diff options
| author | Horus3 | 2014-09-23 20:16:17 +0200 |
|---|---|---|
| committer | Horus3 | 2014-09-23 20:16:17 +0200 |
| commit | 790524e3dee3ddcf5a8250adc8b38853d0014c9f (patch) | |
| tree | 2965207a742727b3a10eb0b32dbca5c61b9ef372 /bootstrap | |
| parent | 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff (diff) | |
| download | jungegemeinde-790524e3dee3ddcf5a8250adc8b38853d0014c9f.tar.gz | |
rebuild with bootstrap
Diffstat (limited to 'bootstrap')
| -rw-r--r-- | bootstrap/bootstrap.php | 54 | ||||
| -rw-r--r-- | bootstrap/class/mysql.php | 141 | ||||
| -rw-r--r-- | bootstrap/class/user.php | 153 | ||||
| -rw-r--r-- | bootstrap/config.php | 30 | ||||
| -rw-r--r-- | bootstrap/functions.php | 24 | ||||
| -rw-r--r-- | bootstrap/index.php | 72 | ||||
| -rw-r--r-- | bootstrap/setup.php | 12 | ||||
| -rwxr-xr-x | bootstrap/static/footer.php | 12 | ||||
| -rw-r--r-- | bootstrap/static/header.php | 36 |
9 files changed, 534 insertions, 0 deletions
diff --git a/bootstrap/bootstrap.php b/bootstrap/bootstrap.php new file mode 100644 index 0000000..262113a --- /dev/null +++ b/bootstrap/bootstrap.php @@ -0,0 +1,54 @@ +<?php +### loads the vfs environment + +require_once( dirname(__FILE__) . '/config.php'); + +# absolute path +if ( ! defined(ABSPATH) ) + define('ABSPATH', dirname(__FILE__) . '/'); + +# scheme, set to https if set, otherwise plain http +if ( ! defined(SCHEME) ){ + if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') + define('SCHEME', 'https://'); + else + define('SCHEME', 'http://'); +} + +# hostname +if ( ! defined(HOST) ) + define('HOST', $_SERVER['HTTP_HOST']); +if ( ! defined(DOMAIN) ) + define('DOMAIN', SCHEME . HOST); + +# define session name +if ( ! defined(SESSION) ) + define('SESSION', 'JGSID'); + +# define include path for vfs-class files +if ( ! defined(INCLASS) ) + define('INCLASS', 'class/'); + +# redis access +# if ( ! defined(USE_REDIS) ) +# define('USE_REDIS', false); +# if ( ! defined(REDIS_CONNECT) ) +# define('REDIS_CONNECT', '/var/run/redis/redis.sock'); +# if ( ! defined(REDIS_DBNAME) ) +# define('REDIS_DBNAME', 1); + +# redirects to correct host +if ( $_SERVER['HTTP_HOST'] != HOST){ + header($_SERVER['SERVER_PROTOCOL']. ' 301 Moved Permanently'); + header('Location: ' . DOMAIN); + exit; +} + +require(ABSPATH . 'functions.php'); +require(ABSPATH . INCLASS . 'mysql.php'); +require(ABSPATH . INCLASS . 'vfsuser.php'); +require(ABSPATH . INCLASS . 'vfsdata.php'); + +# first install only +if ( file_exists(ABSPATH . 'setup.php') ) + require(ABSPATh . 'setup.php'); diff --git a/bootstrap/class/mysql.php b/bootstrap/class/mysql.php new file mode 100644 index 0000000..0140994 --- /dev/null +++ b/bootstrap/class/mysql.php @@ -0,0 +1,141 @@ +<?php + +class db { + + protected $db; + + public function __construct(){ + $this->open(); + } + + public function open(){ + try { + $this->db = new mysqli(DBHOST, DBUSER, DBPASSWORD, DBNAME); + } catch (Exception $e){ + failure("<p>".$e->getMessage()."</p>", '500 Server Failure', false, '<h1>Failed to open database connection.</h1>'); + } + + if ( $this->db->connect_errno() ){ + failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>'); + } + + if ( ! $this->db->ping() ){ + failure("<p>Can't reach MySQL server. Server says: " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>"); + } + + if ( ! $this->db->set_charset(DBCHARSET) ){ + failure("<p>Can't set " . DBCHARSET . " as the charset on your MySQL server.</p>" , '500 Server Failure', false, "<h1>Setting Charset failed!</h1>"); + } + + } + + public function close(){ + $this->db->close(); + } + + public function check(){ + if ( ! $this->db->ping() ){ + return false; + } + + return true; + } + + # does a single MySQL query with output (SELECT, INSERT, UPDATE... ) + public function doQuery($string){ + if ( ! $this->check() ) + return false; + + return $this->db->query($sql); + } + + # does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... ) + public function execMultipleQueries($sql){ + if ( ! $this->check() ) + return false; + + $result = $this->db->multi_query($sql); + if ( ! $result ) + return false; + + do { + if( ! $this->db->more_results() ) + break; + if ( ! $this->db->next_result() ){ + if ( $this->db->error != "" ){ + $res->free(); + return false; + } + } + } while (true); + + return true; + } + + # code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154 + # syntax like sprintf() + public function prepare( $query, $args ) { + if ( is_null( $query ) ) + return; + + // This is not meant to be foolproof -- but it will catch obviously incorrect usage. + if ( strpos( $query, '%' ) === false ) { + return false; + } + + $args = func_get_args(); + array_shift( $args ); + + // If args were passed as an array (as in vsprintf), move them up + if ( isset( $args[0] ) && is_array($args[0]) ) + $args = $args[0]; + + $query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it + $query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting + $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware + $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s + + array_walk( $args, array( $this, '_escape_by_ref' ) ); + + return @vsprintf( $query, $args ); + } + + private function _escape_by_ref( &$string ){ + if ( ! is_float( $string ) ) + $string = $this->_real_escape( $string ); + } + + private function _real_escape( $string ){ + return $this->db->real_escape_string($string); + } + # WordPress End + + public function createTables(){ + $user_table = + 'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'user + ( id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(id), + name VARCHAR(70), UNIQUE(name), + password VARCHAR(70), UNIQUE(password), + email VARCHAR(70), UNIQUE(email), + register INTEGER, + ENGINE=InnoDB;'; + + $banned_user_table = + 'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'banned_user + ( banned_id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(banned_id), + login_attempts INTEGER, + ip TEXT, + session_id TEXT, + time INTEGER, + user INTEGER + ) + ENGINE=InnoDB;'; + + if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $banned_user_table . ' END;') ) + failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>"); + } + + public function __destruct(){ + $this->close(); + } +} diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php new file mode 100644 index 0000000..321ca57 --- /dev/null +++ b/bootstrap/class/user.php @@ -0,0 +1,153 @@ +<?php + +class jg { + + public $username; + public $login = false; + + private $pepper; + private $query = false; + + public function __construct($name = null){ + if ( is_null($name) ) + return; + + $this->username = $name; + + if ( isset($_SESSION["loggedin"]) ) + $this->login = $_SESSION["loggedin"]; + + $this->_setPepper(); + + $this->_setQuery(); + } + + # get's everything from the database + private function _setQuery(){ + global $vfsdb; + + $sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username); + $db_db = $vfsdb->doQuery($sql); + if ( is_bool($db_db) ) + $this->query = false; + else + $this->query = $db_db->fetch_array(MYSQLI_ASSOC); + } + + private function _setPepper(){ + if ( PEPPER_IS_FILE ) + $this->pepper = file_get_contents(PEPPER); + else + $this->pepper = PEPPER; + } + + public function getUser(){ + return $this->query['name']; + } + + public function getUserId(){ + return $this->query['id']; + } + + public function getPassword(){ + return $this->query['password']; + } + + public function getEmail(){ + return $this->query['email']; + } + + public function getRegister(){ + return $this->query['register']; + } + + # check if valid user + public function isValidUser(){ + if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) ) + return false; + + return true; + } + + # check if current user is authenticated + public function isLoggedIn(){ + return $this->login; + } + + public function login($password){ + + # get hashed password from the database + $hashed_password = $this->getPassword(); + + # do the password check with php function + if ( ! password_verify($password . PEPPER, $hashed_password) ) + return false; + + # set login to true + $this->login = true; + + # start a session if needed + if ( session_status() != PHP_SESSION_ACTIVE ) { + session_name(VFS_SESSION); + session_start(); + } + + # set session variable to true + $_SESSION["loggedin"] = true; + + # assign userid to the session variable + $_SESSION["userid"] = $this->getUserId(); + + return true; + } + + public function logout(){ + + # no session active, so return false + if ( session_status() != PHP_SESSION_ACTIVE ) + return false; + + # set login to false + $this->login = false; + + # destroy session + if( ! session_destroy() ) + return false; + + return true; + } + + public function register($name, $password, $email){ + global $vfsdb; + + $password = $password . PEPPER; + $hash = password_hash($password, PASSWORD_DEFAULT); + + $sql = $vfsdb->prepare(" + INSERT INTO " . DBPREFIX . "user VALUES ( + NULL, + name = %s, + password = %s, + email = %s, + register = %d + );", $name, $hash, $email, time() ); + + if ( ! $vfsdb->doQuery($sql) ) + return false; + + # the user is successfull registered, thus already logged in + $this->username = $name; + + # redefine the class attributes + $this->_setPepper(); + $this->_setQuery(); + + $this->login($password); + + return true; + } + + public function __destruct(){ + return true; + } +} diff --git a/bootstrap/config.php b/bootstrap/config.php new file mode 100644 index 0000000..5c66d07 --- /dev/null +++ b/bootstrap/config.php @@ -0,0 +1,30 @@ +<?php + +### mysql access +define('DBHOST', 'localhost'); +define('DBUSER', 'vfs-user'); +define('DBNAME', 'vfs'); +define('DBPASSWORD', 'secretpassword'); +define('DBCHARSET', 'utf8'); +define('DBPREFIX', 'vfs_'); + +### define your pepper for password security +define('PEPPER_IS_FILE', false); +define('PEPPER', 'somelongstringhere'); + +# define('PEPPER_IS_FILE', true); +# define('PEPPER', dirname(__FILE__) . '/../pepper.txt'); + +### absolute path +# define('ABSPATH', dirname(__FILE__) . '/'); + +### file directory +# define('FILEPATH', ABSPATH . '../files'); + +### scheme, set to https if possible, otherwise plain http +# define('SCHEME', 'http://'); +# define('SCHEME', 'https://'); + +### hostname +define('HOST', 'jungegemeinde.iamfabulous.de'); +define('DOMAIN', 'https://jungegemeinde.iamfabulous.de'); diff --git a/bootstrap/functions.php b/bootstrap/functions.php new file mode 100644 index 0000000..8c998fc --- /dev/null +++ b/bootstrap/functions.php @@ -0,0 +1,24 @@ +<?php + +function failure($reason, $httpcode, $ajax = true, $heading = NULL){ + + # send header with $httpcode + header($_SERVER['SERVER_PROTOCOL'] . " " . $httpcode); + + # just echo the reason to the ajax response + if($ajax){ + echo $reason; + exit; + } + + // TODO: Put pretty HTML here, please + + # print full error page + if($heading != NULL) + echo $heading; + + echo $reason; + + # exit the script here + exit; +} diff --git a/bootstrap/index.php b/bootstrap/index.php new file mode 100644 index 0000000..fbe4d8d --- /dev/null +++ b/bootstrap/index.php @@ -0,0 +1,72 @@ +<?php + +require_once( dirname(__FILE__) . '/bootstrap.php'); +ob_start(); + +$db = new db(); +$user = new jg(); +?> +<!doctype html> +<html> +<head> + <meta charset="utf-8"> + <title>Junge Gemeinde Adlershof</title> + <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'> + <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <noscript><style>.navbar{margin-bottom:0;}</style></noscript> +</head> +<?php +require_once 'static/header.php'; +?> +<div class="container"> + <div class="text-center"> + <div class="row"> +<?php +if ( ! $user->isLoggedIn() ){ +?> +<form class="form-horizontal"> +<fieldset> + +<!-- Form Name --> +<legend><h1>Junge Gemeinde Adlershof</h1></legend> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="name">Username:</label> + <div class="col-md-5"> + <input id="name" name="name" placeholder="Put your username here." class="form-control input-md" required="" type="text"> + <span class="help-block">Required for login.</span> + </div> +</div> + +<!-- Password input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="password">Password:</label> + <div class="col-md-5"> + <input id="password" name="password" placeholder="Put your password here." class="form-control input-md" required="" type="password"> + <span class="help-block">Required for login.</span> + </div> +</div> + +<!-- Button --> +<div class="form-group"> + <label class="col-md-4 control-label" for="submit"></label> + <div class="col-md-4"> + <button id="submit" name="submit" class="btn btn-info">Log In</button> + </div> +</div> + +</fieldset> +</form> +<?php +} else { +?> + <h1>Junge Gemeinde Adlershof</h1> + </div> + <div class="row"> + <p>Welcome!</p> + </div> +<?php +require_once 'static/footer.php'; +} diff --git a/bootstrap/setup.php b/bootstrap/setup.php new file mode 100644 index 0000000..b984253 --- /dev/null +++ b/bootstrap/setup.php @@ -0,0 +1,12 @@ +<?php +# init file to set up the database +# TODO: pretty html + +$db = new db(); +$db->createTables(); +$db->close(); + +echo "<p>Successfully created the database.</p>"; + +# rename this file to avoid setting up the tables twice +rename(ABSPATH . 'setup.php', ABSPATH . '_setup.php'); diff --git a/bootstrap/static/footer.php b/bootstrap/static/footer.php new file mode 100755 index 0000000..4a14ac7 --- /dev/null +++ b/bootstrap/static/footer.php @@ -0,0 +1,12 @@ + <div class="footer text-right"> + <div class="container"> + <p> Copyright 2014 <a id="copyright-text" href="//www.moehm.org/" target="_blank">Maximilian Möhring</a></p> + </div> + </div> + <script src="//code.jquery.com/jquery-1.10.1.min.js" defer></script> + <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js" defer></script> + <?php //<script src='/boring.js' defer></script> ?> + <?php //include("piwik.html"); ?> + </body> +</html> + diff --git a/bootstrap/static/header.php b/bootstrap/static/header.php new file mode 100644 index 0000000..37c36ab --- /dev/null +++ b/bootstrap/static/header.php @@ -0,0 +1,36 @@ +<nav class="navbar navbar-default navbar-custom" role="navigation"> + <div class="container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbarCollapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <a class="navbar-brand" href="/">Home</a> + </div> +<div class="collapse navbar-collapse" id="navbarCollapse"> + <ul class="nav navbar-nav"> + <li> + <a href="/liste" >Adressliste</a> + </li> + <li> + <a href="https://lists.iamfabulous.de/mailman/listinfo/jungegemeinde" >E-Mail Verteiler</a> + </li> + <li> + <a href="/logout" >Logout</a> + </li> + </ul> + </div> + </div> + </nav> + <noscript> + <div class="noscript"> + <div class="container"> + <div class="row text-center noscript"> + <h5>Bitte aktiviere JavaScript damit die Seite im vollen Umfang funktioniert.</h5> + </div> + </div> + </div> + </noscript> + |