||||
.admin-table th, .admin-table td {
|
||||
padding: 8px;
|
||||
border: 1px solid #ddd;
|
||||
text-align: left;
|
||||
}
|
||||
.admin-table th {
|
||||
background: #f5f5f5;
|
||||
}
|
||||
.ban-btn {
|
||||
background: #dc3545;
|
||||
color: white;
|
||||
border: none;
|
||||
padding: 4px 8px;
|
||||
cursor: pointer;
|
||||
border-radius: 4px;
|
||||
}
|
||||
.unban-btn {
|
||||
background: #28a745;
|
||||
color: white;
|
||||
border: none;
|
||||
padding: 4px 8px;
|
||||
cursor: pointer;
|
||||
border-radius: 4px;
|
||||
}
|
||||
.status-banned {
|
||||
color: #dc3545;
|
||||
}
|
||||
.status-moderator {
|
||||
color: #28a745;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<div class="header">
|
||||
<h1>Admin Panel</h1>
|
||||
<div class="header-buttons">
|
||||
<a href="index.php">Back to chat</a>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php if ($error): ?>
|
||||
<div class="error"><?= htmlspecialchars($error) ?></div>
|
||||
<?php endif; ?>
|
||||
<?php if ($success): ?>
|
||||
<div class="success"><?= htmlspecialchars($success) ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<table class="admin-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Username</th>
|
||||
<th>Status</th>
|
||||
<th>Created</th>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php foreach ($users as $user): ?>
|
||||
<tr>
|
||||
<td><?= htmlspecialchars($user['username']) ?></td>
|
||||
<td>
|
||||
<?php if ($user['is_blocked']): ?>
|
||||
<span class="status-banned">Banned</span>
|
||||
<?php elseif ($user['is_moderator']): ?>
|
||||
<span class="status-moderator">Moderator</span>
|
||||
<?php else: ?>
|
||||
Active
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
<td><?= $user['created_at'] ?></td>
|
||||
<td>
|
||||
<?php if (!$user['is_moderator']): ?>
|
||||
<form method="post" style="display:inline">
|
||||
<input type="hidden" name="username" value="<?= htmlspecialchars($user['username']) ?>">
|
||||
<?php if ($user['is_blocked']): ?>
|
||||
<input type="hidden" name="action" value="unban">
|
||||
<button type="submit" class="unban-btn">Unban</button>
|
||||
<?php else: ?>
|
||||
<input type="hidden" name="action" value="ban">
|
||||
<button type="submit" class="ban-btn">Ban</button>
|
||||
<?php endif; ?>
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php endforeach; ?>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
@ -84,6 +84,9 @@ try {
|
||||
<a href="https://git.sr.ht/~iwakuralain/text0Nly" target="_blank" class="source-btn">Source code</a>
|
||||
<?php if (isset($_SESSION['username'])): ?>
|
||||
<span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span>
|
||||
<?php if (!empty($_SESSION['is_moderator'])): ?>
|
||||
<a href="admin.php">Admin Panel</a>
|
||||
<?php endif; ?>
|
||||
<a href="?logout=1">Logout</a>
|
||||
<?php else: ?>
|
||||
<a href="login.php">Login</a>
|
||||
|
||||
@ -31,7 +31,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
if ($username && $password) {
|
||||
try {
|
||||
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
|
||||
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt, is_moderator FROM users WHERE username = ?');
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
@ -45,6 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$stmt->execute([$user['id']]);
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $username;
|
||||
$_SESSION['is_moderator'] = $user['is_moderator'];
|
||||
header('Location: index.php');
|
||||
exit;
|
||||
} else {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user