mmainstreet / jodel-web

admin.php

<?php

include 'php/jodel-web.php';


if(isset($_GET['pw']))
{
	setcookie('JodelAdminPassword', $_GET['pw'], time()+60*60*24*365*10);
	error_log('admin password saved for [' . $_SERVER ['HTTP_USER_AGENT'] . ']');
	header('Location: ' . $baseUrl . 'admin.php');
	exit;
}
else if(isset($_GET['voterPw']))
{
	setcookie('JodelVoterPassword', $_GET['voterPw'], time()+60*60*24*365*10);
	error_log('voter password saved for [' . $_SERVER ['HTTP_USER_AGENT'] . ']');
	header('Location: ' . $baseUrl . 'admin.php');
	exit;
}

if(isUserAdmin())
{
	$userIsAdmin = true;
	$userIsVoter = true;
}
else if(isUserVoter())
{
	$userIsAdmin = false;
	$userIsVoter = true;
}
else
{
	error_log($_SERVER['REMOTE_ADDR']  . ' used a wrong voterPw / pw on admin.php');
	die();
}


if($userIsAdmin && isset($_POST['createAccount']) && $_POST['createAccount'])
{
	$newJodelAccount = new JodelAccount();
}

if($userIsAdmin && isset($_POST['createVoter']) && $_POST['createVoter'])
{
	//insert voter into db
	$db = new DatabaseConnect();

Equals sign not aligned with surrounding assignments; expected 8 spaces but found 1 space

    $result = $db->query("INSERT INTO users (user_token, remaining_votes, device_uid, rights)
                    VALUES ('" 	. $db->escape_string($_POST['user_token'])
                    	. "','" . $db->escape_string($_POST['remaining_votes'])
                    	. "','" . $db->escape_string($_POST['device_uid'])
                    	. "','" . $db->escape_string($_POST['rights']) . "')");
    
    if($result === false){

This code seems to be duplicated across your project.

            $error = db_error();
            error_log($error);
            error_log("Adding Voter failed: (" . $result->errno . ") " . $result->error);

The string literal Adding Voter failed: ( does not require double quotes, as per coding-style, please use single quotes.

The string literal ) does not require double quotes, as per coding-style, please use single quotes.

    } 
}

//Vote

60% of this comment could be valid code. Did you maybe forget this after debugging?

/*
if($userIsVoter && isset($_POST['vote']) && isset($_POST['postId']) && isset($_POST['quantity']))
{
	$i = 0;
	$result = $db->query("SELECT access_token, device_uid FROM accounts WHERE device_uid NOT IN (SELECT device_uid FROM votes WHERE postId = '" . $_POST['postId'] . "')");

This line exceeds maximum limit of 120 characters; contains 168 characters

	if($result->num_rows > 0)
	{
		// output data of each row
		while(($row = $result->fetch_assoc()) && $i < $_POST['quantity'])
		{
			$jodelAccount = new JodelAccount($row['device_uid']);

			if($jodelAccount->votePostId($_POST['postId'], $_POST['vote']))
			{
				$i++;
			}
		}
	}
	else
	{
		error_log("Error: 0 results");
	}
}
*/

?>
<!DOCTYPE html>
<html lang="en">
	<head>
		<title>Backend - JodelBlue WebClient</title>
		
		<meta charset="utf8">
		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
		<meta http-equiv="x-ua-compatible" content="ie=edge">
		
		<meta name="description" content="JodelBlue is a WebClient for the Jodel App. No registration required! Browse Jodels all over the world. Send your own Jodels or upvote others.">

This line exceeds maximum limit of 120 characters; contains 180 characters

		<meta name="keywords" content="jodelblue, jodel, blue, webclient, web, client">
		
		<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.5/css/bootstrap.min.css" integrity="sha384-AysaV+vQoT3kOAXZkl02PThvDr8HYKPZhNT5h/CXfBThSRXQ6jW5DO2ekP5ViFdi" crossorigin="anonymous">

This line exceeds maximum limit of 120 characters; contains 218 characters

				<link rel="stylesheet" href="<?php echo $baseUrl;?>css/font-awesome.min.css">
		<link rel="stylesheet" href="<?php echo $baseUrl;?>style.css" type="text/css">
		
		<link rel="shortcut icon" type="image/x-icon" href="<?php echo $baseUrl;?>img/favicon/favicon.ico">
		<link rel="icon" type="image/x-icon" href="<?php echo $baseUrl;?>img/favicon/favicon.ico">
		<link rel="icon" type="image/gif" href="<?php echo $baseUrl;?>img/favicon/favicon.gif">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon.png">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon.png">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-57x57.png" sizes="57x57">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-60x60.png" sizes="60x60">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-72x72.png" sizes="72x72">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-76x76.png" sizes="76x76">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-114x114.png" sizes="114x114">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-120x120.png" sizes="120x120">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-128x128.png" sizes="128x128">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-144x144.png" sizes="144x144">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-152x152.png" sizes="152x152">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-180x180.png" sizes="180x180">
		<link rel="apple-touch-icon" href="<?php echo $baseUrl;?>img/favicon/apple-touch-icon-precomposed.png">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-16x16.png" sizes="16x16">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-32x32.png" sizes="32x32">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-96x96.png" sizes="96x96">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-160x160.png" sizes="160x160">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-192x192.png" sizes="192x192">
		<link rel="icon" type="image/png" href="<?php echo $baseUrl;?>img/favicon/favicon-196x196.png" sizes="196x196">
		<meta name="msapplication-TileImage" content="<?php echo $baseUrl;?>img/favicon/win8-tile-144x144.png"> 
		<meta name="msapplication-TileColor" content="#5682a3"> 
		<meta name="msapplication-navbutton-color" content="#5682a3"> 
		<meta name="application-name" content="JodelBlue"/> 
		<meta name="msapplication-tooltip" content="JodelBlue"/> 
		<meta name="apple-mobile-web-app-title" content="JodelBlue"/> 
		<meta name="msapplication-square70x70logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-70x70.png"> 
		<meta name="msapplication-square144x144logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-144x144.png"> 
		<meta name="msapplication-square150x150logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-150x150.png"> 
		<meta name="msapplication-wide310x150logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-310x150.png"> 
		<meta name="msapplication-square310x310logo" content="<?php echo $baseUrl;?>img/favicon/win8-tile-310x310.png"> 
	</head>
	
	<body>
		<header>
			<nav class="navbar navbar-full navbar-dark navbar-fixed-top">
				<div class="container">					
						<h1>
						<a href="./admin.php" class="spinnable">
						
						JodelBlue <i class="fa fa-refresh fa-1x"></i></a>
					</h1>					
				</div>
			</nav>
		</header>
		
		<div class="mainContent container">		
			<div class="content row">
				<article class="topContent col-sm-8">

					<content id="posts" class="adminpanel">
						<?php if($userIsAdmin) { ?>
						<h2>account management</h2>
						<form method="post">
							<div>
							<?php
								$result = $db->query("SELECT COUNT(*) FROM accounts");

The string literal SELECT COUNT(*) FROM accounts does not require double quotes, as per coding-style, please use single quotes.

								echo $result->fetch_row()[0];
							?>
							accounts in the database</div>
							<button type="submit" name="createAccount" value="TRUE">Create new Account</button>
						</form>
						<br>
						<h3>Create Voter</h3>
						<form method="post">
							<div>
							<input type="text" name="user_token" placeholder="user_token" required="true"><br>
							<input type="number" name="remaining_votes" placeholder="remaining_votes" required="true"><br>
							<input type="text" name="device_uid" placeholder="device_uid" required="true"><br>
							<input type="text" name="rights" placeholder="rights" required="true"><br>
							<button type="submit" name="createVoter" value="TRUE">Create new Voter</button>
						</form>
						<hr>
						<?php
						}

						if($userIsVoter) {
						?>
						<h2>Voting</h2>
						<form>
							<input placeholder="quantity" id="quantityDelay" type="number" name="quantity"><br>
							<input placeholder="min interval" id="minDelay" value="<?php echo $config['minInterval'];?>" type="text" name="min"><br>

This line exceeds maximum limit of 120 characters; contains 127 characters

							<input placeholder="max interval" id="maxDelay" value="<?php echo $config['maxInterval'];?>" type="text" name="max"><br>

This line exceeds maximum limit of 120 characters; contains 127 characters

							<input placeholder="postId" id="postIdDelay" value="<?php if(isset($_GET['postId'])) echo $_GET['postId'];?>" type="text" name="postId"><br>

This line exceeds maximum limit of 120 characters; contains 147 characters

							<button type="button" name="vote" value="up" class="half" onclick="voteWithAjax('up');">Upvote</button>
							<button type="button" name="vote" value="down" class="half" onclick="voteWithAjax('down');">Downvote</button><br>
						</form>
							<progress id="progressDelay" value="0" max="100"></progress>
							<div id="ResponseMessage"></div>
							<div id="ResponseCaptcha"></div>

						<?php } ?>
					</content>
				</article>
			</div>
		</div>
		
		
		<!-- jQuery, Tether, Bootstrap JS and own-->
		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha384-3ceskX3iaEnIogmQchP8opvBy3Mi7Ce34nWjpBIwVTHfGYWQS9jwHDVRnpKKHJg7" crossorigin="anonymous"></script>

This line exceeds maximum limit of 120 characters; contains 198 characters

    	<script src="https://cdnjs.cloudflare.com/ajax/libs/tether/1.3.7/js/tether.min.js" integrity="sha384-XTs3FgkjiBgo8qjEjBk0tGmf3wPrWtA6coPfQDfFEY8AnYJwjalXCiosYRBIBZX8" crossorigin="anonymous"></script>

This line exceeds maximum limit of 120 characters; contains 205 characters

    	<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.5/js/bootstrap.min.js" integrity="sha384-BLiI7JTZm+JWlgKa0M0kGRpJbF2J8q+qreVrKBC47e3K6BW78kGLrCkeRX6I9RoK" crossorigin="anonymous"></script>

This line exceeds maximum limit of 120 characters; contains 212 characters

		<script>
			//delayed voting
			var rekData;
			function voteWithAjax(type)
			{
				var id = $("#postIdDelay").val();
				var quantity = parseInt($("#quantityDelay").val());
				var minTime = parseFloat($("#minDelay").val());
				var maxTime = parseFloat($("#maxDelay").val());	
				var data = {"vote": type,
						   "id":id,
							"i": 1,
						   "quantity":quantity,
						   "minTime":minTime,
						   "maxTime":maxTime};
				
				$("#progressDelay").attr("max", quantity);
				$("#progressDelay").val(0);
				if (minTime > maxTime)
				{
					$("#ResponseMessage").html("min interval is greater than max interval");
					
				}
				else if (id == "")
				{
					$("#ResponseMessage").html("please enter a postId");
				}
				else if (isNaN(quantity))
				{
					$("#ResponseMessage").html("please enter a valid quantity of votes");
				}
				else 
				{
					voteRek(data);
				}
			}
			
			function voteRek(data)
			{
				$.ajax({
				  type: "POST",
				  url: "<?php echo $baseUrl;?>vote-ajax.php",
				  data: {"vote" : data["vote"],
						 "postId" : data["id"]},
				  success: function(result){
					  $("#progressDelay").val(data["i"]);
					  var response;
					  try 
					  {
						response = JSON.parse(result);
					  } catch (e) {
						//voteRek(data);
					  }
					  if (response["success"] != true)
					  {
						  $("#ResponseMessage").html(response["message"]);
						  if (response["captcha"] != null) {
							  rekData = data;
							  $("#ResponseCaptcha").append( "<div id='captchaWrapper_" + data["i"] + "'><form><p>Check all images with Coons on it (Coons look like <img style=\"height: 1.0em; width: unset;\" src=\"img/coon.png\">).</p><img src='" + response["captcha"]["image_url"] + "' style='width:100%'><div class='captchaWrapper'><input id='box_0' type='checkbox'><input id='box_1' type='checkbox'><input id='box_2' type='checkbox'><input id='box_3' type='checkbox'><input id='box_4' type='checkbox'><input id='box_5' type='checkbox'><input id='box_6' type='checkbox'><input id='box_7' type='checkbox'><input id='box_8' type='checkbox'></div><button type=\"button\" onclick=\"verifyAccount(" + data["i"] + ", '" + response["captcha"]["key"] + "' , '" + response["deviceUid"] + "');\">Verify</button></form></div>");

This line exceeds maximum limit of 120 characters; contains 798 characters

							  //verifyAccount(data["i"], response["captcha"]["key"], response["deviceUid"]);
						  }
					  }
					  else if (data["i"] < data["quantity"])
					  {
						  $("#ResponseMessage").html(data["i"] + " of " + data["quantity"]);
						  data["i"] += 1;
						  setTimeout(function(){voteRek(data)}, getRandomFloat(data["minTime"],data["maxTime"])*1000);
					  } else {
						  $("#ResponseMessage").html(data["quantity"] + " votes completed");
					  }
				  }
				});
			}
			
			function verifyAccount(id, key, deviceUid)
			{
				var solution = "";
				for (i=0; i<9; i++) {
					var box = $("#box_"+i);
					if (box.is(':checked') == true)
					{
						if (solution != "")
						{
							solution += "-" + i;
						}
						else 
						{
							solution = i;
						}

					}
				}
				console.log(solution);
				$.ajax({
				  type: "POST",
				  url: "<?php echo $baseUrl;?>vote-ajax.php?solution=" + solution + "&key="+key,
				  data: {"deviceUid" : deviceUid},
				  success: function(result){
					  var response = JSON.parse(result);
					  console.log("Verification = "+response["success"])
					  $("#captchaWrapper_"+id).remove();
					  voteRek(rekData);
				  }
				});
			}
			
			function getRandomFloat(min, max)
			{
			  return Math.floor(Math.random() * (max - min)) + min;
			}

		</script>
	</body>
</html>