Database not found."); } class Store extends SQLite3 { function __construct() { $this->open('meowboard.db'); } } $db = new Store(); $sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'"); $result = $sitenameStatement->execute(); $sitename = $result->fetchArray()[1]; function saltString($string) { global $db; $saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'"); $result = $saltStatement->execute(); $salt = $result->fetchArray()[1]; return hash("sha512", $string . $salt); } function verifyPassword($username, $password) { global $db; $password = hash("sha512", $password); $grabUser = $db->prepare("SELECT password, pepper FROM users WHERE username = ?"); $grabUser->bindParam(1, $username, SQLITE3_TEXT); $result = $grabUser->execute(); $resultArray = $result->fetchArray(); $storedPassword = $resultArray[0]; $pepper = $resultArray[1]; $passwordFinal = hash("sha512", saltString($password) . $pepper); if ($passwordFinal != $storedPassword) { return 0; } return 1; } function issueSessionToken($username) { global $db; $token = bin2hex(random_bytes(256)); $tokenStore = saltString($token); // We store this value and give the user the unhashed token. $expiry = time() + 2_419_200_000; // 28 days. $uuid = usernameToUuid($username); $insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, uuid, expiry) VALUES (?, ?, ?)"); $insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $insertTokenStatement->bindParam(2, $uuid, SQLITE3_TEXT); $insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER); $result = $insertTokenStatement->execute(); return $token; } function addImage($location, $uploader, $tags) { global $db; $insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)"); $insertStatement->bindParam(1, $location, SQLITE3_TEXT); $insertStatement->bindParam(2, $uploader, SQLITE3_TEXT); $insertStatement->bindParam(3, $tags, SQLITE3_TEXT); $result = $insertStatement->execute(); } function flushSessionTokens() { global $db; $timestamp = time(); $flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?"); $flushStatement->bindParam(1, $timestamp, SQLITE3_INTEGER); $flushStatement->execute(); } function purgeSessionTokens() { global $db; $db->execute("DELETE FROM tokens"); } function deleteSessionToken($token) { global $db; $tokenStore = saltString($token); $deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?"); $deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $deleteStatement->execute(); } function checkSessionToken($token) { global $db; flushSessionTokens(); $tokenStore = saltString($token); $getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?"); $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $result = $getTokenStatement->execute(); $tokenInDB = $result->fetchArray()[0]; if ($tokenInDB == $tokenStore) { return 1; } return 0; } function tokenToUuid($token) { global $db; $tokenStore = saltString($token); $getTokenStatement = $db->prepare("SELECT uuid FROM tokens WHERE hash = ?"); $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $result = $getTokenStatement->execute(); $uuid = $result->fetchArray()[0]; return $uuid; } function isAdmin($uuid) { global $db; $getTokenStatement = $db->prepare("SELECT admin FROM users WHERE uuid = ?"); $getTokenStatement->bindParam(1, $uuid, SQLITE3_TEXT); $result = $getTokenStatement->execute(); return $result->fetchArray()[0]; } function loggedInCheck() { if(!isset($_COOKIE["meowboardSession"])){ die(""); } if(isset($_COOKIE["meowboardSession"])){ if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){ setcookie("meowboardSession", "", 1); die(""); } } } function getImageAmount() { global $db; $statement = $db->prepare("SELECT id FROM images ORDER BY id DESC LIMIT 1"); $result = $statement->execute(); return $result->fetchArray()[0]; } function getAmountOfPages() { $maxId = getImageAmount(); return ceil($maxId/10); } function getImages($page = 0) { global $db; $data = array(); $maxId = getImageAmount(); $upperBound = ((int)$maxId-((int)$page*10)); $lowerBound = $upperBound-10; $t2 = $upperBound-0; // I genuinely have no idea why this works but don't touch it. $getStatement = $db->prepare("SELECT location, tags FROM images WHERE id > ? AND id <= ? ORDER BY id DESC LIMIT 10"); $getStatement->bindParam(1, $lowerBound, SQLITE3_INTEGER); $getStatement->bindParam(2, $t2, SQLITE3_INTEGER); $result = $getStatement->execute(); while ($res = $result->fetchArray(1)) { array_push($data, $res); } return $data; } function getImage($id) { global $db; $data = array(); $getStatement = $db->prepare("SELECT location, uploader, tags FROM images where id = ?"); $getStatement->bindParam(1, $id, SQLITE3_INTEGER); $result = $getStatement->execute(); while ($res = $result->fetchArray(1)) { array_push($data, $res); } return $data; } function usernameToUuid($username) { global $db; $getStatement = $db->prepare("SELECT uuid FROM users WHERE username = ?"); $getStatement->bindParam(1, $username, SQLITE3_TEXT); $result = $getStatement->execute(); return $result->fetchArray()[0]; } function uuidToUsername($uuid) { global $db; $getStatement = $db->prepare("SELECT username FROM users WHERE uuid = ?"); $getStatement->bindParam(1, $uuid, SQLITE3_TEXT); $result = $getStatement->execute(); return $result->fetchArray()[0]; } ?>