getToken()) { header('Location: ../index.php?msg=Invalid token. Please login.'); } else if (!$admin->is_admin) { header('Location: ../index.php?msg=Looks like that you are not administrator :('); } } else { header('Location: ../index.php?msg=Illegal access. Please login.'); } /* * No protection here, * I don't think you wanna fuck yourself :( */ if (isset($_GET['action'])) { $action = $_GET['action']; $user = new user($_GET['uname']); if ($action == "upload") { $type = isset($_GET['type']) ? $_GET['type'] : "skin"; $file = isset($_FILES['file']) ? $_FILES['file'] : null; if (!is_null($file)) { if ($user->setTexture($type, $file)) { $json['errno'] = 0; $json['msg'] = "Skin uploaded successfully."; } else { $json['errno'] = 1; $json['msg'] = "Uncaught error."; } } else { utils::raise(1, 'No input file selected'); } } else if ($action == "change") { if (user::checkValidPwd($_POST['passwd'])) { $user->changePasswd($_POST['passwd']); $json['errno'] = 0; $json['msg'] = "Password of ".$_GET['uname']." changed successfully."; } // Will raise exception if password invalid } else if ($action == "delete") { $user->unRegister(); $json['errno'] = 0; $json['msg'] = "Account successfully deleted."; } else if ($action == "model") { if (isset($_POST['model']) && $_POST['model'] == 'slim' || $_POST['model'] == 'default') { $user->setPreference($_POST['model']); $json['errno'] = 0; $json['msg'] = "Model preference of ".$_GET['uname']." changed to ".$_POST['model']." successfully."; } else { utils::raise(1, 'Illegal parameters'); } } else { utils::raise(1, 'Illegal parameters'); } } echo json_encode($json);