From e2860cee0216bfeb8e7cadd31b63f52ef9a5b1bb Mon Sep 17 00:00:00 2001
From: MallocNull <aleco@aroltd.com>
Date: Wed, 20 Aug 2014 19:03:43 -0500
Subject: [PATCH] good tidings to zion

what is a zion
---
 bot/bot/Autonomous.cs |   1 +
 bot/bot/Bot.cs        |   2 +-
 bot/bot/bot.csproj    |   1 +
 www/admin.php         | 109 ++++++++++++++++++++++++++++++++++++++
 www/auto.php          | 119 ++++++++++++------------------------------
 www/config.php        |   2 +-
 www/header.php        |   2 +-
 www/index.php         |   5 ++
 www/resp.php          |   4 +-
 9 files changed, 155 insertions(+), 90 deletions(-)
 create mode 100644 www/admin.php

diff --git a/bot/bot/Autonomous.cs b/bot/bot/Autonomous.cs
index e1391ce..8151660 100644
--- a/bot/bot/Autonomous.cs
+++ b/bot/bot/Autonomous.cs
@@ -6,5 +6,6 @@ using System.Threading.Tasks;
 
 namespace bot {
     class Autonomous {
+
     }
 }
diff --git a/bot/bot/Bot.cs b/bot/bot/Bot.cs
index 93898ca..a5240ee 100644
--- a/bot/bot/Bot.cs
+++ b/bot/bot/Bot.cs
@@ -36,7 +36,7 @@ namespace bot {
         public static void loadResponseList() {
             responseList = new List<Response>();
             var tmp = _G.spawnNewConnection();
-            var r = Query.Reader("SELECT * FROM `responses` WHERE", tmp);
+            var r = Query.Reader("SELECT * FROM `responses`", tmp);
             while(r.Read()) {
                 if(!r.GetBoolean("independent"))
                     responseList.Add(new Response(
diff --git a/bot/bot/bot.csproj b/bot/bot/bot.csproj
index 9da499f..a1d17b5 100644
--- a/bot/bot/bot.csproj
+++ b/bot/bot/bot.csproj
@@ -71,6 +71,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Autonomous.cs" />
     <Compile Include="Bot.cs" />
     <Compile Include="Chat.cs" />
     <Compile Include="Condition.cs" />
diff --git a/www/admin.php b/www/admin.php
new file mode 100644
index 0000000..d9a6034
--- /dev/null
+++ b/www/admin.php
@@ -0,0 +1,109 @@
+<?php include("conn.php");
+
+if(mysql_fetch_object(mysql_query("SELECT * FROM `admin` WHERE `username`='". mysql_real_escape_string($_SESSION['user']) ."'"))->accountaccess == false)
+    header("Location: index.php?err=You do not have permission to access account data!");
+
+if($_GET['del']) {
+    mysql_query("DELETE FROM `admin` WHERE `id`=".$_GET['del']);
+    header("Location: admin.php");
+}
+
+if($_POST["editId"]) {
+    // TODO update this
+    if(trim($_POST["password"]))
+        mysql_query("UPDATE `admin` SET `username`='". mysql_real_escape_string($_POST['username']) ."', `password`='". hash('sha256',$_POST['password']) ."', `accountaccess`=". (($_POST['access'])?"1":"0") ." WHERE `id`=". $_POST['editId']) or die(mysql_error());
+    else
+        mysql_query("UPDATE `admin` SET `username`='". mysql_real_escape_string($_POST['username']) ."', `accountaccess`=". (($_POST['access'])?"1":"0") ." WHERE `id`=". $_POST['editId']) or die(mysql_error());
+    header("Location: admin.php");
+}
+
+if($_POST["username"] && !$_POST["editId"]) {
+    mysql_query("INSERT INTO `admin` (`username`,`password`,`accountaccess`) VALUES ('". mysql_real_escape_string($_POST['username']) ."','". hash('sha256',$_POST['password']) ."',". (($_POST['access'])?"1":"0") .")") or die(mysql_error());
+    header("Location: admin.php");
+}
+
+include("header.php");
+?>
+    <script type="text/javascript">
+        function confirmDeletion(id) {
+            var q = confirm("Are you sure you want to delete this account?");
+            if(q) window.location.href = "admin.php?del="+id;
+        }
+    </script>
+    <center>
+    <fieldset class="wide" style="padding-bottom: 0;">
+    <?php if(!$_GET["do"]) { ?>
+        <legend>Admin Account List</legend>
+        <p style="margin-top: 0;"><a href="admin.php?do=new">New Admin Account</a></p>
+        <center>
+            <?php
+            $q = mysql_query("SELECT * FROM `admin`");
+            while($acc = mysql_fetch_object($q)) {
+                echo "
+                        <table border='0' style='width:790px;border:1px solid black;margin:5px;'>
+                            <tr>
+                                <td style='width:50px;text-align:center;verticle-align:middle;'>
+                                    <a href='admin.php?do=edit&id=". $acc->id ."' style='verticle-align: middle;'><img src='img/edit.png' border='0' /></a>
+                                    &nbsp;<img src='img/delete.png' border='0' class='fakelink' onclick='confirmDeletion(". $acc->id .");' />
+                                </td>
+                                <td style='width:150px;'>
+                                    ". $acc->username ."
+                                </td>
+                                <td>
+                                    ". (($acc->accountaccess)?"Has access to admin accounts":"Does not have access to admin accounts") ."
+                                </td>
+                            </tr>
+                        </table>";
+            }
+            ?>
+        </center>
+    <?php } else if($_GET["do"]=="new") { ?>
+        <legend>Create New Account</legend>
+        <form method="post" action="">
+            <p>
+                Username:
+                <input type="textbox" name="username" />
+            </p>
+            <p>
+                Password:
+                <input type="password" name="password" />
+            </p>
+            <p>
+                Has access to admin accounts?
+                <input type="checkbox" name="access" />
+            </p>
+            <p>
+                <input type="submit" name="addAccount" value="Add Account" />
+                &nbsp;&nbsp;&nbsp;&nbsp;
+                <input type="button" value="Cancel" onclick="window.location.href = 'admin.php';" />
+            </p>
+        </form>
+    <?php } else if($_GET["do"]=="edit") {
+    $acc = mysql_fetch_object(mysql_query("SELECT * FROM `admin` WHERE `id`=".$_GET['id']));
+    ?>
+        <legend>Edit Account</legend>
+        <form method="post" action="">
+            <p>
+                Username:
+                <input type="textbox" name="username" value="<?php echo $acc->username ?>" />
+            </p>
+            <p>
+                Password:
+                <input type="password" name="password" />
+                (leave blank if not changing)
+            </p>
+            <p>
+                Has access to admin accounts?
+                <input type="checkbox" name="access"<?php if($acc->accountaccess) { ?> checked="checked"<?php } ?> />
+            </p>
+            <p>
+                <input type="submit" name="editAccount" value="Edit Account" />
+                <input type="hidden" name="editId" value="<?php echo $_GET['id']; ?>" />
+                &nbsp;&nbsp;&nbsp;&nbsp;
+                <input type="button" value="Cancel" onclick="window.location.href = 'admin.php';" />
+            </p>
+        </form>
+    <?php } ?>
+    </fieldset>
+    </center>
+<?php include("footer.php"); ?>
\ No newline at end of file
diff --git a/www/auto.php b/www/auto.php
index 8d2f0a2..cb4628c 100644
--- a/www/auto.php
+++ b/www/auto.php
@@ -28,12 +28,12 @@ if($_POST["resptype"] && !$_POST["editId"]) {
 include("header.php");
 ?>
     <script type="text/javascript">
-        /*var defaultCool = <?php echo $config->cooldown; ?>;
+        /*var defaultCool = <?php echo $config->cooldown; ?>;*/
 
         function confirmDeletion(id) {
             var q = confirm("Are you sure you want to delete this response?");
             if(q) window.location.href = "resp.php?del="+id;
-        }*/
+        }
 
         function handleRespChange() {
             document.getElementById("respDesc").innerHTML = document.getElementById(""+document.getElementById("resptype").selectedIndex).innerHTML;
@@ -76,7 +76,38 @@ include("header.php");
         <legend>Create New Autonomous Routine</legend>
         <form method="post" action="" id="auto">
             <p>
-
+                Trigger first routine on
+                <select name="startday">
+                    <option value="-1">program start</option>
+                    <option value="1">Sunday</option>
+                    <option value="2">Monday</option>
+                    <option value="3">Tuesday</option>
+                    <option value="4">Wednesday</option>
+                    <option value="5">Thursday</option>
+                    <option value="6">Friday</option>
+                    <option value="7">Saturday</option>
+                </select>
+                at
+                <select name="starttimehour">
+                    <?php
+                    echo "<option value='-1'></option>";
+                    for($i = 1; $i <= 12; $i++) {
+                        echo "<option value='$i'>". (($i<10)?"0":"") ."$i</option>";
+                    }
+                    ?>
+                </select>
+                :
+                <select name="starttimehour">
+                    <?php
+                    echo "<option value='-1'></option>";
+                    for($i = 0; $i <= 59; $i++) {
+                        echo "<option value='$i'>". (($i<10)?"0":"") ."$i</option>";
+                    }
+                    ?>
+                </select>
+                <select name="timepredicate">
+                    <option value=""></option>
+                </select>
             </p>
             <p>
                 then
@@ -128,88 +159,6 @@ include("header.php");
     ?>
         <legend>Edit Response</legend>
         <form method="post" action="" id="resp">
-            <p>
-                If
-                        <span id="ifholder">
-                            <?php
-                            $conds = mysql_fetch_object(mysql_query("SELECT * FROM `responses` WHERE `id`=". $_GET['id']))->conditions;
-                            $conds = explode(";",$conds);
-                            $conds = array_slice($conds, 0, count($conds)-1);
-                            $on = 1;
-                            foreach($conds as $cond) {
-                                $tk = explode(",",$cond);
-                                if(count($tk) > 3) { ?>
-                                    <span id="if<?php echo $on; ?>" class="block">
-                                        <select name="if<?php echo $on; ?>lpar">
-                                            <?php
-                                            for($i = 0; $i < 6; $i++) {
-                                                echo "<option value=\"$i\"";
-                                                if($i==intval($tk[0]))
-                                                    echo " selected='selected'";
-                                                echo ">";
-                                                for($j = 0; $j < $i; $j++)
-                                                    echo "(";
-                                                echo "</option>";
-                                            }
-                                            ?>
-                                        </select>
-                                        <select name="if<?php echo $on; ?>not">
-                                            <option value="0"></option>
-                                            <option value="1"<?php if(intval($tk[1])==1) { ?> selected="selected"<?php } ?>>not</option>
-                                        </select>
-                                        <select name="if<?php echo $on; ?>cond">
-                                            <?php
-                                            $q = mysql_query("SELECT * FROM `conditions`");
-                                            while($cond = mysql_fetch_object($q)) {
-                                                echo "<option value='". $cond->id ."'";
-                                                if($cond->id == intval($tk[2]))
-                                                    echo " selected='selected'";
-                                                echo ">". $cond->friendlyname ."</option>";
-                                            }
-                                            ?>
-                                        </select>
-                                        <input type="text" name="if<?php echo $on; ?>param" value="<?php echo escapeDoubleQuotes($tk[3]); ?>" />
-                                        <select name="if<?php echo $on; ?>rpar">
-                                            <?php
-                                            for($i = 0; $i < 6; $i++) {
-                                                echo "<option value=\"$i\"";
-                                                if($i==intval($tk[4]))
-                                                    echo " selected='selected'";
-                                                echo ">";
-                                                for($j = 0; $j < $i; $j++)
-                                                    echo ")";
-                                                echo "</option>";
-                                            }
-                                            ?>
-                                        </select>
-                                        <img src='img/arrow_up.png' class='fakelink' style='vertical-align: text-bottom;' onclick='handleRowUp(<?php echo $on; ?>);' />
-                                        <img src='img/arrow_down.png' class='fakelink' style='vertical-align: text-bottom;' onclick='handleRowDown(<?php echo $on; ?>);' />
-                                        <img src='img/delete.png' class='fakelink' style='vertical-align: text-bottom;' onclick='handleRowDelete(<?php echo $on; ?>);' />
-                                    </span>
-                                    <?php for($i = 0; $i < intval($tk[0]); $i++)
-                                        $ret .= "(";
-                                    if($tk[1] == "1")
-                                        $ret .= "not ";
-                                    $ret .= $condtypes[intval($tk[2])] ." ". $tk[3];
-                                    for($i = 0; $i < intval($tk[4]); $i++)
-                                        $ret .= ")";
-                                    $ret .= " ";
-                                    $i++;
-                                } else { ?>
-                                    <span id="op<?php echo $i; ?>">
-                                        <select name='op<?php echo $i; ?>'>
-                                            <option value='0'>and</option>
-                                            <option value='1'<?php if(intval($tk[0]==1)) { ?> selected="selected" <?php } ?>>or</option>
-                                        </select>
-                                    </span>
-                                <?php }
-                            }
-                            ?>
-                        </span>
-                        <span class="block">
-                            <a href="javascript:addCondition();">Add Condition</a>
-                        </span>
-            </p>
             <p>
                 then
                 <select name="resptype" id="resptype" onchange="handleRespChange();">
diff --git a/www/config.php b/www/config.php
index 89fa52e..1a2cfc5 100644
--- a/www/config.php
+++ b/www/config.php
@@ -255,7 +255,7 @@ include("header.php"); ?>
                         </td></tr>
                     <tr><td style="text-align: right;">Chat Username:</td><td><input type="text" name="username" value="<?php echo escapeDoubleQuotes($config->username); ?>" /></td></tr>
                     <tr><td style="text-align: right;">Bot Name:</td><td><input type="text" name="name" value="<?php echo escapeDoubleQuotes($config->name); ?>" /></td></tr>
-                    <tr><td style="text-align: right;">Chat Buffer Size:</td><td><input type="text" name="buffsize" value="<?php echo $config->buffersize; ?>" /> messages</td></tr>
+                    <tr><td style="text-align: right;">Chat Buffer Size:</td><td><input type="text" name="buffsize" size="6" value="<?php echo $config->buffersize; ?>" /> messages</td></tr>
                     <tr><td></td><td><input type="submit" name="changeConfig" value="Modify" /></td></tr>
                 </table>
             </form>
diff --git a/www/header.php b/www/header.php
index 70b9a75..a525b85 100644
--- a/www/header.php
+++ b/www/header.php
@@ -18,7 +18,7 @@
         <?php if($request == "config") { ?>Configuration<?php } else { ?><a href="config.php">Configuration</a><?php } ?> |
         <?php if($request == "resp") { ?>Responses<?php } else { ?><a href="resp.php">Responses</a><?php } ?> |
         <?php if($request == "auto") { ?>Autonomous<?php } else { ?><a href="auto.php">Autonomous</a><?php } ?> |
-        <?php if($request == "admin") { ?>Admin Access<?php } else { ?><a href="admin.php">Admin Access</a><?php } ?> |
+        <?php if($request == "admin") { ?>Admin Accounts<?php } else { ?><a href="admin.php">Admin Accounts</a><?php } ?> |
         <a href="jews.php">Logout</a>
     </h4>
 </center>
\ No newline at end of file
diff --git a/www/index.php b/www/index.php
index b297431..72008ca 100644
--- a/www/index.php
+++ b/www/index.php
@@ -57,5 +57,10 @@ if($_GET["jew"] == "true")
             ?>
         </fieldset>
     </center>
+    <script type="text/javascript">
+        <?php if($_GET["err"]) { ?>
+        alert("<?php echo $_GET["err"]; ?>");
+        <?php } ?>
+    </script>
     <?php include("footer.php"); ?>
 <?php } ?>
\ No newline at end of file
diff --git a/www/resp.php b/www/resp.php
index 290b782..3acdc35 100644
--- a/www/resp.php
+++ b/www/resp.php
@@ -43,7 +43,7 @@ if($_POST["editId"]) {
         if(isset($_POST["op".$i])) $c .= $_POST["op".$i] .";";
     }
 
-    mysql_query("UPDATE `responses` SET `conditions`='". mysql_real_escape_string($c) ."', `respid`=". $_POST['resptype'] .", `parameters`='". mysql_real_escape_string($_POST['parameters']) ."', `cooldown`=". (($_POST['cdd']==0)?-1:$_POST['cooldown']) .", `independent`=". $_POST['indie'] ." WHERE `id`=". $_POST['editId']) or die(mysql_error());
+    mysql_query("UPDATE `responses` SET `conditions`='". mysql_real_escape_string($c) ."', `respid`=". $_POST['resptype'] .", `parameters`='". mysql_real_escape_string($_POST['parameters']) ."', `cooldown`=". (($_POST['cdd']==0)?-1:$_POST['cooldown']) .", `independent`=". (($_POST['indie'])?"1":"0") ." WHERE `id`=". $_POST['editId']) or die(mysql_error());
     mysql_query("UPDATE `updater` SET `responses`=1 WHERE `id`=1");
     header("Location: resp.php");
 }
@@ -56,7 +56,7 @@ if($_POST["resptype"] && !$_POST["editId"]) {
         if(isset($_POST["op".$i])) $c .= $_POST["op".$i] .";";
     }
 
-    mysql_query("INSERT INTO `responses` (`conditions`,`respid`,`parameters`,`cooldown`,`independent`) VALUES ('". mysql_real_escape_string($c) ."',". $_POST['resptype'] .",'". mysql_real_escape_string($_POST['parameters']) ."',". (($_POST['ccd']==0)?-1:$_POST['cooldown']) .",". $_POST['indie'] .")") or die(mysql_error());
+    mysql_query("INSERT INTO `responses` (`conditions`,`respid`,`parameters`,`cooldown`,`independent`) VALUES ('". mysql_real_escape_string($c) ."',". $_POST['resptype'] .",'". mysql_real_escape_string($_POST['parameters']) ."',". (($_POST['ccd']==0)?-1:$_POST['cooldown']) .",". (($_POST['indie'])?"1":"0") .")") or die(mysql_error());
     mysql_query("UPDATE `updater` SET `responses`=1 WHERE `id`=1");
     header("Location: resp.php");
 }