From a61846beab17266c3eb8cbe93db812b7ffee9d2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kasper=20Rynning-T=C3=B8nnesen?= <kassto2@hotmail.com>
Date: Thu, 12 Feb 2015 13:43:14 +0100
Subject: [PATCH] Fixing backend bugs with admin password and added new error
 message

---
 index.php      |  2 +-
 js/admin.js    | 13 +++++++++++--
 js/search.js   |  1 +
 php/change.php | 25 +++++++++++++------------
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/index.php b/index.php
index e9a6b7ba..07b63e25 100755
--- a/index.php
+++ b/index.php
@@ -12,7 +12,7 @@
 </head>
 <body>
 	<div id="sBar"></div>
-	<div id="eBar">Error: Wrong Admin Password</div>
+	<div id="eBar"></div>
     <div class="bgimage" id="bgimage"></div>
 	<div class="top vcent centered">
 		<div id="change" class="small">
diff --git a/js/admin.js b/js/admin.js
index b651b085..07e0d0d1 100755
--- a/js/admin.js
+++ b/js/admin.js
@@ -42,7 +42,11 @@ function submitAdmin(form)
 		document.getElementById("sBar").innerHTML = "Successfully applied settings.";
 		$("#sBar").addClass("opacityFull");
 		document.getElementById("passbox").value = "";
-	}else{ $("#eBar").addClass("opacityFull");document.getElementById("passbox").value = "";/*$("#adminPanel").addClass("fadeerror");*/}
+	}else{ 
+		document.getElementById("sBar").innerHTML = "Error: Wrong Admin Password!";
+		$("#eBar").addClass("opacityFull");
+		document.getElementById("passbox").value = "";/*$("#adminPanel").addClass("fadeerror");*/
+	}
 
 	console.log(pass_corr);
 	updateList();
@@ -72,8 +76,13 @@ function shuffle(form)
 		document.getElementById("sBar").innerHTML = "Successfully shuffled playlist.";
 		$("#sBar").addClass("opacityFull");
 		updateList();
-	}else if(confRes = "wrong!")
+	}else if(confRes = "wrong!"){
+		document.getElementById("sBar").innerHTML = "Error: Wrong Admin Password!";
 		$("#eBar").addClass("opacityFull");
+	}else if(confRes = "size"){
+		document.getElementById("sBar").innerHTML = "Error: Empty Playlist!";
+		$("#eBar").addClass("opacityFull");
+	}
 	setTimeout(function(){
 		$("#adminPanel").removeClass("success");
 		$("#adminPanel").removeClass("fadeerror");
diff --git a/js/search.js b/js/search.js
index 5ed58cb7..dfcc64e8 100755
--- a/js/search.js
+++ b/js/search.js
@@ -202,6 +202,7 @@ function submit(id,title,type){
 	{
 		//alert("Wrong adminpassword");
 		$("#search").addClass("error");
+		document.getElementById("sBar").innerHTML = "Error: Wrong Admin Password!";
 		$("#eBar").addClass("opacityFull");
 	}else{
 		//$("#search").addClass("success");
diff --git a/php/change.php b/php/change.php
index 4048ceeb..d7c0e542 100755
--- a/php/change.php
+++ b/php/change.php
@@ -8,7 +8,7 @@ if($list[1]==""||!isset($list[1])||count($list)<=1)$list="videos";
 else $list=$list[1];
 
 $list="../lists/".$list.".json";                                   //actually setting the list for the target. Under is the array for an empty list being created
-$array = array("nowPlaying" => array("30H2Z8Lr-4c" => array("id" => "30H2Z8Lr-4c", "title" => "Empty Channel, search to add a video")), "songs" => array(), "conf" => array("startTime" => time(), "views" => array(), "skips" => array()));
+$array = array("nowPlaying" => array("30H2Z8Lr-4c" => array("id" => "30H2Z8Lr-4c", "title" => "Empty Channel, search to add a video")), "songs" => array(), "conf" => array("startTime" => time(), "views" => array(), "skips" => array(), "vote" => "false", "addsongs" => "false", "longsongs" => "true", "frontpage" => "true", "allvideos" => "true", "removeplay" => "false", "adminpass" => ""));
 $array = json_encode($array);                                      //encoding the array
 $f = @fopen($list,"x");                                            //opening a file, ignoring warnings
 if($f){ fwrite($f,$array); fclose($f); }                           //if the file doesn't exist, we create a new one, and adds the newly made array there
@@ -27,8 +27,12 @@ if(isset($_REQUEST['shuffle'])){ //shuffle songs  in list
     $q = array_key_exists("adminpass", $q);
     $pass = htmlspecialchars($_GET['pass']);
     $x = explode("/", htmlspecialchars(strtolower($_SERVER["REQUEST_URI"])));
-    $pass=crypt($pass, '$6$rounds=9001$'.$x[1].'Fuck0ffuSn34kyn!ggerzZ$');
-    if($pass == $data["conf"]["adminpass"]) {
+    if($pass != "")
+        $pass=crypt($pass, '$6$rounds=9001$'.$x[1].'Fuck0ffuSn34kyn!ggerzZ$');
+    if(sizeof($data["songs"]) == 0){
+        die("size");
+    }
+    if($pass == $data["conf"]["adminpass"] || $data["conf"]["adminpass"] == "") {
 
         //shuffle($data["songs"]);
         foreach($data["songs"] as $k=>$v) { 
@@ -120,7 +124,8 @@ else if(isset($_GET['v'])){                                             //if it
         $name = htmlspecialchars($_GET['n']);                           //name of the video
         if($np[0]["id"] == "30H2Z8Lr-4c")
         {
-            $q = array("nowPlaying" => array($video => array("id" => $video, "title" => $name, "votes" => 0, "added" => time(), "guids" => array())), "songs" => array(), "conf" => array("startTime" => time(), "views" => array(), "skips" => array()));
+            $q = array("nowPlaying" => array($video => array("id" => $video, "title" => $name, "votes" => 0, "added" => time(), "guids" => array())), "songs" => array(), "conf" => array("startTime" => time(), "views" => array(), "skips" => array(), "vote" => "false", "addsongs" => "false", "longsongs" => "true", "frontpage" => "true", "allvideos" => "true", "removeplay" => "false", "adminpass" => ""));
+            //$q = array("nowPlaying" => array($video => array("id" => $video, "title" => $name, "votes" => 0, "added" => time(), "guids" => array())), "songs" => array(), "conf" => array("startTime" => time(), "views" => array(), "skips" => array()));
             $q["nowPlaying"][$video]["votes"] = 1;                         //Upping the votes, so it comes further up than the ones already played
             array_push($q["nowPlaying"][$video]["guids"], $guid); 
             file_put_contents($list, json_encode($q));
@@ -243,17 +248,13 @@ else if(isset($_GET['skip'])){                                          //skip,
 	$data["conf"]["allvideos"] = $_POST['allvideos'];
 	$data["conf"]["removeplay"] = $_POST['removeplay'];
 	$pass = htmlspecialchars($_POST['pass']);
-    $x = explode("/", htmlspecialchars(strtolower($_SERVER["REQUEST_URI"])));
-    $pass=crypt($pass, '$6$rounds=9001$'.$x[1].'Fuck0ffuSn34kyn!ggerzZ$');
+    if($pass != ""){
+        $x = explode("/", htmlspecialchars(strtolower($_SERVER["REQUEST_URI"])));
+        $pass=crypt($pass, '$6$rounds=9001$'.$x[1].'Fuck0ffuSn34kyn!ggerzZ$');
+    }
     $q = $data["conf"];
 	$q = array_key_exists("adminpass", $q);
 
-    //$data["conf"]["vote"] = $vote;
-    //$data["conf"]["addsongs"] = $addsongs;
-    //$data["conf"]["longsongs"] = $longsongs;
-    //$data["conf"]["frontpage"] = $frontpage;
-    //$data["conf"]["allvideos"] = $allvideos;
-    //$data["conf"]["removeplay"] = $removeplay;
 	if($data["conf"]["adminpass"] == $pass || $q != 1 || $data["conf"]["adminpass"] == "")                      //if the password is the same as the one in the jsonfile, we are updating the settings (not in use yet)
 	{
 		$data["conf"]["adminpass"] = $pass;