PBBFA23CIV/EIANotesApp
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added admin page

Browse Source
This commit is contained in:
Felix Ivo 2025-07-07 14:42:34 +02:00
parent c5ebde8b20
commit 9bca8fd1d1
4 changed files with 167 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Controller/NotesController.php
View File

@ -101,4 +101,39 @@ class NotesController
header("Location: ?controller=Notes&page=showNotes&do=showNotes"); header("Location: ?controller=Notes&page=showNotes&do=showNotes");
exit(); exit();
} }
public function fileManager()
{
# Redirect zum Login wenn kein User eingeloggt ist
if(!Isset($_SESSION['role']))
{
header("Location: ?controller=User&do=showUserLoginForm");
}
# Redirect zum Welcome wenn kein User kein Admin ist
if(!Isset($_SESSION['role']) || $_SESSION['role'] !== 'admin')
{
header("Location: ?controller=Welcome&do=showWelcome");
}
$sortBy = $_GET['sort_by'] ?? 'uploaded_at';
$sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC');
$isAdmin = $_SESSION['role'] === 'admin';
$userid = $_SESSION['user_id'];
$files = $this->notesModel->selectFiles($userid, true);
$this->view->setVars([
"files" => $files
]);
}
public function deleteFile()
{
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['file_id'])) {
$fileId = $_POST['file_id'];
$this->notesModel->deleteFile($fileId, $_SESSION['user_id']);
}
header("Location: ?controller=Notes&do=fileManager");
exit();
}
} }

65
Model/NotesModel.php
View File

@ -43,6 +43,37 @@ class NotesModel extends Database
return false; return false;
} }
} }
public function selectFiles($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
{
$pdo = $this->linkDB();
$erg = array();
// Whitelist of allowed sort columns
$allowedSortColumns = ['id', 'original_filename', 'stored_filename', 'note_id', 'owner_username', 'uploaded_at', 'file_size'];
$allowedSortOrders = ['ASC', 'DESC'];
$sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'uploaded_at';
$sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
try {
if ($isAdmin) {
$sql = "SELECT f.*, n.title AS note_title, u.username AS owner_username
FROM files f
JOIN notes n ON f.note_id = n.id
JOIN users u ON n.user_id = u.id
ORDER BY {$sortBy} {$sortOrder}";
$stmt = $pdo->prepare($sql);
$stmt->execute();
}
$erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
return $erg;
} catch (PDOException $e) {
error_log("Database Error in selectFiles: " . $e->getMessage());
return false;
}
}
function getNoteById($noteId) { function getNoteById($noteId) {
$pdo = $this->linkDB(); $pdo = $this->linkDB();
@ -222,4 +253,38 @@ class NotesModel extends Database
} }
return ['success' => true, 'message' => 'Files uploaded successfully.', 'fileNames' => $uploadedFileNames]; return ['success' => true, 'message' => 'Files uploaded successfully.', 'fileNames' => $uploadedFileNames];
} }
public function deleteFile($fileId, $userId) {
$pdo = $this->linkDB();
if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
try {
// Delete the local file
$stmt = $pdo->prepare("SELECT stored_filename FROM files WHERE id = ?");
$stmt->execute([$fileId]);
$file = $stmt->fetch();
if ($file) {
$filePath = $_SERVER['DOCUMENT_ROOT'] . '/EIANotesApp/Uploads/' . $file['stored_filename'];
if (file_exists($filePath)) {
unlink($filePath);
}
}
if ($this->isAdmin()) { // Admin can delete any file
$stmt = $pdo->prepare("DELETE FROM files WHERE id = ?");
$params = [$fileId];
} else { // User can only delete their own files
$stmt = $pdo->prepare("DELETE FROM files WHERE id = ? AND note_id IN (SELECT id FROM notes WHERE user_id = ?)");
$params = [$fileId, $userId];
}
$stmt->execute($params);
if ($stmt->rowCount() > 0) {
return ['success' => true, 'message' => 'File deleted successfully.'];
}
return ['success' => false, 'message' => 'File not found or permission denied.'];
} catch (PDOException $e) {
error_log("Delete File Error: " . $e->getMessage());
return ['success' => false, 'message' => 'Failed to delete file.'];
}
}
} }

64
Views/Notes/fileManager.phtml Normal file
View File

@ -0,0 +1,64 @@
<?php include dirname(__DIR__).'/header.phtml'; ?>
<div class="container">
<?php
function isLoggedIn() {
return isset($_SESSION['user_id']);
}
function isAdmin() {
return isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
}
function sanitize($data, $flags = ENT_QUOTES, $encoding = 'UTF-8') {
return htmlspecialchars((string)$data, $flags, $encoding);
}
$sortBy = $_GET['sort_by'] ?? 'uploaded_at';
$sortOrder = strtoupper($_GET['sort_order'] ?? 'DESC'); // Ensure uppercase for comparison
?>
<div class="page-header">
<h2>All Users' Files</h2>
</div>
<?php if (isset($errmsg)): ?>
<label class="error-message"><?php echo $errmsg; ?></label>
<?php endif; ?>
<table class="notes-table">
<thead>
<tr>
<th data-sort="id">File ID <span class="sort-icon"><?php if($sortBy === 'id') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="original_filename">Original File Name <span class="sort-icon"><?php if($sortBy === 'original_filename') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="stored_filename">Stored File Name <span class="sort-icon"><?php if($sortBy === 'stored_filename') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="note_id">Note ID <span class="sort-icon"><?php if($sortBy === 'note_id') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="owner_username">Owner <span class="sort-icon"><?php if($sortBy === 'owner_username') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="uploaded_at">Uploaded At <span class="sort-icon"><?php if($sortBy === 'uploaded_at') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th data-sort="file_size">File Size <span class="sort-icon"><?php if($sortBy === 'file_size') echo $sortOrder === 'ASC' ? '▲' : '▼'; ?></span></th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($files as $file): ?>
<tr>
<td><?php echo sanitize($file['id']); ?></td>
<td><a href="/EIANotesApp/Uploads/<?php echo $file['stored_filename']; ?>" download target="_blank"><?php echo sanitize($file['original_filename']); ?></a></td>
<td><?php echo sanitize($file['stored_filename']); ?></td>
<td><?php echo sanitize($file['note_id']); ?></td>
<td><?php echo sanitize($file['owner_username']); ?></td>
<td><?php echo date("d.m.Y H:i", strtotime($file['uploaded_at'])); ?></td>
<td><?php echo round(sanitize($file['file_size']) / 1024, 2) . ' KB'; ?></td>
<td class="actions-cell">
<form method="POST" action="?controller=Notes&do=deleteFile" onsubmit="return confirm('Are you sure you want to delete this file?');" style="display: inline;">
<input type="hidden" name="file_id" value="<?php echo $file['id']; ?>">
<button type="submit" class="button danger">Delete</button>
<input type="hidden" name="controller" value="Notes">
<input type="hidden" name="do" value="deleteFile">
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php include dirname(__DIR__).'/footer.phtml'; ?>

4
Views/header.phtml
View File

@ -16,6 +16,9 @@
<ul> <ul>
<li><a href="?controller=Welcome&do=showWelcome">Welcome!</a></li> <li><a href="?controller=Welcome&do=showWelcome">Welcome!</a></li>
<li><a href="?controller=Notes&do=showNotes">Notes</a></li> <li><a href="?controller=Notes&do=showNotes">Notes</a></li>
<?php if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin'): ?>
<li><a href="?controller=Notes&do=fileManager">File Manager</a></li>
<?php endif; ?>
</ul> </ul>
</nav> </nav>
@ -25,7 +28,6 @@
<form id="logout-form" method="POST" style="display: inline;"> <form id="logout-form" method="POST" style="display: inline;">
<a class="icon-button" href="?controller=User&do=logoutUser"></a> <a class="icon-button" href="?controller=User&do=logoutUser"></a>
</form> </form>
<!-- <button class="icon-button" title="More options">⋮</button> -->
</div> </div>
<?php else: ?> <?php else: ?>
<div class="user-info"> <div class="user-info">