// Check token, won't allow non-admin user to access
if (!$user->is_admin) {
header('Location: ../index.php?msg=看起来你并不是管理员');
}
/*
* No protection here,
* I don't think you wanna f**k yourself :(
*/
if (isset($_GET['action'])) {
$action = $_GET['action'];
$user = new User($_GET['uname']);
if ($action == "upload") {
$type = isset($_GET['type']) ? $_GET['type'] : "skin";
$file = isset($_FILES['file']) ? $_FILES['file'] : null;
if (!is_null($file)) {
if ($user->setTexture($type, $file)) {
$json['errno'] = 0;
$json['msg'] = "皮肤上传成功。";
} else {
$json['errno'] = 1;
$json['msg'] = "出现了奇怪的错误。。请联系作者";
}
} else {
Utils::raise(1, '你没有选择任何文件哦');
}
} else {
if ($action == "change") {
if (user::checkValidPwd($_POST['passwd'])) {
$user->changePasswd($_POST['passwd']);
$json['errno'] = 0;
$json['msg'] = "成功更改了 " . $_GET['uname'] . " 的密码。";
if (!isset($_POST['passwd'])) {
$json['errno'] = 1;
$json['msg'] = "空密码。";
return false;
}
return true;
}
/**
* Handle request from user/index.php
*/
if ($action == "upload") {
if (Utils::getValue('token', $_SESSION) == $user->getToken()) {
if (checkFile()) {
if ($file = Utils::getValue('skin_file', $_FILES)) {
$model = isset($_GET['model']) && $_GET['model'] == "steve" ? "steve" : "alex";
if ($user->setTexture($model, $file)) {
$json['skin']['errno'] = 0;
$json['skin']['msg'] = "皮肤上传成功!";
} else {
$json['skin']['errno'] = 1;
$json['skin']['msg'] = "出现了奇怪的错误。。请联系作者 :(";
}
}
if ($file = Utils::getValue('cape_file', $_FILES)) {
if ($user->setTexture('cape', $file)) {
$json['cape']['errno'] = 0;
$json['cape']['msg'] = "披风上传成功!";
} else {
$json['cape']['errno'] = 1;
$json['cape']['msg'] = "出现了奇怪的错误。。请联系作者 :(";
}