meowboard/include/db.php
threeoh6000 d0ce926f3b
Add the ability to upload images.
Also redirect from pages that require/don't require a login correctly.
2024-07-28 19:28:08 +01:00

145 lines
4 KiB
PHP

<?php
if(!file_exists("meowboard.db")) {
die("<meta http-equiv=\"refresh\" content=\"0; url=/install.php\">Database not found.");
}
class Store extends SQLite3
{
function __construct()
{
$this->open('meowboard.db');
}
}
$db = new Store();
$sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'");
$result = $sitenameStatement->execute();
$sitename = $result->fetchArray()[1];
function saltString($string) {
global $db;
$saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'");
$result = $saltStatement->execute();
$salt = $result->fetchArray()[1];
return hash("sha512", $string . $salt);
}
function verifyPassword($username, $password) {
global $db;
$password = hash("sha512", $password);
$grabUser = $db->prepare("SELECT * FROM users WHERE username = ?");
$grabUser->bindParam(1, $username, SQLITE3_TEXT);
$result = $grabUser->execute();
$resultArray = $result->fetchArray();
$storedPassword = $resultArray[1];
$pepper = $resultArray[2];
$passwordFinal = hash("sha512", saltString($password) . $pepper);
if ($passwordFinal != $storedPassword) {
return 0;
}
return 1;
}
function issueSessionToken($username) {
global $db;
$token = bin2hex(random_bytes(256));
$tokenStore = saltString($token); // We store this value and give the user the unhashed token.
$expiry = time() + 2_419_200_000; // 28 days.
$insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, username, expiry) VALUES (?, ?, ?)");
$insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$insertTokenStatement->bindParam(2, $username, SQLITE3_TEXT);
$insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER);
$result = $insertTokenStatement->execute();
return $token;
}
function addImage($location, $uploader, $tags) {
global $db;
$insertStatement = $db->prepare("INSERT INTO images (location, uploader, tags) VALUES (?, ?, ?)");
$insertStatement->bindParam(1, $location, SQLITE3_TEXT);
$insertStatement->bindParam(2, $uploader, SQLITE3_TEXT);
$insertStatement->bindParam(3, $tags, SQLITE3_TEXT);
$result = $insertStatement->execute();
}
function flushSessionTokens() {
global $db;
$flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?");
$flushStatement->bindParam(1, time(), SQLITE3_INTEGER);
$flushStatement->execute();
}
function purgeSessionTokens() {
global $db;
$db->execute("DELETE FROM tokens");
}
function deleteSessionToken($token) {
global $db;
$tokenStore = saltString($token);
$deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?");
$deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$deleteStatement->execute();
}
function checkSessionToken($token) {
global $db;
flushSessionTokens();
$tokenStore = saltString($token);
$getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?");
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
$tokenInDB = $result->fetchArray()[0];
if ($tokenInDB == $tokenStore) { return 1; }
return 0;
}
function tokenToUsername($token) {
global $db;
$tokenStore = saltString($token);
$getTokenStatement = $db->prepare("SELECT username FROM tokens WHERE hash = ?");
$getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
$username = $result->fetchArray()[0];
return $username;
}
function isAdmin($username) {
global $db;
$getTokenStatement = $db->prepare("SELECT admin FROM users WHERE username = ?");
$getTokenStatement->bindParam(1, $username, SQLITE3_TEXT);
$result = $getTokenStatement->execute();
return $result->fetchArray()[0];
}
function loggedInCheck() {
if(!isset($_COOKIE["meowboardSession"])){
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
if(isset($_COOKIE["meowboardSession"])){
if(checkSessionToken($_COOKIE["meowboardSession"]) == 0){
die("<meta http-equiv=\"refresh\" content=\"0; url=/login.php\">");
}
}
}
?>