forked from VVCepheiA/WatTools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.php
101 lines (69 loc) · 2.36 KB
/
action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?php
require_once '_soul.php';
// restrict admin actions
$admin_actions = array('set_current_revision', 'logout');
if(in_array($_GET['action'], $admin_actions)) require_login();
// parse POST data
$fh = fopen('php://input','r') or die('Failed to read POST data.');
$postdata = fgets($fh);
fclose($fh);
// require POST data for these actions
$post_actions = array('new_revision', 'set_current_revision', 'login');
if(in_array($_GET['action'], $post_actions) && empty($postdata) && $postdata !== "0") die('No data submitted.');
switch ($_GET['action']){
case 'generate_rss':
// get all the revisions data
$revisions = get_revisions_data();
// rebuid the rss
build_rss($revisions);
die('Success.');
break;
case 'new_revision':
// parse POST data
$postdata = json_decode($postdata, true);
$meta = $postdata['meta'];//info about new revision
$data = $postdata['data'];//data to store
if(!$meta) die('No data.');
if(!$data) die('No meta info.');
// protect us from evil urls
die_on_evil_url($data['entries']);
// make filename for new revision
$time = time();
$meta['time'] = $time;
$meta['file'] = 'data/'.md5(json_encode($meta)).$time.'.js';
// get all the revisions data, add new revision and save it again
$revisions = get_revisions_data();
array_push($revisions['revisions'], $meta);
save_revisions_data($revisions);
// save the new revision
save_new_revision($meta['file'], $data);
// rebuid the rss
build_rss($revisions);
// die with the id of the new revision
die(''.(count($revisions['revisions'])-1));
break;
case 'set_current_revision':
// take input as a number
$revision = $postdata;
if(!is_numeric($revision)) die('Non numeric input.');
// get revisions data and check if the request makes sense
$revisions = get_revisions_data();
if($revision > count($revisions['revisions']) || $revision < 0) die('Selected revision does not exist.');
// update current revision
$revisions['current'] = $revision;
// save new revisions list
save_revisions_data($revisions);
die('1');
break;
case 'login':
if(check_admin_password($_POST['password']) === false) die('Wrong password.');
log_in();
die('1');
break;
case 'logout':
log_out();
break;
default:
die('Unknown action.');
break;
}