PHPIndex

This page lists files in the current directory. You can view content, get download/execute commands for Wget, Curl, or PowerShell, or filter the list using wildcards (e.g., `*.sh`).

admins.php 
wget 'https://sme10.lists2.roe3.org/admsnippets/admin/admins.php'
View Content 
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>


<?php define("ADMSNIPPET", null); ?>
<?php include("../config.php"); ?>
<?php include("../includes/setup.php"); ?>
<?php include("../includes/admincheck.php"); ?>
<?php
  $error_message = null;
  $page_title = "Manage administrators";
  $page_description = "Manage administrators on AdmSnippet.";

  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['csrf']) || $_POST['csrf'] != $csrf_token) {
        $error_message = "Potential CSRF attack detected.";
    } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
        $error_message = "Invalid user ID";
    } else {
      $stmt = mysqli_prepare($db, 'UPDATE users SET is_admin=!(is_admin) WHERE id = ? AND id <> ?;');
      $userid = intval($_POST['id']);
        if ($stmt) {
            mysqli_stmt_bind_param($stmt, 'ii', $userid, $user);
            $isexecsuccess = mysqli_stmt_execute($stmt);
            if ($isexecsuccess) {
              $isupdated = mysqli_stmt_affected_rows($stmt) > 0;
              mysqli_stmt_close($stmt);
              if (!$isupdated) {
                $error_message = 'An internal server error has occurred during the account deletion.';
              }
            } else {
              mysqli_stmt_close($stmt);
              $error_message = 'An internal server error has occurred during the account deletion.';
            }
        } else {
            $error_message = 'An internal server error has occurred during the account deletion.';
        }
    }
  }
?>
<?php include("../includes/header.php"); ?>
<main class="page">
    <div class="container">
        <h1>Manage administrators</h1>
        <p><a href="<?php echo htmlspecialchars(APP_ROOT) ?>admin/">Return to the administration panel</a></p>
        <?php
          if ($error_message) {
            echo '<p class="form-error">' . htmlspecialchars($error_message) . '</p>';
          }
        ?>
        <table>
          <tr>
            <th class="table-cell-left">Username</th>
            <th class="table-cell-right">Toggle administrator</th>
          </tr>
          <?php
            $userresult = mysqli_query($db, 'SELECT id, name, is_admin FROM users ORDER BY id DESC;');
            if ($userresult) {
              $entries_present = false;
              while ($userresultrow = mysqli_fetch_assoc($userresult)) {
                $entries_present = true;
                echo '<tr>
                  <td class="table-cell-left"><a href="' . htmlspecialchars(APP_ROOT) . 'user.php?id=' . htmlspecialchars(urlencode($userresultrow['id'])) . '">' . htmlspecialchars($userresultrow['name']) . '</a></td>
                  <td class="table-cell-right">' . ($userresultrow['id'] != $user ? '<form action="' . htmlspecialchars(APP_ROOT) . 'admin/admins.php" method="post" class="form-shorthand">
                    <input type="submit" class="button" value="' . htmlspecialchars($userresultrow['is_admin'] ? 'Take away permissions' : 'Grant permissions') . '">
                    <input type="hidden" name="id" value="' . htmlspecialchars($userresultrow['id']) . '">
                    <input type="hidden" name="csrf" value="' . htmlspecialchars($csrf_token) . '">
                  </form>' : '') . '</td>
                </tr>';
              }
              if (!$entries_present) {
                echo '<tr>
                  <td class="table-cell-left">No users.</td>
                  <td class="table-cell-right"></td>
                </tr>';
              }
            } else {
              echo '<tr>
                <td class="table-cell-left">An error has occurred during retrieval of users!</td>
                <td class="table-cell-right"></td>
              </tr>';
            }
          ?>
        </table>
        <br>
    </div>
</main>
<?php include("../includes/footer.php"); ?>
<?php include("../includes/finalize.php"); ?>
categories.php 
wget 'https://sme10.lists2.roe3.org/admsnippets/admin/categories.php'
View Content 
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>


<?php define("ADMSNIPPET", null); ?>
<?php include("../config.php"); ?>
<?php include("../includes/setup.php"); ?>
<?php include("../includes/admincheck.php"); ?>
<?php
  $error_message = null;
  $page_title = "Manage categories";
  $page_description = "Manage categories in AdmSnippet";

  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['csrf']) || $_POST['csrf'] != $csrf_token) {
      $error_message = "Potential CSRF attack detected.";
    } elseif (!isset($_POST['action']) || !$_POST['action']) {
      $error_message = "Invalid action.";
    } elseif ($_POST['action'] == "add") {
      if (!isset($_POST['name']) || !$_POST['name']) {
        $error_message = "You need to input a category name.";
      } else {
        $stmt = mysqli_prepare($db, 'INSERT INTO categories (name) VALUES (?);');
        if ($stmt) {
          mysqli_stmt_bind_param($stmt, 's', $_POST['name']);
          mysqli_stmt_execute($stmt);
          $insert_id = mysqli_stmt_insert_id($stmt);
          mysqli_stmt_close($stmt);
          if (!$insert_id) {
            $error_message = "An internal server error has occurred when adding a category.";
          }
        } else {
          $error_message = "An internal server error has occurred when adding a category.";
        }
      }
    } elseif ($_POST['action'] == "rename") {
      if (!isset($_POST['name']) || !$_POST['name']) {
        $error_message = "You need to input a category name.";
      } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
        $error_message = "Invalid category ID.";
      } else {
        $stmt = mysqli_prepare($db, 'UPDATE categories SET name = ? WHERE id = ?;');
        $categoryid = intval($_POST['id']);
        if ($stmt) {
          mysqli_stmt_bind_param($stmt, 'si', $_POST['name'], $categoryid);
          $isexecsuccess = mysqli_stmt_execute($stmt);
          if ($isexecsuccess) {
            $isupdated = mysqli_stmt_affected_rows($stmt) > 0;
            mysqli_stmt_close($stmt);
            if (!$isupdated) {
              $error_message = "The category you have requested to rename doesn't exist.";
            }
          } else {
            mysqli_stmt_close($stmt);
            $error_message = "An internal server error has occurred when renaming a category.";
          }
        } else {
          $error_message = "An internal server error has occurred when renaming a category.";
        }
      }
    } elseif ($_POST['action'] == "delete") {
      if (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
        $error_message = "Invalid category ID.";
      } else {
        $stmt = mysqli_prepare($db, 'DELETE FROM categories WHERE id = ?;');
        $categoryid = intval($_POST['id']);
        if ($stmt) {
          mysqli_stmt_bind_param($stmt, 'i', $categoryid);
          $isexecsuccess = mysqli_stmt_execute($stmt);
          if ($isexecsuccess) {
            $isdeleted = mysqli_stmt_affected_rows($stmt) > 0;
            mysqli_stmt_close($stmt);
            if ($isdeleted) {
                $stmt2 = mysqli_prepare($db, 'DELETE FROM votes WHERE snippet_id IN (SELECT id FROM snippets WHERE category_id = ?);');
                if ($stmt2) {
                  mysqli_stmt_bind_param($stmt2, 'i', $categoryid);
                  $isexecsuccess2 = mysqli_stmt_execute($stmt2);
                  mysqli_stmt_close($stmt2);
                  if ($isexecsuccess2) {
                      $stmt3 = mysqli_prepare($db, 'DELETE FROM snippets WHERE category_id = ?;');
                      if ($stmt3) {
                        mysqli_stmt_bind_param($stmt3, 'i', $categoryid);
                        $isexecsuccess3 = mysqli_stmt_execute($stmt3);
                        mysqli_stmt_close($stmt3);
                        if (!$isexecsuccess3) {
                          $error_message = 'An internal server error has occurred when deleting a category.';
                        }
                      } else {
                        $error_message = 'An internal server error has occurred when deleting a category.';
                      }
                  } else {
                    $error_message = 'An internal server error has occurred when deleting a category.';
                  }
                } else {
                  $error_message = 'An internal server error has occurred when deleting a category.';
                }
            } else {
              $error_message = "An internal server error has occurred when deleting a category.";
            }
          } else {
            mysqli_stmt_close($stmt);
            $error_message = "An internal server error has occurred when deleting a category.";
          }
        } else {
          $error_message = "An internal server error has occurred when deleting a category.";
        }
      }
    }
  }
?>
<?php include("../includes/header.php"); ?>
<main class="page">
  <div class="container">
    <h1>Administration panel</h1>
    <p><a href="<?php echo htmlspecialchars(APP_ROOT); ?>admin/">Return to the administration panel</a></p>
    <?php
      if ($error_message) {
        echo '<p class="form-error">' . htmlspecialchars($error_message) . '</p>';
      }
    ?>
    <h2>Add a category</h2>
    <form action="<?php echo htmlspecialchars(APP_ROOT); ?>admin/categories.php" method="post" class="form-visible">
      <div class="form-element">
        <label for="catname">Category name:</label>
        <input type="text" name="name" id="catname" maxlength="255">
      </div>
      <input type="hidden" name="action" value="add">
      <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($csrf_token); ?>">
      <input type="submit" value="Add" class="button">
    </form>
    <h2>Rename a category</h2>
    <form action="<?php echo htmlspecialchars(APP_ROOT); ?>admin/categories.php" method="post" class="form-visible">
      <div class="form-element">
        <label for="catselect">Category:</label>
        <select name="id" id="catselect">
          <?php
            $categories = mysqli_query($db, 'SELECT id, name FROM categories ORDER BY id;');
            if ($categories) {
              while ($category = mysqli_fetch_assoc($categories)) {
                echo '<option value="' . htmlspecialchars($category['id']) . '">' . htmlspecialchars($category['name']) . '</option>';
              }
            }
          ?>
        </select>
      </div>
      <div class="form-element">
        <label for="catname2">New name:</label>
        <input type="text" name="name" id="catname2" maxlength="255">
      </div>
      <input type="hidden" name="action" value="rename">
      <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($csrf_token); ?>">
      <input type="submit" value="Rename" class="button">
    </form>
    <h2>Delete a category</h2>
    <form action="<?php echo htmlspecialchars(APP_ROOT); ?>admin/categories.php" method="post" class="form-visible">
      <div class="form-element">
        <label for="catselect">Category:</label>
        <select name="id" id="catselect2">
          <?php
            $categories = mysqli_query($db, 'SELECT id, name FROM categories ORDER BY id;');
            if ($categories) {
              while ($category = mysqli_fetch_assoc($categories)) {
                echo '<option value="' . htmlspecialchars($category['id']) . '">' . htmlspecialchars($category['name']) . '</option>';
              }
            }
          ?>
        </select>
      </div>
      <input type="hidden" name="action" value="delete">
      <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($csrf_token); ?>">
      <input type="submit" value="Delete" class="button">
    </form>
  </div>
</main>
<?php include("../includes/footer.php"); ?>
<?php include("../includes/finalize.php"); ?>
deletesnippets.php 
wget 'https://sme10.lists2.roe3.org/admsnippets/admin/deletesnippets.php'
View Content 
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>


<?php define("ADMSNIPPET", null); ?>
<?php include("../config.php"); ?>
<?php include("../includes/setup.php"); ?>
<?php include("../includes/admincheck.php"); ?>
<?php
  $error_message = null;
  $page_title = "Delete snippets";
  $page_description = "Delete snippets from AdmSnippet.";

  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['csrf']) || $_POST['csrf'] != $csrf_token) {
        $error_message = "Potential CSRF attack detected.";
    } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
        $error_message = "Invalid snippet ID";
    } else {
      $stmt = mysqli_prepare($db, 'DELETE FROM snippets WHERE id = ?;');
      $snippetid = intval($_POST['id']);
      if ($stmt) {
        mysqli_stmt_bind_param($stmt, 'i', $snippetid);
        $isexecsuccess = mysqli_stmt_execute($stmt);
        if (!$isexecsuccess) {
          mysqli_stmt_close($stmt);
          $servererror = true;
        } else {
          $isdeleted = mysqli_stmt_affected_rows($stmt) > 0;
          mysqli_stmt_close($stmt);
          if ($isdeleted) {
            $stmt2 = mysqli_prepare($db, 'DELETE FROM votes WHERE snippet_id = ?;');
            if ($stmt2) {
              mysqli_stmt_bind_param($stmt2, 'i', $snippetid);
              $isexecsuccess2 = mysqli_stmt_execute($stmt2);
              if (!$isexecsuccess2) {
                $error_message = 'An internal server error has occurred during snippet deletion.';
              }
              mysqli_stmt_close($stmt2);
            } else {
              $error_message = 'An internal server error has occurred during snippet deletion.';
            }
          }
        }
      } else {
        $error_message = 'An internal server error has occurred during snippet deletion.';
      }
    }
  }
?>
<?php include("../includes/header.php"); ?>
<main class="page">
    <div class="container">
        <h1>Delete snippets</h1>
        <p><a href="<?php echo htmlspecialchars(APP_ROOT); ?>admin/">Return to the administration panel</a></p>
        <?php
          if ($error_message) {
            echo '<p class="form-error">' . htmlspecialchars($error_message) . '</p>';
          }
        ?>
        <table>
          <tr>
            <th class="table-cell-left">Snippet name</th>
            <th class="table-cell-right">Delete</th>
          </tr>
          <?php
            $snippets = mysqli_query($db, 'SELECT id, date, title FROM snippets ORDER BY date DESC;');
            if ($snippets) {
              $entries_present = false;
              while ($snippet = mysqli_fetch_assoc($snippets)) {
                $entries_present = true;
                echo '<tr>
                  <td class="table-cell-left"><a href="' . htmlspecialchars(APP_ROOT) . 'snippet.php?id=' . htmlspecialchars(urlencode($snippet['id'])) . '">' . htmlspecialchars($snippet['title']) . '</a></td>
                  <td class="table-cell-right"><form action="' . htmlspecialchars(APP_ROOT) . 'admin/deletesnippets.php" method="post" class="form-shorthand">
                    <input type="submit" class="button" value="Delete">
                    <input type="hidden" name="id" value="' . htmlspecialchars($snippet['id']) . '">
                    <input type="hidden" name="csrf" value="' . htmlspecialchars($csrf_token) . '">
                  </form></td>
                </tr>';
              }
              if (!$entries_present) {
                echo '<tr>
                  <td class="table-cell-left">No snippets.</td>
                  <td class="table-cell-right"></td>
                </tr>';
              }
            } else {
              echo '<tr>
                <td class="table-cell-left">An error has occurred during retrieval of snippets!</td>
                <td class="table-cell-right"></td>
              </tr>';
            }
          ?>
        </table>
        <br>
    </div>
</main>
<?php include("../includes/footer.php"); ?>
<?php include("../includes/finalize.php"); ?>
deleteusers.php 
wget 'https://sme10.lists2.roe3.org/admsnippets/admin/deleteusers.php'
View Content 
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>


<?php define("ADMSNIPPET", null); ?>
<?php include("../config.php"); ?>
<?php include("../includes/setup.php"); ?>
<?php include("../includes/admincheck.php"); ?>
<?php
  $error_message = null;
  $page_title = "Delete snippets";
  $page_description = "Delete snippets from AdmSnippet.";

  if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['csrf']) || $_POST['csrf'] != $csrf_token) {
        $error_message = "Potential CSRF attack detected.";
    } elseif (!isset($_POST['id']) || !is_numeric($_POST['id'])) {
        $error_message = "Invalid user ID";
    } else {
      $stmt = mysqli_prepare($db, 'DELETE FROM users WHERE id = ? AND id <> ?;');
      $userid = intval($_POST['id']);
        if ($stmt) {
            mysqli_stmt_bind_param($stmt, 'ii', $userid, $user);
            $isexecsuccess = mysqli_stmt_execute($stmt);
            if ($isexecsuccess) {
              $isdeleted = mysqli_stmt_affected_rows($stmt) > 0;
              mysqli_stmt_close($stmt);
              if ($isdeleted) {
                $stmt2 = mysqli_prepare($db, 'DELETE FROM votes WHERE user_id = ?;');
                if ($stmt2) {
                  mysqli_stmt_bind_param($stmt2, 'i', $userid);
                  $isexecsuccess2 = mysqli_stmt_execute($stmt2);
                  mysqli_stmt_close($stmt2);
                  if ($isexecsuccess2) {
                      $stmt3 = mysqli_prepare($db, 'DELETE FROM snippets WHERE user_id = ?;');
                      if ($stmt3) {
                        mysqli_stmt_bind_param($stmt3, 'i', $userid);
                        $isexecsuccess3 = mysqli_stmt_execute($stmt3);
                        mysqli_stmt_close($stmt3);
                        if (!$isexecsuccess3) {
                          $error_message = 'An internal server error has occurred during the account deletion.';
                        }
                      } else {
                        $error_message = 'An internal server error has occurred during the account deletion.';
                      }
                  } else {
                    $error_message = 'An internal server error has occurred during the account deletion.';
                  }
                } else {
                  $error_message = 'An internal server error has occurred during the account deletion.';
                }
              } else {
                $error_message = 'An internal server error has occurred during the account deletion.';
              }
            } else {
              mysqli_stmt_close($stmt);
              $error_message = 'An internal server error has occurred during the account deletion.';
            }
        } else {
            $error_message = 'An internal server error has occurred during the account deletion.';
        }
    }
  }
?>
<?php include("../includes/header.php"); ?>
<main class="page">
    <div class="container">
        <h1>Delete users</h1>
        <p><a href="<?php echo htmlspecialchars(APP_ROOT); ?>admin/">Return to the administration panel</a></p>
        <?php
          if ($error_message) {
            echo '<p class="form-error">' . htmlspecialchars($error_message) . '</p>';
          }
        ?>
        <table>
          <tr>
            <th class="table-cell-left">Username</th>
            <th class="table-cell-right">Delete</th>
          </tr>
          <?php
            $userresult = mysqli_query($db, 'SELECT id, name FROM users ORDER BY id DESC;');
            if ($userresult) {
              $entries_present = false;
              while ($userresultrow = mysqli_fetch_assoc($userresult)) {
                $entries_present = true;
                echo '<tr>
                  <td class="table-cell-left"><a href="' . htmlspecialchars(APP_ROOT) . 'user.php?id=' . htmlspecialchars(urlencode($userresultrow['id'])) . '">' . htmlspecialchars($userresultrow['name']) . '</a></td>
                  <td class="table-cell-right">' . ($userresultrow['id'] != $user ? '<form action="' . htmlspecialchars(APP_ROOT) . 'admin/deleteusers.php" method="post" class="form-shorthand">
                    <input type="submit" class="button" value="Delete">
                    <input type="hidden" name="id" value="' . htmlspecialchars($userresultrow['id']) . '">
                    <input type="hidden" name="csrf" value="' . htmlspecialchars($csrf_token) . '">
                  </form>' : '') . '</td>
                </tr>';
              }
              if (!$entries_present) {
                echo '<tr>
                  <td class="table-cell-left">No users.</td>
                  <td class="table-cell-right"></td>
                </tr>';
              }
            } else {
              echo '<tr>
                <td class="table-cell-left">An error has occurred during retrieval of users!</td>
                <td class="table-cell-right"></td>
              </tr>';
            }
          ?>
        </table>
        <br>
    </div>
</main>
<?php include("../includes/footer.php"); ?>
<?php include("../includes/finalize.php"); ?>
statistics.php 
wget 'https://sme10.lists2.roe3.org/admsnippets/admin/statistics.php'
View Content 
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>


<?php define("ADMSNIPPET", null); ?>
<?php include("../config.php"); ?>
<?php include("../includes/setup.php"); ?>
<?php include("../includes/admincheck.php"); ?>
<?php
  $page_title = "Statistics";
  $page_description = "View the statistics for AdmSnippet";
?>
<?php include("../includes/header.php"); ?>
<main class="page">
  <div class="container">
    <h1>Statistics</h1>
    <p><a href="<?php echo htmlspecialchars(APP_ROOT); ?>admin/">Return to the administration panel</a></p>
    <ul>
    <?php
      $totalusers = mysqli_query($db, 'SELECT COUNT(*) AS "count" FROM users;');
      if ($totalusers) {
        $totalusersrow = mysqli_fetch_assoc($totalusers);
        echo '<li><b>Total users:</b> ' . htmlspecialchars($totalusersrow['count']) . '</li>';
      } else {
        echo '<li><b>Can\'t get the total number of users!</b></li>';
      }
      $totalsnippets = mysqli_query($db, 'SELECT COUNT(*) AS "count" FROM snippets;');
      if ($totalsnippets) {
        $totalsnippetsrow = mysqli_fetch_assoc($totalsnippets);
        echo '<li><b>Total snippets:</b> ' . htmlspecialchars($totalsnippetsrow['count']) . '</li>';
      } else {
        echo '<li><b>Can\'t get the total number of snippets!</b></li>';
      }
    ?>
    </ul>
  </div>
</main>
<?php include("../includes/footer.php"); ?>
<?php include("../includes/finalize.php"); ?>