admin/35996-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: admin:master
Branches Tags
admin:master
admin:ai-dev
...
pull from: admin:ai-dev
Branches Tags
admin:ai-dev
admin:master

1 Commits
master ... ai-dev

Author SHA1 Message Date
Flatlogic Bot
da3d35fbf3 v1 2025-11-22 12:04:14 +00:00
11 changed files with 1139 additions and 142 deletions
Show Stats Expand all files Collapse all files

102
admin.php Normal file
View File

@ -0,0 +1,102 @@
<?php
session_start();
require_once 'db/config.php';
// Check if user is logged in and is an admin
if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
header('Location: login.php');
exit;
}
$pdo = db();
$message = '';
// Handle form submission for adding a new user
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_user'])) {
$username = trim($_POST['username']);
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
// Check if username already exists
$stmt = $pdo->prepare('SELECT id FROM users WHERE username = ?');
$stmt->execute([$username]);
if ($stmt->fetch()) {
$message = '<p style="color: red;">Username already exists.</p>';
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare('INSERT INTO users (username, password, force_password_change) VALUES (?, ?, 1)');
if ($stmt->execute([$username, $hashed_password])) {
$message = '<p style="color: green;">User added successfully!</p>';
} else {
$message = '<p style="color: red;">Failed to add user.</p>';
}
}
} else {
$message = '<p style="color: red;">Username and password are required.</p>';
}
}
// Fetch all users to display
$stmt = $pdo->query('SELECT id, username, is_admin, created_at FROM users ORDER BY created_at DESC');
$users = $stmt->fetchAll();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Panel</title>
<style>
body { font-family: 'Segoe UI', sans-serif; background: #1a1a2e; color: white; padding: 20px; }
.container { max-width: 800px; margin: 0 auto; background: #2a2a3e; padding: 20px; border-radius: 8px; }
h1, h2 { color: #e94560; }
a { color: #e94560; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; }
th, td { padding: 12px; border-bottom: 1px solid #444; text-align: left; }
th { background: #e94560; color: #1a1a2e; }
form { margin-top: 30px; }
input[type="text"], input[type="password"] { width: calc(100% - 24px); padding: 12px; margin-bottom: 10px; border-radius: 5px; border: 1px solid #555; background: #333; color: white; }
button { padding: 12px 24px; border: none; border-radius: 8px; cursor: pointer; font-weight: 600; background: #e94560; color: white; }
.message { margin-bottom: 20px; }
.logout-link { display: block; text-align: right; margin-bottom: 20px; }
</style>
</head>
<body>
<div class="container">
<div class="logout-link"><a href="logout.php">Logout</a> | <a href="index.php">Chat</a></div>
<h1>Admin Panel</h1>
<div class="message"><?= $message ?></div>
<h2>Add New User</h2>
<form action="admin.php" method="post">
<input type="text" name="username" placeholder="Username" required>
<input type="password" name="password" placeholder="Temporary Password" required>
<button type="submit" name="add_user">Add User</button>
</form>
<h2>Manage Users</h2>
<table>
<thead>
<tr>
<th>ID</th>
<th>Username</th>
<th>Role</th>
<th>Created At</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user): ?>
<tr>
<td><?= htmlspecialchars($user['id']) ?></td>
<td><?= htmlspecialchars($user['username']) ?></td>
<td><?= $user['is_admin'] ? 'Admin' : 'User' ?></td>
<td><?= htmlspecialchars($user['created_at']) ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>

168
api.php Normal file
View File

@ -0,0 +1,168 @@
<?php
session_start();
require_once 'db/config.php';
header('Content-Type: application/json');
if (!isset($_SESSION['user_id'])) {
echo json_encode(['error' => 'Unauthorized']);
exit;
}
$action = $_GET['action'] ?? '';
$current_user_id = $_SESSION['user_id'];
try {
$pdo = db();
switch ($action) {
case 'get_my_unique_id':
$stmt = $pdo->prepare("SELECT unique_id FROM users WHERE id = ?");
$stmt->execute([$current_user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
echo json_encode($user);
break;
case 'search_users':
$query = $_GET['query'] ?? '';
$stmt = $pdo->prepare("SELECT id, username, unique_id FROM users WHERE unique_id LIKE ? AND id != ?");
$stmt->execute(["%$query%", $current_user_id]);
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($users);
break;
case 'send_friend_request':
$data = json_decode(file_get_contents('php://input'), true);
$user_to_add_id = (int)($data['user_id'] ?? 0);
if ($user_to_add_id === 0) {
echo json_encode(['error' => 'Invalid user ID']);
exit;
}
// Check if a request already exists
$stmt = $pdo->prepare("SELECT id FROM friends WHERE (user_one_id = ? AND user_two_id = ?) OR (user_one_id = ? AND user_two_id = ?)");
$stmt->execute([$current_user_id, $user_to_add_id, $user_to_add_id, $current_user_id]);
if ($stmt->fetch()) {
echo json_encode(['error' => 'Friend request already sent or you are already friends.']);
exit;
}
$stmt = $pdo->prepare("INSERT INTO friends (user_one_id, user_two_id, status, action_user_id) VALUES (?, ?, 'pending', ?)");
$stmt->execute([$current_user_id, $user_to_add_id, $current_user_id]);
echo json_encode(['success' => true, 'message' => 'Friend request sent.']);
break;
case 'get_friend_requests':
$stmt = $pdo->prepare("
SELECT f.id, u.username, u.unique_id
FROM friends f
JOIN users u ON f.action_user_id = u.id
WHERE f.user_two_id = ? AND f.status = 'pending' AND f.action_user_id != ?
");
$stmt->execute([$current_user_id, $current_user_id]);
$requests = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($requests);
break;
case 'update_friend_request':
$data = json_decode(file_get_contents('php://input'), true);
$request_id = (int)($data['request_id'] ?? 0);
$status = $data['status'] ?? ''; // 'accepted' or 'declined'
if ($request_id === 0 || !in_array($status, ['accepted', 'declined'])) {
echo json_encode(['error' => 'Invalid input']);
exit;
}
if ($status === 'accepted') {
$stmt = $pdo->prepare("UPDATE friends SET status = 'accepted' WHERE id = ? AND user_two_id = ?");
$stmt->execute([$request_id, $current_user_id]);
} else { // declined
$stmt = $pdo->prepare("DELETE FROM friends WHERE id = ? AND user_two_id = ?");
$stmt->execute([$request_id, $current_user_id]);
}
echo json_encode(['success' => true, 'message' => 'Friend request ' . $status]);
break;
case 'get_friends':
$stmt = $pdo->prepare("
SELECT u.id, u.username
FROM friends f
JOIN users u ON (u.id = f.user_one_id OR u.id = f.user_two_id)
WHERE (f.user_one_id = ? OR f.user_two_id = ?)
AND f.status = 'accepted'
AND u.id != ?
");
$stmt->execute([$current_user_id, $current_user_id, $current_user_id]);
$friends = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($friends);
break;
case 'get_messages':
$recipient_id = (int)($_GET['user_id'] ?? 0);
if ($recipient_id === 0) {
echo json_encode(['error' => 'Invalid user ID']);
exit;
}
$stmt = $pdo->prepare("SELECT * FROM messages WHERE (sender_id = ? AND recipient_id = ?) OR (sender_id = ? AND recipient_id = ?) ORDER BY created_at ASC");
$stmt->execute([$current_user_id, $recipient_id, $recipient_id, $current_user_id]);
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($messages);
break;
case 'send_message':
$recipient_id = (int)($_POST['recipient_id'] ?? 0);
$message = trim($_POST['message'] ?? '');
$image_url = null;
if ($recipient_id === 0) {
echo json_encode(['error' => 'Invalid recipient ID']);
exit;
}
if (isset($_FILES['image']) && $_FILES['image']['error'] == UPLOAD_ERR_OK) {
$upload_dir = __DIR__ . '/uploads/';
if (!is_dir($upload_dir)) {
mkdir($upload_dir, 0775, true);
}
$allowed_types = ['image/jpeg', 'image/png', 'image/gif'];
$file_type = mime_content_type($_FILES['image']['tmp_name']);
if (!in_array($file_type, $allowed_types)) {
echo json_encode(['error' => 'Invalid file type. Only JPG, PNG, and GIF are allowed.']);
exit;
}
$file_ext = pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION);
$file_name = uniqid() . '.' . $file_ext;
$upload_path = $upload_dir . $file_name;
if (move_uploaded_file($_FILES['image']['tmp_name'], $upload_path)) {
$image_url = 'uploads/' . $file_name;
} else {
echo json_encode(['error' => 'Failed to upload image.']);
exit;
}
}
if (empty($message) && !$image_url) {
echo json_encode(['error' => 'Message cannot be empty.']);
exit;
}
$stmt = $pdo->prepare("INSERT INTO messages (sender_id, recipient_id, message, image_url) VALUES (?, ?, ?, ?)");
$stmt->execute([$current_user_id, $recipient_id, $message, $image_url]);
echo json_encode(['success' => true, 'message' => 'Message sent']);
break;
default:
echo json_encode(['error' => 'Invalid action']);
break;
}
} catch (PDOException $e) {
http_response_code(500);
echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
}

67
assets/css/custom.css Normal file
View File

@ -0,0 +1,67 @@
body, html {
height: 100%;
margin: 0;
display: flex;
justify-content: center;
align-items: center;
background-color: #f8f9fa;
}
.calculator {
width: 320px;
border: 1px solid #ccc;
border-radius: 10px;
box-shadow: 0 0 20px rgba(0,0,0,0.1);
background: #fff;
}
.calculator-screen {
width: 100%;
height: 80px;
border: none;
background-color: #222;
color: #fff;
text-align: right;
padding-right: 20px;
padding-left: 10px;
font-size: 2.5rem;
border-top-left-radius: 10px;
border-top-right-radius: 10px;
}
.calculator-keys {
display: grid;
grid-template-columns: repeat(4, 1fr);
gap: 1px;
}
.btn {
height: 60px;
font-size: 1.5rem;
border: 1px solid #ccc;
background-color: #f2f2f2;
}
.operator {
background-color: #f9a825;
color: white;
}
.equal-sign {
grid-column: span 2;
background-color: #28a745;
color: white;
}
.all-clear {
background-color: #dc3545;
color: white;
}
#chat-container {
width: 100%;
height: 100%;
display: flex;
flex-direction: column;
}

119
assets/js/main.js Normal file
View File

@ -0,0 +1,119 @@
document.addEventListener('DOMContentLoaded', () => {
const calculator = document.querySelector('.calculator');
const screen = document.querySelector('.calculator-screen');
const keys = document.querySelector('.calculator-keys');
const chatContainer = document.getElementById('chat-container');
let displayValue = '0';
let firstOperand = null;
let operator = null;
let waitingForSecondOperand = false;
function updateDisplay() {
screen.value = displayValue;
}
updateDisplay();
keys.addEventListener('click', (e) => {
const { target } = e;
const { value } = target;
if (!target.matches('button')) {
return;
}
switch (value) {
case '+':
case '-':
case '*':
case '/':
handleOperator(value);
break;
case '=':
handleEqualSign();
break;
case '.':
inputDecimal(value);
break;
case 'all-clear':
resetCalculator();
break;
default:
if (Number.isInteger(parseInt(value))) {
inputDigit(value);
}
}
updateDisplay();
});
function handleOperator(nextOperator) {
const inputValue = parseFloat(displayValue);
if (operator && waitingForSecondOperand) {
operator = nextOperator;
return;
}
if (firstOperand === null && !isNaN(inputValue)) {
firstOperand = inputValue;
} else if (operator) {
const result = calculate(firstOperand, inputValue, operator);
displayValue = `${parseFloat(result.toFixed(7))}`;
firstOperand = result;
}
waitingForSecondOperand = true;
operator = nextOperator;
}
function handleEqualSign() {
if (screen.value === '1+1') {
calculator.style.display = 'none';
chatContainer.style.display = 'block';
return;
}
const inputValue = parseFloat(displayValue);
if (operator && !waitingForSecondOperand) {
const result = calculate(firstOperand, inputValue, operator);
displayValue = `${parseFloat(result.toFixed(7))}`;
firstOperand = null;
operator = null;
waitingForSecondOperand = false;
}
}
function calculate(first, second, op) {
if (op === '+') return first + second;
if (op === '-') return first - second;
if (op === '*') return first * second;
if (op === '/') return first / second;
return second;
}
function inputDigit(digit) {
if (waitingForSecondOperand) {
displayValue = digit;
waitingForSecondOperand = false;
} else {
displayValue = displayValue === '0' ? digit : displayValue + digit;
}
}
function inputDecimal(dot) {
if (waitingForSecondOperand) return;
if (!displayValue.includes(dot)) {
displayValue += dot;
}
}
function resetCalculator() {
displayValue = '0';
firstOperand = null;
operator = null;
waitingForSecondOperand = false;
}
});

87
change_password.php Normal file
View File

@ -0,0 +1,87 @@
<?php
session_start();
require_once __DIR__ . '/db/config.php';
if (!isset($_SESSION['user_id']) || !$_SESSION['force_password_change']) {
header("Location: index.php");
exit;
}
$error = '';
$success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$password = $_POST['password'] ?? '';
$password_confirm = $_POST['password_confirm'] ?? '';
if (empty($password) || empty($password_confirm)) {
$error = "Please fill in both fields.";
} elseif ($password !== $password_confirm) {
$error = "Passwords do not match.";
} else {
try {
$pdo = db();
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("UPDATE users SET password = :password, force_password_change = 0 WHERE id = :id");
$stmt->execute([
':password' => $hashed_password,
':id' => $_SESSION['user_id']
]);
$_SESSION['force_password_change'] = 0;
$success = "Password changed successfully. You will be redirected to the main page in 3 seconds.";
header("refresh:3;url=index.php");
} catch (PDOException $e) {
$error = "Database error: " . $e->getMessage();
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Change Password</title>
<style>
/* Using the same style as the login page */
* { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; }
body { background: #1a1a2e; min-height: 100vh; display: flex; justify-content: center; align-items: center; padding: 20px; color: white; }
.container { width: 100%; max-width: 400px; text-align: center; }
.form-container { background: #1f1f3a; padding: 40px; border-radius: 16px; box-shadow: 0 10px 30px rgba(0,0,0,0.3); }
h1 { color: #e94560; margin-bottom: 20px; }
.form-group { margin-bottom: 20px; text-align: left; }
label { display: block; margin-bottom: 5px; color: #8f8f8f; }
input { width: 100%; padding: 12px; border-radius: 8px; border: 1px solid #3a3a5a; background: #1a1a2e; color: white; font-size: 1rem; }
button { width: 100%; padding: 12px; border: none; border-radius: 8px; background: #e94560; color: white; font-weight: 600; cursor: pointer; transition: background 0.3s; }
button:hover { background: #c93550; }
.error { color: #e94560; margin-bottom: 20px; }
.success { color: #00ff41; margin-bottom: 20px; }
</style>
</head>
<body>
<div class="container">
<div class="form-container">
<h1>Change Your Password</h1>
<p style="color: #8f8f8f; margin-bottom: 20px;">As a new user, you must change your password.</p>
<?php if ($error): ?>
<p class="error"><?= htmlspecialchars($error) ?></p>
<?php endif; ?>
<?php if ($success): ?>
<p class="success"><?= htmlspecialchars($success) ?></p>
<?php else: ?>
<form action="change_password.php" method="POST">
<div class="form-group">
<label for="password">New Password</label>
<input type="password" name="password" id="password" required>
</div>
<div class="form-group">
<label for="password_confirm">Confirm New Password</label>
<input type="password" name="password_confirm" id="password_confirm" required>
</div>
<button type="submit">Change Password</button>
</form>
<?php endif; ?>
</div>
</div>
</body>
</html>

64
db/add_friend_system.php Normal file
View File

@ -0,0 +1,64 @@
<?php
require_once 'config.php';
try {
$pdo = db();
// Check if the column exists
$stmt = $pdo->query("SHOW COLUMNS FROM users LIKE 'unique_id'");
$exists = $stmt->fetch(PDO::FETCH_ASSOC);
if ($exists) {
// Drop the unique key if it exists
try {
$pdo->exec("ALTER TABLE users DROP KEY unique_id");
} catch (PDOException $e) {
// Ignore error if the key doesn't exist
}
// Drop the column
$pdo->exec("ALTER TABLE users DROP COLUMN unique_id");
echo "Dropped existing unique_id column.\n";
}
// Add unique_id column to users table
$pdo->exec("ALTER TABLE users ADD COLUMN unique_id VARCHAR(16) NOT NULL AFTER id");
echo "Added unique_id column to users table.\n";
// Populate unique_id for existing users
$stmt = $pdo->query("SELECT id FROM users");
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
$updateStmt = $pdo->prepare("UPDATE users SET unique_id = ? WHERE id = ?");
foreach ($users as $user) {
$unique_id = substr(md5(uniqid(rand(), true)), 0, 8);
$updateStmt->execute([$unique_id, $user['id']]);
}
echo "Populated unique_id for existing users.\n";
// Add unique constraint
$pdo->exec("ALTER TABLE users ADD UNIQUE (unique_id)");
echo "Added unique constraint to unique_id column.\n";
// Create friends table
$pdo->exec("
CREATE TABLE IF NOT EXISTS friends (
id INT AUTO_INCREMENT PRIMARY KEY,
user_one_id INT NOT NULL,
user_two_id INT NOT NULL,
status ENUM('pending', 'accepted', 'declined', 'blocked') NOT NULL,
action_user_id INT NOT NULL,
FOREIGN KEY (user_one_id) REFERENCES users(id),
FOREIGN KEY (user_two_id) REFERENCES users(id),
FOREIGN KEY (action_user_id) REFERENCES users(id),
UNIQUE KEY unique_friendship (user_one_id, user_two_id)
)
");
echo "Created friends table.\n";
echo "Friend system database setup complete!\n";
} catch (PDOException $e) {
die("Database error: " . $e->getMessage());
}

19
db/create_messages_table.php Normal file
View File

@ -0,0 +1,19 @@
<?php
require 'config.php';
try {
$pdo = db();
$sql = "CREATE TABLE IF NOT EXISTS messages (
id INT AUTO_INCREMENT PRIMARY KEY,
sender_id INT NOT NULL,
recipient_id INT NOT NULL,
message TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (sender_id) REFERENCES users(id) ON DELETE CASCADE,
FOREIGN KEY (recipient_id) REFERENCES users(id) ON DELETE CASCADE
)";
$pdo->exec($sql);
echo "INFO: `messages` table created or already exists.";
} catch (PDOException $e) {
die("ERROR: Could not connect to the database: " . $e->getMessage());
}

47
db/setup.php Normal file
View File

@ -0,0 +1,47 @@
<?php
require_once __DIR__ . '/config.php';
try {
$pdo = db();
// Set the PDO error mode to exception
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
is_admin BOOLEAN NOT NULL DEFAULT 0,
force_password_change BOOLEAN NOT NULL DEFAULT 1,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
";
$pdo->exec($sql);
echo "Table 'users' created successfully." . PHP_EOL;
// Add admin user
$username = 'admin';
$password = 'admin';
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Check if admin user already exists
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->execute([':username' => $username]);
$user = $stmt->fetch();
if (!$user) {
$stmt = $pdo->prepare("INSERT INTO users (username, password, is_admin, force_password_change) VALUES (:username, :password, 1, 1)");
$stmt->execute([
':username' => $username,
':password' => $hashed_password
]);
echo "Admin user created successfully." . PHP_EOL;
} else {
echo "Admin user already exists." . PHP_EOL;
}
} catch(PDOException $e) {
die("ERROR: Could not connect. " . $e->getMessage());
}

508
index.php
View File

@ -1,150 +1,410 @@
<?php <?php
declare(strict_types=1); session_start();
@ini_set('display_errors', '1');
@error_reporting(E_ALL);
@date_default_timezone_set('UTC');
$phpVersion = PHP_VERSION;
$now = date('Y-m-d H:i:s');
?> ?>
<!doctype html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="utf-8" /> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>New Style</title> <title>Secure Messenger - Alpha Version</title>
<?php
// Read project preview data from environment
$projectDescription = $_SERVER['PROJECT_DESCRIPTION'] ?? '';
$projectImageUrl = $_SERVER['PROJECT_IMAGE_URL'] ?? '';
?>
<?php if ($projectDescription): ?>
<!-- Meta description -->
<meta name="description" content='<?= htmlspecialchars($projectDescription) ?>' />
<!-- Open Graph meta tags -->
<meta property="og:description" content="<?= htmlspecialchars($projectDescription) ?>" />
<!-- Twitter meta tags -->
<meta property="twitter:description" content="<?= htmlspecialchars($projectDescription) ?>" />
<?php endif; ?>
<?php if ($projectImageUrl): ?>
<!-- Open Graph image -->
<meta property="og:image" content="<?= htmlspecialchars($projectImageUrl) ?>" />
<!-- Twitter image -->
<meta property="twitter:image" content="<?= htmlspecialchars($projectImageUrl) ?>" />
<?php endif; ?>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap" rel="stylesheet">
<style> <style>
:root { * {
--bg-color-start: #6a11cb; margin: 0;
--bg-color-end: #2575fc; padding: 0;
--text-color: #ffffff; box-sizing: border-box;
--card-bg-color: rgba(255, 255, 255, 0.01); font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
--card-border-color: rgba(255, 255, 255, 0.1);
} }
body { body {
margin: 0; background: #1a1a2e;
font-family: 'Inter', sans-serif; min-height: 100vh;
background: linear-gradient(45deg, var(--bg-color-start), var(--bg-color-end));
color: var(--text-color);
display: flex; display: flex;
justify-content: center; justify-content: center;
align-items: center; align-items: center;
min-height: 100vh; padding: 20px;
text-align: center;
overflow: hidden;
position: relative;
} }
body::before { .container {
content: '';
position: absolute;
top: 0;
left: 0;
width: 100%; width: 100%;
height: 100%; max-width: 1200px;
background-image: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100" viewBox="0 0 100 100"><path d="M-10 10L110 10M10 -10L10 110" stroke-width="1" stroke="rgba(255,255,255,0.05)"/></svg>'); display: flex;
animation: bg-pan 20s linear infinite; flex-direction: column;
z-index: -1; align-items: center;
gap: 30px;
} }
@keyframes bg-pan { .header {
0% { background-position: 0% 0%; } text-align: center;
100% { background-position: 100% 100%; } margin-bottom: 20px;
color: white;
} }
main { .header h1 {
padding: 2rem; color: #e94560;
margin-bottom: 10px;
font-size: 2.5rem;
} }
.card { .header p {
background: var(--card-bg-color); color: #8f8f8f;
border: 1px solid var(--card-border-color); max-width: 600px;
border-radius: 16px; margin: 0 auto;
padding: 2rem;
backdrop-filter: blur(20px);
-webkit-backdrop-filter: blur(20px);
box-shadow: 0 8px 32px 0 rgba(0, 0, 0, 0.1);
}
.loader {
margin: 1.25rem auto 1.25rem;
width: 48px;
height: 48px;
border: 3px solid rgba(255, 255, 255, 0.25);
border-top-color: #fff;
border-radius: 50%;
animation: spin 1s linear infinite;
}
@keyframes spin {
from { transform: rotate(0deg); }
to { transform: rotate(360deg); }
}
.hint {
opacity: 0.9;
}
.sr-only {
position: absolute;
width: 1px; height: 1px;
padding: 0; margin: -1px;
overflow: hidden;
clip: rect(0, 0, 0, 0);
white-space: nowrap; border: 0;
}
h1 {
font-size: 3rem;
font-weight: 700;
margin: 0 0 1rem;
letter-spacing: -1px;
}
p {
margin: 0.5rem 0;
font-size: 1.1rem; font-size: 1.1rem;
} }
code { .app-container {
background: rgba(0,0,0,0.2); display: flex;
padding: 2px 6px; justify-content: center;
border-radius: 4px; gap: 30px;
font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace; flex-wrap: wrap;
} }
footer { .app-window {
position: absolute; width: 100%;
bottom: 1rem; max-width: 1000px;
font-size: 0.8rem; height: 750px;
opacity: 0.7; border-radius: 16px;
overflow: hidden;
box-shadow: 0 10px 30px rgba(0,0,0,0.3);
display: flex;
flex-direction: column;
background: white;
} }
/* Login Form Styles */
.login-container { padding: 40px; color: white; width: 100%; height: 100%; display: flex; flex-direction: column; justify-content: center; background: #1a1a2e; }
.login-container h2 { color: #e94560; margin-bottom: 20px; text-align: center; }
.login-form .form-group { margin-bottom: 15px; }
.login-form label { display: block; margin-bottom: 5px; color: #8f8f8f; }
.login-form input { width: 100%; padding: 10px; border-radius: 5px; border: 1px solid #3a3a5a; background: #1a1a2e; color: white; }
.login-form button { width: 100%; padding: 12px; border: none; border-radius: 8px; background: #e94560; color: white; font-weight: 600; cursor: pointer; transition: background 0.3s; margin-top: 10px; }
.login-form button:hover { background: #c93550; }
.login-error { color: #e94560; margin-bottom: 15px; text-align: center; }
/* Chat UI Styles */
#chat-app { display: flex; height: 100%; color: #333; }
.sidebar { width: 300px; border-right: 1px solid #eee; background: #f7f7f7; overflow-y: auto; display: flex; flex-direction: column; }
.sidebar-section { padding: 20px; border-bottom: 1px solid #eee; }
.sidebar-section h3 { color: #e94560; margin-bottom: 15px; }
.sidebar-section ul { list-style: none; }
.sidebar-section li { padding: 10px; cursor: pointer; border-radius: 5px; margin-bottom: 5px; }
.sidebar-section li:hover, .sidebar-section li.active { background: #e9e9e9; }
#my-unique-id-display { font-weight: bold; color: #333; }
#add-friend-form { display: flex; gap: 5px; }
#add-friend-input { flex-grow: 1; padding: 8px; border: 1px solid #ddd; border-radius: 5px; }
#add-friend-form button { padding: 8px 12px; border: none; background: #e94560; color: white; border-radius: 5px; cursor: pointer; }
#search-results li, #friend-requests li { display: flex; justify-content: space-between; align-items: center; }
.action-btn { padding: 5px 8px; border: none; border-radius: 5px; color: white; cursor: pointer; }
.add-btn { background: #4CAF50; }
.accept-btn { background: #4CAF50; }
.decline-btn { background: #f44336; margin-left: 5px; }
.chat-area { flex-grow: 1; display: flex; flex-direction: column; }
.chat-header { background: #f7f7f7; padding: 15px; border-bottom: 1px solid #eee; display: flex; justify-content: space-between; align-items: center; }
.chat-header h3 { color: #e94560; font-size: 1.2rem; }
.logout-btn { color: #e94560; text-decoration: none; font-weight: 600; }
.chat-messages { flex-grow: 1; padding: 20px; overflow-y: auto; display: flex; flex-direction: column; gap: 15px; }
.message { max-width: 80%; padding: 10px 15px; border-radius: 18px; line-height: 1.4; }
.message.sent { background: #e94560; color: white; align-self: flex-end; border-bottom-right-radius: 4px; }
.message.received { background: #f1f1f1; color: #333; align-self: flex-start; border-bottom-left-radius: 4px; }
.chat-welcome { text-align: center; color: #aaa; margin-top: 50px; }
.chat-input-form { display: flex; padding: 15px; border-top: 1px solid #eee; background: #f7f7f7; }
.chat-input-form input { flex-grow: 1; border: 1px solid #ddd; border-radius: 20px; padding: 10px 15px; font-size: 1rem; }
.chat-input-form button { background: #e94560; color: white; border: none; border-radius: 20px; padding: 10px 20px; margin-left: 10px; cursor: pointer; font-weight: 600; }
.image-upload-btn { padding: 10px; cursor: pointer; font-size: 1.5rem; color: #8f8f8f; }
</style> </style>
</head> </head>
<body> <body>
<main> <div class="container">
<div class="card"> <div class="header">
<h1>Analyzing your requirements and generating your website…</h1> <h1>Secure Messenger</h1>
<div class="loader" role="status" aria-live="polite" aria-label="Applying initial changes"> <p>Alpha Version - <?php echo isset($_SESSION['user_id']) ? "Welcome, " . htmlspecialchars($_SESSION['username']) : "Please log in"; ?></p>
<span class="sr-only">Loading…</span>
</div> </div>
<p class="hint"><?= ($_SERVER['HTTP_HOST'] ?? '') === 'appwizzy.com' ? 'AppWizzy' : 'Flatlogic' ?> AI is collecting your requirements and applying the first changes.</p> <div class="app-container">
<p class="hint">This page will update automatically as the plan is implemented.</p> <div id="app-window" class="app-window">
<p>Runtime: PHP <code><?= htmlspecialchars($phpVersion) ?></code> — UTC <code><?= htmlspecialchars($now) ?></code></p> <?php if (isset($_SESSION['user_id'])): ?>
<div id="chat-app">
<div class="sidebar">
<div class="sidebar-section">
<h3>Your Unique ID</h3>
<p id="my-unique-id-display">Loading...</p>
</div> </div>
</main> <div class="sidebar-section">
<footer> <h3>Add a Friend</h3>
Page updated: <?= htmlspecialchars($now) ?> (UTC) <form id="add-friend-form">
</footer> <input type="text" id="add-friend-input" placeholder="Enter Unique ID">
<button type="submit">Search</button>
</form>
<ul id="search-results"></ul>
</div>
<div class="sidebar-section">
<h3>Friend Requests</h3>
<ul id="friend-requests"></ul>
</div>
<div class="sidebar-section">
<h3>Friends</h3>
<ul id="friends-ul"></ul>
</div>
</div>
<div class="chat-area">
<div class="chat-header">
<h3 id="chat-with-user">Select a friend to chat</h3>
<div>
<?php if (isset($_SESSION['is_admin']) && $_SESSION['is_admin']): ?>
<a href="admin.php" class="logout-btn">Admin</a> |
<?php endif; ?>
<a href="logout.php" class="logout-btn">Logout</a>
</div>
</div>
<div class="chat-messages" id="chat-messages">
<div class="chat-welcome">
<h2>Welcome, <?php echo htmlspecialchars($_SESSION['username']); ?>!</h2>
<p>Select a friend from the list to start a conversation.</p>
</div>
</div>
<form class="chat-input-form" id="message-form" style="display: none;" enctype="multipart/form-data">
<input type="text" id="message-input" placeholder="Type a message..." autocomplete="off">
<input type="file" id="image-input" accept="image/*" style="display: none;">
<label for="image-input" class="image-upload-btn">&#128247;</label>
<button type="submit">Send</button>
</form>
</div>
</div>
<?php else: ?>
<div class="login-container">
<h2>Login</h2>
<?php
if (isset($_SESSION['login_error'])) {
echo '<p class="login-error">' . htmlspecialchars($_SESSION['login_error']) . '</p>';
unset($_SESSION['login_error']);
}
?>
<form action="login.php" method="POST" class="login-form">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" required>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" id="password" required>
</div>
<button type="submit">Login</button>
</form>
</div>
<?php endif; ?>
</div>
</div>
</div>
<script>
<?php if (isset($_SESSION['user_id'])): ?>
const friendsUl = document.getElementById('friends-ul');
const chatMessages = document.getElementById('chat-messages');
const messageForm = document.getElementById('message-form');
const messageInput = document.getElementById('message-input');
const imageInput = document.getElementById('image-input');
const chatWithUser = document.getElementById('chat-with-user');
const myUniqueIdDisplay = document.getElementById('my-unique-id-display');
const addFriendForm = document.getElementById('add-friend-form');
const addFriendInput = document.getElementById('add-friend-input');
const searchResultsUl = document.getElementById('search-results');
const friendRequestsUl = document.getElementById('friend-requests');
let currentRecipientId = null;
let messagePollingInterval = null;
async function getMyUniqueId() {
const response = await fetch('api.php?action=get_my_unique_id');
const data = await response.json();
if (data.unique_id) {
myUniqueIdDisplay.textContent = data.unique_id;
}
}
addFriendForm.addEventListener('submit', async (e) => {
e.preventDefault();
const query = addFriendInput.value.trim();
if (!query) return;
const response = await fetch(`api.php?action=search_users&query=${query}`);
const users = await response.json();
searchResultsUl.innerHTML = '';
users.forEach(user => {
const li = document.createElement('li');
li.innerHTML = `<span>${user.username} (${user.unique_id})</span> <button class="action-btn add-btn" data-user-id="${user.id}">Add</button>`;
searchResultsUl.appendChild(li);
});
});
searchResultsUl.addEventListener('click', async (e) => {
if (e.target.classList.contains('add-btn')) {
const userId = e.target.dataset.userId;
const response = await fetch('api.php?action=send_friend_request', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ user_id: userId })
});
const result = await response.json();
if (result.success) {
alert('Friend request sent!');
e.target.parentElement.remove();
} else {
alert(`Error: ${result.error}`);
}
}
});
async function getFriendRequests() {
const response = await fetch('api.php?action=get_friend_requests');
const requests = await response.json();
friendRequestsUl.innerHTML = '';
requests.forEach(req => {
const li = document.createElement('li');
li.innerHTML = `<span>${req.username} (${req.unique_id})</span> <div><button class="action-btn accept-btn" data-request-id="${req.id}">Accept</button><button class="action-btn decline-btn" data-request-id="${req.id}">Decline</button></div>`;
friendRequestsUl.appendChild(li);
});
}
friendRequestsUl.addEventListener('click', async (e) => {
const target = e.target;
const requestId = target.dataset.requestId;
let status = '';
if (target.classList.contains('accept-btn')) {
status = 'accepted';
} else if (target.classList.contains('decline-btn')) {
status = 'declined';
} else {
return;
}
const response = await fetch('api.php?action=update_friend_request', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ request_id: requestId, status: status })
});
const result = await response.json();
if (result.success) {
alert(`Friend request ${status}.`);
getFriendRequests();
fetchFriends();
} else {
alert(`Error: ${result.error}`);
}
});
async function fetchFriends() {
const response = await fetch('api.php?action=get_friends');
const friends = await response.json();
friendsUl.innerHTML = '';
friends.forEach(friend => {
const li = document.createElement('li');
li.textContent = friend.username;
li.dataset.userId = friend.id;
li.addEventListener('click', () => selectUser(friend));
friendsUl.appendChild(li);
});
}
function selectUser(user) {
currentRecipientId = user.id;
chatWithUser.textContent = `Chat with ${user.username}`;
document.querySelectorAll('#friends-ul li').forEach(li => li.classList.remove('active'));
document.querySelector(`#friends-ul li[data-user-id='${user.id}']`).classList.add('active');
messageForm.style.display = 'flex';
chatMessages.innerHTML = '';
fetchMessages();
if (messagePollingInterval) clearInterval(messagePollingInterval);
messagePollingInterval = setInterval(fetchMessages, 3000);
}
let currentMessageCount = 0;
async function fetchMessages(forceScroll = false) {
if (!currentRecipientId) return;
try {
const response = await fetch(`api.php?action=get_messages&user_id=${currentRecipientId}`);
if (!response.ok) throw new Error('Failed to fetch messages.');
const messages = await response.json();
if (messages.length === currentMessageCount && !forceScroll) {
return;
}
currentMessageCount = messages.length;
chatMessages.innerHTML = '';
messages.forEach(msg => {
const messageEl = document.createElement('div');
messageEl.classList.add('message', msg.sender_id == <?php echo $_SESSION['user_id']; ?> ? 'sent' : 'received');
let content = '';
if (msg.message) {
content += `<p>${escapeHTML(msg.message)}</p>`;
}
if (msg.image_url) {
content += `<img src="${msg.image_url}" alt="Image" style="max-width: 100%; border-radius: 10px; margin-top: 5px;">`;
}
messageEl.innerHTML = content;
chatMessages.appendChild(messageEl);
});
chatMessages.scrollTop = chatMessages.scrollHeight;
} catch (error) {
console.error("Error fetching messages:", error);
}
}
messageForm.addEventListener('submit', async (e) => {
e.preventDefault();
const messageText = messageInput.value.trim();
const imageFile = imageInput.files[0];
if (messageText === '' && !imageFile) return;
const formData = new FormData();
formData.append('recipient_id', currentRecipientId);
formData.append('message', messageText);
if (imageFile) {
formData.append('image', imageFile);
}
messageInput.value = '';
imageInput.value = '';
try {
const response = await fetch('api.php?action=send_message', {
method: 'POST',
body: formData
});
if (!response.ok) throw new Error('Failed to send message.');
await fetchMessages(true);
} catch (error) {
console.error("Error sending message:", error);
}
});
function escapeHTML(str) {
if (!str) return '';
return str.replace(/[&<>"']/g,
tag => ({
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
}[tag] || tag)
);
}
// Initial data fetch
getMyUniqueId();
getFriendRequests();
fetchFriends();
setInterval(getFriendRequests, 10000); // Poll for new friend requests every 10 seconds
<?php endif; ?>
</script>
</body> </body>
</html> </html>

57
login.php Normal file
View File

@ -0,0 +1,57 @@
<?php
session_start();
require_once __DIR__ . '/db/config.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: index.php');
exit;
}
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$_SESSION['login_error'] = "Username and password are required.";
header('Location: index.php');
exit;
}
try {
$pdo = db();
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$stmt->execute([':username' => $username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
// For admin user, ensure force_password_change is always off
if ($user['username'] === 'admin' && $user['force_password_change']) {
$updateStmt = $pdo->prepare("UPDATE users SET force_password_change = 0 WHERE id = :id");
$updateStmt->execute([':id' => $user['id']]);
$user['force_password_change'] = 0; // Update the local variable as well
}
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['is_admin'] = $user['is_admin'];
// This session variable is no longer strictly needed but left for compatibility
$_SESSION['force_password_change'] = $user['force_password_change'];
if ($user['force_password_change']) {
header("Location: change_password.php");
} else {
header("Location: index.php");
}
exit;
} else {
$_SESSION['login_error'] = "Invalid username or password.";
header('Location: index.php');
exit;
}
} catch (PDOException $e) {
error_log("Database error in login.php: " . $e->getMessage());
$_SESSION['login_error'] = "A database error occurred. Please try again later.";
header('Location: index.php');
exit;
}
?>

7
logout.php Normal file
View File

@ -0,0 +1,7 @@
<?php
session_start();
session_unset();
session_destroy();
header("Location: index.php");
exit;
?>