//
// Copyright (c) 2013 Mr. Gecko's Media (James Coleman). http://mrgeckosmedia.com/
//
// Permission to use, copy, modify, and/or distribute this software for any purpose
// with or without fee is hereby granted, provided that the above copyright notice
// and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
// FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT,
// OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
// DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
// ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
//
if (isset($_MGM['user']) && $_MGM['user']['level']==1 && $_MGM['path'][1]=="users") {
if ($_MGM['path'][2]=="list") {
$results = databaseQuery("SELECT * FROM users");
while ($result = databaseFetchAssoc($results)) {
$level = "Normal";
if ($result['level']==0)
$level = "Disabled";
if ($result['level']==1)
$level = "Administrator";
if ($result['level']==2)
$level = "Moderator";
if ($result['level']==3)
$level = "Tagger";
?>
=htmlspecialchars($result['docid'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?> | =htmlspecialchars($result['email'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?> | =$level?> |
}
}
if ($_MGM['path'][2]=="update") {
$id = (isset($_REQUEST['id']) ? trim($_REQUEST['id']) : "");
$email = (isset($_REQUEST['email']) ? trim($_REQUEST['email']) : "");
$password = (isset($_REQUEST['password']) ? trim($_REQUEST['password']) : "");
$level = (isset($_REQUEST['level']) ? trim($_REQUEST['level']) : "");
$results = databaseQuery("SELECT * FROM users WHERE docid=%s", $id);
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
if (empty($email))
$email = $result['email'];
$epassword = $result['password'];
if (!empty($password)) {
$salt = substr(sha1(rand()),0,12);
$epassword = $salt.hashPassword($password,hex2bin($salt));
}
if ($level=="")
$level = $result['level'];
databaseQuery("UPDATE users SET email=%s,password=%s,level=%s WHERE docid=%s", $email, $epassword, $level, $id);
}
}
if ($_MGM['path'][2]=="create") {
$email = (isset($_REQUEST['email']) ? trim($_REQUEST['email']) : "");
$password = (isset($_REQUEST['password']) ? trim($_REQUEST['password']) : "");
$level = (isset($_REQUEST['level']) ? trim($_REQUEST['level']) : "");
if (!empty($email) && !empty($level)) {
$salt = substr(sha1(rand()),0,12);
$epassword = $salt.hashPassword($password,hex2bin($salt));
databaseQuery("INSERT INTO users (email, password, time, level) VALUES (%s,%s,%d,%s)", $email, $epassword, $_MGM['time'], $level);
}
}
exit();
}
if (isset($_MGM['user']) && $_MGM['path'][1]=="save_tags") {
$hash = (isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : "");
$tags = (isset($_REQUEST['tags']) ? trim($_REQUEST['tags']) : "");
$results = databaseQuery("SELECT * FROM images WHERE hash=%s", $hash);
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
if ($_MGM['user']['level']<=3 || $_MGM['user']['docid']==$result['user_id'])
databaseQuery("UPDATE images SET tags=%s WHERE hash=%s", $tags, $hash);
}
exit();
}
if (isset($_MGM['user']) && $_MGM['user']['level']<=2 && $_MGM['path'][1]=="delete") {
$hash = (isset($_REQUEST['hash']) ? trim($_REQUEST['hash']) : "");
$results = databaseQuery("SELECT * FROM images WHERE hash=%s", $hash);
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
unlink("./data/".$result['hash'].".".$result['extension']);
unlink("./thumbs/".$result['hash'].".".$result['extension']);
databaseQuery("DELETE FROM images WHERE hash=%s", $hash);
}
exit();
}
if (isset($_MGM['user']) && $_MGM['path'][1]=="tagless") {
$results = NULL;
if ($_MGM['user']['level']<=3)
$results = databaseQuery("SELECT * FROM images WHERE tags='' ORDER BY time ASC LIMIT 1");
else
$results = databaseQuery("SELECT * FROM images WHERE tags='' AND user=%s ORDER BY time ASC LIMIT 1", $_MGM['user']['docid']);
$result = databaseFetchAssoc($results);
if ($result!=NULL) {
?>
$count = 0;
while ($result = databaseFetchAssoc($results)) {
?>
">" width="=htmlspecialchars($result['thumb_width'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" height="=htmlspecialchars($result['thumb_height'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true)?>" />
$count++;
}
?>