Initial commit

public/admin/audit.php

@@ -0,0 +1,101 @@
+<?php
+include('auth.php');
+include('redirect.php');
+$old_path = '../uploads/unaudited/';
+$new_path = '../uploads/audited/';
+$directory = "../uploads/unaudited";
+$files = array_diff(scandir($directory), array('..', '.'));
+
+if ((isset($_GET['action'])) && ($_GET['action'] === 'accept_all'))
+{
+    foreach ($files as $file) { 
+        rename($old_path.$file, $new_path.$file);
+    }
+    header("Location: /admin/audit.php");
+    die();
+}
+
+// Code written with little too no sleep at 05:16
+if ((isset($_GET['action'])) && (isset($_GET['file']))) {
+
+
+    if (file_exists($old_path.$_GET['file'])===false)
+    {
+        header("Location: /admin/audit.php");
+        die('File does not exist');
+    }
+    switch ($_GET['action']) {
+        case 'accept':
+            // is this safe?
+            rename($old_path.$_GET['file'], $new_path.$_GET['file']);
+            break;
+
+        case 'delete':
+            // Enterprise(tm) security
+            unlink($old_path.$_GET['file']);
+            break;
+        
+        default:
+            die('Action not found');
+            break;
+    }
+    header("Location: /admin/audit.php");
+    die();
+}
+?>
+
+<?php include('../../_header.php'); ?>
+
+<h3>Nye bilde forslag</h3>
+<p>Totalt: <?=count($files)?></p>
+<a href="audit.php?action=accept_all"><button type="button">Godta alt</button></a>
+<br>
+<br>
+<table>
+    <tr>
+        <th>Fil</th>
+        <th>Handling</th>
+    </tr>
+    <?php foreach($files as $file): ?>
+        <tr>
+            <td><a href="/uploads/unaudited/<?=$file;?>"><img class="img" src="/uploads/unaudited/<?=$file;?>" alt=""></a></td>
+            <td style="text-align: center;">
+                <a href="audit.php?action=accept&file=<?=$file;?>">Godta</a>
+                <br>
+                <br>
+                <br>
+                <a style="color: red;" href="audit.php?action=delete&file=<?=$file;?>">Avslå</a>
+            </td>
+        </tr>
+    <?php endforeach;?>
+</table>
+<br>
+<a href="audit.php?action=accept_all"><button type="button">Godta alt</button></a>
+<style>
+table {
+    border-collapse: collapse;
+    width: 100%;
+}
+
+table, td, th {
+    border: 1px solid #888;
+}
+
+tr:nth-child(even) {background-color: #f2f2f2;}
+
+.img {
+    margin: auto;
+    object-fit: contain;
+    width:100%;
+    max-height: 600px;
+    min-height: 150px;
+    height: auto;
+    top: 0;
+    right: 0;
+    bottom: 0;
+    left: 0;
+}
+</style>
+
+
+<?php include('../../_footer.php'); ?>

public/admin/audited.php

@@ -0,0 +1,79 @@
+<?php
+include('auth.php');
+include('redirect.php');
+
+// Code written with little too no sleep at 05:16
+if ((isset($_GET['action'])) && (isset($_GET['file']))) {
+    $path = '../uploads/audited/';
+
+    if (file_exists($path.$_GET['file'])===false)
+    {
+        header("Location: /admin/audited.php");
+        die('File does not exist');
+    }
+    switch ($_GET['action']) {
+        case 'delete':
+            // Is this safe?
+            unlink($path.$_GET['file']);
+            break;
+        
+        default:
+            die('Action not found');
+            break;
+    }
+    header("Location: /admin/audited.php");
+    die();
+}
+?>
+
+<?php include('../../_header.php'); ?>
+
+<h3>Bilder som er i bruk</h3>
+<?php
+$directory = "../uploads/audited";
+$files = array_diff(scandir($directory), array('..', '.'));
+?>
+<p>Totalt: <?=count($files)?></p>
+<table>
+    <tr>
+        <th>Fil</th>
+        <th>Handling</th>
+    </tr>
+    <?php foreach($files as $file): ?>
+        <tr>
+            <td><a href="/uploads/audited/<?=$file;?>"><img class="img" src="/uploads/audited/<?=$file;?>" alt=""></a></td>
+            <td style="text-align: center;">
+                <a style="color: red;" href="audited.php?action=delete&file=<?=$file;?>">Slett</a>
+            </td>
+        </tr>
+    <?php endforeach;?>
+</table>
+
+<style>
+table {
+    border-collapse: collapse;
+    width: 100%;
+}
+
+table, td, th {
+    border: 1px solid #888;
+}
+
+tr:nth-child(even) {background-color: #f2f2f2;}
+
+.img {
+    margin: auto;
+    object-fit: contain;
+    width:100%;
+    max-height: 600px;
+    min-height: 150px;
+    height: auto;
+    top: 0;
+    right: 0;
+    bottom: 0;
+    left: 0;
+}
+</style>
+
+
+<?php include('../../_footer.php'); ?>

public/admin/auth.php

@@ -0,0 +1,19 @@
+<?php
+error_reporting(E_ERROR | E_PARSE);
+session_start();
+
+$config = include("../../config.php");
+
+if (isset($_SESSION['password']) && isset($_SESSION['username']))
+{
+    if ($_SESSION['password'] !== $config['password'] ||
+        $_SESSION['username'] !== $config['username'])
+    {
+        $_SESSION['admin'] = false;
+    }
+}
+
+
+if (isset($_SESSION['username']) || isset($_SESSION ['password'])) {
+    $error = "Konto opplysningene dine har blitt endret. Vennligst logg inn igjen.";
+}

public/admin/index.php

@@ -0,0 +1,20 @@
+<?php
+include('auth.php');
+include('redirect.php');
+?>
+
+<?php include('../../_header.php'); ?>
+
+<a href="/kiosk.php">Åpne infoskjerm</a>
+
+<h3>Administrator Panel</h3>
+
+<div style="border: 1px solid #888; padding: 10px; border-radius: 2px;">
+    <ul>
+        <li><a href="audit.php">Se nye bilde forslag</a></li>
+        <li><a href="audited.php">Se bilder som er i bruk</a></li>
+    </ul>
+</div>
+
+
+<?php include('../../_footer.php'); ?>

public/admin/login.php

@@ -0,0 +1,58 @@
+<?php
+include('auth.php');
+#include('redirect.php');
+/* custom redirect */
+if ($_SESSION["admin"] === true) {
+    header("Location: /admin/index.php");
+    die();
+}
+
+/* Login logic */
+if ((isset($_POST['username'])) && (isset($_POST['password']))) {
+
+    if(anti_spam()){
+        $error = "AntiSpam: Vennligst vent og prøv igjen.";
+    } else {
+        if (($_POST['username'] === $config['username']) && $_POST['password'] === $config['password']) {
+            $_SESSION["admin"] = true;
+            $_SESSION["username"] = $_POST['username'];
+            $_SESSION["password"] = $_POST['password'];
+            header("Location: /admin/index.php");
+            die();
+        } else {
+            $error = "Feil påloggingsinformasjon.";
+        }
+    }
+}
+
+function anti_spam() {
+    $last_time = file_get_contents("../../anti_spam/login.txt");
+    $seconds = time() - $last_time;
+    if($seconds < 10) {
+        return true;
+    } else {
+        file_put_contents("../../anti_spam/login.txt", time());
+        return false;
+    }
+}
+?>
+
+<?php include('../../_header.php'); ?>
+
+<h3>Administrator Login</h3>
+
+<form style="border: 1px solid #888; padding: 10px; border-radius: 2px;" action="" method="post">
+    <?php 
+    if(isset($error)==true) {
+            print("<small style='color: red;'>".$error."</small><br><br>");
+    }
+    ?>
+    <!-- hvem bryr seg om CSRF -->
+    <label for="username">Brukernavn:</label><br>
+    <input type="text" id="username" name="username"><br>
+    <label for="password">Passord:</label><br>
+    <input type="password" id="password" name="password"><br><br>
+    <input type="submit" value="Bekreft">
+</form> 
+
+<?php include('../../_footer.php'); ?>

public/admin/logout.php

@@ -0,0 +1,4 @@
+<?php
+session_start();
+session_destroy();
+header("Location: /admin/login.php");

public/admin/redirect.php

@@ -0,0 +1,6 @@
+<?php
+
+if ($_SESSION["admin"] !== true) {
+    header("Location: /admin/login.php");
+    die();
+}