threeoh6000/meowboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update database structure to use UUIDs.

Browse source
This commit is contained in:
abbie 2024-08-01 12:48:29 +01:00
parent 89d804aa28
commit 707f345ee1
Signed by: threeoh6000
GPG key ID: 801FE4AD456E922C
6 changed files with 64 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
include/db.php
View file

@ -1,4 +1,6 @@
<?php
include 'uuid.php';
if(!file_exists("meowboard.db")) {
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
}
@ -30,13 +32,13 @@ function verifyPassword($username, $password) {
$password = hash("sha512", $password);
$grabUser = $db->prepare("SELECT * FROM users WHERE username = ?");
$grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
$result = $grabUser->execute();
$resultArray = $result->fetchArray();
$storedPassword = $resultArray[1];
$pepper = $resultArray[2];
$storedPassword = $resultArray[0];
$pepper = $resultArray[1];
$passwordFinal = hash("sha512", saltString($password) . $pepper);
if ($passwordFinal != $storedPassword) {
@ -52,10 +54,11 @@ function issueSessionToken($username) {
$token = bin2hex(random_bytes(256));
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
$expiry = time() + 2_419_200_000; // 28 days.
$uuid = usernameToUuid($username);
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, username, expiry) VALUES (?, ?, ?)");
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$insertTokenStatement->bindParam(2, $username, SQLITE3_TEXT);
$insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
$result = $insertTokenStatement->execute();
@ -111,23 +114,23 @@ function checkSessionToken($token) {
return 0;
}
function tokenToUsername($token) {
function tokenToUuid($token) {
global $db;
$tokenStore = saltString($token);
$getTokenStatement = $db->prepare("SELECT username FROM tokens WHERE hash = ?");
$getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
$username = $result->fetchArray()[0];
$uuid = $result->fetchArray()[0];
return $username;
return $uuid;
}
function isAdmin($username) {
function isAdmin($uuid) {
global $db;
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE username = ?");
$getTokenStatement->bindParam(1, $username, SQLITE3_TEXT);
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
$getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
return $result->fetchArray()[0];
}
@ -139,6 +142,7 @@ function loggedInCheck() {
if(isset($_COOKIE["meowboardSession"])){
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
setcookie("meowboardSession", "", 1);
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
}
@ -179,4 +183,14 @@ function getImages($page = 0) {
return $data;
}
function usernameToUuid($username) {
global $db;
$getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
$getStatement->bindParam(1, $username, SQLITE3_TEXT);
$result = $getStatement->execute();
return $result->fetchArray()[0];
}
?>

2
include/templates.php
View file

@ -27,7 +27,7 @@ function showHeader($hideButtons = 0) {
if ($hideButtons == 1) { echo $headerNoButtons; return; }
if (!empty($db) && isset($_COOKIE["meowboardSession"])) {
if (isAdmin(tokenToUsername($_COOKIE["meowboardSession"])) == 1) {
if (isAdmin(tokenToUuid($_COOKIE["meowboardSession"])) == 1) {
echo $headerAdmin;
return;
} else {

24
include/uuid.php Normal file
View file

@ -0,0 +1,24 @@
<?php
/* VanillaUUID v1.0 by abbieoverflight.
* Licenced under the EUPLv1.2.
* https://git.colean.cc/threeoh6000/vanillauuid */
function randomLongHex() {
$byt = random_bytes(64);
return bin2hex($byt);
}
function genUuid4() {
$template = randomLongHex();
$buildup = substr($template, 0, 8) . "-" . substr($template, 8, 4) . "-4" . substr($template, 13, 3) . "-1" . substr($template, 17, 3) . "-" . substr($template, 20, 12);
return $buildup;
}
function nilUuid() {
return "00000000-0000-0000-0000-000000000000";
}
function omniUuid() {
return "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF";
}
?>

6
index.php
View file

@ -2,12 +2,6 @@
include 'include/db.php';
include 'include/templates.php';
if (isset($_COOKIE["meowboardSession"])) {
if (checkSessionToken($_COOKIE["meowboardSession"]) == 0) {
setcookie("meowboardSession", "", 1);
}
}
showHeader();
$imgs = getImages();
for ($i = 0; $i < sizeof($imgs); $i++){

19
install.php
View file

@ -1,6 +1,7 @@
<?php
$sitename = "meowboard";
include 'include/templates.php';
include 'include/uuid.php';
if (file_exists("meowboard.db")) {
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
@ -42,16 +43,20 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$db = new Store();
// Initialise tables in the database.
$db->exec('CREATE TABLE users(username TEXT PRIMARY KEY UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
$db->exec('CREATE TABLE users(uuid TEXT UNIQUE PRIMARY KEY NOT NULL, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, username TEXT NOT NULL, expiry INTEGER)');
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, uuid TEXT NOT NULL, expiry INTEGER)');
// Create UUID and place it into binding to add for the admin user.
$uuidBinding = genUuid4();
// Add the admin user to the database.
$insert_user_query = $db->prepare('INSERT INTO users (username, password, pepper, admin) VALUES (?, ?, ?, 1)');
$insert_user_query->bindParam(1, $username, SQLITE3_TEXT);
$insert_user_query->bindParam(2, $passwordFinal, SQLITE3_TEXT);
$insert_user_query->bindParam(3, $pepperHex, SQLITE3_TEXT);
$insert_user_query = $db->prepare('INSERT INTO users (uuid, username, password, pepper, admin) VALUES (?, ?, ?, ?, 1)');
$insert_user_query->bindParam(1, $uuidBinding, SQLITE3_TEXT);
$insert_user_query->bindParam(2, $username, SQLITE3_TEXT);
$insert_user_query->bindParam(3, $passwordFinal, SQLITE3_TEXT);
$insert_user_query->bindParam(4, $pepperHex, SQLITE3_TEXT);
$result = $insert_user_query->execute();
// Add the salt into the database otherwise it will be impossible to login.
@ -64,7 +69,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
$result = $insert_sitename_query->execute();
die("<meta http-equiv=\"refresh\" content=\"0; url=/\">Install complete.");
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">Install complete.");
} else {
showHeader(1);

2
upload.php
View file

@ -28,7 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
} else {
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $location);
addImage($location, tokenToUsername($_COOKIE["meowboardSession"]), $_POST["tags"]);
addImage($location, tokenToUuid($_COOKIE["meowboardSession"]), $_POST["tags"]);
showHeader();
echo '<h3>File uploaded!</h3>';
echo $footer;