Newer
Older
KmSchedule / admin.php
<!DOCTYPE html>
<?php
  session_start();
  define('KmSchedule','KmSchedule');

 // This is the admin page
 // TODO: Integrate with main.php

// get functions and config
require 'functions/adminFunctions.php';
require 'config.php';

// get Form variables
// TODO: There's gotta be a less verbose way of doing this
$motw = getParam("motw", "POST");
$logPass = getParam("logPass", "POST");
$login = getParam("login", "POST");
$saveViewpass = getParam("saveViewpass", "POST");
$saveAdminPass = getParam("saveAdminPass", "POST");
$oldViewPass = getParam("saveAdminPass", "POST");

//if(isset($_POST['newViewPass'])){$newViewPass = $_POST['newViewPass'];}else{$newViewPass = "";}
$newViewPass = getParam("newViewPass", "POST");

//if(isset($_POST['newViewPassConfirm'])){$newViewPassConfirm = $_POST['newViewPassConfirm'];}else{$newViewPassConfirm = "";}
$newViewPassConfirm = getParam("newViewPassConfirm", "POST");

//if(isset($_POST['oldAdminPass'])){$oldAdminPass = $_POST['oldAdminPass'];}else{$oldAdminPass = "";}
$oldAdminPass = getParam("oldAdminPass", "POST");

//if(isset($_POST['newAdminPass'])){$newAdminPass = $_POST['newAdminPass'];}else{$newAdminPass = "";}
$newAdminPass = getParam("newAdminPass", "POST");

//if(isset($_POST['newAdminPassConfirm'])){$newAdminPassConfirm = $_POST['newAdminPassConfirm'];}else{$newAdminPassConfirm = "";}
$newAdminPassConfirm = getParam("newAdminPassConfirm", "POST");

//if(isset($_POST['password'])){$password = $_POST['password'];}else{$password = "";}
$password = getParam("password", "POST");

//if(isset($_POST['file'])){$file = $_POST['file'];}else{$file = "";}
$file = getParam("file", "POST");

if(isset($_SESSION['validAdmin'])){}else{$_SESSION['validAdmin'] = false;}

//if(isset($_GET['action'])){$action = $_GET['action'];}else{$action = "";}
$action = getParam("action", "GET");

//if(isset($_GET['file'])){$file = $_GET['file'];}else{$file = "";}
$file = getParam("file", "GET");

$self = $_SERVER['PHP_SELF'];

?>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <title>KmSchedule - Admin</title>
    <link rel="stylesheet" href="css/bootstrap.min.css">
    <link rel="stylesheet" href="css/CibulCalendar.css">
    <!-- <link rel="stylesheet" href="css/css.css"> -->

  </head>

<body>
  <style media="screen">
    .admin-table td{
      width: 800px;
      padding: 4px;
      white-space: nowrap;
    
    }
    .admin-table{
      width: 800px;
      border: none;
    }

    .warnlink{
      color: red;
    }

    #motw-button{
  float: right;
}
  </style>

 <!-- Place main menu -->
<?php include 'templates/menu/menu.php'; ?>

<div class="container-fluid">
  <h1>Schedule Administration</h1>

  <?php
    // Check for admin password to access page
    if ($logPass == $adminPass){
      $_SESSION['validAdmin'] = true;
    }else{
      $loggedIn = false;
    }
  ?>


  <?php if ($_SESSION['validAdmin'] == true): ?>

    <form action="<?=$_SERVER['PHP_SELF']?>" method = "POST" enctype = "multipart/form-data">
      <input type="hidden" name="loggedIn" value="true">
    <table align="center" class="admin-table">
      <tr>
        <td colspan="5"> <b>Change Passwords</b>  - Must be at least <b>6</b> characters in length</td>
      </tr>
      <tr>
        <td>View access password</td>
        <td>Old Pass <input type="password" name="oldViewPass" value=""> </td>
        <td>New Pass <input type="password" name="newViewPass" pattern=".{6,}" value=""> </td>
        <td>Confirm <input type="password" name="newViewPassConfirm" pattern=".{6,}" value=""> </td>
        <td> <input class="btn btn-sm btn-primary btn-block" type = "submit"  name="saveViewpass" value="Save View Pass"/> </td>
      </tr>

      <tr>
        <td>Admin password</td>
        <td>Old Pass <input type="password" name="oldAdminPass" value=""> </td>
        <td>New Pass <input type="password" name="newAdminPass" pattern=".{6,}" value=""> </td>
        <td>Confirm <input type="password" name="newAdminPassConfirm" pattern=".{6,}" value=""> </td>
        <td> <input class="btn btn-sm btn-primary btn-block" type="submit"  name="saveAdminPass" value="Save Admin Pass"/> </td>
      </tr>
    </table>
    <br>
    <?php
      // Check if we are deleting a schedule file(s)
      if ($action == "delete" && $file != "") {
        // we must remove the extension for the following function to work
        // in the future all file references will be no extension
        //$path_parts = pathinfo($privateRoot.'schedules/'.$file);
        //$file = $path_parts['filename'];
        $result = deleteSchedule($privateRoot.'schedules/', $file);
        if ($result == 0) {
          echo "successfully deleted ".$file;
          //redirect($_SERVER['PHP_SELF']);
        }else {
          echo "Something went wrong";
        }
      }

      if ($action == "backup") {
        // TODO: check that paths work in nested dirs
        backupSchedules($privateRoot.'schedules', 'backups/KmSchedule-bak.zip');
      }

      if($saveViewpass != ""){
        //The form has been submitted start doing work

        $result = checkNewPassword($viewPass, $oldViewPass, $newViewPass, $newViewPassConfirm);
        //print_r($result);
        if ($result[0] == 0) {
          $options = ['cost' => 12];
          $bytes = openssl_random_pseudo_bytes(1);
          $newViewPass = password_hash($result[2], PASSWORD_BCRYPT, $options);
          file_put_contents($privateRoot.'viewPass.txt', $newViewPass);
          echo "View Password Saved";
        }else {
          echo $result[1];
        }

        $saveViewpass = "";
      }

      if($saveAdminPass != ""){
        $result = checkNewPassword($adminPass, $oldAdminPass, $newAdminPass, $newAdminPassConfirm);

        if ($result[0] == 0) {
          $options = ['cost' => 12];
          $bytes = openssl_random_pseudo_bytes(1);
          $newViewPass = password_hash($result[2], PASSWORD_BCRYPT, $options);
          file_put_contents($privateRoot.'adminPass.txt', $newViewPass);
        }else {
          echo $result[1];
        }

        $saveAdminPass = "";
      }
     ?>

    </form>


    <?php 
      if($motw == ""){
        $motw = file_get_contents('templates/usr/current/motw.md');
      }else{
        file_put_contents('templates/usr/current/motw.md', $motw);
      }
    ?>
    <h3>Message of the week (MOTW)</h3>
    <b>Note:</b> This uses Markdown syntax <a target="_blank" href="https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet">Markdown Cheatsheet</a>
    <form action="<?=$_SERVER['PHP_SELF']?>" method="post">
      <textarea name="motw" id="motw" rows="8" cols="170"><?php echo($motw);?>
      </textarea>
      <button id="motw-button">Update MOTW</button>
    </form>
    <br>
    Uses

    <h3>Uploaded Schedules</h3>

    <ul class="">
      <li><a href="<?= $self?>?action=backup">Backup Schedules</a></li>
      <li><a href="<?= $self?>?action=delete">Delete ALL Schedules</a> - Not implemented yet</li>
    </ul>

    <ul class="">
      <?php
        $schedules = getDataFiles($privateRoot.'schedules/', "html");
        foreach ($schedules as $schedule) {
          //<a href="print.php?file='.$file.'" target="_blank">Print</a>
          echo '<li>
          '.$schedule.'
          <a class="btn btn-outline-primary" href="index.php?page=viewSchedule&file='.$schedule.'" target="_blank">View</a> -

            <a class="btn btn-outline-secondary" href="print.php?file='.$schedule.'" target="_blank">Print</a> -

            <a class="btn btn-outline-danger" onclick="return confirm(\'Are you sure? There is NO undo!\')" href="'.$self.'?action=delete&file='.$schedule.'">Delete</a></li>
          ';
        }
      ?>
    </ul>

  <?php else: ?><!-- Not logged in  -->
    <?php include 'templates/login.php'; ?>
  <?php endif; ?><!-- End validAdmin check -->
  <br><br>

  <?php include 'templates/donation.php'; ?>
  <?php include 'templates/footer.php'; ?>
</div>
<script src="javascript/jquery-2.1.3.min.js" charset="utf-8"></script>

<script src="javascript/bootstrap.min.js" charset="utf-8"></script>
</body>
</html>