API tools faq
paste
Guest User

Untitled

a guest
Feb 28th, 2018
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.78 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //Includes all functions and parses the post data into appropriate variables
  3. include 'functions.php';
  4. include 'lights.php';
  5.  
  6. $callback = json_decode(file_get_contents('php://input'));
  7. $attachments = $callback->attachments;
  8. $avatar = $callback->avatar_url;
  9. $name = $callback->name;
  10. $type = $callback->sender_type;
  11. $text = $callback->text;
  12. $userid = $callback->user_id;
  13.  
  14. $admins = get_admins();
  15. $ignored = get_ignored();
  16. $settings = get_settings();
  17.  
  18. //If logging is enabled in the config, this logs the chat to the database
  19. logging($userid, $name, $text);
  20.  
  21. //Only handles messages from users to prevent infinite loops
  22. if ($type == 'user' && !in_array($userid, $ignored) && $text[0] != '/') {
  23. //Basic response is a simple response to a found phrase
  24. basic_response($text, $name, $userid);
  25. //If the Weather Underground API token and location are set and weather has been enabled, this will return a forecast if someone says "weather"
  26. if ($settings['weather']) {
  27. weather_response($text);
  28. }
  29. //If anyone says "bitcoin" and the bitcoin setting is enabled, this will return the price in USD
  30. if ($settings['bitcoin']) {
  31. btc_response($text);
  32. }
  33. //If anyone says "ethereum" and the ethereum setting is enabled, this will return the price in USD and BTC
  34. if ($settings['ethereum']) {
  35. eth_response($text);
  36. }
  37. //If anyone says "litecoin" and the litecoin setting is enabled, this will return the price in USD and BTC
  38. if ($settings['litecoin']) {
  39. ltc_response($text);
  40. }
  41. if ($settings['lights']) {
  42. blink($ip, $pins, "50", "20");
  43. }
  44. }
  45. if (in_array($userid, $admins) && $type == 'user' && $text == '/config') {
  46. }
  47.  
  48. <?php
  49. //Writes the contents of a variable to a text file for debugging purposes
  50. function debugvar($variable) {
  51. file_put_contents('debug.txt', print_r($variable, true));
  52. }
  53. //Initialize the database
  54. function initdb() {
  55. $db = new PDO('sqlite:db.sqlite');
  56. $dbcmds = ['CREATE TABLE IF NOT EXISTS config(
  57. name TEXT NOT NULL,
  58. value TEXT NOT NULL
  59. )',
  60. 'CREATE TABLE IF NOT EXISTS settings(
  61. name TEXT NOT NULL,
  62. value INTEGER NOT NULL
  63. )',
  64. 'CREATE TABLE IF NOT EXISTS responses(
  65. find TEXT NOT NULL,
  66. respond TEXT NOT NULL
  67. )',
  68. 'CREATE TABLE IF NOT EXISTS users(
  69. name TEXT NOT NULL,
  70. userid TEXT NOT NULL,
  71. admin INTEGER,
  72. ignored INTEGER
  73. )',
  74. 'CREATE TABLE IF NOT EXISTS auth(
  75. username TEXT NOT NULL,
  76. password TEXT NOT NULL
  77. )',
  78. 'CREATE TABLE IF NOT EXISTS log(
  79. entry TEXT NOT NULL,
  80. timestamp INTEGER NOT NULL
  81. )',
  82. ];
  83. foreach ($dbcmds as $cmd) {
  84. $db->exec($cmd);
  85. }
  86. $clean = 1;
  87. foreach ($db->errorInfo() as $error) {
  88. if ($error != 0) {
  89. $clean = $error;
  90. }
  91. }
  92. return $clean;
  93. }
  94. //Gets the specified config variable value from the database
  95. function get_config_var($parameter) {
  96. $db = new PDO('sqlite:db.sqlite');
  97. $query = $db->prepare('SELECT value FROM config WHERE name=:name');
  98. $query->bindValue(':name', $parameter, PDO::PARAM_STR);
  99. $query->execute();
  100. $result = $query->fetch(PDO::FETCH_ASSOC);
  101. return $result['value'];
  102. }
  103. //Returns panel admins as an array
  104. function get_panel_admins() {
  105. $db = new PDO('sqlite:db.sqlite');
  106. $query = $db->prepare('SELECT username FROM auth');
  107. $query->execute();
  108. $result = $query->fetchAll(PDO::FETCH_COLUMN, 0);
  109. return $result;
  110. }
  111. //Adds admins listed in array
  112. function add_admin($user, $pass) {
  113. $db = new PDO('sqlite:db.sqlite');
  114. $admins = get_panel_admins();
  115. $username = strtolower($user);
  116. $password = password_hash($pass, PASSWORD_DEFAULT);
  117. if (!in_array($username, $admins)) {
  118. $query = $db->prepare('INSERT INTO auth (username, password) VALUES (:username, :password)');
  119. $query->bindValue(':username', $username, PDO::PARAM_STR);
  120. $query->bindValue(':password', $password, PDO::PARAM_STR);
  121. $query->execute();
  122. } else {
  123. echo "Admin already exists";
  124. }
  125. }
  126. //Changes an admin password to the specified password
  127. function change_admin_pass($users) {
  128. $db = new PDO('sqlite:db.sqlite');
  129. foreach ($users as $name=>$pass) {
  130. if (!empty($pass)) {
  131. $username = strtolower($name);
  132. $password = password_hash($pass, PASSWORD_DEFAULT);
  133. $query = $db->prepare('UPDATE auth set password=:password WHERE username=:username');
  134. $query->bindValue(':username', $username, PDO::PARAM_STR);
  135. $query->bindValue(':password', $password, PDO::PARAM_STR);
  136. $query->execute();
  137. }
  138. }
  139. }
  140. //Deletes admins listed in array
  141. function delete_admin($delete) {
  142. $db = new PDO('sqlite:db.sqlite');
  143. foreach ($delete as $name) {
  144. $query = $db->prepare('SELECT count(username) FROM auth');
  145. $query->execute();
  146. $count = $query->fetch();
  147. $count = $count[0];
  148. if ($count > '1') {
  149. $username = strtolower($name);
  150. $query = $db->prepare('DELETE FROM auth WHERE username=:name');
  151. $query->bindValue(':name', $username, PDO::PARAM_STR);
  152. $query->execute();
  153. } else {
  154. echo "Cannot delete last admin";
  155. }
  156. }
  157. }
  158. //Returns the responses as an array
  159. function get_responses() {
  160. $db = new PDO('sqlite:db.sqlite');
  161. $query = $db->prepare('SELECT find,respond FROM responses');
  162. $query->execute();
  163. return $query->fetchAll();
  164. }
  165. //Returns the config as an array
  166. function get_config() {
  167. $db = new PDO('sqlite:db.sqlite');
  168. $query = $db->prepare('SELECT name,value FROM config');
  169. $query->execute();
  170. return $query->fetchAll();
  171. }
  172. //Returns the chat log
  173. function get_log() {
  174. $db = new PDO('sqlite:db.sqlite');
  175. $query = $db->prepare('SELECT entry,timestamp FROM log');
  176. $query->execute();
  177. return $query->fetchAll();
  178. }
  179. //Returns the admins as an array
  180. function get_admins() {
  181. $db = new PDO('sqlite:db.sqlite');
  182. $query = $db->prepare('SELECT userid FROM users WHERE admin=1');
  183. $query->execute();
  184. return $query->fetchAll(PDO::FETCH_COLUMN, 0);
  185. }
  186. //Returns the ignored users as an array
  187. function get_ignored() {
  188. $db = new PDO('sqlite:db.sqlite');
  189. $query = $db->prepare('SELECT userid FROM users WHERE ignored=1');
  190. $query->execute();
  191. return $query->fetchAll(PDO::FETCH_COLUMN, 0);
  192. }
  193. //Returns the settings as an array
  194. function get_settings() {
  195. $db = new PDO('sqlite:db.sqlite');
  196. $query = $db->prepare('SELECT name,value FROM settings');
  197. $query->execute();
  198. $result = $query->fetchAll();
  199. foreach ($result as $setting) {
  200. $settings[$setting[0]] = $setting[1];
  201. }
  202. return $settings;
  203. }
  204. //Logs all chat to the database
  205. function logging($userid, $name, $text) {
  206. $db = new PDO('sqlite:db.sqlite');
  207. if (get_config_var('log')) {
  208. $entry = "$name($userid): $text";
  209. $statement = $db->prepare('INSERT INTO log (entry, timestamp) VALUES (:entry, :timestamp)');
  210. $statement->bindValue(':entry', $entry, PDO::PARAM_STR);
  211. $statement->bindValue(':timestamp', time(), PDO::PARAM_STR);
  212. $statement->execute();
  213. }
  214. }
  215.  
  216. //Basic response (no images)
  217. function basic_response($text, $name, $userid) {
  218. $responses = get_responses();
  219. foreach ($responses as $element) {
  220. if (stripos($text, $element[0]) !== FALSE) {
  221. $message = $element[1];
  222. $message = str_replace('%u', $userid, $message);
  223. if (stripos($message, '%n') !== FALSE) {
  224. $message = str_replace('%n', $name, $message);
  225. mention($message, $name);
  226. } else {
  227. send($message);
  228. }
  229. }
  230. }
  231. }
  232. //WUnderground response
  233. function weather_response($text) {
  234. $wutoken = get_config_var('wutoken');
  235. $wuloc = get_config_var('wuloc');
  236. if (stripos($text, 'weather') !== FALSE) {
  237. if (isset($wutoken) && isset($wuloc)) {
  238. $rawweather = json_decode(curl_get("https://api.wunderground.com/api/$wutoken/conditions/q/$wuloc.json"));
  239. $temperature = $rawweather->current_observation->feelslike_string;
  240. $weather = $rawweather->current_observation->weather;
  241. $icon = $rawweather->current_observation->icon_url;
  242. $forecast = "The weather is $weather with a temperature of $temperature";
  243. send_img($forecast, $icon);
  244. } else {
  245. send('WUnderground token and location are not set');
  246. }
  247. }
  248. }
  249. //Bitcoin value response
  250. function btc_response($text) {
  251. if (stripos($text, 'bitcoin') !== FALSE) {
  252. $pricedata = json_decode(curl_get("https://min-api.cryptocompare.com/data/price?fsym=BTC&tsyms=USD"));
  253. $usdprice = $pricedata->USD;
  254. $message = "Bitcoin is worth $$usdprice";
  255. $btclogo = 'https://files.coinmarketcap.com/static/img/coins/32x32/bitcoin.png';
  256. send_img($message, $btclogo);
  257. }
  258. }
  259. //Ethereum value response
  260. function eth_response($text) {
  261. if (stripos($text, 'ethereum') !== FALSE) {
  262. $pricedata = json_decode(curl_get("https://min-api.cryptocompare.com/data/price?fsym=ETH&tsyms=BTC,USD"));
  263. $usdprice = $pricedata->USD;
  264. $btcprice = $pricedata->BTC;
  265. $message = "Ethereum is worth $$usdprice and $btcprice Bitcoin";
  266. $ethlogo = 'https://files.coinmarketcap.com/static/img/coins/32x32/ethereum.png';
  267. send_img($message, $ethlogo);
  268. }
  269. }
  270. //Litecoin value response
  271. function ltc_response($text) {
  272. if (stripos($text, 'litecoin') !== FALSE) {
  273. $pricedata = json_decode(curl_get("https://min-api.cryptocompare.com/data/price?fsym=LTC&tsyms=BTC,USD"));
  274. $usdprice = $pricedata->USD;
  275. $btcprice = $pricedata->BTC;
  276. $message = "Litecoin is worth $$usdprice and $btcprice Bitcoin";
  277. $ltclogo = 'https://files.coinmarketcap.com/static/img/coins/32x32/litecoin.png';
  278. send_img($message, $ltclogo);
  279. }
  280. }
  281. //Curl get function, takes url and returns the get response
  282. function curl_get($url) {
  283. $ch = curl_init();
  284. curl_setopt($ch, CURLOPT_URL, "$url");
  285. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  286. $get = curl_exec($ch);
  287. curl_close($ch);
  288. return $get;
  289. }
  290. //Curl post to groupme, takes the postfields and posts to the groupme bot api
  291. function curl_post($postfields) {
  292. $ch = curl_init();
  293. curl_setopt($ch, CURLOPT_URL, 'https://api.groupme.com/v3/bots/post');
  294. curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
  295. curl_exec($ch);
  296. curl_close($ch);
  297. }
  298. //Send message function, takes a message as input and posts to GroupMe
  299. function send($message) {
  300. $bottoken = get_config_var('bottoken');
  301. $postdata = [
  302. 'bot_id' => $bottoken,
  303. 'text' => $message
  304. ];
  305. curl_post(http_build_query($postdata));
  306. }
  307. //Send image function, takes message and img url as inputs and posts to GroupMe
  308. function send_img($message, $image) {
  309. $bottoken = get_config_var('bottoken');
  310. $attachments = [
  311. 'type' => 'image',
  312. 'url' => $image
  313. ];
  314. $postdata = [
  315. 'bot_id' => $bottoken,
  316. 'text' => $message,
  317. 'attachments' => [$attachments]
  318. ];
  319. curl_post(json_encode($postdata));
  320. }
  321. //Mention function, takes a message and name as inputs and posts to GroupMe
  322. function mention($message, $name) {
  323. $bottoken = get_config_var('bottoken');
  324. $loci = [
  325. stripos($message, $name),
  326. strlen($name)
  327. ];
  328. $attachments = [
  329. 'loci' => [$loci],
  330. 'type' => 'mentions',
  331. 'user_ids' => [get_user_id($name)]
  332. ];
  333. $postdata = [
  334. 'bot_id' => $bottoken,
  335. 'text' => $message,
  336. 'attachments' => [$attachments]
  337. ];
  338. curl_post(json_encode($postdata));
  339. }
  340. //Get bot group function, returns the group id of the bot
  341. function get_bot_group() {
  342. $apitoken = get_config_var('apitoken');
  343. $bottoken = get_config_var('bottoken');
  344. $bots = json_decode(curl_get("https://api.groupme.com/v3/bots?token=$apitoken"));
  345. foreach($bots->response as $element) {
  346. if ($element->bot_id == $bottoken) {
  347. return $element->group_id;
  348. }
  349. }
  350. }
  351. //Get user id function, takes a name as input and returns the user id
  352. function get_user_id($name) {
  353. $apitoken = get_config_var('apitoken');
  354. $user_id = 'No member with that name found';
  355. $groupid = get_bot_group();
  356. $groups = json_decode(curl_get("https://api.groupme.com/v3/groups?token=$apitoken"));
  357. foreach($groups->response as $element) {
  358. if ($element->id == $groupid) {
  359. foreach($element->members as $member) {
  360. if (stripos($member->nickname, $name) !== FALSE) {
  361. $user_id = $member->user_id;
  362. }
  363. }
  364. }
  365. }
  366. return $user_id;
  367. }
  368. //Get name function, takes a user id as input and returns the name associated with that user id
  369. function get_name($userid) {
  370. $apitoken = get_config_var('apitoken');
  371. $name = 'Invalid userid';
  372. $groupid = get_bot_group();
  373. $groups = json_decode(curl_get("https://api.groupme.com/v3/groups?token=$apitoken"));
  374. foreach($groups->response as $element) {
  375. if ($element->id == $groupid) {
  376. foreach($element->members as $member) {
  377. if ($userid == $member->user_id) {
  378. $name = $member->nickname;
  379. }
  380. }
  381. }
  382. }
  383. return $name;
  384. }
  385. //Get users function, gets user information from the groupme api, adds it to the database, and returns it as an array
  386. function get_users() {
  387. $apitoken = get_config_var('apitoken');
  388. $groupid = get_bot_group();
  389. $groups = json_decode(curl_get("https://api.groupme.com/v3/groups?token=$apitoken"));
  390. $index = 0;
  391. $db = new PDO('sqlite:db.sqlite');
  392. foreach($groups->response as $element) {
  393. if ($element->id == $groupid) {
  394. foreach($element->members as $member) {
  395. $userid = $member->user_id;
  396. $name = $member->nickname;
  397. $avatar = $member->image_url;
  398. $query = $db->prepare('SELECT userid FROM users WHERE userid=:userid');
  399. $query->bindValue('userid', $userid, PDO::PARAM_STR);
  400. $query->execute();
  401. $result = $query->fetch(PDO::FETCH_ASSOC);
  402. if (isset($result['userid'])) {
  403. $query = $db->prepare('UPDATE users SET name=:name WHERE userid=:userid');
  404. $query->bindValue(':name', $name, PDO::PARAM_STR);
  405. $query->bindValue(':userid', $userid, PDO::PARAM_STR);
  406. $query->execute();
  407. } else {
  408. $query = $db->prepare('INSERT INTO users (name, userid) VALUES (:name, :userid)');
  409. $query->bindValue(':name', $name, PDO::PARAM_STR);
  410. $query->bindValue(':userid', $userid, PDO::PARAM_STR);
  411. $query->execute();
  412. }
  413. $members[$index] = [
  414. "userid" => $userid,
  415. "name" => $name,
  416. "avatar" => $avatar
  417. ];
  418. $index++;
  419. }
  420. }
  421. }
  422. return $members;
  423. }
  424. //Adds a response to the database, uses input find and respond where find is the text that is searched for and respond is the text that is retrned
  425. function add_response($find, $respond) {
  426. $responses = get_responses();
  427. $exists = 0;
  428. foreach ($responses as $element) {
  429. if (stripos($element[0], $find) !== FALSE || stripos($find, $element[0]) !== FALSE) {
  430. $exists = 1;
  431. }
  432. }
  433. if (!$exists) {
  434. $db = new PDO('sqlite:db.sqlite');
  435. $query = $db->prepare('INSERT INTO responses (find, respond) VALUES (:find, :respond)');
  436. $query->bindValue(':find', $find, PDO::PARAM_STR);
  437. $query->bindValue(':respond', $respond, PDO::PARAM_STR);
  438. $query->execute();
  439. } else {
  440. echo "Similar find already exists<br>";
  441. }
  442.  
  443. }
  444. //Deletes responses from the database, takes the "find" string as input
  445. function del_responses($delete) {
  446. $db = new PDO('sqlite:db.sqlite');
  447. foreach ($delete as $find) {
  448. $query = $db->prepare('DELETE FROM responses WHERE find=:find');
  449. $query->bindValue(':find', $find, PDO::PARAM_STR);
  450. $query->execute();
  451. }
  452. }
  453. //Deletes all admins from the database
  454. function delete_admins() {
  455. $db = new PDO('sqlite:db.sqlite');
  456. $query = $db->prepare('UPDATE users SET admin = 0');
  457. $query->execute();
  458. }
  459. //Updates the admins by deleting all of them and then adding the specified userids
  460. function update_admins($admins) {
  461. delete_admins();
  462. $db = new PDO('sqlite:db.sqlite');
  463. foreach ($admins as $element) {
  464. $query = $db->prepare('UPDATE users SET admin=:admin WHERE userid=:userid');
  465. $query->bindValue(':userid', $element, PDO::PARAM_STR);
  466. $query->bindValue(':admin', '1', PDO::PARAM_STR);
  467. $query->execute();
  468. }
  469. }
  470. //Deletes all ignored users from the database
  471. function delete_ignored() {
  472. $db = new PDO('sqlite:db.sqlite');
  473. $query = $db->prepare('UPDATE users SET ignored = 0');
  474. $query->execute();
  475. }
  476. //Updates the users by deleting all of them and then adding the specified userids
  477. function update_ignored($ignored) {
  478. delete_ignored();
  479. $db = new PDO('sqlite:db.sqlite');
  480. foreach ($ignored as $element) {
  481. $query = $db->prepare('UPDATE users SET ignored=:ignored WHERE userid=:userid');
  482. $query->bindValue(':userid', $element, PDO::PARAM_STR);
  483. $query->bindValue(':ignored', '1', PDO::PARAM_STR);
  484. $query->execute();
  485. }
  486. }
  487. //Resets all settings in the database
  488. function reset_settings() {
  489. $db = new PDO('sqlite:db.sqlite');
  490. $query = $db->prepare('UPDATE settings SET value = 0');
  491. $query->execute();
  492. }
  493. //Updates the settings by restting all of the settings and then enabling the specified ones
  494. function update_settings($settings) {
  495. reset_settings();
  496. $db = new PDO('sqlite:db.sqlite');
  497. foreach ($settings as $element) {
  498. $query = $db->prepare('UPDATE settings SET value=:value WHERE name=:name');
  499. $query->bindValue(':name', $element, PDO::PARAM_STR);
  500. $query->bindValue(':value', '1', PDO::PARAM_STR);
  501. $query->execute();
  502. }
  503. }
  504. //Adds the specified setting to the array if it doesn't already exist
  505. function add_setting($setting) {
  506. $settings = get_settings();
  507. $exists = 0;
  508. foreach ($settings as $element=>$key) {
  509. if ($setting == $element) {
  510. $exists = 1;
  511. }
  512. }
  513. if (!$exists) {
  514. $db = new PDO('sqlite:db.sqlite');
  515. $query = $db->prepare('INSERT INTO settings (name, value) VALUES (:name, :value)');
  516. $query->bindValue(':name', $setting, PDO::PARAM_STR);
  517. $query->bindValue(':value', '1', PDO::PARAM_STR);
  518. $query->execute();
  519. } else {
  520. echo "Setting already exists<br>";
  521. }
  522.  
  523. }
  524. //Deletes responses from the database, takes the "find" string as input
  525. function del_settings($delete) {
  526. $db = new PDO('sqlite:db.sqlite');
  527. foreach ($delete as $setting) {
  528. $query = $db->prepare('DELETE FROM settings WHERE name=:setting');
  529. $query->bindValue(':setting', $setting, PDO::PARAM_STR);
  530. $query->execute();
  531. }
  532. }
  533. //Updates the config, takes an array of config paramaters with the element name being the paramter and the value being the value
  534. function update_config($config) {
  535. $db = new PDO('sqlite:db.sqlite');
  536. foreach ($config as $name=>$value) {
  537. if ($value[0] != "*") {
  538. $query = $db->prepare('UPDATE config SET value=:value WHERE name=:name');
  539. $query->bindValue(':name', $name, PDO::PARAM_STR);
  540. $query->bindValue(':value', $value, PDO::PARAM_STR);
  541. $query->execute();
  542. }
  543. }
  544. }
  545. //Display the setup form
  546. function disp_setup() {
  547. $setup = <<<'EOSETUP'
  548. <form name="setup" method="post" action="">
  549. <table align="center" style="width: 50%;">
  550. <tr>
  551. <td>Panel username:</td>
  552. <td><input type="text" style="width: 100%;" name="user" placeholder="Panel username" required></td>
  553. </tr>
  554. <tr>
  555. <td>Panel password:</td>
  556. <td><input type="password" style="width: 100%;" name="pass" placeholder="Panel password" required></td>
  557. </tr>
  558. <tr>
  559. <td>GroupMe API token:</td>
  560. <td><input type="text" style="width: 100%;" name="apitoken" placeholder="Your GroupMe API token" required></td>
  561. </tr>
  562. <tr>
  563. <td>GroupMe Bot token:</td>
  564. <td><input type="text" style="width: 100%;" name="bottoken" placeholder="Your GroupMe Bot token" required></td>
  565. </tr>
  566. <tr>
  567. <td>WeatherUnderground API token:</td>
  568. <td><input type="text" style="width: 100%;" name="wutoken" placeholder="Your WeatherUnderground API token" value=""></td>
  569. </tr>
  570. <tr>
  571. <td>WeatherUnderground location code:</td>
  572. <td><input type="text" style="width: 100%;" name="wuloc" placeholder="Your WeatherUnderground location code" value=""></td>
  573. </tr>
  574. <tr>
  575. <td>Logging, check to enable</td>
  576. <td><input type="checkbox" style="width: 100%;" name="log" value="1" checked required></td>
  577. </tr>
  578. <tr>
  579. <td colspan="3"><input type="submit" value="Initialize"></td>
  580. </tr>
  581. </table>
  582. </form>
  583. EOSETUP;
  584. echo $setup;
  585. }
  586. //Display the login
  587. function disp_login() {
  588. $login = <<<'EOLOGIN'
  589. <form name="login" method="post" action="">
  590. <table align="center" style="width: 50%;">
  591. <tr>
  592. <td>Username:</td>
  593. <td><input type="text" style="width: 100%;" name="username" placeholder="Panel username" required></td>
  594. </tr>
  595. <tr>
  596. <td>Password:</td>
  597. <td><input type="password" style="width: 100%;" name="password" placeholder="Panel password" required></td>
  598. </tr>
  599. <tr>
  600. <td colspan="3"><input type="submit" value="Login"></td>
  601. </tr>
  602. </table>
  603. </form>
  604. EOLOGIN;
  605. echo $login;
  606. }
  607.  
  608. <!DOCTYPE html>
  609. <html>
  610. <head>
  611. <style>
  612. body {
  613. background: url("https://picload.org/image/dadcrgpl/background.png");
  614. background-repeat: repeat-y;
  615. background-size: cover;
  616. color: white;
  617. margin: 0;
  618. padding: 0;
  619. left: 0;
  620. right: 0;
  621. position: absolute;
  622. font-size: 16px;
  623. text-align: center;
  624. font-family: "Lucida Console", Monaco, monospace;
  625. }
  626. form {
  627. border: 0;
  628. margin: 0;
  629. }
  630. ul {
  631. list-style-type: none;
  632. margin: 0;
  633. padding: 0;
  634. overflow: hidden;
  635. }
  636. li {
  637. float: left;
  638. display: block;
  639. }
  640. summary {
  641. background: rgba(255, 0, 0, .1);
  642. text-align: left;;
  643. font-size: 18px;
  644. }
  645. table {
  646. max-width: 100%;
  647. border-spacing: 0;
  648. text-align: left;
  649. font-size: 16px;
  650. }
  651. tr {
  652. max-width: 100%;
  653. }
  654. th, td {
  655. height: 100%;
  656. padding: 10px;
  657. overflow-x: hidden;
  658. vertical-align: middle;
  659. }
  660. tr:nth-child(even) {
  661. background-color: rgba(255, 255, 255, 0.50);
  662. }
  663. tr:nth-child(odd) {
  664. background-color: rgba(255, 255, 255, 0.25);
  665. }
  666. input {
  667. border: 0;
  668. box-sizing: border-box;
  669. color: white;
  670. text-indent: 0px;
  671. font-size: 16px;
  672. background: rgba(0, 0, 0, 0);
  673. font-family: "Lucida Console", Monaco, monospace;
  674. }
  675. </style>
  676. <title>PHP GroupMe Bot</title>
  677. </head>
  678. <body>
  679. <?php
  680. header('Content-type: text/html; charset=utf-8');
  681. ini_set('display_errors', 1);
  682. ini_set('session.save_path', getcwd());
  683. error_reporting(-1);
  684. include 'functions.php';
  685. session_start();
  686. if (file_exists('db.sqlite')) {
  687. if (isset($_SESSION['username'])) {
  688. if (isset($_POST['logout'])) {
  689. session_destroy();
  690. header("Refresh:1");
  691. }
  692. if (!empty($_POST['add_admin_name']) && !empty($_POST['add_admin_pass'])) {
  693. add_admin($_POST['add_admin_name'], $_POST['add_admin_pass']);
  694. }
  695. if (isset($_POST['delete_admin'])) {
  696. delete_admin($_POST['delete_admin']);
  697. }
  698. if (isset($_POST['change_admin_pass'])) {
  699. change_admin_pass($_POST['change_admin_pass']);
  700. }
  701. if (isset($_POST['config'])) {
  702. update_config($_POST['config']);
  703. }
  704. if (isset($_POST['find']) && isset($_POST['respond']) && !empty($_POST['find']) && !empty($_POST['respond'])) {
  705. add_response($_POST['find'], $_POST['respond']);
  706. }
  707. if (isset($_POST['delete'])) {
  708. del_responses($_POST['delete']);
  709. }
  710. if (isset($_POST['users'])) {
  711. if (isset($_POST['admins'])) {
  712. update_admins($_POST['admins']);
  713. } else {
  714. delete_admins();
  715. }
  716. if (isset($_POST['ignored'])) {
  717. update_ignored($_POST['ignored']);
  718. } else {
  719. delete_ignored();
  720. }
  721. }
  722. if (isset($_POST['settings'])) {
  723. update_settings($_POST['settings']);
  724. }
  725. if (isset($_POST['new_setting']) && !empty($_POST['new_setting'])) {
  726. add_setting($_POST['new_setting']);
  727. }
  728. if (isset($_POST['del_settings']) && !empty($_POST['del_settings'])) {
  729. del_settings($_POST['del_settings']);
  730. }
  731. if (isset($_POST['send']) && !empty($_POST['send'])) {
  732. send($_POST['send']);
  733. }?>
  734. <div style="align: right; height: 5vh; background: rgba(0, 0, 0, .5);">
  735. <ul>
  736. <?php
  737. $username = $_SESSION['username'];
  738. echo "<li>$username Logged in</li>";
  739. ?>
  740. <form name="logout" method="post" action="">
  741. <li><input type="hidden" name="logout" value="logout"></li>
  742. <input style="float: right;" type="submit" value="Log Out">
  743. </form>
  744. </div>
  745. <div style="overflow-y: scroll; height: 90vh">
  746. <details>
  747. <summary>Panel</summary>
  748. <form name="panel" method="post" action="">
  749. <table align="center">
  750. <tr>
  751. <th>Panel Admins</th>
  752. <th>Delete</th>
  753. <th>Change Password</th>
  754. </tr>
  755. <?php
  756. $admins = get_panel_admins();
  757. foreach ($admins as $element) {
  758. $name = $element;
  759. echo "<tr>";
  760. echo "<td>$name</td>";
  761. echo "<td><input type="checkbox" name="delete_admin[]" value="$name"></td>";
  762. echo "<td><input type="password" name="change_admin_pass[$name]" placeholder="Password"></td>";
  763. echo "</tr>";
  764. }?>
  765. <tr>
  766. <td><input type="text" name="add_admin_name" placeholder="Username"></td>
  767. <td colspan="2"><input type="password" name="add_admin_pass" placeholder="Password"></td>
  768. <tr>
  769. <th colspan="3"><input type="submit" value="Update"></th>
  770. </tr>
  771. </table>
  772. </form>
  773. </details>
  774. <details>
  775. <summary>Config</summary>
  776. <form name="config" method="post" action="">
  777. <table align="center">
  778. <tr>
  779. <th>Setting</th>
  780. <th>Value</th>
  781. <th>New Value</th>
  782. </tr>
  783. <?php
  784. $config = get_config();
  785. foreach ($config as $element) {
  786. $name = $element['name'];
  787. $value = $element['value'];
  788. echo "<tr>";
  789. echo "<td>$name</td>";
  790. if (stripos($name, 'token') !== FALSE) {
  791. $value = str_repeat('*', strlen($value) - 4) . substr($value, -4);
  792. echo "<td>$value</td>";
  793. echo "<td><input type="text" name="config[$name]" value="$value"></td>";
  794. } else {
  795. echo "<td>$value</td>";
  796. echo "<td><input type="text" name="config[$name]" value="$value"></td>";
  797. }
  798. echo "</tr>";
  799. }?>
  800. <tr>
  801. <th colspan="3"><input type="submit" value="Update"></th>
  802. </tr>
  803. </table>
  804. </form>
  805. </details>
  806. <details>
  807. <summary>Add</summary>
  808. <form name="add" method="post" action="">
  809. <h3>%n can be used to mention someone in a response</h3>
  810. <table align="center">
  811. <tr>
  812. <th><input type="text" name="find" placeholder="Text to find"></th>
  813. <th><input type="text" name="respond" placeholder="Text to respond with"></th>
  814. <th><input type="submit" value="Add"></th>
  815. </tr>
  816. </table>
  817. </form>
  818. </details>
  819. <details>
  820. <summary>Delete</summary>
  821. <form name="delete" method="post" action="">
  822. <table align="center">
  823. <tr>
  824. <th>Find</th>
  825. <th>Respond</th>
  826. <th>Delete</th>
  827. </tr>
  828. <?php
  829. $responses = get_responses();
  830. foreach ($responses as $element) {
  831. $find = $element['find'];
  832. $respond = $element['respond'];
  833. echo "<tr>";
  834. echo "<td>$find</td>";
  835. echo "<td>$respond</td>";
  836. echo "<td><input type="checkbox" name="delete[]" value="$find"></td>";
  837. echo "</tr>";
  838. }?>
  839. <tr>
  840. <th colspan="3"><input type="submit" value="Remove"></th>
  841. </tr>
  842. </table>
  843. </form>
  844. </details>
  845. <details>
  846. <summary>Users</summary>
  847. <form name="Users" method="post" action="">
  848. <table align="center">
  849. <tr>
  850. <th>Name</th>
  851. <th>Admin</th>
  852. <th>Ignored</th>
  853. </tr>
  854. <?php
  855. $admins = get_admins();
  856. $ignored = get_ignored();
  857. $users = get_users();
  858. $i = 0;
  859. foreach ($users as $user) {
  860. $name = htmlspecialchars($user["name"]);
  861. $userid = htmlspecialchars($user["userid"]);
  862. $avatar = $user["avatar"];
  863. echo "<tr>";
  864. echo "<td style="text-align: left;"><img src="$avatar" style="width:50px; height:50px; vertical-align: middle;">$name ($userid)</td>";
  865. if (in_array($users[$i]['userid'], $admins)) {
  866. echo "<td><input type="checkbox" name="admins[]" value="$userid" checked></td>";
  867. } else {
  868. echo "<td><input type="checkbox" name="admins[]" value="$userid"></td>";
  869. }
  870. if (in_array($users[$i]['userid'], $ignored)) {
  871. echo "<td><input type="checkbox" name="ignored[]" value="$userid" checked></td>";
  872. } else {
  873. echo "<td><input type="checkbox" name="ignored[]" value="$userid"></td>";
  874. }
  875. echo "</tr>";
  876. $i++;
  877. }?>
  878. <tr>
  879. <th colspan="3"><input type="submit" value="Update"></th>
  880. </tr>
  881. </table>
  882. <input type="hidden" name="users[]" value="1">
  883. </form>
  884. </details>
  885. <details>
  886. <summary>Settings</summary>
  887. <form name="settings" method="post" action="">
  888. <table align="center">
  889. <tr>
  890. <th>Name</th>
  891. <th>State</th>
  892. <th>Delete</th>
  893. </tr>
  894. <?php
  895. $settings = get_settings();
  896. foreach ($settings as $element=>$key) {
  897. $name = $element;
  898. $value = $key;
  899. echo "<tr>";
  900. echo "<td>$name</td>";
  901. if ($value) {
  902. echo "<td><input type="checkbox" name="settings[]" value="$name" checked></td>";
  903. } else {
  904. echo "<td><input type="checkbox" name="settings[]" value="$name"></td>";
  905. }
  906. echo "<td><input type="checkbox" name="del_settings[]" value="$name"></td>";
  907. echo "</tr>";
  908. }?>
  909. <tr>
  910. <td>Add setting</td>
  911. <td colspan="2"><input type="text" name="new_setting" placeholder="Name for new setting"></td>
  912. </tr>
  913. <tr>
  914. <th colspan="3"><input type="submit" value="Update"></th>
  915. </tr>
  916. </table>
  917. <input type="hidden" name="settings[]" value="1">
  918. </form>
  919. </details>
  920. <details>
  921. <summary>Log</summary>
  922. <table style="width: 100%;">
  923. <?php
  924. $log = get_log();
  925. foreach ($log as $element) {
  926. $timestamp = date("Y-m-d@H:i:s", $element['timestamp']);
  927. $entry = htmlspecialchars($element['entry']);
  928. echo "<tr>";
  929. echo "<td>$timestamp</td>";
  930. echo "<td>$entry</td>";
  931. echo "</tr>";
  932. }?>
  933. </table>
  934. </details>
  935. </div>
  936. <form name="send" method="post" action="">
  937. <table style="width: 100%; position: fixed; bottom: 0; height: 5vh">
  938. <tr>
  939. <th><input type="text" name="send" placeholder="Message to send"></th>
  940. </tr>
  941. </table>
  942. <input type="submit" value="Send" style="display: none">
  943. </form>
  944. <?php
  945. } else {
  946. disp_login();
  947. if (isset($_POST['username']) && isset($_POST['password'])) {
  948. $db = new PDO('sqlite:db.sqlite');
  949. $username = strtolower($_POST['username']);
  950. $password = $_POST['password'];
  951. $query = $db->prepare('SELECT password FROM auth WHERE username=:username');
  952. $query->bindValue(':username', $username, PDO::PARAM_STR);
  953. $query->execute();
  954. $hashed = $query->fetch(PDO::FETCH_COLUMN, 0);
  955. if (password_verify($password, $hashed)) {
  956. echo "Logging in...";
  957. $_SESSION['username'] = $username;
  958. header("Refresh:1");
  959. } else {
  960. echo "Incorrect password!";
  961. }
  962. }
  963. }
  964. } else if (is_writeable('./')) {
  965. if (!empty($_POST) && initdb()) {
  966. $db = new PDO('sqlite:db.sqlite');
  967. $config = ['apitoken', 'bottoken', 'wutoken', 'wuloc'];
  968. $settings = ['litecoin', 'bitcoin', 'ethereum'];
  969. foreach($config as $variable) {
  970. $statement = $db->prepare('INSERT INTO config (name, value) VALUES (:name, :value)');
  971. $statement->bindValue(':name', $variable, PDO::PARAM_STR);
  972. $statement->bindValue(':value', $_POST[$variable], PDO::PARAM_STR);
  973. $statement->execute();
  974. }
  975. if ($_POST['log']) {
  976. $db->exec("INSERT INTO config (name, value) VALUES ('log', '1')");
  977. } else {
  978. $db->exec("INSERT INTO config (name, value) VALUES ('log', '1')");
  979. }
  980. if ((isset($_POST['wutoken'])) && isset($_POST['wuloc'])) {
  981. $db->exec("INSERT INTO settings (name, value) VALUES ('weather', '1')");
  982. } else {
  983. $db->exec("INSERT INTO settings (name, value) VALUES ('weather', '0')");
  984. }
  985. $db->exec("INSERT INTO settings (name, value) VALUES ('lights', '0')");
  986. $db->exec("INSERT INTO responses (find, respond) VALUES ('test', 'It works!')");
  987. add_admin($_POST['user'], $_POST['pass']);
  988. foreach($settings as $variable) {
  989. $statement = $db->prepare('INSERT INTO settings (name, value) VALUES (:name, :value)');
  990. $statement->bindValue(':name', $variable, PDO::PARAM_STR);
  991. $statement->bindValue(':value', '1', PDO::PARAM_STR);
  992. $statement->execute();
  993. }
  994. file_put_contents('.htaccess', "<Files "db.sqlite">nDeny From Alln</Files>n<Files "sess*">nDeny From Alln</Files>");
  995. header("Refresh:1");
  996. }
  997. disp_setup();
  998. } else {
  999. echo "Working directory is not writeable, either chown it to the webserver user and group or allow write permissions to everyone (insecure!)";
  1000. }?>
  1001. </body>
  1002. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!