Add the ability to upload images.

Also redirect from pages that require/don't require a login correctly.
This commit is contained in:
abbie 2024-07-28 19:28:08 +01:00
parent e03dcecc5d
commit d0ce926f3b
Signed by: threeoh6000
GPG key ID: 801FE4AD456E922C
4 changed files with 61 additions and 11 deletions

View file

@ -62,6 +62,16 @@ function issueSessionToken($username) {
return $token; return $token;
} }
function addImage($location, $uploader, $tags) {
global $db;
$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
$insertStatement->bindParam(1, $location, SQLITE3_TEXT);
$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
$result = $insertStatement->execute();
}
function flushSessionTokens() { function flushSessionTokens() {
global $db; global $db;
@ -120,4 +130,16 @@ function isAdmin($username) {
$result = $getTokenStatement->execute(); $result = $getTokenStatement->execute();
return $result->fetchArray()[0]; return $result->fetchArray()[0];
} }
function loggedInCheck() {
if(!isset($_COOKIE["meowboardSession"])){
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
if(isset($_COOKIE["meowboardSession"])){
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
}
}
?> ?>

View file

@ -3,7 +3,7 @@ $sitename = "meowboard";
include 'include/templates.php'; include 'include/templates.php';
if (file_exists("meowboard.db")) { if (file_exists("meowboard.db")) {
die("Meowboard is already installed. If you are a webmaster, you may want to delete this file."); die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
} }
if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_SERVER["REQUEST_METHOD"] == "POST") {
@ -28,11 +28,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$pepper = random_bytes(64); $pepper = random_bytes(64);
$pepperHex = bin2hex($pepper); $pepperHex = bin2hex($pepper);
echo $saltHex;
echo "<br>";
echo $pepperHex;
echo "<br>";
$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex); $passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);
class Store extends SQLite3 class Store extends SQLite3
@ -69,7 +64,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT); $insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
$result = $insert_sitename_query->execute(); $result = $insert_sitename_query->execute();
echo "Meowboard has been installed and is ready to use!"; die("<meta http-equiv=\"refresh\" content=\"0; url=/\">Install complete.");
} else { } else {
showHeader(1); showHeader(1);

View file

@ -2,8 +2,9 @@
include 'include/db.php'; include 'include/db.php';
include 'include/templates.php'; include 'include/templates.php';
if (isset($_COOKIE["meowboardSession"])) { die('<meta http-equiv="refresh" content="0; url=/index.php">'); }
if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_COOKIE["meowboardSession"])) { die('<meta http-equiv="refresh" content="0; url=index.php">'); }
$username = $_POST['username']; $username = $_POST['username'];
$password = $_POST['password']; $password = $_POST['password'];

View file

@ -2,11 +2,43 @@
include 'include/db.php'; include 'include/db.php';
include 'include/templates.php'; include 'include/templates.php';
if ($_SERVER["REQUEST_METHOD"] == "POST") { } loggedInCheck();
else { if ($_SERVER["REQUEST_METHOD"] == "POST") {
$path_parts = pathinfo($_FILES["fileToUpload"]["name"]);
$location = "img/" . bin2hex(random_bytes(16)) . "-" . time() . "." . $path_parts['extension'];
$uploadValid = 1;
if(@is_array(getimagesize($_FILES["fileToUpload"]["tmp_name"])) == false){
$uploadValid = 0;
}
if($_FILES['userfile']['size'] > 300000000){
$uploadValid = 0;
}
if(ctype_alnum(str_replace(",","",$_POST["tags"])) == false){
$uploadValid = 0;
}
if($uploadValid == 0){
showHeader();
echo '<h3>An error has occured, please try again.</h3>';
echo $footer;
die();
} else {
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $location);
addImage($location, tokenToUsername($_COOKIE["meowboardSession"]), $_POST["tags"]);
showHeader();
echo '<h3>File uploaded!</h3>';
echo $footer;
exit();
}
} else {
showHeader(); showHeader();
echo '<h3>Upload</h3><form action="upload.php" method="post" enctype="multipart/form-data"> echo '<h3>Upload</h3><form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="fileToUpload" id="fileToUpload"> <div class="upload">Upload <input type="file" name="fileToUpload" id="fileToUpload"> <icon></icon></div>
<label for="tags">Tags</label><br/><input type="text" id="tags" name="tags"> <label for="tags">Tags</label><br/><input type="text" id="tags" name="tags">
<br/><button>submit</button> <br/><button>submit</button>
</form>'; </form>';