Initial commit

Base site creation

lib/Bloggr/auth.php

@@ -0,0 +1,139 @@
+<?php
+namespace Bloggr;
+class Auth
+{
+  protected $pdo;
+  function __construct($pdo)
+  {
+    session_start();
+    $pdo->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_ASSOC);
+    $this->pdo = $pdo;
+  }
+  public function register($username, $email, $password, $role = 0) {
+    $errors = array();
+    $username = trim(filter_var($username, FILTER_SANITIZE_STRING));
+    $email = filter_var($email, FILTER_VALIDATE_EMAIL);
+    $password = filter_var($password, FILTER_SANITIZE_STRING);
+    $timestamp = time();
+    if (preg_replace('/\s+/', '', $username) !== $username) {
+      array_push($errors, 'Your username may not contain whitespaces!');
+    }
+    if (strlen(trim($username)) < 3) {
+      array_push($errors, 'Username is too short! Min. 3');
+    }
+    if (strlen(trim($username)) > 16) {
+      array_push($errors, 'Username is too long! Max. 16');
+    }
+    if (!$email) {
+      array_push($errors, 'Enter a valid email!');
+    }
+    if (strlen(trim($password)) < 8) {
+      array_push($errors, 'Password is too short! Min 8');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    try {
+      $s = $this->pdo->prepare("SELECT username, email FROM users WHERE username = :username OR email = :email;");
+      $s->execute(array(
+        ':username' => $username,
+        ':email' => $email
+      ));
+      while ($row = $s->fetch()) {
+        if ($row['username'] === $username) {
+          array_push($errors, 'Username already exists!');
+        }
+        if ($row['email'] === $email) {
+          array_push($errors, 'Email already exists!');
+        }
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    try {
+      $s = $this->pdo->prepare("INSERT INTO users (username, email, password, registered, roles_mask) VALUES(:username, :email, :password, :registered, :roles_mask);");
+      $r = $s->execute(array(
+        ':username' => $username,
+        ':email' => $email,
+        ':password' => password_hash($password, PASSWORD_DEFAULT),
+        ':registered' => $timestamp,
+        ':roles_mask' => $role
+      ));
+      if(!$r) {
+        array_push($errors, 'Something went wrong!');
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    return true;
+  }
+  public function login($user, $password) {
+    $errors = array();
+    $password = filter_var($password, FILTER_SANITIZE_STRING);
+    $timestamp = time();
+    if (!$user || $user === '' || preg_replace('/\s+/', '', $user) !== $user) {
+      array_push($errors, 'Please enter a username or email!');
+    }
+    if (!$password || $password === '') {
+      array_push($errors, 'Please enter a password!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    $userId = 0;
+    try {
+      $s = $this->pdo->prepare("SELECT id, username, email, password FROM users WHERE username = :user OR email = :user LIMIT 1;");
+      $s->execute(array(
+        ':user' => $user
+      ));
+      if ($s->rowCount() <= 0) {
+        array_push($errors, 'Wrong username/email or password!');
+      } else {
+        while ($row = $s->fetch()) {
+          if (!password_verify($password, $row['password'])) {
+            array_push($errors, 'Wrong username/email or password!');
+          }
+          $userId = $row['id'];
+        }
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    try {
+      $s = $this->pdo->prepare("UPDATE users SET last_login = :lastlogin WHERE id = :id;");
+      $r = $s->execute(array(
+        ':lastlogin' => $timestamp,
+        ':id' => $userId
+      ));
+      if(!$r) {
+        array_push($errors, 'Something went wrong!');
+      }
+    } catch (\PDOException $e) {
+      array_push($errors, 'Something went wrong!');
+    }
+    if (count($errors) > 0) {
+      return $errors;
+    }
+    $_SESSION['id'] = $userId;
+    return true;
+  }
+  public function isLoggedIn() {
+    return isset($_SESSION['id']);
+  }
+  public function logout() {
+    $_SESSION['id'] = '';
+    unset($_SESSION['id']);
+    session_unset();
+    return true;
+  }
+}
+?>

lib/autoload.php

@@ -0,0 +1,25 @@
+<?php
+spl_autoload_register(function ($class_name) {
+  include $class_name . '.php';
+});
+
+$request_uri = substr($_SERVER['REQUEST_URI'], 0, 6);
+
+if(!@include(__DIR__."/config.php")) {
+  if(!($request_uri == "/setup")) {
+    header('Location: /setup.php');
+    die("Redirecting...");
+  }
+}
+
+if(@include(__DIR__."/config.php")) {
+  if($request_uri == "/setup") {
+    header('Location: /');
+    die("Redirecting...");
+  }
+}
+
+if(!($request_uri == "/setup")) {
+  $pdo = new \PDO('mysql:dbname='.DB_NAME.';host='.DB_HOST.';charset=utf8mb4', DB_USER, DB_PASS);
+  $auth = new \Bloggr\Auth($pdo);
+}

lib/config.php

@@ -0,0 +1,10 @@
+<?php
+define('SITE_TITLE', 'aaaaaaaaaaaa');
+
+define('DB_HOST', 'localhost');
+define('DB_NAME', 'bloggr');
+define('DB_USER', 'root');
+define('DB_PASS', '');
+
+define('ADMIN_USER', 'kein');
+define('ADMIN_EMAIL', 'adsasd@hsadashd.com');

lib/sql/db.sql

@@ -0,0 +1,13 @@
+CREATE TABLE IF NOT EXISTS `users` (
+  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+  `email` varchar(249) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `password` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL,
+  `username` varchar(16) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
+  `verified` tinyint(1) unsigned NOT NULL DEFAULT '0',
+  `roles_mask` int(10) unsigned NOT NULL DEFAULT '0',
+  `registered` int(10) unsigned NOT NULL,
+  `last_login` int(10) unsigned DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `email` (`email`),
+  UNIQUE KEY `username` (`username`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;