AdminPanel Formulare hinzugefügt, .gitignore aktualisiert

.gitignore

@@ -1,2 +1,3 @@
 copy.sh
 /bulitipp/script.lock
+/admin/secret.php

admin/check.php

@@ -0,0 +1,26 @@
+<?php
+header("Content-Type: application/json");
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: Authorization");
+
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+
+function getUserInfo(){
+		global $secret;
+		$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+
+		// "Bearer " entfernen
+		$token = str_replace('Bearer ', '', $token);
+
+		try {
+				$payload=JWT::decode($token, new Key($secret,"HS256"));
+				if($payload->expire<time()) die('{"error":"Token expired"}');
+				return $payload;
+		}catch(Exception $e){
+				die('{"error":"Invalid Token"}');
+		}
+}
+
+

admin/formulare/ergebnisse.php

@@ -0,0 +1,33 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+if(!isset($_GET["formular"])) die("GET formular fehlt");
+$formular=$_GET["formular"];
+
+$data=[];
+
+foreach(mysqli_execute_query($db_id,"SELECT `id` FROM `formulare-ergebnisse` WHERE `formular`=?;",[$formular]) as $ergebnisidrow){
+		$ergebnisid=$ergebnisidrow["id"];
+		$ergebnis=[];
+		
+		foreach(mysqli_execute_query($db_id,"SELECT `name`, `value` FROM `formulare-ergebnis` WHERE ergebnisid=?;",[$ergebnisid]) as $row){
+
+				$ergebnis[$row["name"]]=$row["value"];
+				
+		}
+		$data[]=$ergebnis;
+
+}
+
+echo json_encode($data,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
+
+

admin/formulare/newForm.php

@@ -0,0 +1,15 @@
+<?php
+include("../../../mysqlverbinden.php");
+include("../secret.php");
+include("../../vendor/autoload.php");
+
+include("../check.php");
+
+$payload=getUserInfo();
+
+$username=$payload->username;
+$id=$payload->id;
+
+mysqli_execute_query($db_id,"INSERT INTO `formulare` (`name`,`minitext`,`public`,`multiple`) VALUES ('','',1,1);");
+
+echo '{"success":true}';

admin/login.php

@@ -16,7 +16,7 @@ $username=$_GET["username"];
 if(!isset($_GET["password"])) die("GET password fehlt");
 $password=$_GET["password"];
 
-$result=mysqli_execute_query($db_id,"SELECT `password` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
+$result=mysqli_execute_query($db_id,"SELECT `password`, `id` FROM `adminpanel-users` WHERE `username`=?;",[$username])->fetch_assoc();
 if(!isset($result["password"])) 
 		die('{"error":"Falscher Benutzername","success":false}');
 
@@ -24,6 +24,7 @@ if(!password_verify($password,$result["password"]))
 		die('{"error":"Falsches Passwort","success":false}');
 
 $payload=[
+		"id"=>$result["id"],
 		"username"=>$username,
 		"expire"=>time()+3600
 ];

admin/userinfo.php

@@ -1,25 +1,10 @@
 <?php
-header("Content-Type: application/json");
-header("Access-Control-Allow-Origin: *");
-header("Access-Control-Allow-Headers: Authorization");
-
-
 include("../../mysqlverbinden.php");
 include("secret.php");
 include("../vendor/autoload.php");
 
-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 
-$token = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
+include("check.php");
 
-// "Bearer " entfernen
+$payload=getUserInfo();
-$token = str_replace('Bearer ', '', $token);
+echo json_encode($payload,JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
-
-try {
-		$payload=JWT::decode($token, new Key($secret,"HS256"));
-		if($payload->expire<time()) die('{"error":"Token expired"}');
-		echo json_encode($payload,JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
-}catch(Exception $e){
-		die('{"error":"Invalid Token"}');
-}

formulare/get_results.php

@@ -6,6 +6,10 @@ include("../../mysqlverbinden.php");
 if(!isset($_GET["id"])) die("GET id fehlt");
 $formularid=$_GET["id"];
 
+if(!mysqli_execute_query($db_id,"SELECT `public` FROM `formulare` WHERE `id`=?;",[$formularid])->fetch_assoc()["public"]){
+		die('{"error":"not_public"}');
+}
+
 function get_type_by_name($name){
 		global $db_id;
 		return mysqli_fetch_assoc(mysqli_execute_query($db_id,"SELECT `type` FROM `formulare-fields` WHERE `name`=?;",[$name]))["type"];

hits.txt

@@ -1 +1 @@
-7
+8