meowboard/include/db.php

222 lines
5.8 KiB
PHP
Raw Normal View History

2023-10-06 14:48:06 +01:00
<?php
include 'uuid.php';
2023-10-06 14:48:06 +01:00
if(!file_exists("meowboard.db")) {
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
2023-10-06 14:48:06 +01:00
}
class Store extends SQLite3
{
function __construct()
{
$this->open('meowboard.db');
}
}
$db = new Store();
$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");
$result = $sitenameStatement->execute();
$sitename = $result->fetchArray()[1];
function saltString($string) {
global $db;
$saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");
$result = $saltStatement->execute();
$salt = $result->fetchArray()[1];
return hash("sha512", $string . $salt);
}
function verifyPassword($username, $password) {
global $db;
$password = hash("sha512", $password);
$grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
2023-10-06 14:48:06 +01:00
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
$result = $grabUser->execute();
$resultArray = $result->fetchArray();
$storedPassword = $resultArray[0];
$pepper = $resultArray[1];
2023-10-06 14:48:06 +01:00
$passwordFinal = hash("sha512", saltString($password) . $pepper);
if ($passwordFinal != $storedPassword) {
return 0;
}
return 1;
}
function issueSessionToken($username) {
global $db;
$token = bin2hex(random_bytes(256));
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
$expiry = time() + 2_419_200_000; // 28 days.
$uuid = usernameToUuid($username);
2023-10-06 14:48:06 +01:00
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
2023-10-06 14:48:06 +01:00
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
2023-10-06 14:48:06 +01:00
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
$result = $insertTokenStatement->execute();
return $token;
}
function addImage($location, $uploader, $tags) {
global $db;
$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
$insertStatement->bindParam(1, $location, SQLITE3_TEXT);
$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
$result = $insertStatement->execute();
}
2023-10-06 14:48:06 +01:00
function flushSessionTokens() {
global $db;
$timestamp = time();
2023-10-06 14:48:06 +01:00
$flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");
$flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER);
2023-10-06 14:48:06 +01:00
$flushStatement->execute();
}
function purgeSessionTokens() {
global $db;
$db->execute("DELETE FROM tokens");
}
function deleteSessionToken($token) {
global $db;
$tokenStore = saltString($token);
$deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");
$deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$deleteStatement->execute();
}
function checkSessionToken($token) {
global $db;
flushSessionTokens();
$tokenStore = saltString($token);
$getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
$tokenInDB = $result->fetchArray()[0];
if ($tokenInDB == $tokenStore) { return 1; }
return 0;
}
function tokenToUuid($token) {
2023-10-06 14:48:06 +01:00
global $db;
$tokenStore = saltString($token);
$getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
2023-10-06 14:48:06 +01:00
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
$uuid = $result->fetchArray()[0];
2023-10-06 14:48:06 +01:00
return $uuid;
2023-10-06 14:48:06 +01:00
}
function isAdmin($uuid) {
2023-10-06 14:48:06 +01:00
global $db;
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
$getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
2023-10-06 14:48:06 +01:00
$result = $getTokenStatement->execute();
return $result->fetchArray()[0];
}
function loggedInCheck() {
if(!isset($_COOKIE["meowboardSession"])){
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
if(isset($_COOKIE["meowboardSession"])){
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
setcookie("meowboardSession", "", 1);
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
}
}
function getImageAmount() {
global $db;
$statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1");
$result = $statement->execute();
return $result->fetchArray()[0];
}
function getAmountOfPages() {
$maxId = getImageAmount();
return ceil($maxId/10);
}
function getImages($page = 0) {
global $db;
$data = array();
$maxId = getImageAmount();
$upperBound = ((int)$maxId-((int)$page*10));
$lowerBound = $upperBound-10;
$t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it.
$getStatement = $db->prepare("SELECT location, tags FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10");
$getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER);
$getStatement->bindParam(2, $t2, SQLITE3_INTEGER);
$result = $getStatement->execute();
while ($res = $result->fetchArray(1))
{
array_push($data, $res);
}
return $data;
}
2024-08-01 14:06:36 +01:00
function getImage($id) {
global $db;
$data = array();
$getStatement = $db->prepare("SELECT location, uploader, tags FROM images where id = ?");
$getStatement->bindParam(1, $id, SQLITE3_INTEGER);
$result = $getStatement->execute();
while ($res = $result->fetchArray(1))
{
array_push($data, $res);
}
return $data;
}
function usernameToUuid($username) {
global $db;
$getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
$getStatement->bindParam(1, $username, SQLITE3_TEXT);
$result = $getStatement->execute();
return $result->fetchArray()[0];
}
2024-08-01 14:06:36 +01:00
function uuidToUsername($uuid) {
global $db;
$getStatement = $db->prepare("SELECT username FROM users WHERE uuid = ?");
$getStatement->bindParam(1, $uuid, SQLITE3_TEXT);
$result = $getStatement->execute();
return $result->fetchArray()[0];
}
2023-10-06 14:48:06 +01:00
?>