From c3c34efa13d4de0c4dc49a65179376525c83017e Mon Sep 17 00:00:00 2001
From: Chris <christian@haschek.at>
Date: Sun, 18 May 2025 22:30:53 +0200
Subject: [PATCH] preparations for admin panel

---
 docker-compose-dev.yml       |  1 +
 docker-compose.yml           |  1 +
 docker/rootfs/start.sh       |  1 +
 src/inc/core.php             | 24 ++++++++++
 src/templates/admin.html.php | 93 ++++++++++++++++++++++++++++++++++++
 5 files changed, 120 insertions(+)
 create mode 100644 src/templates/admin.html.php

diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 021838f..020394a 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -9,6 +9,7 @@ services:
         - URL=http://localhost:8080/
         - MAX_UPLOAD_SIZE=1000
         # Security settings
+        - ADMIN_PASSWORD=test # password for the admin panel. if empty, admin panel is disabled
         - ALLOWED_SUBNET= #IP address or subnet mask to allow upload to the server
         - CONTENTCONTROLLERS= # limit uploaded file types
         - MASTER_DELETE_CODE= # code to delete all files
diff --git a/docker-compose.yml b/docker-compose.yml
index 0537098..1364b50 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,6 +7,7 @@ services:
         - URL=http://localhost:8080/
         - MAX_UPLOAD_SIZE=20 #in MB
         # Security settings
+        - ADMIN_PASSWORD= # password for the admin panel. if empty, admin panel is disabled
         - ALLOWED_SUBNET= #IP address or subnet mask to allow upload to the server
         - CONTENTCONTROLLERS= # limit uploaded file types
         - MASTER_DELETE_CODE= # code to delete all files
diff --git a/docker/rootfs/start.sh b/docker/rootfs/start.sh
index 78a1bf7..5ab7cbf 100644
--- a/docker/rootfs/start.sh
+++ b/docker/rootfs/start.sh
@@ -60,6 +60,7 @@ _buildConfig() {
     echo "define('REDIS_CACHING', ${REDIS_CACHING:-true});"
     echo "define('REDIS_SERVER', '${REDIS_SERVER:-/run/redis/redis.sock}');"
     echo "define('REDIS_PORT', ${REDIS_PORT:-6379});"
+    echo "define('ADMIN_PASSWORD', '${ADMIN_PASSWORD:-}');"
 }
 
 # starting redis
diff --git a/src/inc/core.php b/src/inc/core.php
index 7cf1e7a..85f28eb 100644
--- a/src/inc/core.php
+++ b/src/inc/core.php
@@ -32,6 +32,25 @@ function architect($u)
         return renderTemplate('main.html.php',['forbidden'=>$forbidden]);
     }
 
+    // admin logic
+    if($u[0] == 'admin' && defined('ADMIN_PASSWORD') && ADMIN_PASSWORD != '')
+    {
+        session_start();
+        if($_REQUEST['password'] && $_REQUEST['password']== ADMIN_PASSWORD)
+        {
+            $_SESSION['admin'] = true;
+        }
+        if($_SESSION['admin'])
+        {
+            if(isset($_REQUEST['logout']))
+            {
+                unset($_SESSION['admin']);
+                session_destroy();
+            }
+        }
+        return renderTemplate('admin.html.php');
+    }
+
     //check cache
     if(isset($GLOBALS['redis']))
     {
@@ -41,6 +60,7 @@ function architect($u)
             list($cc, $hash) = explode(';', $cache_data);
             if(defined('LOG_VIEWS') && LOG_VIEWS===true)
                 addToLog("Cache hit: ".getUserIP()." viewed $hash\t".$_SERVER['HTTP_USER_AGENT'], ROOT.DS.'logs/views.log');
+            $GLOBALS['redis']->incr("served:$hash");
             return (new $cc())->handleHash($hash,$u);
         }
     }
@@ -162,6 +182,10 @@ function architect($u)
                 {
                     $GLOBALS['redis']->set('cache:byurl:'.implode('/',$u),"$cc;$hash");
                     addToLog("Caching URL \t".implode('/',$u)."\thash: $hash\tto content controller: $cc");
+                    if($hash!==true)
+                        $GLOBALS['redis']->incr("served:$hash");
+                    else //if it's a dynamic image, we count how many times this url was served
+                        $GLOBALS['redis']->incr("served:".implode('/',$u));
                 }
                 return (new $cc())->handleHash($hash,$u);
             }
diff --git a/src/templates/admin.html.php b/src/templates/admin.html.php
new file mode 100644
index 0000000..3290905
--- /dev/null
+++ b/src/templates/admin.html.php
@@ -0,0 +1,93 @@
+<!DOCTYPE html>
+<!--[if IEMobile 7 ]>    <html class="no-js iem7"> <![endif]-->
+<!--[if (gt IEMobile 7)|!(IEMobile)]><!-->
+<html class="no-js"> <!--<![endif]-->
+
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>PictShare - the smart CDN</title>
+
+    <!-- Bootstrap -->
+    <link href="/css/bootstrap.min.css" rel="stylesheet">
+
+    <!-- PictShare overwrites -->
+    <link href="/css/pictshare.css" rel="stylesheet">
+    <link href="/css/dropzone.css" rel="stylesheet">
+    <link href="/css/hljs-dracula.css" rel="stylesheet">
+
+
+    <!-- github-fork-ribbon-css
+	     https://simonwhitaker.github.io/github-fork-ribbon-css/ -->
+    <link href="/css/gh-fork-ribbon.min.css" rel="stylesheet">
+
+    <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
+    <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
+    <!--[if lt IE 9]>
+        <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+        <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+        <![endif]-->
+
+    <script>
+        var maxUploadFileSize = <?php echo (int)(ini_get('upload_max_filesize')); ?>
+    </script>
+
+    <meta name="description" content="Free image sharing, linking and tracking">
+    <meta name="keywords" content="image, share, hosting, free">
+    <meta name="robots" content="index, follow">
+    <meta name="copyright" content="Haschek Solutions">
+    <meta name="language" content="EN,DE">
+    <meta name="author" content="Haschek Solutions">
+    <meta name="distribution" content="global">
+    <meta name="rating" content="general">
+
+</HEAD>
+
+<BODY>
+
+    <div class="container" id="headcontainer">
+        <div class="row">
+            <div class="col-md-8">
+                <a href="/"><img src="/css/imgs/logo/horizontalv3.png" /></a>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+        <h2>Admin Panel</h2>
+        <?php if (!$_SESSION['admin']) { ?>
+            <form method="post" action="/admin">
+                <div class="input-group mb-3">
+                    <input type="password" class="form-control" name="password" placeholder="Password" aria-label="Password" aria-describedby="btn-addn">
+                    <button class="btn btn-outline-secondary" type="submit" id="btn-addn">Login</button>
+                </div>
+            </form>
+        <?php } ?>
+        <?php if ($_SESSION['admin']) { ?>
+            <div class="alert alert-success" role="alert">You are logged in as admin</div>
+            <form method="post" action="/admin">
+                <button type="submit" name="logout" class="btn btn-danger">Logout</button>
+            </form>
+
+            <ul class="nav">
+                <li class="nav-item">
+                    <a class="nav-link" aria-current="page" href="#">Stats</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="#">Review</a>
+                </li>
+            </ul>
+            
+        <?php } ?>
+    </div>
+
+    <div class="container">
+        <footer class="text-center">(c)<?php echo date("y"); ?> by<br /><a href="https://haschek.solutions" target="_blank"><img height="30" src="/css/imgs/hs_logo.png" /></a></footer>
+    </div>
+
+
+    <script src="/js/pictshare.js"></script>
+</BODY>
+
+</HTML>
\ No newline at end of file