87 lines
3.3 KiB
PHP
87 lines
3.3 KiB
PHP
<?php
|
|
$sitename = "meowboard";
|
|
include 'include/templates.php';
|
|
include 'include/uuid.php';
|
|
|
|
if (file_exists("meowboard.db")) {
|
|
die("meowboard is already installed. If you are a webmaster, you may want to delete this file.");
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$username = $_POST['username'];
|
|
if (empty($_POST['password'])) {
|
|
die("No admin password.");
|
|
}
|
|
// The password is hashed before being entered into the database for security reasons.
|
|
// It is then hashed with the salt and pepper.
|
|
$password = hash("sha512", $_POST['password']);
|
|
$sitename = $_POST['sitename'];
|
|
|
|
if(empty($sitename)) {
|
|
die("No site name.");
|
|
}
|
|
if(empty($username)) {
|
|
die("No admin username.");
|
|
}
|
|
|
|
$salt = random_bytes(128);
|
|
$saltHex = bin2hex($salt);
|
|
$pepper = random_bytes(64);
|
|
$pepperHex = bin2hex($pepper);
|
|
|
|
$passwordFinal = hash("sha512", hash("sha512", $password . $saltHex) . $pepperHex);
|
|
|
|
class Store extends SQLite3
|
|
{
|
|
function __construct()
|
|
{
|
|
$this->open('meowboard.db');
|
|
}
|
|
}
|
|
|
|
// This creates the database file on the system automatically.
|
|
$db = new Store();
|
|
|
|
// Initialise tables in the database.
|
|
$db->exec('CREATE TABLE users(uuid TEXT UNIQUE PRIMARY KEY NOT NULL, username TEXT UNIQUE NOT NULL, password TEXT NOT NULL, pepper TEXT NOT NULL, admin INTEGER DEFAULT 0)');
|
|
$db->exec('CREATE TABLE images(id INTEGER PRIMARY KEY AUTOINCREMENT, location TEXT NOT NULL, uploader TEXT NOT NULL, tags TEXT)');
|
|
$db->exec('CREATE TABLE settings(key TEXT PRIMARY KEY UNIQUE NOT NULL, value TEXT DEFAULT NULL)');
|
|
$db->exec('CREATE TABLE tokens(hash TEXT PRIMARY KEY NOT NULL, uuid TEXT NOT NULL, expiry INTEGER)');
|
|
|
|
// Create UUID and place it into binding to add for the admin user.
|
|
$uuidBinding = genUuid4();
|
|
|
|
// Add the admin user to the database.
|
|
$insert_user_query = $db->prepare('INSERT INTO users (uuid, username, password, pepper, admin) VALUES (?, ?, ?, ?, 1)');
|
|
$insert_user_query->bindParam(1, $uuidBinding, SQLITE3_TEXT);
|
|
$insert_user_query->bindParam(2, $username, SQLITE3_TEXT);
|
|
$insert_user_query->bindParam(3, $passwordFinal, SQLITE3_TEXT);
|
|
$insert_user_query->bindParam(4, $pepperHex, SQLITE3_TEXT);
|
|
$result = $insert_user_query->execute();
|
|
|
|
// Add the salt into the database otherwise it will be impossible to login.
|
|
// Also add site name in.
|
|
$insert_salt_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("salt", ?)');
|
|
$insert_salt_query->bindParam(1, $saltHex, SQLITE3_TEXT);
|
|
$result = $insert_salt_query->execute();
|
|
|
|
$insert_sitename_query = $db->prepare('INSERT INTO settings (key, value) VALUES ("sitename", ?)');
|
|
$insert_sitename_query->bindParam(1, $sitename, SQLITE3_TEXT);
|
|
$result = $insert_sitename_query->execute();
|
|
|
|
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">Install complete.");
|
|
|
|
} else {
|
|
showHeader(1);
|
|
|
|
echo '<h3>Install meowboard</h3>';
|
|
echo '<h2>Admin account credentials</h2>';
|
|
echo '<form method="post"><label for="username">Username</label><br/> <input type="text" id="username" name="username"/> <br/>';
|
|
echo '<label for="password">Password</label><br/> <input type="password" id="password" name="password" /> <br/>';
|
|
echo '<h2>Site settings</h2>';
|
|
echo '<label for="sitename">Site name</label><br/> <input type="text" id="sitename" name="sitename"/> <br/>';
|
|
echo '<br/><button>install</button></form>';
|
|
|
|
echo $footer;
|
|
}
|
|
?>
|