meowboard/install.php

<?php
$sitename = "meowboard";
include 'include/templates.php';

if (file_exists("meowboard.db")) {
  die("Meowboard is already installed. If you are a webmaster, you may want to delete this file.");
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $username = $_POST['username'];
  if (empty($_POST['password'])) {
    die("No admin password.");
  }
  // The password is hashed before being entered into the database for security reasons.
  // It is then hashed with the salt and pepper.
  $password = hash("sha512", $_POST['password']);
  $sitename = $_POST['sitename'];

  if(empty($sitename)) {
    die("No site name.");
  }
  if(empty($username)) {
    die("No admin username.");
  }

  $salt = random_bytes(128);
  $saltHex = bin2hex($salt);
  $pepper = random_bytes(64);
  $pepperHex = bin2hex($pepper);

  echo $saltHex;
  echo "<br>";
  echo $pepperHex;
  echo "<br>";
  
  $passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);

  class Store extends SQLite3
  {
    function __construct()
    {
        $this->open('meowboard.db');
    }
  }

  // This creates the database file on the system automatically.
  $db = new Store();

  // Initialise tables in the database.
  $db->exec('CREATE TABLE users(username TEXT PRIMARY KEY UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
  $db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
  $db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
  $db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, username TEXT NOT NULL, expiry INTEGER)');

  // Add the admin user to the database.
  $insert_user_query = $db->prepare('INSERT INTO users (username, password, pepper, admin) VALUES (?, ?, ?, 1)');
  $insert_user_query->bindParam(1, $username, SQLITE3_TEXT);
  $insert_user_query->bindParam(2, $passwordFinal, SQLITE3_TEXT);
  $insert_user_query->bindParam(3, $pepperHex, SQLITE3_TEXT);
  $result = $insert_user_query->execute();

  // Add the salt into the database otherwise it will be impossible to login.
  // Also add site name in.
  $insert_salt_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("salt", ?)');
  $insert_salt_query->bindParam(1, $saltHex, SQLITE3_TEXT);
  $result = $insert_salt_query->execute();

  $insert_sitename_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("sitename", ?)');
  $insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
  $result = $insert_sitename_query->execute();

  echo "Meowboard has been installed and is ready to use!";

} else {
  showHeader(1);

  echo '<h3>Install meowboard</h3>';
  echo '<h2>Admin account credentials</h2>';
  echo '<form method="post"><label for="username">Username</label><br/> <input type="text" id="username" name="username"/> <br/>';
  echo '<label for="password">Password</label><br/> <input type="password" id="password" name="password" /> <br/>';
  echo '<h2>Site settings</h2>';
  echo '<label for="sitename">Site name</label><br/> <input type="text" id="sitename" name="sitename"/> <br/>';
  echo '<br/><button>install</button></form>';

  echo $footer;
}
?>
Add a lot of work 2023-10-06 14:48:06 +01:00			`<?php`
			`$sitename = "meowboard";`
			`include 'include/templates.php';`

			`if (file_exists("meowboard.db")) {`
			`die("Meowboard is already installed. If you are a webmaster, you may want to delete this file.");`
			`}`

			`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
			`$username = $_POST['username'];`
			`if (empty($_POST['password'])) {`
			`die("No admin password.");`
			`}`
			`// The password is hashed before being entered into the database for security reasons.`
			`// It is then hashed with the salt and pepper.`
			`$password = hash("sha512", $_POST['password']);`
			`$sitename = $_POST['sitename'];`

			`if(empty($sitename)) {`
			`die("No site name.");`
			`}`
			`if(empty($username)) {`
			`die("No admin username.");`
			`}`

			`$salt = random_bytes(128);`
			`$saltHex = bin2hex($salt);`
			`$pepper = random_bytes(64);`
			`$pepperHex = bin2hex($pepper);`

			`echo $saltHex;`
			`echo "<br>";`
			`echo $pepperHex;`
			`echo "<br>";`

			`$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);`

			`class Store extends SQLite3`
			`{`
			`function __construct()`
			`{`
			`$this->open('meowboard.db');`
			`}`
			`}`

			`// This creates the database file on the system automatically.`
			`$db = new Store();`

			`// Initialise tables in the database.`
			`$db->exec('CREATE TABLE users(username TEXT PRIMARY KEY UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');`
			`$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');`
			`$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');`
			`$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, username TEXT NOT NULL, expiry INTEGER)');`

			`// Add the admin user to the database.`
			`$insert_user_query = $db->prepare('INSERT INTO users (username, password, pepper, admin) VALUES (?, ?, ?, 1)');`
			`$insert_user_query->bindParam(1, $username, SQLITE3_TEXT);`
			`$insert_user_query->bindParam(2, $passwordFinal, SQLITE3_TEXT);`
			`$insert_user_query->bindParam(3, $pepperHex, SQLITE3_TEXT);`
			`$result = $insert_user_query->execute();`

			`// Add the salt into the database otherwise it will be impossible to login.`
			`// Also add site name in.`
			`$insert_salt_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("salt", ?)');`
			`$insert_salt_query->bindParam(1, $saltHex, SQLITE3_TEXT);`
			`$result = $insert_salt_query->execute();`

			`$insert_sitename_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("sitename", ?)');`
			`$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);`
			`$result = $insert_sitename_query->execute();`

			`echo "Meowboard has been installed and is ready to use!";`

			`} else {`
			`showHeader(1);`

			`echo '<h3>Install meowboard</h3>';`
			`echo '<h2>Admin account credentials</h2>';`
			`echo '<form method="post"><label for="username">Username</label><br/> <input type="text" id="username" name="username"/> <br/>';`
			`echo '<label for="password">Password</label><br/> <input type="password" id="password" name="password" /> <br/>';`
			`echo '<h2>Site settings</h2>';`
			`echo '<label for="sitename">Site name</label><br/> <input type="text" id="sitename" name="sitename"/> <br/>';`
			`echo '<br/><button>install</button></form>';`

			`echo $footer;`
			`}`
			`?>`