func Pages.AdminAccount(ctx)
{
var active = DB.LoginButton(ctx,false,"");
var csrf="";
var pages = [
{
active = false,
route = "/packages",
text = "Packages"
},
{
active = false,
route = "/upload",
text = "Upload"
},
active
];
if(!active.admin) ctx.StatusCode = 401;
if(ctx.Method == "POST")
{
var csrf2 = ctx.QueryParams.TryGetFirst("csrf");
if(!active.admin) {ctx.StatusCode = 401; return Shell("Not an admin", pages,Not an admin
);}
if(TypeOf(csrf2) != "String") {ctx.StatusCode = 401; return Shell("Invalid CSRF", pages,Invalid CSRF
);}
if(DB.VerifyCSRF(active.session, csrf2))
{
const oldname = ctx.QueryParams.TryGetFirst("oldname");
const newname = ctx.QueryParams.TryGetFirst("newname");
const motto = ctx.QueryParams.TryGetFirst("motto") ?? "";
const admin = ctx.QueryParams.GetFirstBoolean("admin");
const verified = ctx.QueryParams.GetFirstBoolean("verified");
if(TypeIsString(oldname) && TypeIsString(newname))
{
const userInfo = DB.GetAccountInfo(oldname);
if(TypeIsDictionary(userInfo))
{
var flags = ParseLong(userInfo.flags);
//CREATE TABLE IF NOT EXISTS accounts
//(id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT UNIQUE, accountName TEXT UNIQUE,
//password_hash TEXT, password_salt TEXT, motto TEXT, verifyKey TEXT UNIQUE,
//verifyExpire INTEGER, flags INTEGER, created INTEGER, verified INTEGER);
const wasVerified = (flags & DB.FLAG_VERIFIED) != 0;
if(userInfo.accountName != active.text)
{
if(!admin)
{
flags &= ~DB.FLAG_ADMIN;
}
if(!verified)
{
flags |= DB.FLAG_VERIFY;
flags &= ~DB.FLAG_VERIFIED;
}
}
if(admin)
{
flags |= DB.FLAG_ADMIN;
}
if(verified)
{
flags |= DB.FLAG_VERIFIED;
flags &= ~DB.FLAG_VERIFY;
}
DB.Lock();
const dbCon = DB.Open();
if(!wasVerified && verified)
{
Sqlite.Exec(dbCon, $"UPDATE accounts SET accountName = {Sqlite.Escape(newname)}, motto = {Sqlite.Escape(motto)}, flags = {Sqlite.Escape(flags)}, verified = {Sqlite.Escape(DateTime.NowEpoch ?? 0)} WHERE id = {Sqlite.Escape(userInfo.id)};");
}
else {
Sqlite.Exec(dbCon, $"UPDATE accounts SET accountName = {Sqlite.Escape(newname)}, motto = {Sqlite.Escape(motto)}, flags = {Sqlite.Escape(flags)} WHERE id = {Sqlite.Escape(userInfo.id)};");
}
Sqlite.Close(dbCon);
DB.Unlock();
ctx.StatusCode=303;
ctx.ResponseHeaders.SetValue("Location", "/admin_accounts");
return Shell("Redirect",pages,
Redirecting
Click here if it does not redirect
);
}
}
ctx.StatusCode=400;
return Shell("Must need a user",pages,
Must need a user
Click here to go back to admin list
);
}
else
{
ctx.StatusCode = 401; return Shell("Invalid CSRF", pages,Invalid CSRF
);
}
}
const name = ctx.QueryParams.TryGetFirst("account");
const page = ctx.QueryParams.TryGetFirstInt("page") ?? 1;
var cur = (page - 1) % 3;
var firstPage = (page-1) - cur;
var userInfo = null;
var motto_ta = "";
const list = [];
if(active.admin && TypeIsString(name))
{
userInfo = DB.GetAccountInfo(name);
if(!TypeIsDictionary(userInfo))
{
if(TypeIsString(userInfo) && userInfo == "No such user exists")
ctx.StatusCode = 404;
else
ctx.StatusCode = 500;
}
else {
csrf = DB.CreateCSRF(ctx);
motto_ta = TypeOf(userInfo.motto) == "String" ? userInfo.motto : "";
userInfo.flags = ParseLong(userInfo.flags);
}
}
if(active.admin && !TypeIsString(name))
{
const limit = 20;
DB.Lock();
const db = DB.Open();
const res = Sqlite.Exec(db, $"SELECT * FROM accounts LIMIT {Sqlite.Escape(limit)} OFFSET {Sqlite.Escape((page-1)*limit)};");
Sqlite.Close(db);
DB.Unlock();
if(TypeIsList(res))
{
each(var item in res)
{
const flags = ParseLong(item.flags);
list.Add({
name = item.accountName,
created = new DateTime(ParseLong(item.created)).ToString("%Y/%m/%d %H:%M:%S UTC"),
verified = (flags & DB.FLAG_VERIFIED) ? (new DateTime(ParseLong(item.verified)).ToString("%Y/%m/%d %H:%M:%S UTC")) : "N/A",
admin = (flags & DB.FLAG_ADMIN) ? "Yes" : "No"
});
}
}
else {
ctx.StatusCode = 500;
return Shell("Error", pages,
Error {res}
);
}
}
var html =
Error {userInfo}
Back To Admin
| Name |
Created |
Verified |
Admin |
| {item.name} |
{item.created} |
{item.verified} |
{item.admin} |
You are not authorized in the admin panel
;
return Shell("Admin Register", pages,html);
}