2023-10-06 14:48:06 +01:00
< ? php
$sitename = " meowboard " ;
include 'include/templates.php' ;
2024-08-01 12:48:29 +01:00
include 'include/uuid.php' ;
2023-10-06 14:48:06 +01:00
if ( file_exists ( " meowboard.db " )) {
2024-07-28 19:28:08 +01:00
die ( " meowboard is already installed. If you are a webmaster, you may want to delete this file. " );
2023-10-06 14:48:06 +01:00
}
if ( $_SERVER [ " REQUEST_METHOD " ] == " POST " ) {
$username = $_POST [ 'username' ];
if ( empty ( $_POST [ 'password' ])) {
die ( " No admin password. " );
}
// The password is hashed before being entered into the database for security reasons.
// It is then hashed with the salt and pepper.
$password = hash ( " sha512 " , $_POST [ 'password' ]);
$sitename = $_POST [ 'sitename' ];
if ( empty ( $sitename )) {
die ( " No site name. " );
}
if ( empty ( $username )) {
die ( " No admin username. " );
}
$salt = random_bytes ( 128 );
$saltHex = bin2hex ( $salt );
$pepper = random_bytes ( 64 );
$pepperHex = bin2hex ( $pepper );
$passwordFinal = hash ( " sha512 " , hash ( " sha512 " , $password . $saltHex ) . $pepperHex );
class Store extends SQLite3
{
function __construct ()
{
$this -> open ( 'meowboard.db' );
}
}
// This creates the database file on the system automatically.
$db = new Store ();
// Initialise tables in the database.
2024-08-01 12:48:29 +01:00
$db -> exec ( 'CREATE TABLE users(uuid TEXT UNIQUE PRIMARY KEY NOT NULL, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)' );
2023-10-06 14:48:06 +01:00
$db -> exec ( 'CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)' );
$db -> exec ( 'CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)' );
2024-08-01 12:48:29 +01:00
$db -> exec ( 'CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, uuid TEXT NOT NULL, expiry INTEGER)' );
// Create UUID and place it into binding to add for the admin user.
$uuidBinding = genUuid4 ();
2023-10-06 14:48:06 +01:00
// Add the admin user to the database.
2024-08-01 12:48:29 +01:00
$insert_user_query = $db -> prepare ( 'INSERT INTO users (uuid, username, password, pepper, admin) VALUES (?, ?, ?, ?, 1)' );
$insert_user_query -> bindParam ( 1 , $uuidBinding , SQLITE3_TEXT );
$insert_user_query -> bindParam ( 2 , $username , SQLITE3_TEXT );
$insert_user_query -> bindParam ( 3 , $passwordFinal , SQLITE3_TEXT );
$insert_user_query -> bindParam ( 4 , $pepperHex , SQLITE3_TEXT );
2023-10-06 14:48:06 +01:00
$result = $insert_user_query -> execute ();
// Add the salt into the database otherwise it will be impossible to login.
// Also add site name in.
$insert_salt_query = $db -> prepare ( 'INSERT INTO settings (key, value) VALUES ("salt", ?)' );
$insert_salt_query -> bindParam ( 1 , $saltHex , SQLITE3_TEXT );
$result = $insert_salt_query -> execute ();
$insert_sitename_query = $db -> prepare ( 'INSERT INTO settings (key, value) VALUES ("sitename", ?)' );
$insert_sitename_query -> bindParam ( 1 , $sitename , SQLITE3_TEXT );
$result = $insert_sitename_query -> execute ();
2024-08-01 12:48:29 +01:00
die ( " <meta http-equiv= \" refresh \" content= \" 0; url=/login.php \" >Install complete. " );
2023-10-06 14:48:06 +01:00
} else {
showHeader ( 1 );
echo '<h3>Install meowboard</h3>' ;
echo '<h2>Admin account credentials</h2>' ;
echo '<form method="post"><label for="username">Username</label><br/> <input type="text" id="username" name="username"/> <br/>' ;
echo '<label for="password">Password</label><br/> <input type="password" id="password" name="password" /> <br/>' ;
echo '<h2>Site settings</h2>' ;
echo '<label for="sitename">Site name</label><br/> <input type="text" id="sitename" name="sitename"/> <br/>' ;
echo '<br/><button>install</button></form>' ;
echo $footer ;
}
?>
