meowboard/install.php

88 lines
3.3 KiB
PHP
Raw Normal View History

2023-10-06 14:48:06 +01:00
<?php
$sitename = "meowboard";
include 'include/templates.php';
include 'include/uuid.php';
2023-10-06 14:48:06 +01:00
if (file_exists("meowboard.db")) {
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
2023-10-06 14:48:06 +01:00
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
if (empty($_POST['password'])) {
die("No admin password.");
}
// The password is hashed before being entered into the database for security reasons.
// It is then hashed with the salt and pepper.
$password = hash("sha512", $_POST['password']);
$sitename = $_POST['sitename'];
if(empty($sitename)) {
die("No site name.");
}
if(empty($username)) {
die("No admin username.");
}
$salt = random_bytes(128);
$saltHex = bin2hex($salt);
$pepper = random_bytes(64);
$pepperHex = bin2hex($pepper);
$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);
class Store extends SQLite3
{
function __construct()
{
$this->open('meowboard.db');
}
}
// This creates the database file on the system automatically.
$db = new Store();
// Initialise tables in the database.
$db->exec('CREATE TABLE users(uuid TEXT UNIQUE PRIMARY KEY NOT NULL, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
2023-10-06 14:48:06 +01:00
$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, uuid TEXT NOT NULL, expiry INTEGER)');
// Create UUID and place it into binding to add for the admin user.
$uuidBinding = genUuid4();
2023-10-06 14:48:06 +01:00
// Add the admin user to the database.
$insert_user_query = $db->prepare('INSERT INTO users (uuid, username, password, pepper, admin) VALUES (?, ?, ?, ?, 1)');
$insert_user_query->bindParam(1, $uuidBinding, SQLITE3_TEXT);
$insert_user_query->bindParam(2, $username, SQLITE3_TEXT);
$insert_user_query->bindParam(3, $passwordFinal, SQLITE3_TEXT);
$insert_user_query->bindParam(4, $pepperHex, SQLITE3_TEXT);
2023-10-06 14:48:06 +01:00
$result = $insert_user_query->execute();
// Add the salt into the database otherwise it will be impossible to login.
// Also add site name in.
$insert_salt_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("salt", ?)');
$insert_salt_query->bindParam(1, $saltHex, SQLITE3_TEXT);
$result = $insert_salt_query->execute();
$insert_sitename_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("sitename", ?)');
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
$result = $insert_sitename_query->execute();
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">Install complete.");
2023-10-06 14:48:06 +01:00
} else {
showHeader(1);
echo '<h3>Install meowboard</h3>';
echo '<h2>Admin account credentials</h2>';
echo '<form method="post"><label for="username">Username</label><br/> <input type="text" id="username" name="username"/> <br/>';
echo '<label for="password">Password</label><br/> <input type="password" id="password" name="password" /> <br/>';
echo '<h2>Site settings</h2>';
echo '<label for="sitename">Site name</label><br/> <input type="text" id="sitename" name="sitename"/> <br/>';
echo '<br/><button>install</button></form>';
echo $footer;
}
?>