p8/Bloggr
1
0
Fork 0
mirror of https://github.com/p08dev/Bloggr.git synced 2026-06-17 04:33:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added many stuff

Browse Source 
Too lazy to write what
This commit is contained in:
Furentes
2019-05-16 13:25:21 +02:00
parent eaa735da68
commit 62e4c56658
10 changed files with 400 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
index.php
View File

@ -13,6 +13,13 @@ $posts = $auth->getAllPosts();
</head> </head>
<body> <body>
<?php <?php
if ($auth->hasRole([ \Bloggr\Roles::ADMIN ])) {
?>
<p>
<a href="/users.php">Users</a>
</p>
<?php
}
if ($auth->hasRole([ \Bloggr\Roles::ADMIN, \Bloggr\Roles::AUTHOR ])) { if ($auth->hasRole([ \Bloggr\Roles::ADMIN, \Bloggr\Roles::AUTHOR ])) {
?> ?>
<p> <p>
@ -31,6 +38,9 @@ $posts = $auth->getAllPosts();
<?php <?php
} else { } else {
?> ?>
<p>
<a href="/settings.php">Einstellungen</a>
</p>
<p> <p>
<a href="/logout.php">Logout</a> <a href="/logout.php">Logout</a>
</p> </p>

204
lib/Bloggr/auth.php
View File

@ -241,8 +241,30 @@ class Auth
} }
return $id; return $id;
} }
public function canEditPost($id) {
if (!$this->isLoggedIn()) return false;
if (!$this->hasRole(\Bloggr\Roles::ADMIN)) {
try {
$s = $this->pdo->prepare("SELECT id FROM posts WHERE id = :id AND user = :user LIMIT 1;");
$s->execute(array(
':id' => $id,
':user' => $this->getId(),
));
if ($s->rowCount() <= 0) {
return false;
}
return true;
} catch (\PDOException $e) {
return false;
}
}
return true;
}
public function editPost($id, $title, $text) { public function editPost($id, $title, $text) {
if (!$this->isLoggedIn()) return false; if (!$this->isLoggedIn()) return false;
if (!$this->canEditPost($id)) return false;
$errors = array(); $errors = array();
$title = htmlspecialchars(trim(filter_var($title, FILTER_SANITIZE_STRING))); $title = htmlspecialchars(trim(filter_var($title, FILTER_SANITIZE_STRING)));
@ -279,11 +301,12 @@ class Auth
return $errors; return $errors;
} }
try { try {
$s = $this->pdo->prepare("UPDATE posts SET title = :title, text = :text, updated_at = :updated_at WHERE id = :id LIMIT 1;"); $s = $this->pdo->prepare("UPDATE posts SET title = :title, text = :text, updated_at = :updated_at, updated_by = :updated_by WHERE id = :id LIMIT 1;");
$r = $s->execute(array( $r = $s->execute(array(
':title' => $title, ':title' => $title,
':text' => $text, ':text' => $text,
':updated_at' => $updated_at, ':updated_at' => $updated_at,
':updated_by' => $this->getId(),
':id' => $id, ':id' => $id,
)); ));
if(!$r) { if(!$r) {
@ -314,6 +337,9 @@ class Auth
while ($row = $s->fetch()) { while ($row = $s->fetch()) {
$row['user'] = $this->getUsernameById($row['user']); $row['user'] = $this->getUsernameById($row['user']);
if ($row['updated_by'] && $row['updated_by'] != 0) {
$row['updated_by'] = $this->getUsernameById($row['updated_by']);
}
return $row; return $row;
} }
@ -342,5 +368,181 @@ class Auth
return $posts; return $posts;
} }
} }
public function commentPost($id, $comment) {
if (empty($id) || !\is_numeric($id)) {
return false;
}
if (!$this->isLoggedIn()) return false;
$errors = array();
$comment = htmlspecialchars(trim($comment, FILTER_SANITIZE_STRING));
$created_at = time();
if (strlen($comment) < 3) {
array_push($errors, 'Text is too short! Min. 3');
}
if (strlen($comment) > 256) {
array_push($errors, 'Text is too long! Max. 256');
}
if (count($errors) > 0) {
return $errors;
}
try {
$s = $this->pdo->prepare("INSERT INTO comments (post, user, comment, created_at) VALUES(:post, :user, :comment, :created_at);");
$r = $s->execute(array(
':post' => $id,
':user' => $this->getId(),
':comment' => $comment,
':created_at' => $created_at,
));
if(!$r) {
array_push($errors, 'Something went wrong!');
}
if (count($errors) > 0) {
return $errors;
}
return true;
} catch (\PDOException $e) {
array_push($errors, 'Something went wrong!');
}
if (count($errors) > 0) {
return $errors;
}
return false;
}
public function getPostComments($id) {
if (empty($id) || !\is_numeric($id)) {
return false;
}
try {
$s = $this->pdo->prepare("SELECT * FROM comments WHERE post = :id ORDER BY id DESC;");
$s->execute(array(
':id' => $id,
));
if ($s->rowCount() <= 0) {
return false;
}
$rows = [];
while ($row = $s->fetch()) {
$row['user'] = $this->getUsernameById($row['user']);
array_push($rows, $row);
}
return $rows;
return false;
} catch (\PDOException $e) {
return false;
}
}
public function getAllUsers() {
try {
$users = [];
$sql = "SELECT * FROM users ORDER BY id ASC";
$result = $this->pdo->query($sql);
if (!$result) {
return false;
}
foreach ($result as $row) {
array_push($users, $row);
}
return $users;
} catch (\PDOException $e) {
return $users;
}
}
public function updateUserRole($id, $role = 0) {
if (!$this->isLoggedIn()) return false;
if (!$this->hasRole([ \Bloggr\Roles::ADMIN ])) {
return false;
}
if (empty($id) || !\is_numeric($id)) {
return false;
}
if (!isset($role) || !\is_numeric($role)) {
return false;
}
$errors = array();
try {
$s = $this->pdo->prepare("UPDATE users SET roles_mask = :role WHERE id = :id LIMIT 1;");
$r = $s->execute(array(
':role' => $role,
':id' => $id,
));
if(!$r) {
array_push($errors, 'Something went wrong!');
}
} catch (\PDOException $e) {
array_push($errors, 'Something went wrong!');
}
if (count($errors) > 0) {
return $errors;
}
return true;
}
public function updatePassword($old, $new, $repeat) {
if (!$this->isLoggedIn()) return false;
$errors = array();
$old = filter_var($old, FILTER_SANITIZE_STRING);
$new = filter_var($new, FILTER_SANITIZE_STRING);
$repeat = filter_var($repeat, FILTER_SANITIZE_STRING);
try {
$s = $this->pdo->prepare("SELECT id, username, email, password FROM users WHERE id = :id LIMIT 1;");
$s->execute(array(
':id' => $this->getId()
));
if ($s->rowCount() <= 0) {
array_push($errors, 'User not found!');
} else {
while ($row = $s->fetch()) {
if (!password_verify($old, $row['password'])) {
array_push($errors, 'Wrong password!');
}
}
}
} catch (\PDOException $e) {
array_push($errors, 'Something went wrong!');
}
if (count($errors) > 0) {
return $errors;
}
if ($new != $repeat) {
array_push($errors, 'Password repeat wrong!');
}
if (strlen(trim($new)) < 8) {
array_push($errors, 'Password is too short! Min 8');
}
if (count($errors) > 0) {
return $errors;
}
if (count($errors) > 0) {
return $errors;
}
try {
$s = $this->pdo->prepare("UPDATE users SET password = :password WHERE id = :id LIMIT 1;");
$r = $s->execute(array(
':password' => password_hash($new, PASSWORD_DEFAULT),
':id' => $this->getId(),
));
if(!$r) {
array_push($errors, 'Something went wrong!');
}
} catch (\PDOException $e) {
array_push($errors, 'Something went wrong!');
}
if (count($errors) > 0) {
return $errors;
}
return true;
}
} }
?> ?>

2
lib/autoload.php
View File

@ -1,4 +1,6 @@
<?php <?php
date_default_timezone_set("Europe/Berlin");
spl_autoload_register(function ($class_name) { spl_autoload_register(function ($class_name) {
include $class_name . '.php'; include $class_name . '.php';
}); });

2
lib/config.php
View File

@ -1,5 +1,5 @@
<?php <?php
define('SITE_TITLE', 'A Bloggr Site'); define('SITE_TITLE', 'Title of Doom');
define('DB_HOST', 'localhost'); define('DB_HOST', 'localhost');
define('DB_NAME', 'bloggr'); define('DB_NAME', 'bloggr');

11
lib/sql/db.sql
View File

@ -23,5 +23,16 @@ CREATE TABLE `posts` (
`text` longtext CHARACTER SET utf8mb4 NOT NULL, `text` longtext CHARACTER SET utf8mb4 NOT NULL,
`created_at` int(10) UNSIGNED NOT NULL, `created_at` int(10) UNSIGNED NOT NULL,
`updated_at` int(10) UNSIGNED DEFAULT NULL, `updated_at` int(10) UNSIGNED DEFAULT NULL,
`updated_by` int(11) UNSIGNED,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
CREATE TABLE `comments` (
`id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT,
`post` int(11) UNSIGNED NOT NULL,
`user` int(11) UNSIGNED NOT NULL,
`comment` text NOT NULL,
`created_at` int(10) UNSIGNED NOT NULL,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1; ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

73
lib/sql/posts.sql
View File

@ -1,73 +0,0 @@
-- phpMyAdmin SQL Dump
-- version 4.8.5
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: May 10, 2019 at 10:50 AM
-- Server version: 10.1.38-MariaDB
-- PHP Version: 7.3.3
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `bloggr`
--
-- --------------------------------------------------------
--
-- Table structure for table `posts`
--
CREATE TABLE `posts` (
`id` int(11) UNSIGNED NOT NULL,
`user` int(11) UNSIGNED NOT NULL,
`title` varchar(128) CHARACTER SET utf8mb4 NOT NULL,
`text` longtext CHARACTER SET utf8mb4 NOT NULL,
`created_at` int(10) UNSIGNED NOT NULL,
`updated_at` int(10) UNSIGNED DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `posts`
--
INSERT INTO `posts` (`id`, `user`, `title`, `text`, `created_at`, `updated_at`) VALUES
(1, 1, 'test', 'test title', 1557473772, NULL),
(2, 1, 'test', 'test title', 1557473835, 1557476392),
(3, 1, 'Title of doom', 'Lorem ipsum', 1557473940, 1557476222),
(4, 1, 'awdswetf', ' wteawstrsw tws4e sw t 4aeswtg w4s ', 1557474085, NULL);
--
-- Indexes for dumped tables
--
--
-- Indexes for table `posts`
--
ALTER TABLE `posts`
ADD PRIMARY KEY (`id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `posts`
--
ALTER TABLE `posts`
MODIFY `id` int(11) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

46
post.php
View File

@ -14,7 +14,11 @@ $data = [];
$success = false; $success = false;
if (isset($_GET['view'])) { if (isset($_GET['view'])) {
if (isset($_POST['comment'])) {
$result = $auth->commentPost($_GET['view'], $_POST['comment']);
}
$result = $auth->getPost($_GET['view']); $result = $auth->getPost($_GET['view']);
$result_comments = $auth->getPostComments($_GET['view']);
if(!$result) { if(!$result) {
array_push($errors, '404 Not Found'); array_push($errors, '404 Not Found');
} else { } else {
@ -27,7 +31,8 @@ else if (isset($_GET['new'])) {
} }
else if (isset($_GET['edit'])) { else if (isset($_GET['edit'])) {
$action = 'edit'; $action = 'edit';
} else { }
else {
array_push($errors, '404 Not Found'); array_push($errors, '404 Not Found');
} }
@ -62,15 +67,6 @@ if ($action == 'edit') {
$data = $result; $data = $result;
} }
} }
if (isset($_POST['login'])) {
$login = $auth->login($_POST['user'], $_POST['password']);
if (is_array($login)) {
$errors = $login;
} else {
header('Location: /');
}
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
@ -96,13 +92,41 @@ if (isset($_POST['login'])) {
if($success == true) { if($success == true) {
echo '<span style="color: green;">Post bearbeitet!</span><br>'; echo '<span style="color: green;">Post bearbeitet!</span><br>';
} }
if ($action == 'view'): if ($action == 'view'):
if ($auth->canEditPost($data["id"]) == true) echo '<a href="post.php?edit='.$data["id"].'">Edit Post</a>';
?> ?>
<h2>Titel: <?= $data['title'] ?></h2> <h2>Titel: <?= $data['title'] ?></h2>
<p>Text: <?= nl2br($data['text']) ?></p> <p>Text: <?= nl2br($data['text']) ?></p>
<p>Author: <?= $data['user'] ?></p> <p>Author: <?= $data['user'] ?></p>
<?php <?php
if($data['updated_by']):
?>
<p>Last edit at <?= date('H:i d.m.Y',$data['updated_at']).' from '.$data['updated_by'] ?></p>
<?php
endif;
if ($auth->isLoggedIn()) {
?>
<p>
<form action="<?= htmlspecialchars($_SERVER['REQUEST_URI']) ?>" method="post">
<textarea name="comment" id="comment" cols="30" rows="2"></textarea>
<input type="submit" value="Comment">
</form>
</p>
<?php
}
if(is_array($result_comments)) {
foreach($result_comments as $comment) {
?>
<p>
<b><?= $comment['user']; ?></b> - <?= date('H:i d.m.Y',$comment['created_at']) ?><br>
<?= $comment['comment']; ?>
</p>
<?php
}
}
endif; endif;
if ($action == 'new'): if ($action == 'new'):

2
register.php
View File

@ -30,7 +30,7 @@ if (isset($_POST['register'])) {
</head> </head>
<body> <body>
<div> <div>
<h2>Login</h2> <h2>Register</h2>
<?php <?php
foreach ($errors as $key=>$value): foreach ($errors as $key=>$value):

63
settings.php Normal file
View File

@ -0,0 +1,63 @@
<?php
include_once(__DIR__."/lib/autoload.php");
if (!$auth->isLoggedIn()) {
header('Location: /');
die();
}
$errors = [];
$action = '';
$data = [];
$view = false;
$success = false;
if(isset($_POST['update'])) {
$result = $auth->updatePassword($_POST['opassword'], $_POST['npassword'], $_POST['rpassword']);
if (is_array($result)) {
$errors = $result;
} else {
$success = true;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Home - <?= (defined("SITE_TITLE")) ? SITE_TITLE : 'A Bloggr Site' ?></title>
</head>
<body>
<div>
<a href="/">Home</a>
<h2>Change Password</h2>
<?php
foreach ($errors as $key=>$value):
?>
<span style="color: red;">
<?= $value ?>
</span><br>
<?php
endforeach;
if($success == true) {
echo '<span style="color: green;">Passwort aktualisiert!</span><br>';
}
?>
<form action="/settings.php" method="post">
<label for="opassword">Altes Passwort</label>
<input type="password" name="opassword" id="opassword"><br>
<label for="npassword">Passwort</label>
<input type="password" name="npassword" id="npassword"><br>
<label for="rpassword">Passwort Wiederholen</label>
<input type="password" name="rpassword" id="rpassword"><br>
<input type="submit" name="update" value="Update">
</form>
</div>
</body>
</html>

74
users.php Normal file
View File

@ -0,0 +1,74 @@
<?php
include_once(__DIR__."/lib/autoload.php");
if (!$auth->hasRole([ \Bloggr\Roles::ADMIN ])) {
header('Location: /');
die();
}
$errors = [];
$action = '';
$data = [];
$view = false;
if(isset($_GET['view'])) {
if (!empty($_GET['view']) && \is_numeric($_GET['view'])) {
$view = $_GET['view'];
}
if(isset($_POST['update'])) {
$update = $auth->updateUserRole($view, $_POST['role']);
}
}
$users = $auth->getAllUsers();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Home - <?= (defined("SITE_TITLE")) ? SITE_TITLE : 'A Bloggr Site' ?></title>
</head>
<body>
<div>
<a href="/">Home</a>
<h2>Users</h2>
<?php
if($view) {
echo '<a href="/users.php">Back</a><br>';
$found = false;
foreach ($users as $key => $value) {
if($value['id'] == $view) {
$found = true;
?>
<form action="<?= htmlspecialchars($_SERVER['REQUEST_URI']) ?>" method="post">
<label for="username"><?= $value['username'] ?></label><br>
<label for="email"><?= $value['email'] ?></label><br>
<label for="roles_mask">Role</label>
<select name="role" id="role">
<option value="0" <?= ($value['roles_mask'] == 0) ? 'selected' : '' ?>>Gast</option>
<option value="1" <?= ($value['roles_mask'] == 1) ? 'selected' : '' ?>>Admin</option>
<option value="2" <?= ($value['roles_mask'] == 2) ? 'selected' : '' ?>>Author</option>
</select><br>
<input type="submit" name="update" value="Update">
</form>
<?php
}
}
if (!$found) echo '404 Not Found';
} else {
$count = 0;
foreach ($users as $key => $value) {
echo '<a href="/users.php?view='.$value['id'].'">'.$value['id'].' - '.$value['username'].'</a><br>';
$count++;
}
}
?>
</div>
</body>
</html>