meowboard/include/db.php

<?php
include 'uuid.php';

if(!file_exists("meowboard.db")) {
	die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
}
class Store extends SQLite3
{
  function __construct()
  {
      $this->open('meowboard.db');
  }
}

$db = new Store();
$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");
$result = $sitenameStatement->execute();
$sitename =  $result->fetchArray()[1];

function saltString($string) {
  global $db;

  $saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");
  $result = $saltStatement->execute();
  $salt = $result->fetchArray()[1];

  return hash("sha512", $string . $salt);
}

function verifyPassword($username, $password) {
  global $db;

  $password = hash("sha512", $password);

  $grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
  $grabUser->bindParam(1, $username, SQLITE3_TEXT);
  $result = $grabUser->execute();
  $resultArray = $result->fetchArray();

  $storedPassword = $resultArray[0];
  $pepper = $resultArray[1];

  $passwordFinal = hash("sha512", saltString($password) . $pepper);
  if ($passwordFinal != $storedPassword) {
    return 0;
  }

  return 1;
}

function issueSessionToken($username) {
  global $db;

  $token = bin2hex(random_bytes(256));
  $tokenStore = saltString($token); // We store this value and give the user the unhashed token.
  $expiry = time() + 2_419_200_000; // 28 days.
  $uuid = usernameToUuid($username);

  $insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
  $insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
  $insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
  $result = $insertTokenStatement->execute();

  return $token;
}

function addImage($location, $uploader, $tags) {
  global $db;

  $insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
  $insertStatement->bindParam(1, $location, SQLITE3_TEXT);
  $insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
  $insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
  $result = $insertStatement->execute();
}

function flushSessionTokens() {
  global $db;
  $timestamp = time();

  $flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");
  $flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER);
  $flushStatement->execute();
}

function purgeSessionTokens() {
  global $db;

  $db->execute("DELETE FROM tokens");
}

function deleteSessionToken($token) {
  global $db;
  $tokenStore = saltString($token);

  $deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");
  $deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $deleteStatement->execute();
}

function checkSessionToken($token) {
  global $db;
  flushSessionTokens();

  $tokenStore = saltString($token);

  $getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");
  $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  $tokenInDB = $result->fetchArray()[0];

  if ($tokenInDB == $tokenStore) { return 1; }
  return 0;
}

function tokenToUuid($token) {
  global $db;

  $tokenStore = saltString($token);
  $getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
  $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  $uuid = $result->fetchArray()[0];

  return $uuid;
}

function isAdmin($uuid) {
  global $db;

  $getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
  $getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
  $result = $getTokenStatement->execute();
  return $result->fetchArray()[0];
}

function loggedInCheck() {
  if(!isset($_COOKIE["meowboardSession"])){
    die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
  }

  if(isset($_COOKIE["meowboardSession"])){
    if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
      setcookie("meowboardSession", "", 1);
      die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
    }
  }
}

function getImageAmount() {
  global $db;

  $statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1");
  $result = $statement->execute();
  return $result->fetchArray()[0];
}

function getAmountOfPages() {
  $maxId = getImageAmount();

  return ceil($maxId/10);
}

function getImages($page = 0) {
  global $db;
  $data = array();

  $maxId = getImageAmount();
  $upperBound = ((int)$maxId-((int)$page*10));
  $lowerBound = $upperBound-10;

  $t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it.

  $getStatement = $db->prepare("SELECT location, tags, id FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10");
  $getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER);
  $getStatement->bindParam(2, $t2, SQLITE3_INTEGER);
  $result = $getStatement->execute();
  while ($res = $result->fetchArray(1))
  {
    array_push($data, $res);
  }

  return $data;
}	

function getImage($id) {
  global $db;
  $data = array();

  $getStatement = $db->prepare("SELECT location, uploader, tags FROM images where id = ?");
  $getStatement->bindParam(1, $id, SQLITE3_INTEGER);

  $result = $getStatement->execute();
  if ($result->numColumns() == 0) {
    return NULL;
  }

  while ($res = $result->fetchArray(1))
  {
    array_push($data, $res);
  }

  return $data;
}

function usernameToUuid($username) {
  global $db;

  $getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
  $getStatement->bindParam(1, $username, SQLITE3_TEXT);
  $result = $getStatement->execute();

  return $result->fetchArray()[0];
}

function uuidToUsername($uuid) {
  global $db;

  $getStatement = $db->prepare("SELECT username FROM users WHERE uuid = ?");
  $getStatement->bindParam(1, $uuid, SQLITE3_TEXT);
  $result = $getStatement->execute();

  return $result->fetchArray()[0];
}
?>
Add a lot of work 2023-10-06 14:48:06 +01:00			`<?php`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`include 'uuid.php';`

Add a lot of work 2023-10-06 14:48:06 +01:00			`if(!file_exists("meowboard.db")) {`
update DB handler to redirect upon non-install 2024-07-28 00:31:40 +01:00			`die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");`
Add a lot of work 2023-10-06 14:48:06 +01:00			`}`
			`class Store extends SQLite3`
			`{`
			`function __construct()`
			`{`
			`$this->open('meowboard.db');`
			`}`
			`}`

			`$db = new Store();`
			`$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");`
			`$result = $sitenameStatement->execute();`
			`$sitename = $result->fetchArray()[1];`

			`function saltString($string) {`
			`global $db;`

			`$saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");`
			`$result = $saltStatement->execute();`
			`$salt = $result->fetchArray()[1];`

			`return hash("sha512", $string . $salt);`
			`}`

			`function verifyPassword($username, $password) {`
			`global $db;`

			`$password = hash("sha512", $password);`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$grabUser->bindParam(1, $username, SQLITE3_TEXT);`
			`$result = $grabUser->execute();`
			`$resultArray = $result->fetchArray();`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$storedPassword = $resultArray[0];`
			`$pepper = $resultArray[1];`
Add a lot of work 2023-10-06 14:48:06 +01:00
			`$passwordFinal = hash("sha512", saltString($password) . $pepper);`
			`if ($passwordFinal != $storedPassword) {`
			`return 0;`
			`}`

			`return 1;`
			`}`

			`function issueSessionToken($username) {`
			`global $db;`

			`$token = bin2hex(random_bytes(256));`
			`$tokenStore = saltString($token); // We store this value and give the user the unhashed token.`
			`$expiry = time() + 2_419_200_000; // 28 days.`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$uuid = usernameToUuid($username);`
Add a lot of work 2023-10-06 14:48:06 +01:00
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);`
			`$result = $insertTokenStatement->execute();`

			`return $token;`
			`}`

Add the ability to upload images. Also redirect from pages that require/don't require a login correctly. 2024-07-28 19:28:08 +01:00			`function addImage($location, $uploader, $tags) {`
			`global $db;`

			`$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");`
			`$insertStatement->bindParam(1, $location, SQLITE3_TEXT);`
			`$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);`
			`$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);`
			`$result = $insertStatement->execute();`
			`}`

Add a lot of work 2023-10-06 14:48:06 +01:00			`function flushSessionTokens() {`
			`global $db;`
Add displaying images, adjust upload parameters. Also add copyright information to the footer in the template. 2024-07-28 21:23:46 +01:00			`$timestamp = time();`
Add a lot of work 2023-10-06 14:48:06 +01:00
			`$flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");`
Add displaying images, adjust upload parameters. Also add copyright information to the footer in the template. 2024-07-28 21:23:46 +01:00			`$flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER);`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$flushStatement->execute();`
			`}`

			`function purgeSessionTokens() {`
			`global $db;`

			`$db->execute("DELETE FROM tokens");`
			`}`

			`function deleteSessionToken($token) {`
			`global $db;`
			`$tokenStore = saltString($token);`

			`$deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");`
			`$deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);`
			`$deleteStatement->execute();`
			`}`

			`function checkSessionToken($token) {`
			`global $db;`
			`flushSessionTokens();`

			`$tokenStore = saltString($token);`

			`$getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");`
			`$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);`
			`$result = $getTokenStatement->execute();`
			`$tokenInDB = $result->fetchArray()[0];`

			`if ($tokenInDB == $tokenStore) { return 1; }`
			`return 0;`
			`}`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`function tokenToUuid($token) {`
Add a lot of work 2023-10-06 14:48:06 +01:00			`global $db;`

			`$tokenStore = saltString($token);`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);`
			`$result = $getTokenStatement->execute();`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$uuid = $result->fetchArray()[0];`
Add a lot of work 2023-10-06 14:48:06 +01:00
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`return $uuid;`
Add a lot of work 2023-10-06 14:48:06 +01:00			`}`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`function isAdmin($uuid) {`
Add a lot of work 2023-10-06 14:48:06 +01:00			`global $db;`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");`
			`$getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);`
Add a lot of work 2023-10-06 14:48:06 +01:00			`$result = $getTokenStatement->execute();`
			`return $result->fetchArray()[0];`
			`}`
Add the ability to upload images. Also redirect from pages that require/don't require a login correctly. 2024-07-28 19:28:08 +01:00
			`function loggedInCheck() {`
			`if(!isset($_COOKIE["meowboardSession"])){`
			`die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");`
			`}`

			`if(isset($_COOKIE["meowboardSession"])){`
			`if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`setcookie("meowboardSession", "", 1);`
Add the ability to upload images. Also redirect from pages that require/don't require a login correctly. 2024-07-28 19:28:08 +01:00			`die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");`
			`}`
			`}`
			`}`
Add displaying images, adjust upload parameters. Also add copyright information to the footer in the template. 2024-07-28 21:23:46 +01:00
			`function getImageAmount() {`
			`global $db;`

			`$statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1");`
			`$result = $statement->execute();`
			`return $result->fetchArray()[0];`
			`}`

			`function getAmountOfPages() {`
			`$maxId = getImageAmount();`

			`return ceil($maxId/10);`
			`}`

			`function getImages($page = 0) {`
			`global $db;`
			`$data = array();`

			`$maxId = getImageAmount();`
			`$upperBound = ((int)$maxId-((int)$page*10));`
			`$lowerBound = $upperBound-10;`

			`$t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it.`

finalise image page and make images clickable. 2024-08-01 14:39:16 +01:00			`$getStatement = $db->prepare("SELECT location, tags, id FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10");`
Add displaying images, adjust upload parameters. Also add copyright information to the footer in the template. 2024-07-28 21:23:46 +01:00			`$getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER);`
			`$getStatement->bindParam(2, $t2, SQLITE3_INTEGER);`
			`$result = $getStatement->execute();`
			`while ($res = $result->fetchArray(1))`
			`{`
			`array_push($data, $res);`
			`}`

			`return $data;`
			`}`
Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00
Add image page. 2024-08-01 14:06:36 +01:00			`function getImage($id) {`
			`global $db;`
			`$data = array();`

			`$getStatement = $db->prepare("SELECT location, uploader, tags FROM images where id = ?");`
			`$getStatement->bindParam(1, $id, SQLITE3_INTEGER);`
finalise image page and make images clickable. 2024-08-01 14:39:16 +01:00
Add image page. 2024-08-01 14:06:36 +01:00			`$result = $getStatement->execute();`
finalise image page and make images clickable. 2024-08-01 14:39:16 +01:00			`if ($result->numColumns() == 0) {`
			`return NULL;`
			`}`

Add image page. 2024-08-01 14:06:36 +01:00			`while ($res = $result->fetchArray(1))`
			`{`
			`array_push($data, $res);`
			`}`

			`return $data;`
			`}`

Update database structure to use UUIDs. 2024-08-01 12:48:29 +01:00			`function usernameToUuid($username) {`
			`global $db;`

			`$getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");`
			`$getStatement->bindParam(1, $username, SQLITE3_TEXT);`
			`$result = $getStatement->execute();`

			`return $result->fetchArray()[0];`
			`}`
Add image page. 2024-08-01 14:06:36 +01:00
			`function uuidToUsername($uuid) {`
			`global $db;`

			`$getStatement = $db->prepare("SELECT username FROM users WHERE uuid = ?");`
			`$getStatement->bindParam(1, $uuid, SQLITE3_TEXT);`
			`$result = $getStatement->execute();`

			`return $result->fetchArray()[0];`
			`}`
Add a lot of work 2023-10-06 14:48:06 +01:00			`?>`