From a2758c013a513b38702dbdcd8cbcf8137312986e Mon Sep 17 00:00:00 2001
From: printempw <h@prinzeugen.net>
Date: Thu, 4 Feb 2016 17:21:05 +0800
Subject: [PATCH] added admin page

---
 admin/admin_ajax.php       | 67 ++++++++++++++++++++++++++++++
 assets/css/admin.style.css | 26 ++++++++++++
 assets/js/admin.utils.js   | 85 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 178 insertions(+)
 create mode 100644 admin/admin_ajax.php
 create mode 100644 assets/css/admin.style.css
 create mode 100644 assets/js/admin.utils.js

diff --git a/admin/admin_ajax.php b/admin/admin_ajax.php
new file mode 100644
index 00000000..af1ce3c2
--- /dev/null
+++ b/admin/admin_ajax.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * @Author: prpr
+ * @Date:   2016-02-04 13:53:55
+ * @Last Modified by:   prpr
+ * @Last Modified time: 2016-02-04 17:14:06
+ */
+session_start();
+$dir = dirname(dirname(__FILE__));
+require "$dir/includes/autoload.inc.php";
+require "$dir/config.php";
+
+if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
+    $_SESSION['uname'] = $_COOKIE['uname'];
+    $_SESSION['token'] = $_COOKIE['token'];
+}
+
+/**
+ * Check token, won't allow non-admin user to access
+ */
+if (isset($_SESSION['uname'])) {
+    $admin = new user($_SESSION['uname']);
+    if ($_SESSION['token'] != $admin->getToken()) {
+        header('Location: ../index.php?msg=Invalid token. Please login.');
+    } else if (!$admin->is_admin) {
+        header('Location: ../index.php?msg=Looks like that you are not administrator :(');
+    }
+} else {
+    header('Location: ../index.php?msg=Illegal access. Please login.');
+}
+
+/*
+ * No protection here,
+ * I don't think you wanna fuck yourself :(
+ */
+if (isset($_GET['action'])) {
+    $action = $_GET['action'];
+    $user = new user($_GET['uname']);
+
+    if ($action == "upload") {
+        $type = isset($_GET['type']) ? $_GET['type'] : "skin";
+        $file = isset($_FILES['file']) ? $_FILES['file'] : null;
+        if (!is_null($file)) {
+            if ($user->setTexture($type, $file)) {
+                $json['errno'] = 0;
+                $json['msg'] = "Skin uploaded successfully.";
+            } else {
+                $json['errno'] = 1;
+                $json['msg'] = "Uncaught error.";
+            }
+        } else {
+            utils::raise(1, 'No input file selected');
+        }
+    } else if ($action == "change") {
+        if (user::checkValidPwd($_POST['passwd'])) {
+            $user->changePasswd($_POST['passwd']);
+            $json['errno'] = 0;
+            $json['msg'] = "Password of ".$_GET['uname']." changed successfully.";
+        } // Will raise exception if password invalid
+    } else if ($action == "delete") {
+        $user->unRegister();
+        $json['errno'] = 0;
+        $json['msg'] = "Account successfully deleted.";
+    }
+}
+
+echo json_encode($json);
diff --git a/assets/css/admin.style.css b/assets/css/admin.style.css
new file mode 100644
index 00000000..2a649f45
--- /dev/null
+++ b/assets/css/admin.style.css
@@ -0,0 +1,26 @@
+/*
+* @Author: prpr
+* @Date:   2016-02-04 16:47:54
+* @Last Modified by:   prpr
+* @Last Modified time: 2016-02-04 16:48:04
+*/
+.pure-table {
+    margin: 80px auto 0;
+    width: 100%;
+    background-color: #fff;
+}
+.pure-button {
+    width: inherit;
+    margin: 0 10px 0 0 !important;
+}
+.pure-button-error {
+    background: rgb(202, 60, 60);
+    color: #fff;
+}
+input {
+    width: 100%;
+    margin: 10px 0 20px;
+}
+.fw {
+    width: 100%;
+}
diff --git a/assets/js/admin.utils.js b/assets/js/admin.utils.js
new file mode 100644
index 00000000..abc01778
--- /dev/null
+++ b/assets/js/admin.utils.js
@@ -0,0 +1,85 @@
+/*
+* @Author: prpr
+* @Date:   2016-02-04 16:48:42
+* @Last Modified by:   prpr
+* @Last Modified time: 2016-02-04 17:09:20
+*/
+
+'use strict';
+
+function showUpload(uname, type) {
+    var ply = new Ply({
+        el: '<h2>Upload new '+type+':</h2><input type="file" id="file" accept="image/png"><button id="upload" class="pure-button pure-button-primary fw">Upload</button>',
+        effect: "fade",
+        onaction: function(){ upload(uname, type, $('#file').get(0).files[0]); },
+    });
+    ply.open();
+}
+
+function upload(uname, type, file){
+    var form_data = new FormData();
+    if (file) {
+        form_data.append('file', file);
+        $.ajax({
+            type: 'POST',
+            contentType: false,
+            url: 'admin_ajax.php?action=upload&type='+type+'&uname='+uname,
+            dataType: "json",
+            data: form_data,
+            processData: false,
+            success: function(json) {
+                if (json.errno == 0) {
+                    showAlert("Successfully uploaded.");
+                    $('#'+uname+'_'+type).attr('src', 'http://skin.fuck.io/'+type+'/'+uname+'.png?t='+Math.random());
+                } else {
+                    showAlert("Error when uploading cape:\n" + json.msg);
+                }
+            }
+        });
+    }
+}
+
+function showAlert(msg) {
+    Ply.dialog("alert", msg);
+}
+
+function showChange(uname) {
+    Ply.dialog("prompt", {
+        title: "Type in "+uname+"'s new password",
+        form: { passwd: "New Password" }
+    }).done(function(ui){
+        var passwd = ui.data.passwd;
+        $.ajax({
+            type: "POST",
+            url: "admin_ajax.php?action=change&uname="+uname,
+            dataType: "json",
+            data: { "passwd": passwd },
+            success: function(json) {
+                if (json.errno == 0) {
+                    showAlert(json.msg);
+                } else {
+                    showAlert(json.msg);
+                }
+            }
+        });
+    });
+}
+
+function showDelete(uname) {
+    Ply.dialog("prompt", {
+        title: "Are you sure to delete "+uname+"?",
+    }).done(function(ui){
+        $.ajax({
+            type: "POST",
+            url: "admin_ajax.php?action=delete&uname="+uname,
+            dataType: "json",
+            success: function(json) {
+                if (json.errno == 0) {
+                    showAlert(json.msg);
+                } else {
+                    showAlert(json.msg);
+                }
+            }
+        });
+    });
+}