From d30af6c9816b549787a930ddda9478c7af2332a9 Mon Sep 17 00:00:00 2001
From: dmorley <root@usr.io>
Date: Sun, 1 Feb 2015 18:18:40 -0800
Subject: [PATCH] start of an edit feature for podmins

---
 db/edit.php     | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
 db/gettoken.php | 44 ++++++++++++++++++++++++++++++++++++
 db/tables.sql   |  3 +++
 index.php       |  4 +++-
 4 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 db/edit.php
 create mode 100644 db/gettoken.php

diff --git a/db/edit.php b/db/edit.php
new file mode 100644
index 0000000..e38084e
--- /dev/null
+++ b/db/edit.php
@@ -0,0 +1,60 @@
+<?php
+ include('config.php');
+if (!$_GET['domain']){
+  echo "no pod domain given";
+ die;
+}
+if (!$_GET['token']){
+  echo "no token given";
+ die;
+}
+if (strlen($_GET['token']) < 6){
+  echo "bad token";
+ die;
+}
+$domain = $_GET['domain'];
+ $dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
+     if (!$dbh) {
+         die("Error in connection: " . pg_last_error());
+     }
+ $sql = "SELECT domain,email,token,tokenexpire,pingdomurl,weight FROM pods WHERE domain = '$domain'";
+ $result = pg_query($dbh, $sql);
+ if (!$result) {
+     die("Error in SQL query: " . pg_last_error());
+ }
+ while ($row = pg_fetch_array($result)) {
+if ($row["token"] <> $_GET['token']) {
+echo "token not a match";die;
+}
+if ($row["tokenexpire"] < date("Y-m-d H:i:s", time()))  {
+echo "token expired";die;
+}
+
+     
+echo "Authorized to edit <b>" . $domain . "</b> until " .$row["tokenexpire"] . "<br>";
+echo "Stats URL <input type=text size=100 value=" .$row["pingdomurl"] . "><br>"; 
+echo "Email <input type=text size=40 value=" .$row["email"] . "><br>";
+
+echo "Weight <input type=text size=2 value=" .$row["weight"] . "> This lets you weight your pod lower on the list if you have too much trafic coming in<br>";
+echo "save button goes here<br><br><br>";
+
+echo "delete button with big warning its forever<br>";
+}
+if ($sfsdthis == 1) {
+$expire = date("Y-m-d H:i:s", time() + 7000);
+     $sql = "UPDATE pods SET token=$1, tokenexpire=$2 WHERE domain = '$domain'";
+     $result = pg_query_params($dbh, $sql, array($uuid,$expire));
+     if (!$result) {
+         die("Error in SQL query: " . pg_last_error());
+     }
+     $to = $_POST["email"];
+     $subject = "Temporary edit key for poduptime ";
+     $message = "Link: https://podupti.me/db/edit.php?domain=" . $_POST["domain"] . "&token=" . $uuid . " Expires: " . $expire . "\n\n";
+     $headers = "From: support@diasp.org\r\n";
+     @mail( $to, $subject, $message, $headers );    
+
+     echo "Link sent to your email";
+     pg_free_result($result);
+     pg_close($dbh);
+}
+?>
diff --git a/db/gettoken.php b/db/gettoken.php
new file mode 100644
index 0000000..0156e4a
--- /dev/null
+++ b/db/gettoken.php
@@ -0,0 +1,44 @@
+<?php
+ include('config.php');
+if (!$_POST['domain']){
+  echo "no pod domain given";
+ die;
+}
+if (!$_POST['email']){
+  echo "no email given";
+ die;
+}
+$domain = $_POST['domain'];
+ $dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
+     if (!$dbh) {
+         die("Error in connection: " . pg_last_error());
+     }
+ $sql = "SELECT email FROM pods WHERE domain = '$domain'";
+ $result = pg_query($dbh, $sql);
+ if (!$result) {
+     die("Error in SQL query: " . pg_last_error());
+ }
+ while ($row = pg_fetch_array($result)) {
+if ($row["email"] <> $_POST['email']) {
+echo "email not a match";die;
+}
+ }
+     
+$uuid = md5(uniqid($domain, true));
+$expire = date("Y-m-d H:i:s", time() + 700);
+     $sql = "UPDATE pods SET token=$1, tokenexpire=$2 WHERE domain = '$domain'";
+     $result = pg_query_params($dbh, $sql, array($uuid,$expire));
+     if (!$result) {
+         die("Error in SQL query: " . pg_last_error());
+     }
+     $to = $_POST["email"];
+     $subject = "Temporary edit key for podupti.me";
+     $message = "Link: https://podupti.me/db/edit.php?domain=" . $_POST["domain"] . "&token=" . $uuid . " Expires: " . $expire . "\n\n";
+     $headers = "From: support@diasp.org\r\n";
+     @mail( $to, $subject, $message, $headers );    
+
+     echo "Link sent to your email";
+     pg_free_result($result);
+     pg_close($dbh);
+
+?>
diff --git a/db/tables.sql b/db/tables.sql
index 240b3f6..a93eda2 100644
--- a/db/tables.sql
+++ b/db/tables.sql
@@ -39,7 +39,10 @@ CREATE TABLE pods (
  service_twitter booleen,
  service_tumblr booleen,
  service_wordpress booleen,
+ token text,
+ tokenexpire timestamp,
  comment_counts int,
+ weight int DEFAULT 10,
  dateUpdated timestamp DEFAULT current_timestamp,
  dateLaststats timestamp DEFAULT current_timestamp,
  dateCreated timestamp DEFAULT current_timestamp
diff --git a/index.php b/index.php
index 192a87e..c1e2241 100644
--- a/index.php
+++ b/index.php
@@ -85,7 +85,7 @@ if ($detect->isMobile()) {echo '<link rel="stylesheet" href="css/mobile.css" />'
 	?>
       </div>
       <div id="add">
-        Pod Host? <u style="cursor: pointer; cursor: hand;">Click here</u> to add your listing.<br>
+        Pod Host? <u style="cursor: pointer; cursor: hand;">Click here</u> to add/edit your listing.<br>
 	</div>
 	<div id="info">
 	Data last refreshed at: <?php echo date("F d Y H:i:s.", filemtime($lastfile)) ?> Pacific Time<br>
@@ -104,6 +104,8 @@ if ($detect->isMobile()) {echo '<link rel="stylesheet" href="css/mobile.css" />'
         Your Email:<input type="text" name="email" class="xlarge span4" placeholder="user@domain.com"><br>
         <input type="submit" value="submit">
         </form>
+	Need to edit somehing?<br>
+	<form action="db/gettoken.php" method="post">Pod Domainname:<input type="text" name="domain">Registered Email:<input type="text" name="email"><input type=submit value="send"></form>
         <br>Is your pod missing? If the server can not get a diaspora session its on the hidden list <a href="http://podupti.me/?hidden=true">Show</a>. This
 is mostly because of selfsigned or openca certs, if you need a free ssl cert get one from startssl.com.
         <br>
-- 
GitLab