From 0f20b7a887ae01103a9431f5fb95223af9660bbc Mon Sep 17 00:00:00 2001 From: Paul Rock Date: Sun, 28 Jan 2018 17:19:45 +0300 Subject: [PATCH] grids moved from includes --- public/grids.php | 211 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 211 insertions(+) create mode 100644 public/grids.php diff --git a/public/grids.php b/public/grids.php new file mode 100644 index 0000000..2262410 --- /dev/null +++ b/public/grids.php @@ -0,0 +1,211 @@ +load(); + + session_start(); + + require(dirname(__FILE__) . '/../include/functions.php'); + require(dirname(__FILE__) . '/../include/connect.php'); + + // ---------------- SELECT ---------------- + if(isset($_GET['select'])){ + + // Select the users + if($_GET['select'] == "user"){ + $req = $bdd->prepare('SELECT * FROM user'); + $req->execute(); + + if($data = $req->fetch()) { + do { + $list[] = array("user_id" => $data['user_id'], + "user_pass" => $data['user_pass'], + "user_mail" => $data['user_mail'], + "user_phone" => $data['user_phone'], + "user_online" => $data['user_online'], + "user_enable" => $data['user_enable'], + "user_start_date" => $data['user_start_date'], + "user_end_date" => $data['user_end_date']); + } while($data = $req->fetch()); + + echo json_encode($list); + } + // If it is an empty answer, we need to encore an empty json object + else{ + $list = array(); + echo json_encode($list); + } + } + + // Select the logs + else if($_GET['select'] == "log" && isset($_GET['offset'], $_GET['limit'])){ + $offset = intval($_GET['offset']); + $limit = intval($_GET['limit']); + + // Creation of the LIMIT for build different pages + $page = "LIMIT $offset, $limit"; + + // Select the logs + $req_string = "SELECT *, (SELECT COUNT(*) FROM log) AS nb FROM log ORDER BY log_id DESC $page"; + $req = $bdd->prepare($req_string); + $req->execute(); + + $list = array(); + + $data = $req->fetch(); + + if($data) { + $nb = $data['nb']; + + do { + // Better in Kb or Mb + $received = ($data['log_received'] > 1000000) ? $data['log_received']/1000000 . " Mo" : $data['log_received']/1000 . " Ko"; + $sent = ($data['log_send'] > 1000000) ? $data['log_send']/1000000 . " Mo" : $data['log_send']/1000 . " Ko"; + + // We add to the array the new line of logs + array_push($list, array( + "log_id" => $data['log_id'], + "user_id" => $data['user_id'], + "log_trusted_ip" => $data['log_trusted_ip'], + "log_trusted_port" => $data['log_trusted_port'], + "log_remote_ip" => $data['log_remote_ip'], + "log_remote_port" => $data['log_remote_port'], + "log_start_time" => $data['log_start_time'], + "log_end_time" => $data['log_end_time'], + "log_received" => $received, + "log_send" => $sent)); + + + } while ($data = $req->fetch()); + } + else { + $nb = 0; + } + + // We finally print the result + $result = array('total' => intval($nb), 'rows' => $list); + + echo json_encode($result); + } + + // Select the admins + else if($_GET['select'] == "admin"){ + $req = $bdd->prepare('SELECT * FROM admin'); + $req->execute(); + + if($data = $req->fetch()) { + do{ + $list[] = array( + "admin_id" => $data['admin_id'], + "admin_pass" => $data['admin_pass'] + ); + } while($data = $req->fetch()); + + echo json_encode($list); + } + else{ + $list = array(); + echo json_encode($list); + } + } + } + + // ---------------- ADD USER ---------------- + else if(isset($_POST['add_user'], $_POST['user_id'], $_POST['user_pass'])){ + // Put some default values + $id = $_POST['user_id']; + $pass = hashPass($_POST['user_pass']); + $mail = ""; + $phone = ""; + $online = 0; + $enable = 1; + $start = NULL; + $end = NULL; + + $req = $bdd->prepare('INSERT INTO user (user_id, user_pass, user_mail, user_phone, user_online, user_enable, user_start_date, user_end_date) + VALUES (?, ?, ?, ?, ?, ?, ?, ?)'); + $req->execute(array($id, $pass, $mail, $phone, $online, $enable, $start, $end)); + + $res = array("user_id" => $id, + "user_pass" => $pass, + "user_mail" => $mail , + "user_phone" => $phone, + "user_online" => $online, + "user_enable" => $enable, + "user_start_date" => $start, + "user_end_date" => $end + ); + + echo json_encode($res); + } + + // ---------------- UPDATE USER ---------------- + else if(isset($_POST['set_user'])){ + $valid = array("user_id", "user_pass", "user_mail", "user_phone", "user_enable", "user_start_date", "user_end_date"); + + $field = $_POST['name']; + $value = $_POST['value']; + $pk = $_POST['pk']; + + if (!isset($field) || !isset($pk) || !in_array($field, $valid)) { + return; + } + + if ($field === 'user_pass') { + $value = hashPass($value); + } + else if (($field === 'user_start_date' || $field === 'user_end_date') && $value === '') { + $value = NULL; + } + + // /!\ SQL injection: field was checked with in_array function + $req_string = 'UPDATE user SET ' . $field . ' = ? WHERE user_id = ?'; + $req = $bdd->prepare($req_string); + $req->execute(array($value, $pk)); + } + + // ---------------- REMOVE USER ---------------- + else if(isset($_POST['del_user'], $_POST['del_user_id'])){ + $req = $bdd->prepare('DELETE FROM user WHERE user_id = ?'); + $req->execute(array($_POST['del_user_id'])); + } + + // ---------------- ADD ADMIN ---------------- + else if(isset($_POST['add_admin'], $_POST['admin_id'], $_POST['admin_pass'])){ + $req = $bdd->prepare('INSERT INTO admin(admin_id, admin_pass) VALUES (?, ?)'); + $req->execute(array($_POST['admin_id'], hashPass($_POST['admin_pass']))); + } + + // ---------------- UPDATE ADMIN ---------------- + else if(isset($_POST['set_admin'])){ + $valid = array("admin_id", "admin_pass"); + + $field = $_POST['name']; + $value = $_POST['value']; + $pk = $_POST['pk']; + + if (!isset($field) || !isset($pk) || !in_array($field, $valid)) { + return; + } + + if ($field === 'admin_pass') { + $value = hashPass($value); + } + + $req_string = 'UPDATE admin SET ' . $field . ' = ? WHERE admin_id = ?'; + $req = $bdd->prepare($req_string); + $req->execute(array($value, $pk)); + } + + // ---------------- REMOVE ADMIN ---------------- + else if(isset($_POST['del_admin'], $_POST['del_admin_id'])){ + $req = $bdd->prepare('DELETE FROM admin WHERE admin_id = ?'); + $req->execute(array($_POST['del_admin_id'])); + } + +?>