Skip to content

Commit

Permalink
Bug Fixes: In the admin and in the singup function
Browse files Browse the repository at this point in the history
  • Loading branch information
@farisc0de
farisc0de committed Jul 27, 2022
1 parent 139c12f commit 21b9e12
Show file tree
Hide file tree
Showing 9 changed files with 69 additions and 21 deletions.
4 changes: 4 additions & 0 deletions uploady/admin/users/actions/delete.php
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
<?php
include_once '../../session.php';

if ($_SERVER['REQUEST_METHOD'] == "POST") {
if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf'])) {
foreach ($_POST['userid'] as $id) {
if ($data->id == $id) {
$utils->redirect($utils->siteUrl('/admin/users/view.php?msg=forbidden'));
}
$user->deleteUser((int) $id);
}

Expand Down
17 changes: 6 additions & 11 deletions uploady/admin/users/actions/update.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,18 @@
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$msg_code = "";

if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf']) == false) {
$msg_code = "csrf";
} else {
if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf'])) {
unset($_POST['csrf']);
$id = (int) $_POST['id'];
if ($_POST['password'] || $_POST['password'] != "") {

if (!$_POST['password'] || $_POST['password'] == "") {
unset($_POST['password']);
} else {
$password = $utils->sanitize($_POST['password']);
$_POST['password'] = password_hash($password, PASSWORD_BCRYPT);
} else {
unset($_POST['password']);
}

if ($user->updateUser($id, $utils->esc($_POST))) {
$msg_code = "yes";
} else {
$msg_code = "error";
}
$msg_code = $user->updateUser($id, $utils->esc($_POST)) ? "yes" : "error";
}

$utils->redirect($utils->siteUrl(
Expand Down
2 changes: 1 addition & 1 deletion uploady/admin/users/edit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
<?php if ($msg == "yes") : ?>

<?php echo $utils->alert(
"Account has been created",
"Account has been updated",
"success",
"check-circle"
); ?>
Expand Down
6 changes: 4 additions & 2 deletions uploady/admin/users/logic/addLogic.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
<?php
$upload = new Uploady\Handler\Upload();
$upload = new \Farisc0de\PhpFileUploading\Upload();

$user_id = $upload->generateUserID(true);
$upload->generateUserID(true);

$user_id = $upload->getUserID();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($auth->checkToken($_POST['csrf'], $_SESSION['csrf'])) {
Expand Down
4 changes: 4 additions & 0 deletions uploady/admin/users/logic/editLogic.php
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
<?php

$user_data = $user->getUserData($_GET['username']);

if (isset($_GET['msg'])) {
$msg = $_GET['msg'];
}
4 changes: 4 additions & 0 deletions uploady/admin/users/logic/viewLogic.php
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
<?php

$users = $user->getUsers();

if (isset($_GET['msg'])) {
$msg = $_GET['msg'];
}
43 changes: 42 additions & 1 deletion uploady/admin/users/view.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,50 @@
<ol class="breadcrumb mb-4">
<li class="breadcrumb-item active">Dashboard</li>
</ol>
<?php if (isset($msg)) : ?>

<?php if ($msg == "yes") : ?>

<?php echo $utils->alert(
"Account has been updated",
"success",
"check-circle"
); ?>

<?php elseif ($msg == "csrf") : ?>

<?php echo $utils->alert(
"CSRF token is invalid.",
"danger",
"times-circle"
); ?>

<?php elseif ($msg == "forbidden") : ?>

<?php echo $utils->alert(
"Sorry, but you can't delete yourself!!",
"danger",
"times-circle"
); ?>

<?php elseif ($msg == "error") : ?>

<?php echo $utils->alert(
"An unexpected error has occurred",
"danger",
"times-circle"
); ?>

<?php endif; ?>

<?php endif; ?>
<div class="card mb-4">
<div class="card-header">
<i class="fas fa-users mr-1"></i>
Manager Users
</div>
<form method="POST" action="<?= $utils->siteUrl('/admin/users/actions/delete.php') ?>">
<?= $utils->input('csrf', $_SESSION['csrf']); ?>
<div class="card-body">
<div class="table-responsive border pl-2 pb-2 pt-2 pr-2 pb-2 rounded">
<table class="table nowrap table-bordered" width="100%" id="dataTable" cellspacing="0">
Expand All @@ -55,7 +93,10 @@
<td>
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="user_<?= $u->id ?>" name="userid[]" value="<?= $u->id; ?>" <?= ($u->id == $data->id) ? 'disabled' : '' ?> />
<label class="custom-control-label" for="user_<?= $u->id; ?>" </label> </div> </td> <td><?= $u->username; ?>
<label class="custom-control-label" for="user_<?= $u->id; ?>" </label>
</div>
</td>
<td><?= $u->username; ?>
</td>
<td><?= $u->email; ?></td>
<td><?= $u->is_admin ? 'yes' : 'no'; ?></td>
Expand Down
6 changes: 4 additions & 2 deletions uploady/logic/signupLogic.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<?php
$upload = new Uploady\Handler\Upload();
$upload = new \Farisc0de\PhpFileUploading\Upload();

$mailer = new Uploady\Mailer($db);

Expand All @@ -15,11 +15,13 @@

$hash = sha1($token);

$upload->generateUserID();

$user->createUser([
'username' => $username,
'email' => $email,
'password' => password_hash($password, PASSWORD_BCRYPT),
'user_id' => $upload->generateUserID(),
'user_id' => $upload->getUserID(),
'activation_hash' => $hash,
'is_active' => 0
]);
Expand Down
4 changes: 0 additions & 4 deletions uploady/src/Uploady/Utils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,10 +335,6 @@ public function script($script_path, $assets = "assets")
*/
public function esc($data)
{
if ($this->data != null) {
$data = $this->data;
}

if (is_string($data)) {
if ($this->isEmpty($data)) {
return false;
Expand Down

0 comments on commit 21b9e12

Please sign in to comment.