-
Notifications
You must be signed in to change notification settings - Fork 1
/
update.php
81 lines (72 loc) · 3.27 KB
/
update.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
include_once("functions.php");
if(!isUser()){
setFlash("請登入", "error");
} else {
$link = mysql_connect(MYSQL_LOCATION, MYSQL_USERNAME, MYSQL_PASSWORD) or die("無法與MySQL建立連線");
mysql_set_charset("utf8", $link);
mysql_select_db(MYSQL_DATABASE);
switch ($_POST["submit"]){
case '修改機器': case '加入機器':
$ip = mysql_real_escape_string($_POST["IP_last_4_digits"]);
$feature = mysql_real_escape_string($_POST["machine_feature"]);
$ports = mysql_real_escape_string($_POST["machine_ports"]);
$owner = isSuperUser() ? mysql_real_escape_string($_POST["machine_owner"]):$_SESSION['userName'];
$location = mysql_real_escape_string($_POST["machine_location"]);
$query = 'UPDATE ips SET used=1,func="'.$feature.'",ports="'.$ports.'",owner="'.$owner.'",place="'.$location.'" WHERE ip="'.$ip.'"';
if (!isSuperUser()) {
$query .= " AND (used=0 OR owner=\"$owner\")";
}
setFlash (htmlspecialchars($ip)." 已經修改", "success");
break;
case '新增管理員':
if (validateUser($link)) {
$username = mysql_real_escape_string($_POST["new_account_name"]);
$_POST["new_account_password"];
$password_again = mysql_real_escape_string($_POST["new_account_password_check"]);
$email = mysql_real_escape_string($_POST["new_account_mail"]);
$phone = mysql_real_escape_string($_POST["new_account_phone"]);
$display_name = mysql_real_escape_string($_POST["new_account_display_name"]);
if($_POST["new_account_password"] == $_POST["new_account_password"]) {
$password = crypt($_POST["new_account_password"], SALT);
$query = "INSERT INTO users VALUES (\"$username\",\"$password\",\"$email\",\"$phone\", '$display_name')";
setFlash(htmlspecialchars($username)." 已經新增", "success");
} else {
setFlash ("兩個密碼不合", "error");
}
} else {
setFlash ("驗證帳號密碼失敗", "error");
}
break;
case '刪除管理員':
if (validateUser($link)){
$username = mysql_real_escape_string($_POST["new_account_name"]);
$query = "DELETE FROM users WHERE name=\"$username\"";
setFlash(htmlspecialchars($username)." 已經刪除", "success");
} else {
setFlash ("驗證帳號密碼失敗", "error");
}
break;
case '清除機器':
$ip = mysql_real_escape_string($_POST["IP_last_4_digits"]);
$query = 'UPDATE ips SET used=0 WHERE ip="'.$ip.'"';
setFlash(htmlspecialchars($ip)." 已經清除", "success");
break;
default:
setFlash("操作錯誤", "error");
break;
}
if(isset($query)) {
$result = mysql_query($query);
}else{
setFlash("<strong>資料庫操作失敗</strong> — ".$count."筆資料被更動。", "error");
}
mysql_close($link);
}
echo "<script type='text/javascript'>";
echo "window.location='index.php';";
echo "</script>";
function validateUser($link) {
return isSuperUser() && user_account_check($_POST["account_name"], $_POST["account_password"], $link) == $_SESSION['userName'];
}
?>