cavern/admin/ajax/config.php
2019-05-30 14:18:07 +08:00

61 lines
1.9 KiB
PHP

<?php
set_include_path('../../include/');
$includepath = TRUE;
require_once('../../config.php');
require_once('../../connection/SQL.php');
require_once('user.php');
require_once('security.php');
$user = validate_user();
if (!$user->valid) {
send_error(403, "novalid");
} else if (!($user->level >= 8)) {
send_error(403, "nopermission");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// modify blog settings
if (!validate_csrf()) {
send_error(403, "csrf");
}
$config_filename = "../../config.php";
$template_filename = "../../config.template";
if (!is_writable($config_filename)) {
send_error(500, "notwritable");
}
try {
$limit = abs(intval(@$_POST["limit"]));
$content = file_get_contents($template_filename);
$new_content = strtr($content, array(
"{blog_name}" => addslashes(@$_POST["name"]),
"{limit}" => ($limit != 0 ? $limit : 10),
"{register}" => (@$_POST["register"] === "true" ? "true" : "false")
));
file_put_contents($config_filename, $new_content);
$result = json_encode(array('status' => TRUE, "time" => round($_SERVER["REQUEST_TIME_FLOAT"] * 1000)));
} catch (Exception $e) {
http_response_code(500);
$result = json_encode(array('status' => $e->getMessage(), "time" => round($_SERVER["REQUEST_TIME_FLOAT"] * 1000)));
}
header('Content-Type: application/json');
echo $result;
exit;
} else if ($_SERVER["REQUEST_METHOD"] == "GET") {
// fetch settings
header('Content-Type: application/json');
echo json_encode(array_merge(array('status' => TRUE, "time" => round($_SERVER["REQUEST_TIME_FLOAT"] * 1000)), $blog));
exit;
}
function send_error($code, $message) {
http_response_code($code);
header('Content-Type: application/json');
echo json_encode(array('status' => $message));
exit;
}