From 790524e3dee3ddcf5a8250adc8b38853d0014c9f Mon Sep 17 00:00:00 2001
From: Horus3
Date: Tue, 23 Sep 2014 20:16:17 +0200
Subject: rebuild with bootstrap

---
 bootstrap/bootstrap.php     |  54 ++++++++++++++++
 bootstrap/class/mysql.php   | 141 ++++++++++++++++++++++++++++++++++++++++
 bootstrap/class/user.php    | 153 ++++++++++++++++++++++++++++++++++++++++++++
 bootstrap/config.php        |  30 +++++++++
 bootstrap/functions.php     |  24 +++++++
 bootstrap/index.php         |  72 +++++++++++++++++++++
 bootstrap/setup.php         |  12 ++++
 bootstrap/static/footer.php |  12 ++++
 bootstrap/static/header.php |  36 +++++++++++
 9 files changed, 534 insertions(+)
 create mode 100644 bootstrap/bootstrap.php
 create mode 100644 bootstrap/class/mysql.php
 create mode 100644 bootstrap/class/user.php
 create mode 100644 bootstrap/config.php
 create mode 100644 bootstrap/functions.php
 create mode 100644 bootstrap/index.php
 create mode 100644 bootstrap/setup.php
 create mode 100755 bootstrap/static/footer.php
 create mode 100644 bootstrap/static/header.php

(limited to 'bootstrap')

diff --git a/bootstrap/bootstrap.php b/bootstrap/bootstrap.php
new file mode 100644
index 0000000..262113a
--- /dev/null
+++ b/bootstrap/bootstrap.php
@@ -0,0 +1,54 @@
+<?php
+### loads the vfs environment
+
+require_once( dirname(__FILE__) . '/config.php');
+
+# absolute path
+if ( ! defined(ABSPATH) )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+# scheme, set to https if set, otherwise plain http
+if ( ! defined(SCHEME) ){
+	if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
+		define('SCHEME', 'https://');
+	else
+		define('SCHEME', 'http://');
+}
+
+# hostname
+if ( ! defined(HOST) )
+	define('HOST', $_SERVER['HTTP_HOST']);
+if ( ! defined(DOMAIN) )
+	define('DOMAIN', SCHEME . HOST);
+
+# define session name
+if ( ! defined(SESSION) )
+	define('SESSION', 'JGSID');
+
+# define include path for vfs-class files
+if ( ! defined(INCLASS) )
+	define('INCLASS', 'class/');
+
+# redis access
+# if ( ! defined(USE_REDIS) )
+#	define('USE_REDIS', false);
+# if ( ! defined(REDIS_CONNECT) )
+# 	define('REDIS_CONNECT', '/var/run/redis/redis.sock');
+# if ( ! defined(REDIS_DBNAME) )
+#	define('REDIS_DBNAME', 1);
+
+# redirects to correct host
+if ( $_SERVER['HTTP_HOST'] != HOST){
+	header($_SERVER['SERVER_PROTOCOL']. ' 301 Moved Permanently');
+	header('Location: ' . DOMAIN);
+	exit;
+}
+
+require(ABSPATH . 'functions.php');
+require(ABSPATH . INCLASS . 'mysql.php');
+require(ABSPATH . INCLASS . 'vfsuser.php');
+require(ABSPATH . INCLASS . 'vfsdata.php');
+
+# first install only
+if ( file_exists(ABSPATH . 'setup.php') )
+	require(ABSPATh . 'setup.php');
diff --git a/bootstrap/class/mysql.php b/bootstrap/class/mysql.php
new file mode 100644
index 0000000..0140994
--- /dev/null
+++ b/bootstrap/class/mysql.php
@@ -0,0 +1,141 @@
+<?php
+
+class db {
+	
+	protected $db;
+
+	public function __construct(){
+		$this->open();
+	}
+
+	public function open(){
+		try {
+			$this->db = new mysqli(DBHOST, DBUSER, DBPASSWORD, DBNAME);	
+		} catch (Exception $e){
+			failure("<p>".$e->getMessage()."</p>", '500 Server Failure', false, '<h1>Failed to open database connection.</h1>');
+		}
+
+		if ( $this->db->connect_errno() ){
+			failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
+		}
+
+		if ( ! $this->db->ping() ){
+			failure("<p>Can't reach MySQL server. Server says: " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>");
+		}
+
+		if ( ! $this->db->set_charset(DBCHARSET) ){
+			failure("<p>Can't set " . DBCHARSET . " as the charset on your MySQL server.</p>" , '500 Server Failure', false, "<h1>Setting Charset failed!</h1>");
+		}
+
+	}
+
+	public function close(){
+		$this->db->close();	
+	}
+
+	public function check(){
+		if ( ! $this->db->ping() ){
+			return false;
+		}
+
+		return true;
+	}
+
+	# does a single MySQL query with output (SELECT, INSERT, UPDATE... )
+	public function doQuery($string){
+		if ( ! $this->check() )
+			return false;
+
+		return $this->db->query($sql);
+	}
+
+	# does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... )
+	public function execMultipleQueries($sql){
+		if ( ! $this->check() )
+			return false;	
+
+		$result = $this->db->multi_query($sql);
+		if ( ! $result )
+			return false;
+
+		do {
+			if( ! $this->db->more_results() )	
+				break;
+			if ( ! $this->db->next_result() ){
+				if ( $this->db->error != "" ){
+					$res->free();
+					return false;
+				}
+			}
+		} while (true);
+
+		return true;
+	}
+
+	# code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154
+	# syntax like sprintf()
+	public function prepare( $query, $args ) {
+		if ( is_null( $query ) )
+			return;
+		
+		// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
+		if ( strpos( $query, '%' ) === false ) {
+			return false;
+		}
+		
+		$args = func_get_args();
+		array_shift( $args );
+
+		// If args were passed as an array (as in vsprintf), move them up
+		if ( isset( $args[0] ) && is_array($args[0]) )
+			$args = $args[0];
+
+		$query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
+		$query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
+		$query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
+		$query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
+
+		array_walk( $args, array( $this, '_escape_by_ref' ) );
+
+		return @vsprintf( $query, $args );
+	}
+
+	private function _escape_by_ref( &$string ){
+		if ( ! is_float( $string ) )
+			$string = $this->_real_escape( $string );
+	}
+
+	private function _real_escape( $string ){
+		return $this->db->real_escape_string($string);
+	}
+	# WordPress End
+
+	public function createTables(){
+		$user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'user 
+			( id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(id), 
+			name VARCHAR(70), UNIQUE(name), 
+			password VARCHAR(70), UNIQUE(password), 
+			email VARCHAR(70), UNIQUE(email), 
+			register INTEGER, 
+		ENGINE=InnoDB;';
+
+		$banned_user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'banned_user
+			( banned_id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(banned_id),
+			login_attempts INTEGER,
+			ip TEXT,
+			session_id TEXT,
+			time INTEGER,
+			user INTEGER
+			)
+		ENGINE=InnoDB;';
+
+		if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $banned_user_table . ' END;') )
+			failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>");
+	}
+	
+	public function __destruct(){
+		$this->close();
+	}
+}
diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php
new file mode 100644
index 0000000..321ca57
--- /dev/null
+++ b/bootstrap/class/user.php
@@ -0,0 +1,153 @@
+<?php
+
+class jg {
+
+	public $username;
+	public $login 	= false;
+
+	private $pepper;
+	private $query 	= false;
+	
+	public function __construct($name = null){
+		if ( is_null($name) )
+			return;
+
+		$this->username = $name;
+
+		if ( isset($_SESSION["loggedin"]) )
+			$this->login = $_SESSION["loggedin"];
+		
+		$this->_setPepper();
+
+		$this->_setQuery();
+	}
+
+	# get's everything from the database
+	private function _setQuery(){
+		global $vfsdb;
+
+		$sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
+		$db_db = $vfsdb->doQuery($sql);
+		if ( is_bool($db_db) )
+			$this->query = false;
+		else
+			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
+	}
+
+	private function _setPepper(){
+		if ( PEPPER_IS_FILE )
+			$this->pepper = file_get_contents(PEPPER);
+		else
+			$this->pepper = PEPPER;
+	}
+
+	public function getUser(){
+		return $this->query['name'];
+	}
+
+	public function getUserId(){
+		return $this->query['id'];
+	}
+
+	public function getPassword(){
+		return $this->query['password'];
+	}
+
+	public function getEmail(){
+		return $this->query['email'];	
+	}
+
+	public function getRegister(){
+		return $this->query['register'];
+	}
+
+	# check if valid user
+	public function isValidUser(){
+		if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
+			return false;
+
+		return true;
+	}
+
+	# check if current user is authenticated
+	public function isLoggedIn(){
+		return $this->login;	
+	}
+
+	public function login($password){
+		
+		# get hashed password from the database
+		$hashed_password = $this->getPassword();
+
+		# do the password check with php function
+		if ( ! password_verify($password . PEPPER, $hashed_password) )
+			return false;
+
+		# set login to true
+		$this->login = true;
+
+		# start a session if needed
+		if ( session_status() != PHP_SESSION_ACTIVE ) {
+			session_name(VFS_SESSION);
+			session_start();
+		}
+
+		# set session variable to true
+		$_SESSION["loggedin"] = true;
+
+		# assign userid to the session variable
+		$_SESSION["userid"] = $this->getUserId();
+
+		return true;
+	}
+
+	public function logout(){
+
+		# no session active, so return false
+		if ( session_status() != PHP_SESSION_ACTIVE )	
+			return false;
+
+		# set login to false
+		$this->login = false;
+
+		# destroy session
+		if( ! session_destroy() )
+			return false;
+
+		return true;
+	}
+
+	public function register($name, $password, $email){
+		global $vfsdb;
+
+		$password = $password . PEPPER;
+		$hash	  = password_hash($password, PASSWORD_DEFAULT);
+
+		$sql = $vfsdb->prepare("
+			INSERT INTO " . DBPREFIX . "user VALUES (
+				NULL,
+				name = %s,
+				password = %s,
+				email = %s,
+				register = %d
+			);", $name, $hash, $email, time() );
+
+		if ( ! $vfsdb->doQuery($sql) )
+			return false;
+
+		# the user is successfull registered, thus already logged in
+		$this->username = $name;
+
+		# redefine the class attributes
+		$this->_setPepper();
+		$this->_setQuery();
+
+		$this->login($password);
+
+		return true;
+	}
+
+	public function __destruct(){
+		return true;
+	}
+}
diff --git a/bootstrap/config.php b/bootstrap/config.php
new file mode 100644
index 0000000..5c66d07
--- /dev/null
+++ b/bootstrap/config.php
@@ -0,0 +1,30 @@
+<?php
+
+### mysql access
+define('DBHOST', 'localhost');
+define('DBUSER', 'vfs-user');
+define('DBNAME', 'vfs');
+define('DBPASSWORD', 'secretpassword');
+define('DBCHARSET', 'utf8');
+define('DBPREFIX', 'vfs_');
+
+### define your pepper for password security
+define('PEPPER_IS_FILE', false);
+define('PEPPER', 'somelongstringhere');
+
+# define('PEPPER_IS_FILE', true);
+# define('PEPPER', dirname(__FILE__) . '/../pepper.txt');
+
+### absolute path
+# define('ABSPATH', dirname(__FILE__) . '/');
+
+### file directory
+# define('FILEPATH', ABSPATH . '../files');
+
+### scheme, set to https if possible, otherwise plain http
+# define('SCHEME', 'http://');
+# define('SCHEME', 'https://');
+
+### hostname
+define('HOST', 'jungegemeinde.iamfabulous.de');
+define('DOMAIN', 'https://jungegemeinde.iamfabulous.de');
diff --git a/bootstrap/functions.php b/bootstrap/functions.php
new file mode 100644
index 0000000..8c998fc
--- /dev/null
+++ b/bootstrap/functions.php
@@ -0,0 +1,24 @@
+<?php
+
+function failure($reason, $httpcode, $ajax = true, $heading = NULL){
+
+	# send header with $httpcode
+	header($_SERVER['SERVER_PROTOCOL'] . " " . $httpcode);
+
+	# just echo the reason to the ajax response
+	if($ajax){
+		echo $reason;
+		exit;
+	}
+
+	// TODO: Put pretty HTML here, please
+
+	# print full error page
+	if($heading != NULL)
+		echo $heading;
+
+	echo $reason;
+
+	# exit the script here
+	exit;
+}
diff --git a/bootstrap/index.php b/bootstrap/index.php
new file mode 100644
index 0000000..fbe4d8d
--- /dev/null
+++ b/bootstrap/index.php
@@ -0,0 +1,72 @@
+<?php
+
+require_once( dirname(__FILE__) . '/bootstrap.php');
+ob_start();
+
+$db = new db();
+$user = new jg();
+?>
+<!doctype html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<title>Junge Gemeinde Adlershof</title>
+	<link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
+	<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+	<noscript><style>.navbar{margin-bottom:0;}</style></noscript>
+</head>
+<?php
+require_once 'static/header.php';
+?>
+<div class="container">
+	<div class="text-center">
+		<div class="row">
+<?php
+if ( ! $user->isLoggedIn() ){
+?>
+<form class="form-horizontal">
+<fieldset>
+
+<!-- Form Name -->
+<legend><h1>Junge Gemeinde Adlershof</h1></legend>
+
+<!-- Text input-->
+<div class="form-group">
+  <label class="col-md-4 control-label" for="name">Username:</label>  
+  <div class="col-md-5">
+  <input id="name" name="name" placeholder="Put your username here." class="form-control input-md" required="" type="text">
+  <span class="help-block">Required for login.</span>  
+  </div>
+</div>
+
+<!-- Password input-->
+<div class="form-group">
+  <label class="col-md-4 control-label" for="password">Password:</label>
+  <div class="col-md-5">
+    <input id="password" name="password" placeholder="Put your password here." class="form-control input-md" required="" type="password">
+    <span class="help-block">Required for login.</span>
+  </div>
+</div>
+
+<!-- Button -->
+<div class="form-group">
+  <label class="col-md-4 control-label" for="submit"></label>
+  <div class="col-md-4">
+    <button id="submit" name="submit" class="btn btn-info">Log In</button>
+  </div>
+</div>
+
+</fieldset>
+</form>
+<?php
+} else {
+?>
+	<h1>Junge Gemeinde Adlershof</h1>
+	</div>
+	<div class="row">
+		<p>Welcome!</p>
+	</div>
+<?php
+require_once 'static/footer.php';
+}
diff --git a/bootstrap/setup.php b/bootstrap/setup.php
new file mode 100644
index 0000000..b984253
--- /dev/null
+++ b/bootstrap/setup.php
@@ -0,0 +1,12 @@
+<?php
+# init file to set up the database
+# TODO: pretty html
+
+$db = new db();
+$db->createTables();
+$db->close();
+
+echo "<p>Successfully created the database.</p>";
+
+# rename this file to avoid setting up the tables twice
+rename(ABSPATH . 'setup.php', ABSPATH . '_setup.php');
diff --git a/bootstrap/static/footer.php b/bootstrap/static/footer.php
new file mode 100755
index 0000000..4a14ac7
--- /dev/null
+++ b/bootstrap/static/footer.php
@@ -0,0 +1,12 @@
+		<div class="footer text-right">
+			<div class="container">
+				<p>  Copyright 2014 <a id="copyright-text" href="//www.moehm.org/" target="_blank">Maximilian M&ouml;hring</a></p>
+			</div>
+		</div>
+		<script src="//code.jquery.com/jquery-1.10.1.min.js" defer></script>
+		<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js" defer></script>
+		<?php //<script src='/boring.js' defer></script> ?>
+		<?php //include("piwik.html"); ?>
+	</body>
+</html>
+
diff --git a/bootstrap/static/header.php b/bootstrap/static/header.php
new file mode 100644
index 0000000..37c36ab
--- /dev/null
+++ b/bootstrap/static/header.php
@@ -0,0 +1,36 @@
+<nav class="navbar navbar-default navbar-custom" role="navigation">
+	<div class="container">
+                        <div class="navbar-header">
+                                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#navbarCollapse">
+                                        <span class="sr-only">Toggle navigation</span>
+                                        <span class="icon-bar"></span>
+                                        <span class="icon-bar"></span>
+                                        <span class="icon-bar"></span>
+                                </button>
+                                <a class="navbar-brand" href="/">Home</a>
+                        </div>
+<div class="collapse navbar-collapse" id="navbarCollapse">
+                                <ul class="nav navbar-nav">
+                                        <li>
+                                                <a href="/liste" >Adressliste</a>
+                                        </li>
+                                        <li>
+                                                <a href="https://lists.iamfabulous.de/mailman/listinfo/jungegemeinde" >E-Mail Verteiler</a>
+                                        </li>
+                                        <li>
+                                                <a href="/logout" >Logout</a>
+                                        </li>
+                                </ul>
+                        </div>
+                </div>
+        </nav>
+        <noscript>
+                <div class="noscript">
+                        <div class="container">
+                                <div class="row text-center noscript">
+                                        <h5>Bitte aktiviere JavaScript damit die Seite im vollen Umfang funktioniert.</h5>
+                                </div>
+                        </div>
+                </div>
+        </noscript>
+
-- 
cgit v1.2.3