Add the ability to upload images.
Also redirect from pages that require/don't require a login correctly.
This commit is contained in:
parent
e03dcecc5d
commit
d0ce926f3b
4 changed files with 61 additions and 11 deletions
|
@ -62,6 +62,16 @@ function issueSessionToken($username) {
|
||||||
return $token;
|
return $token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function addImage($location, $uploader, $tags) {
|
||||||
|
global $db;
|
||||||
|
|
||||||
|
$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
|
||||||
|
$insertStatement->bindParam(1, $location, SQLITE3_TEXT);
|
||||||
|
$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
|
||||||
|
$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
|
||||||
|
$result = $insertStatement->execute();
|
||||||
|
}
|
||||||
|
|
||||||
function flushSessionTokens() {
|
function flushSessionTokens() {
|
||||||
global $db;
|
global $db;
|
||||||
|
|
||||||
|
@ -120,4 +130,16 @@ function isAdmin($username) {
|
||||||
$result = $getTokenStatement->execute();
|
$result = $getTokenStatement->execute();
|
||||||
return $result->fetchArray()[0];
|
return $result->fetchArray()[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function loggedInCheck() {
|
||||||
|
if(!isset($_COOKIE["meowboardSession"])){
|
||||||
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_COOKIE["meowboardSession"])){
|
||||||
|
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
|
||||||
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -3,7 +3,7 @@ $sitename = "meowboard";
|
||||||
include 'include/templates.php';
|
include 'include/templates.php';
|
||||||
|
|
||||||
if (file_exists("meowboard.db")) {
|
if (file_exists("meowboard.db")) {
|
||||||
die("Meowboard is already installed. If you are a webmaster, you may want to delete this file.");
|
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
|
@ -28,11 +28,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
$pepper = random_bytes(64);
|
$pepper = random_bytes(64);
|
||||||
$pepperHex = bin2hex($pepper);
|
$pepperHex = bin2hex($pepper);
|
||||||
|
|
||||||
echo $saltHex;
|
|
||||||
echo "<br>";
|
|
||||||
echo $pepperHex;
|
|
||||||
echo "<br>";
|
|
||||||
|
|
||||||
$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);
|
$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);
|
||||||
|
|
||||||
class Store extends SQLite3
|
class Store extends SQLite3
|
||||||
|
@ -69,7 +64,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
|
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
|
||||||
$result = $insert_sitename_query->execute();
|
$result = $insert_sitename_query->execute();
|
||||||
|
|
||||||
echo "Meowboard has been installed and is ready to use!";
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/\">Install complete.");
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
showHeader(1);
|
showHeader(1);
|
||||||
|
|
|
@ -2,8 +2,9 @@
|
||||||
include 'include/db.php';
|
include 'include/db.php';
|
||||||
include 'include/templates.php';
|
include 'include/templates.php';
|
||||||
|
|
||||||
|
if (isset($_COOKIE["meowboardSession"])) { die('<meta http-equiv="refresh" content="0; url=/index.php">'); }
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
if (isset($_COOKIE["meowboardSession"])) { die('<meta http-equiv="refresh" content="0; url=index.php">'); }
|
|
||||||
|
|
||||||
$username = $_POST['username'];
|
$username = $_POST['username'];
|
||||||
$password = $_POST['password'];
|
$password = $_POST['password'];
|
||||||
|
|
38
upload.php
38
upload.php
|
@ -2,11 +2,43 @@
|
||||||
include 'include/db.php';
|
include 'include/db.php';
|
||||||
include 'include/templates.php';
|
include 'include/templates.php';
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] == "POST") { }
|
loggedInCheck();
|
||||||
else {
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
|
$path_parts = pathinfo($_FILES["fileToUpload"]["name"]);
|
||||||
|
$location = "img/" . bin2hex(random_bytes(16)) . "-" . time() . "." . $path_parts['extension'];
|
||||||
|
$uploadValid = 1;
|
||||||
|
|
||||||
|
if(@is_array(getimagesize($_FILES["fileToUpload"]["tmp_name"])) == false){
|
||||||
|
$uploadValid = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($_FILES['userfile']['size'] > 300000000){
|
||||||
|
$uploadValid = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(ctype_alnum(str_replace(",","",$_POST["tags"])) == false){
|
||||||
|
$uploadValid = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($uploadValid == 0){
|
||||||
|
showHeader();
|
||||||
|
echo '<h3>An error has occured, please try again.</h3>';
|
||||||
|
echo $footer;
|
||||||
|
die();
|
||||||
|
} else {
|
||||||
|
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $location);
|
||||||
|
|
||||||
|
addImage($location, tokenToUsername($_COOKIE["meowboardSession"]), $_POST["tags"]);
|
||||||
|
showHeader();
|
||||||
|
echo '<h3>File uploaded!</h3>';
|
||||||
|
echo $footer;
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
showHeader();
|
showHeader();
|
||||||
echo '<h3>Upload</h3><form action="upload.php" method="post" enctype="multipart/form-data">
|
echo '<h3>Upload</h3><form action="upload.php" method="post" enctype="multipart/form-data">
|
||||||
<input type="file" name="fileToUpload" id="fileToUpload">
|
<div class="upload">Upload <input type="file" name="fileToUpload" id="fileToUpload"> <icon>⇑</icon></div>
|
||||||
<label for="tags">Tags</label><br/><input type="text" id="tags" name="tags">
|
<label for="tags">Tags</label><br/><input type="text" id="tags" name="tags">
|
||||||
<br/><button>submit</button>
|
<br/><button>submit</button>
|
||||||
</form>';
|
</form>';
|
||||||
|
|
Loading…
Reference in a new issue