2023-10-06 14:48:06 +01:00
|
|
|
<?php
|
2024-08-01 12:48:29 +01:00
|
|
|
include 'uuid.php';
|
|
|
|
|
2023-10-06 14:48:06 +01:00
|
|
|
if(!file_exists("meowboard.db")) {
|
2024-07-28 00:31:40 +01:00
|
|
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
|
2023-10-06 14:48:06 +01:00
|
|
|
}
|
|
|
|
class Store extends SQLite3
|
|
|
|
{
|
|
|
|
function __construct()
|
|
|
|
{
|
|
|
|
$this->open('meowboard.db');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$db = new Store();
|
|
|
|
$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");
|
|
|
|
$result = $sitenameStatement->execute();
|
|
|
|
$sitename = $result->fetchArray()[1];
|
|
|
|
|
|
|
|
function saltString($string) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");
|
|
|
|
$result = $saltStatement->execute();
|
|
|
|
$salt = $result->fetchArray()[1];
|
|
|
|
|
|
|
|
return hash("sha512", $string . $salt);
|
|
|
|
}
|
|
|
|
|
|
|
|
function verifyPassword($username, $password) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$password = hash("sha512", $password);
|
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
$grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
|
2023-10-06 14:48:06 +01:00
|
|
|
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
|
|
|
|
$result = $grabUser->execute();
|
|
|
|
$resultArray = $result->fetchArray();
|
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
$storedPassword = $resultArray[0];
|
|
|
|
$pepper = $resultArray[1];
|
2023-10-06 14:48:06 +01:00
|
|
|
|
|
|
|
$passwordFinal = hash("sha512", saltString($password) . $pepper);
|
|
|
|
if ($passwordFinal != $storedPassword) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
function issueSessionToken($username) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$token = bin2hex(random_bytes(256));
|
|
|
|
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
|
|
|
|
$expiry = time() + 2_419_200_000; // 28 days.
|
2024-08-01 12:48:29 +01:00
|
|
|
$uuid = usernameToUuid($username);
|
2023-10-06 14:48:06 +01:00
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
|
2023-10-06 14:48:06 +01:00
|
|
|
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
2024-08-01 12:48:29 +01:00
|
|
|
$insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
|
2023-10-06 14:48:06 +01:00
|
|
|
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
|
|
|
|
$result = $insertTokenStatement->execute();
|
|
|
|
|
|
|
|
return $token;
|
|
|
|
}
|
|
|
|
|
2024-07-28 19:28:08 +01:00
|
|
|
function addImage($location, $uploader, $tags) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
|
|
|
|
$insertStatement->bindParam(1, $location, SQLITE3_TEXT);
|
|
|
|
$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
|
|
|
|
$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
|
|
|
|
$result = $insertStatement->execute();
|
|
|
|
}
|
|
|
|
|
2023-10-06 14:48:06 +01:00
|
|
|
function flushSessionTokens() {
|
|
|
|
global $db;
|
2024-07-28 21:23:46 +01:00
|
|
|
$timestamp = time();
|
2023-10-06 14:48:06 +01:00
|
|
|
|
|
|
|
$flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");
|
2024-07-28 21:23:46 +01:00
|
|
|
$flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER);
|
2023-10-06 14:48:06 +01:00
|
|
|
$flushStatement->execute();
|
|
|
|
}
|
|
|
|
|
|
|
|
function purgeSessionTokens() {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$db->execute("DELETE FROM tokens");
|
|
|
|
}
|
|
|
|
|
|
|
|
function deleteSessionToken($token) {
|
|
|
|
global $db;
|
|
|
|
$tokenStore = saltString($token);
|
|
|
|
|
|
|
|
$deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");
|
|
|
|
$deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
|
|
|
$deleteStatement->execute();
|
|
|
|
}
|
|
|
|
|
|
|
|
function checkSessionToken($token) {
|
|
|
|
global $db;
|
|
|
|
flushSessionTokens();
|
|
|
|
|
|
|
|
$tokenStore = saltString($token);
|
|
|
|
|
|
|
|
$getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");
|
|
|
|
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
|
|
|
$result = $getTokenStatement->execute();
|
|
|
|
$tokenInDB = $result->fetchArray()[0];
|
|
|
|
|
|
|
|
if ($tokenInDB == $tokenStore) { return 1; }
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
function tokenToUuid($token) {
|
2023-10-06 14:48:06 +01:00
|
|
|
global $db;
|
|
|
|
|
|
|
|
$tokenStore = saltString($token);
|
2024-08-01 12:48:29 +01:00
|
|
|
$getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
|
2023-10-06 14:48:06 +01:00
|
|
|
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
|
|
|
$result = $getTokenStatement->execute();
|
2024-08-01 12:48:29 +01:00
|
|
|
$uuid = $result->fetchArray()[0];
|
2023-10-06 14:48:06 +01:00
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
return $uuid;
|
2023-10-06 14:48:06 +01:00
|
|
|
}
|
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
function isAdmin($uuid) {
|
2023-10-06 14:48:06 +01:00
|
|
|
global $db;
|
|
|
|
|
2024-08-01 12:48:29 +01:00
|
|
|
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
|
|
|
|
$getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
|
2023-10-06 14:48:06 +01:00
|
|
|
$result = $getTokenStatement->execute();
|
|
|
|
return $result->fetchArray()[0];
|
|
|
|
}
|
2024-07-28 19:28:08 +01:00
|
|
|
|
|
|
|
function loggedInCheck() {
|
|
|
|
if(!isset($_COOKIE["meowboardSession"])){
|
|
|
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
|
|
|
}
|
|
|
|
|
|
|
|
if(isset($_COOKIE["meowboardSession"])){
|
|
|
|
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
|
2024-08-01 12:48:29 +01:00
|
|
|
setcookie("meowboardSession", "", 1);
|
2024-07-28 19:28:08 +01:00
|
|
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2024-07-28 21:23:46 +01:00
|
|
|
|
|
|
|
function getImageAmount() {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1");
|
|
|
|
$result = $statement->execute();
|
|
|
|
return $result->fetchArray()[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
function getAmountOfPages() {
|
|
|
|
$maxId = getImageAmount();
|
|
|
|
|
|
|
|
return ceil($maxId/10);
|
|
|
|
}
|
|
|
|
|
|
|
|
function getImages($page = 0) {
|
|
|
|
global $db;
|
|
|
|
$data = array();
|
|
|
|
|
|
|
|
$maxId = getImageAmount();
|
|
|
|
$upperBound = ((int)$maxId-((int)$page*10));
|
|
|
|
$lowerBound = $upperBound-10;
|
|
|
|
|
|
|
|
$t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it.
|
|
|
|
|
|
|
|
$getStatement = $db->prepare("SELECT location, tags FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10");
|
|
|
|
$getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER);
|
|
|
|
$getStatement->bindParam(2, $t2, SQLITE3_INTEGER);
|
|
|
|
$result = $getStatement->execute();
|
|
|
|
while ($res = $result->fetchArray(1))
|
|
|
|
{
|
|
|
|
array_push($data, $res);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $data;
|
|
|
|
}
|
2024-08-01 12:48:29 +01:00
|
|
|
|
|
|
|
function usernameToUuid($username) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
|
|
|
|
$getStatement->bindParam(1, $username, SQLITE3_TEXT);
|
|
|
|
$result = $getStatement->execute();
|
|
|
|
|
|
|
|
return $result->fetchArray()[0];
|
|
|
|
}
|
2023-10-06 14:48:06 +01:00
|
|
|
?>
|