diff --git a/README.txt b/README.txt
index 05f2d4c..ccf6522 100644
--- a/README.txt
+++ b/README.txt
@@ -21,6 +21,7 @@ PRE-REQUISITES
----------------------------------------
* PHP 7.0
* Webserver with CGI enabled
+ * Composer
* A paper-clip and soldering-iron
* Also a lighter
@@ -30,9 +31,16 @@ PRE-REQUISITES
INSTALLATION
----------------------------------------
Drop Blagoblag in any directory on your webserver, then create an SQL
-database for Blagoblag. Make sure to make a "config.ini" file (from
-"config.ini.example")-- at the minimum, you need to configure the SQL
-connection settings.
+database for Blagoblag-- UTF-8 character encoding, preferably.
+
+Then, make a "config.ini" file (from "config.ini.example")-- at the
+minimum, you need to configure the SQL connection settings.
+
+After that, just run "composer intall", then you should be running!
+
+As for setup, you should make your own user-account, then use the "root"
+account to elevate your account to archmage (highest login class)-- after
+that, delete the "root" account. :)
diff --git a/composer.json b/composer.json
index df2d1df..9b68600 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,7 @@
{ "require":
{
"twig/twig": "1.*",
- "falseclock/dbd-php": "1.*"
+ "erusev/parsedown": "*.*",
+ "consoletvs/profanity": "*.*"
}
}
diff --git a/config.php.sample b/config.php.sample
index ea779f2..ba1459f 100644
--- a/config.php.sample
+++ b/config.php.sample
@@ -1,4 +1,9 @@
"/u/?name=USERNAME")
+
+$user_prefix_name = "u/?name=";
+$user_prefix_id = "u/?id=";
+
+$post_prefix_name = "p/?name=";
+$post_prefix_id = "p/?id=";
-$theme = "default";
?>
diff --git a/docs/last_time.txt b/docs/last_time.txt
new file mode 100644
index 0000000..2c7c40b
--- /dev/null
+++ b/docs/last_time.txt
@@ -0,0 +1,2 @@
+Last time on blagoblag!!
+ * USER planted a post and failed to hold central dogma
diff --git a/p/edit/index.php b/p/edit/index.php
new file mode 100644
index 0000000..c79bc46
--- /dev/null
+++ b/p/edit/index.php
@@ -0,0 +1,45 @@
+ $edit_id,
+ 'user_full_name' => unscrub(user_full_name($edit_id)),
+ 'user_name' => user_name($edit_id),
+ 'user_bio' => unscrub(user_biography($edit_id)),
+ 'user_email' => user_email($edit_id),
+ 'user_website' => user_website($edit_id));
+
+
+// --------------------------------------
+
+switch (1) {
+ case (user_logged_in() == false):
+ general_error("You're not even logged in, fool! >;c");
+ break;
+ case ($cur_id != $edit_id):
+ auth_enforce($cur_id, array("wizard", "archmage"), "edit other
+ people's accounts");
+ break;
+}
+
+display_page($mark, $depth, $title, $local_exports);
+
+?>
diff --git a/p/edit/private/user_edit.php b/p/edit/private/user_edit.php
new file mode 100644
index 0000000..0f0d033
--- /dev/null
+++ b/p/edit/private/user_edit.php
@@ -0,0 +1,54 @@
+
diff --git a/p/index.php b/p/index.php
index f28cd53..c70601b 100644
--- a/p/index.php
+++ b/p/index.php
@@ -8,42 +8,31 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
+$title = "Control Panel";
$depth = "../";
-$title = "";
$mark = "p_index";
-include "../res/lib/load.php";
+include $depth . "res/lib/load.php";
// -------------------------------------
-
$id = $_GET['id'] ?? post_title_to_id($_GET['name']);
$name = post_title($id);
// -------------------------------------
-if (empty($_GET['id']) && empty($_GET['name'])) {
- root_redirect('p/list/');
-} else if (!is_post_id($_GET['id']) && !is_post_title($_GET['name'])) {
- general_error("We can't find that post! :(");
+if (empty($name)) {
+ root_redirect("p/list/");
}
+$local_exports = array('post_id' => $id,
+ 'post_title' => unscrub($name),
+ 'post_author' => post_author($id),
+ 'post_date' => post_date($id),
+ 'post_text' => markdown(post_text($id)));
+
+
// --------------------------------------
-$post_text = markdown(post_text($id));
-$post_date = post_date($id);
-$post_data = post_data($id);
-
-$user_id = post_author($id);
-$username = user_name($user_id);
-$full_name = user_full_name($user_id);
-
-$local_exports = array('post_id' => $id, 'post_text' => $post_text,
- 'post_author' => $user_id,
- 'post_data' => $post_data, 'post_title' => $name,
- 'post_date' => $date);
-
-// -------------------------------------
-
display_page($mark, $depth, $title, $local_exports);
?>
diff --git a/p/list/index.php b/p/list/index.php
index 183d309..673b663 100644
--- a/p/list/index.php
+++ b/p/list/index.php
@@ -15,6 +15,12 @@ include "../../res/lib/load.php";
// -------------------------------------
-display_page($mark, $depth, $title);
+$order = $_GET['order'] ?? "desc";
+
+$local_exports = array('order' => $order);
+
+// -------------------------------------
+
+display_page($mark, $depth, $title, $local_exports);
?>
diff --git a/p/new/private/post_create.php b/p/new/private/post_create.php
index 396f858..a7d6086 100644
--- a/p/new/private/post_create.php
+++ b/p/new/private/post_create.php
@@ -11,18 +11,14 @@
$depth = "../../../";
include "../../../res/lib/load.php";
-$auth_user = scrub($_POST['auth_user']);
-$auth_pass = scrub($_POST['auth_pass']);
-$auth_id = user_name_to_id($auth_user);
-
$title = scrub($_POST['title']);
$desc = scrub($_POST['desc']);
$text = scrub($_POST['text']);
// -------------------------------------
-auth_enforce($auth_id, $auth_pass,
- array("contributor", "wizard", "archmage"), "make posts");
+auth_enforce(user_logged_in(),
+ array("contributor", "wizard", "archmage"), "make posts");
input_enforce(array($title, $desc, $text),
array("Title", "Summary", "Text"),
@@ -30,9 +26,8 @@ input_enforce(array($title, $desc, $text),
// -------------------------------------
-echo $auth_user . $auth_user_id;
-post_create($title, $auth_id, $desc, $text);
+post_create($title, user_logged_in(), $desc, $text);
-root_redirect("post.php?name=" . $title);
+root_redirect($GLOBALS['post_prefix_title'] . $title);
?>
diff --git a/res/lib/db.php b/res/lib/db.php
index 6d735cf..9a93dd7 100644
--- a/res/lib/db.php
+++ b/res/lib/db.php
@@ -7,6 +7,9 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
+/* note: should really make variable-naming more SQL-adherent and consistent
+ * also rethink a lot fo these abstractions
+ * also use prepared statements (as in http://bobby-tables.com/php) */
// -------------------------------------
// connection setup
@@ -115,7 +118,13 @@ function db_get_rows($table, $identifier, $value) {
// Return the value of a specific column in a given row, identified by an
// 'identifier' column set to the given value
function db_get_cell($table, $identifier, $value, $cell) {
- return db_get_rows($table, $identifier, $value)[0][$cell];
+ $results = db_get_rows($table, $identifier, $value);
+
+ if (count($results) > 0) {
+ return $results[0][$cell];
+ } else {
+ return false;
+ }
}
// !!!
@@ -143,7 +152,7 @@ function db_set_cell($table, $identifier, $value, $cell, $new_value) {
return db_cmd("update " . $table
. " set " . $cell . " = " . $new_value
- . " where " . $identifier . " = " . $value) . ";";
+ . " where " . $identifier . " = " . $value . ";");
}
// -------------------------------------
diff --git a/res/lib/load.php b/res/lib/load.php
index d4f9531..a1e84de 100644
--- a/res/lib/load.php
+++ b/res/lib/load.php
@@ -11,6 +11,7 @@
// PATH --> PATH
// Take a path from root and turn it into a relative path.
+error_reporting(0);
function root($path) {
return $GLOBALS['depth'] . $path;
}
@@ -30,12 +31,24 @@ include(root("res/lib/db.php"));
include(root("res/lib/url.php"));
include(root("res/lib/post.php"));
include(root("res/lib/blagoblag.php"));
+include(root("res/lib/token.php"));
$loader= new Twig_Loader_Filesystem(root("res/themes/default/html"));
$twig = new Twig_Environment($loader, ['cache' =>
root('cache/'), 'autoescape' => false]);
+// -------------------------------------
+// authentication
+global $logged_id;
+global $logged_in; $logged_in = false;
+
+$test_id = user_logged_in();
+
+$logged_id = $test_id ?? 0;
+if ($logged_id != 0) {
+ $logged_in = true;
+}
// -------------------------------------
// global variable declaration
@@ -67,6 +80,12 @@ $twig_exports = array('theme' => $GLOBALS['theme'],
'user' => $GLOBALS['user'],
'posts' => $GLOBALS['posts'],
'post' => $GLOBALS['post'],
- 'instance_title' => $GLOBALS['instance_title']);
+ 'user_prefix_id' => $GLOBALS['user_prefix_id'],
+ 'user_prefix_name' => $GLOBALS['user_prefix_name'],
+ 'post_prefix_id' => $GLOBALS['post_prefix_id'],
+ 'post_prefix_name' => $GLOBALS['post_prefix_name'],
+ 'instance_title' => $GLOBALS['instance_title'],
+ 'logged_id' => $GLOBALS['logged_id'],
+ 'logged_in' => $GLOBALS['logged_in']);
?>
diff --git a/res/lib/sterilize.php b/res/lib/sterilize.php
index fbc4587..979b955 100644
--- a/res/lib/sterilize.php
+++ b/res/lib/sterilize.php
@@ -12,9 +12,9 @@
// NUMBER STRING ARRAY [STRING] --> NIL
// Make sure a user is both authenticated *and* permitted to do a given task,
// aka in the right login-class.
-function auth_enforce($id, $password, $permitted, $message="do that") {
- if (!user_valid_password($id, $password)) {
- input_error("Sorry, your user-name or password is wrong.");
+function auth_enforce($id, $permitted, $message="do that") {
+ if (!user_logged_in()) {
+ input_error("Sorry, you're not logged in!");
}
$class = user_class($id);
@@ -22,6 +22,7 @@ function auth_enforce($id, $password, $permitted, $message="do that") {
perm_error("Mate, only a " . comma_sep($permitted, " or ")
. " can " . $message . "-- you hecking "
. $class . "!");
+ return false;
}
}
diff --git a/res/lib/string.php b/res/lib/string.php
index 1594bc4..1a776af 100644
--- a/res/lib/string.php
+++ b/res/lib/string.php
@@ -25,4 +25,11 @@ function string_wrap($value) {
function strings_wrap($array) {
return array_map("string_wrap", $array);
}
+
+// STRING NUMBER --> STRING
+// Return the nth word of a given string (space-seperated)
+function word_nth($string, $number) {
+ return explode(" ", $string)[$number];
+}
+
?>
diff --git a/res/lib/token.php b/res/lib/token.php
new file mode 100644
index 0000000..ec30f4f
--- /dev/null
+++ b/res/lib/token.php
@@ -0,0 +1,91 @@
+ NUMBER
+// Generate a new login-token and associate it with the user's account.
+// Returns the token number.
+function user_token_set($id, $token) {
+ setcookie("token", $token, time() + 60*60*24*30, "/");
+ setcookie("id", $id, time() + 60*60*24*30, "/");
+ echo "token" . $token;
+ db_set_cell("lusers", "id", $id, "token", $token);
+ return $token;
+}
+
+// NUMBER NUMBER --> BOOLEAN
+// Return whether or not a token is valid for a certain user account
+function user_token_validate($id, $token) {
+ $valid_token = db_get_cell("lusers", "id", $id, "token");
+
+ if (html_entity_decode($token) == $valid_token) {
+ return true;
+
+ } else {
+ return false;
+ }
+
+}
+
+
+// -------------------------------------
+
+
+// NUMBER --> NIL
+// Log a user in
+function user_log_in($id) {
+ $token = user_token_generate($id);
+ user_token_set($id, $token);
+
+ return true;
+}
+
+// NUMBER --> NIL
+// Log out a user, by burning the DB-token, and eating the log-in cookies
+function user_log_out($id) {
+ user_token_set($id, "escapee");
+ setcookie("token", "escapee", time(), "/");
+ setcookie("id", "death, the destroyer", time(), "/");
+
+ return true;
+}
+
+// -------------------------------------
+
+// NIL --> NUMBER/BOOLEAN
+// Return whether or not a user is logged in-- if yes, return user ID
+function user_logged_in() {
+ $id = $_COOKIE['id'] ?? 1;
+ $token = $_COOKIE['token'] ?? 1;
+
+ if (user_token_validate($id, $token)) {
+ return $id;
+ } else {
+ return false;
+ }
+}
+
+// -------------------------------------
+
+// NUMBER STRING --> BOOLEAN
+// Return whether or not a given password is valid.
+function user_valid_password($id, $password) {
+ if (password_verify($password, user_get($id, "hash"))) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+?>
diff --git a/res/lib/user.php b/res/lib/user.php
index ab3b6ed..e280395 100644
--- a/res/lib/user.php
+++ b/res/lib/user.php
@@ -131,64 +131,13 @@ function user_posts($id) {
// Return an array filled with all of a user's relevant data.
function user_data($id) {
return array('full_name' => user_full_name($id),
+ 'first_name' => word_nth(user_full_name($id), 0),
'name' => user_name($id),
'bio' => user_biography($id),
+ 'class' => user_class($id),
'email' => user_email($id),
'website' => user_website($id),
'posts' => user_posts($id));
}
-
-// -------------------------------------
-
-
-// NUMBER --> NUMBER
-// Generate a new login-token and associate it with the user's account.
-// Returns the token number.
-function user_token_create($id) {
- $token = rand(0, 5000000);
- db_set_cell("lusers", "id", $id, "token", rand(0, 5000000));
- return $token;
-}
-
-// NUMBER NUMBER --> BOOLEAN
-// Return whether or not a token is valid for a certain user account
-function user_token_validate($id, $token) {
- $valid_token = db_get_cell("lusers", "id", $id, "token");
-
- if ($token == $valid_token) {
- return true;
-
- } else {
- return false;
- }
-}
-
-
-// -------------------------------------
-
-
-// NUMBER --> NIL
-// Log a user in-- create a token, then make a cookie with said token.
-function user_log_in($id) {
- $token = user_token_create($id);
- setcookie("token", $token, 2628000);
- setcookie("id", $id, 2628000);
-}
-
-function logged() {
- if (user_token_validate($id, $_COOKIE['token'])) {
- return $id;
- } else {
- return "no";
- }
-}
-
-// -------------------------------------
-// NUMBER STRING --> BOOLEAN
-// Return whether or not a given password is valid.
-function user_valid_password($id, $password) {
- return password_verify($password, user_get($id, "hash"));
-}
-
?>
diff --git a/res/themes/default/css/global.css b/res/themes/default/css/global.css
index 05eaefa..2b02855 100644
--- a/res/themes/default/css/global.css
+++ b/res/themes/default/css/global.css
@@ -1,35 +1,91 @@
-/* The color-combo we're using:
- * https://www.colorcombos.com/color-schemes/116/ColorCombo116.html */
body {
- background-color: #CECFCE;
+ background-color: #FFFFFF;
font-family: sans-serif;
font-size: 17px;
color: #073642;
width: 100%;
}
+p {
+ max-width: 700px;
+ padding-left: 10%;
+}
+
+form {
+ background-color: #EFEFEF;
+ margin: 10px;
+ border-radius: 5px;
+ max-width: 900px;
+ padding: 10px;
+}
+
+form label {
+ width: 100px;
+ display: inline-block;
+ font-weight: bold;
+ align: left;
+}
+
+.button {
+ background-color: #993232;
+ color: #FFFFFF;
+ padding: 10px;
+ border-radius: 5px;
+}
+
+.button a {
+ color: inherit;
+ text-decoration: none;
+}
+
+.button:hover {
+ background-color: #AFB170;
+}
+
+
+
+/* -------------------------------------
+ * navbar
+ * -----------------------------------*/
nav {
- background-color: #84596B;
+ background-color: #993232;
+ color: #FFFFFF;
width: 100%;
margin: 0;
padding: 0;
}
nav ul {
- background-color: #84596B;
+ background-color: inherit;
+ color: inherit;
overflow: hidden;
- color: #FFFFFF;
}
nav li {
+ background-color: inherit;
+ color: inherit;
display: block;
margin-left: 20px;
margin-right: 20px;
- background-color: #84596B;
float: left;
padding: 10px;
}
+nav li a {
+ background-color: inherit;
+ color: inherit;
+ text-decoration: none;
+ color: #FFFFFF;
+}
+
+nav li:hover {
+ background-color: #AFB170;
+}
+
+.right {
+ float: right;
+}
+
#star {
margin-left: 1px;
margin-right: 1px;
@@ -43,32 +99,38 @@ nav li {
background-color: inherit;
}
-nav li:hover {
- background-color: #AFB170;
-}
-
-nav li a {
- text-decoration: none;
- color: #FFFFFF;
-}
-
-.right {
- float: right;
-}
-
-p {
- max-width: 700px;
- padding-left: 10%;
-}
-.post_card {
- height: 200px;
- display: inline-block;
- overflow: hidden;
- max-width: 200px;
- border-style: solid;
+/* -------------------------------------
+ * meta_post_card_*
+ * -----------------------------------*/
+
+.card {
+ float: left;
+ max-width: 370px;
+ border-style: dotted;
border-width: 2px;
border-color: #B58AA5;
border-radius: 5px;
+ margin: 10px;
+}
+
+.card p {
+ padding-right: 30px;
+ padding-left: 30px;
+ padding-bottom: 30px;
+}
+
+.title {
+ text-align: center;
+}
+
+.date {
+ font-size: 17px;
+ text-align: center;
+}
+
+.author {
+ font-size: 15px;
+ text-align: center;
}
diff --git a/res/themes/default/css/p_index.css b/res/themes/default/css/p_index.css
new file mode 100644
index 0000000..15075b8
--- /dev/null
+++ b/res/themes/default/css/p_index.css
@@ -0,0 +1,11 @@
+article {
+ max-width: 900px;
+ border-width: 2px;
+ border-style: dotted;
+ border-color: #B58AA5;
+ border-radius: 5px;
+
+}
+.title .author .date {
+ text-align: center;
+}
diff --git a/res/themes/default/css/post.css b/res/themes/default/css/post.css
deleted file mode 100644
index 1d82875..0000000
--- a/res/themes/default/css/post.css
+++ /dev/null
@@ -1 +0,0 @@
-/* This is the CSS file for the post page *only* */
diff --git a/res/themes/default/css/u_index.css b/res/themes/default/css/u_index.css
new file mode 100644
index 0000000..48e6872
--- /dev/null
+++ b/res/themes/default/css/u_index.css
@@ -0,0 +1,15 @@
+.user_info {
+ max-width: 900px;
+ border-width: 2px;
+ border-style: dotted;
+ border-color: #B58AA5;
+ border-radius: 5px;
+}
+
+.text {
+ margin: 20px;
+}
+
+.title .author .date {
+ text-align: center;
+}
diff --git a/res/themes/default/html/admin_index.twig.html b/res/themes/default/html/admin_index.twig.html
index c945b89..9d6c600 100644
--- a/res/themes/default/html/admin_index.twig.html
+++ b/res/themes/default/html/admin_index.twig.html
@@ -28,7 +28,6 @@
-