Update database structure to use UUIDs.
This commit is contained in:
parent
89d804aa28
commit
707f345ee1
6 changed files with 64 additions and 27 deletions
|
@ -1,4 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
include 'uuid.php';
|
||||||
|
|
||||||
if(!file_exists("meowboard.db")) {
|
if(!file_exists("meowboard.db")) {
|
||||||
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
|
||||||
}
|
}
|
||||||
|
@ -30,13 +32,13 @@ function verifyPassword($username, $password) {
|
||||||
|
|
||||||
$password = hash("sha512", $password);
|
$password = hash("sha512", $password);
|
||||||
|
|
||||||
$grabUser = $db->prepare("SELECT * FROM users WHERE username = ?");
|
$grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?");
|
||||||
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
|
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
|
||||||
$result = $grabUser->execute();
|
$result = $grabUser->execute();
|
||||||
$resultArray = $result->fetchArray();
|
$resultArray = $result->fetchArray();
|
||||||
|
|
||||||
$storedPassword = $resultArray[1];
|
$storedPassword = $resultArray[0];
|
||||||
$pepper = $resultArray[2];
|
$pepper = $resultArray[1];
|
||||||
|
|
||||||
$passwordFinal = hash("sha512", saltString($password) . $pepper);
|
$passwordFinal = hash("sha512", saltString($password) . $pepper);
|
||||||
if ($passwordFinal != $storedPassword) {
|
if ($passwordFinal != $storedPassword) {
|
||||||
|
@ -52,10 +54,11 @@ function issueSessionToken($username) {
|
||||||
$token = bin2hex(random_bytes(256));
|
$token = bin2hex(random_bytes(256));
|
||||||
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
|
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
|
||||||
$expiry = time() + 2_419_200_000; // 28 days.
|
$expiry = time() + 2_419_200_000; // 28 days.
|
||||||
|
$uuid = usernameToUuid($username);
|
||||||
|
|
||||||
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, username, expiry) VALUES (?, ?, ?)");
|
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)");
|
||||||
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
||||||
$insertTokenStatement->bindParam(2, $username, SQLITE3_TEXT);
|
$insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT);
|
||||||
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
|
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
|
||||||
$result = $insertTokenStatement->execute();
|
$result = $insertTokenStatement->execute();
|
||||||
|
|
||||||
|
@ -111,23 +114,23 @@ function checkSessionToken($token) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
function tokenToUsername($token) {
|
function tokenToUuid($token) {
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
$tokenStore = saltString($token);
|
$tokenStore = saltString($token);
|
||||||
$getTokenStatement = $db->prepare("SELECT username FROM tokens WHERE hash = ?");
|
$getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?");
|
||||||
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
|
||||||
$result = $getTokenStatement->execute();
|
$result = $getTokenStatement->execute();
|
||||||
$username = $result->fetchArray()[0];
|
$uuid = $result->fetchArray()[0];
|
||||||
|
|
||||||
return $username;
|
return $uuid;
|
||||||
}
|
}
|
||||||
|
|
||||||
function isAdmin($username) {
|
function isAdmin($uuid) {
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE username = ?");
|
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?");
|
||||||
$getTokenStatement->bindParam(1, $username, SQLITE3_TEXT);
|
$getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT);
|
||||||
$result = $getTokenStatement->execute();
|
$result = $getTokenStatement->execute();
|
||||||
return $result->fetchArray()[0];
|
return $result->fetchArray()[0];
|
||||||
}
|
}
|
||||||
|
@ -139,6 +142,7 @@ function loggedInCheck() {
|
||||||
|
|
||||||
if(isset($_COOKIE["meowboardSession"])){
|
if(isset($_COOKIE["meowboardSession"])){
|
||||||
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
|
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
|
||||||
|
setcookie("meowboardSession", "", 1);
|
||||||
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -179,4 +183,14 @@ function getImages($page = 0) {
|
||||||
|
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function usernameToUuid($username) {
|
||||||
|
global $db;
|
||||||
|
|
||||||
|
$getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?");
|
||||||
|
$getStatement->bindParam(1, $username, SQLITE3_TEXT);
|
||||||
|
$result = $getStatement->execute();
|
||||||
|
|
||||||
|
return $result->fetchArray()[0];
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -27,7 +27,7 @@ function showHeader($hideButtons = 0) {
|
||||||
|
|
||||||
if ($hideButtons == 1) { echo $headerNoButtons; return; }
|
if ($hideButtons == 1) { echo $headerNoButtons; return; }
|
||||||
if (!empty($db) && isset($_COOKIE["meowboardSession"])) {
|
if (!empty($db) && isset($_COOKIE["meowboardSession"])) {
|
||||||
if (isAdmin(tokenToUsername($_COOKIE["meowboardSession"])) == 1) {
|
if (isAdmin(tokenToUuid($_COOKIE["meowboardSession"])) == 1) {
|
||||||
echo $headerAdmin;
|
echo $headerAdmin;
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
|
|
24
include/uuid.php
Normal file
24
include/uuid.php
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
<?php
|
||||||
|
/* VanillaUUID v1.0 by abbieoverflight.
|
||||||
|
* Licenced under the EUPLv1.2.
|
||||||
|
* https://git.colean.cc/threeoh6000/vanillauuid */
|
||||||
|
function randomLongHex() {
|
||||||
|
$byt = random_bytes(64);
|
||||||
|
return bin2hex($byt);
|
||||||
|
}
|
||||||
|
|
||||||
|
function genUuid4() {
|
||||||
|
$template = randomLongHex();
|
||||||
|
$buildup = substr($template, 0, 8) . "-" . substr($template, 8, 4) . "-4" . substr($template, 13, 3) . "-1" . substr($template, 17, 3) . "-" . substr($template, 20, 12);
|
||||||
|
|
||||||
|
return $buildup;
|
||||||
|
}
|
||||||
|
|
||||||
|
function nilUuid() {
|
||||||
|
return "00000000-0000-0000-0000-000000000000";
|
||||||
|
}
|
||||||
|
|
||||||
|
function omniUuid() {
|
||||||
|
return "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF";
|
||||||
|
}
|
||||||
|
?>
|
|
@ -2,12 +2,6 @@
|
||||||
include 'include/db.php';
|
include 'include/db.php';
|
||||||
include 'include/templates.php';
|
include 'include/templates.php';
|
||||||
|
|
||||||
if (isset($_COOKIE["meowboardSession"])) {
|
|
||||||
if (checkSessionToken($_COOKIE["meowboardSession"]) == 0) {
|
|
||||||
setcookie("meowboardSession", "", 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
showHeader();
|
showHeader();
|
||||||
$imgs = getImages();
|
$imgs = getImages();
|
||||||
for ($i = 0; $i < sizeof($imgs); $i++){
|
for ($i = 0; $i < sizeof($imgs); $i++){
|
||||||
|
|
19
install.php
19
install.php
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
$sitename = "meowboard";
|
$sitename = "meowboard";
|
||||||
include 'include/templates.php';
|
include 'include/templates.php';
|
||||||
|
include 'include/uuid.php';
|
||||||
|
|
||||||
if (file_exists("meowboard.db")) {
|
if (file_exists("meowboard.db")) {
|
||||||
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
|
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
|
||||||
|
@ -42,16 +43,20 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
$db = new Store();
|
$db = new Store();
|
||||||
|
|
||||||
// Initialise tables in the database.
|
// Initialise tables in the database.
|
||||||
$db->exec('CREATE TABLE users(username TEXT PRIMARY KEY UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
|
$db->exec('CREATE TABLE users(uuid TEXT UNIQUE PRIMARY KEY NOT NULL, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
|
||||||
$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
|
$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
|
||||||
$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
|
$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
|
||||||
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, username TEXT NOT NULL, expiry INTEGER)');
|
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, uuid TEXT NOT NULL, expiry INTEGER)');
|
||||||
|
|
||||||
|
// Create UUID and place it into binding to add for the admin user.
|
||||||
|
$uuidBinding = genUuid4();
|
||||||
|
|
||||||
// Add the admin user to the database.
|
// Add the admin user to the database.
|
||||||
$insert_user_query = $db->prepare('INSERT INTO users (username, password, pepper, admin) VALUES (?, ?, ?, 1)');
|
$insert_user_query = $db->prepare('INSERT INTO users (uuid, username, password, pepper, admin) VALUES (?, ?, ?, ?, 1)');
|
||||||
$insert_user_query->bindParam(1, $username, SQLITE3_TEXT);
|
$insert_user_query->bindParam(1, $uuidBinding, SQLITE3_TEXT);
|
||||||
$insert_user_query->bindParam(2, $passwordFinal, SQLITE3_TEXT);
|
$insert_user_query->bindParam(2, $username, SQLITE3_TEXT);
|
||||||
$insert_user_query->bindParam(3, $pepperHex, SQLITE3_TEXT);
|
$insert_user_query->bindParam(3, $passwordFinal, SQLITE3_TEXT);
|
||||||
|
$insert_user_query->bindParam(4, $pepperHex, SQLITE3_TEXT);
|
||||||
$result = $insert_user_query->execute();
|
$result = $insert_user_query->execute();
|
||||||
|
|
||||||
// Add the salt into the database otherwise it will be impossible to login.
|
// Add the salt into the database otherwise it will be impossible to login.
|
||||||
|
@ -64,7 +69,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
|
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
|
||||||
$result = $insert_sitename_query->execute();
|
$result = $insert_sitename_query->execute();
|
||||||
|
|
||||||
die("<meta http-equiv=\"refresh\" content=\"0; url=/\">Install complete.");
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">Install complete.");
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
showHeader(1);
|
showHeader(1);
|
||||||
|
|
|
@ -28,7 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
} else {
|
} else {
|
||||||
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $location);
|
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $location);
|
||||||
|
|
||||||
addImage($location, tokenToUsername($_COOKIE["meowboardSession"]), $_POST["tags"]);
|
addImage($location, tokenToUuid($_COOKIE["meowboardSession"]), $_POST["tags"]);
|
||||||
showHeader();
|
showHeader();
|
||||||
echo '<h3>File uploaded!</h3>';
|
echo '<h3>File uploaded!</h3>';
|
||||||
echo $footer;
|
echo $footer;
|
||||||
|
|
Loading…
Reference in a new issue