Archived
1
0
Disbranĉigi 0

A slow-burn existential crisis

This commit is contained in:
Jenga Phoenix 2019-02-23 01:15:14 -06:00
parent 7001dee230
commit 1714e5b80d
45 changed files with 785 additions and 211 deletions

View File

@ -21,6 +21,7 @@ PRE-REQUISITES
---------------------------------------- ----------------------------------------
* PHP 7.0 * PHP 7.0
* Webserver with CGI enabled * Webserver with CGI enabled
* Composer
* A paper-clip and soldering-iron * A paper-clip and soldering-iron
* Also a lighter * Also a lighter
@ -30,9 +31,16 @@ PRE-REQUISITES
INSTALLATION INSTALLATION
---------------------------------------- ----------------------------------------
Drop Blagoblag in any directory on your webserver, then create an SQL Drop Blagoblag in any directory on your webserver, then create an SQL
database for Blagoblag. Make sure to make a "config.ini" file (from database for Blagoblag-- UTF-8 character encoding, preferably.
"config.ini.example")-- at the minimum, you need to configure the SQL
connection settings. Then, make a "config.ini" file (from "config.ini.example")-- at the
minimum, you need to configure the SQL connection settings.
After that, just run "composer intall", then you should be running!
As for setup, you should make your own user-account, then use the "root"
account to elevate your account to archmage (highest login class)-- after
that, delete the "root" account. :)

View File

@ -1,6 +1,7 @@
{ "require": { "require":
{ {
"twig/twig": "1.*", "twig/twig": "1.*",
"falseclock/dbd-php": "1.*" "erusev/parsedown": "*.*",
"consoletvs/profanity": "*.*"
} }
} }

View File

@ -1,4 +1,9 @@
<?php <?php
// -------------------------------------
// REQUIRED
// -----------------
// database stuff
$db_type = "mysql"; $db_type = "mysql";
$db_host = "host=localhost;"; $db_host = "host=localhost;";
$db_port = "port=3306;"; $db_port = "port=3306;";
@ -9,6 +14,28 @@ $db_name = "dbname=blagoblag;";
$db_user = "USERNAME"; $db_user = "USERNAME";
$db_pass = "PASSWORD"; $db_pass = "PASSWORD";
// -----------------
// etc
$root = "blagoblag/"; // where blagoblag is, relative to the web-root
// AKA, the path you put in URLs
// -------------------------------------
// OPTIONAL
// -----------------
// branding
$instance_title = "Blagoblag"; // your site's name, for branding <3
$theme = "default"; // the theme you wanna use
// -----------------
// the url's relative to blagoblag's root, used to make a bunch of urls
// these should change only if you use some URL rewriting in your webserver
// (I.E., "/u/USERNAME" --> "/u/?name=USERNAME")
$user_prefix_name = "u/?name=";
$user_prefix_id = "u/?id=";
$post_prefix_name = "p/?name=";
$post_prefix_id = "p/?id=";
$theme = "default";
?> ?>

2
docs/last_time.txt Normal file
View File

@ -0,0 +1,2 @@
Last time on blagoblag!!
* USER planted a post and failed to hold central dogma

45
p/edit/index.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
$title = "Control Panel";
$depth = "../../";
$mark = "u_edit_index";
include $depth . "res/lib/load.php";
// -------------------------------------
$cur_id = user_logged_in();
$edit_id = $_GET['id'] ?? $cur_id;
// -------------------------------------
$local_exports = array('user_id' => $edit_id,
'user_full_name' => unscrub(user_full_name($edit_id)),
'user_name' => user_name($edit_id),
'user_bio' => unscrub(user_biography($edit_id)),
'user_email' => user_email($edit_id),
'user_website' => user_website($edit_id));
// --------------------------------------
switch (1) {
case (user_logged_in() == false):
general_error("You're not even logged in, fool! >;c");
break;
case ($cur_id != $edit_id):
auth_enforce($cur_id, array("wizard", "archmage"), "edit other
people's accounts");
break;
}
display_page($mark, $depth, $title, $local_exports);
?>

View File

@ -0,0 +1,54 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
$depth = "../../../";
include $depth . "res/lib/load.php";
$cur_id = user_logged_in();
$edit_id = $_GET['id'] ?? user_logged_in();
$full = scrub($_POST['full_name']);
$bio = scrub($_POST['bio']);
$email = scrub($_POST['email']);
$url = scrub($_POST['url']);
$class = scrub($_POST['login']) ?? false;
// -------------------------------------
input_enforce(array($full, $bio, $email, $url),
array("Full name", "Biography", "E-mail", "URL"),
array("string", "string", "email", "url"));
// -------------------------------------
switch (1) {
case (user_logged_in() == false):
general_error("Guests can't edit accounts, nerd!");
break;
case ($cur_id != $edit_id):
auth_enforce($cur_id, array("wizard", "archmage"), "edit other
people's accounts");
continue;
}
if ($class != false) {
$auth = auth_enforce($cur_id, array("archmage"),
"edit other people's classes");
if ($auth != false) {
$user_set($edit_id, "class", $class);
}
}
user_set($edit_id, "full_name", $full);
user_set($edit_id, "biography", $bio);
user_set($edit_id, "email", $email);
user_set($edit_id, "website", $url);
?>

View File

@ -8,42 +8,31 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */ GNU Affero General Public License for more details. */
$title = "Control Panel";
$depth = "../"; $depth = "../";
$title = "";
$mark = "p_index"; $mark = "p_index";
include "../res/lib/load.php"; include $depth . "res/lib/load.php";
// ------------------------------------- // -------------------------------------
$id = $_GET['id'] ?? post_title_to_id($_GET['name']); $id = $_GET['id'] ?? post_title_to_id($_GET['name']);
$name = post_title($id); $name = post_title($id);
// ------------------------------------- // -------------------------------------
if (empty($_GET['id']) && empty($_GET['name'])) { if (empty($name)) {
root_redirect('p/list/'); root_redirect("p/list/");
} else if (!is_post_id($_GET['id']) && !is_post_title($_GET['name'])) {
general_error("We can't find that post! :(");
} }
$local_exports = array('post_id' => $id,
'post_title' => unscrub($name),
'post_author' => post_author($id),
'post_date' => post_date($id),
'post_text' => markdown(post_text($id)));
// -------------------------------------- // --------------------------------------
$post_text = markdown(post_text($id));
$post_date = post_date($id);
$post_data = post_data($id);
$user_id = post_author($id);
$username = user_name($user_id);
$full_name = user_full_name($user_id);
$local_exports = array('post_id' => $id, 'post_text' => $post_text,
'post_author' => $user_id,
'post_data' => $post_data, 'post_title' => $name,
'post_date' => $date);
// -------------------------------------
display_page($mark, $depth, $title, $local_exports); display_page($mark, $depth, $title, $local_exports);
?> ?>

View File

@ -15,6 +15,12 @@ include "../../res/lib/load.php";
// ------------------------------------- // -------------------------------------
display_page($mark, $depth, $title); $order = $_GET['order'] ?? "desc";
$local_exports = array('order' => $order);
// -------------------------------------
display_page($mark, $depth, $title, $local_exports);
?> ?>

View File

@ -11,17 +11,13 @@
$depth = "../../../"; $depth = "../../../";
include "../../../res/lib/load.php"; include "../../../res/lib/load.php";
$auth_user = scrub($_POST['auth_user']);
$auth_pass = scrub($_POST['auth_pass']);
$auth_id = user_name_to_id($auth_user);
$title = scrub($_POST['title']); $title = scrub($_POST['title']);
$desc = scrub($_POST['desc']); $desc = scrub($_POST['desc']);
$text = scrub($_POST['text']); $text = scrub($_POST['text']);
// ------------------------------------- // -------------------------------------
auth_enforce($auth_id, $auth_pass, auth_enforce(user_logged_in(),
array("contributor", "wizard", "archmage"), "make posts"); array("contributor", "wizard", "archmage"), "make posts");
input_enforce(array($title, $desc, $text), input_enforce(array($title, $desc, $text),
@ -30,9 +26,8 @@ input_enforce(array($title, $desc, $text),
// ------------------------------------- // -------------------------------------
echo $auth_user . $auth_user_id; post_create($title, user_logged_in(), $desc, $text);
post_create($title, $auth_id, $desc, $text);
root_redirect("post.php?name=" . $title); root_redirect($GLOBALS['post_prefix_title'] . $title);
?> ?>

View File

@ -7,6 +7,9 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */ GNU Affero General Public License for more details. */
/* note: should really make variable-naming more SQL-adherent and consistent
* also rethink a lot fo these abstractions
* also use prepared statements (as in http://bobby-tables.com/php) */
// ------------------------------------- // -------------------------------------
// connection setup // connection setup
@ -115,7 +118,13 @@ function db_get_rows($table, $identifier, $value) {
// Return the value of a specific column in a given row, identified by an // Return the value of a specific column in a given row, identified by an
// 'identifier' column set to the given value // 'identifier' column set to the given value
function db_get_cell($table, $identifier, $value, $cell) { function db_get_cell($table, $identifier, $value, $cell) {
return db_get_rows($table, $identifier, $value)[0][$cell]; $results = db_get_rows($table, $identifier, $value);
if (count($results) > 0) {
return $results[0][$cell];
} else {
return false;
}
} }
// !!! // !!!
@ -143,7 +152,7 @@ function db_set_cell($table, $identifier, $value, $cell, $new_value) {
return db_cmd("update " . $table return db_cmd("update " . $table
. " set " . $cell . " = " . $new_value . " set " . $cell . " = " . $new_value
. " where " . $identifier . " = " . $value) . ";"; . " where " . $identifier . " = " . $value . ";");
} }
// ------------------------------------- // -------------------------------------

View File

@ -11,6 +11,7 @@
// PATH --> PATH // PATH --> PATH
// Take a path from root and turn it into a relative path. // Take a path from root and turn it into a relative path.
error_reporting(0);
function root($path) { function root($path) {
return $GLOBALS['depth'] . $path; return $GLOBALS['depth'] . $path;
} }
@ -30,12 +31,24 @@ include(root("res/lib/db.php"));
include(root("res/lib/url.php")); include(root("res/lib/url.php"));
include(root("res/lib/post.php")); include(root("res/lib/post.php"));
include(root("res/lib/blagoblag.php")); include(root("res/lib/blagoblag.php"));
include(root("res/lib/token.php"));
$loader= new Twig_Loader_Filesystem(root("res/themes/default/html")); $loader= new Twig_Loader_Filesystem(root("res/themes/default/html"));
$twig = new Twig_Environment($loader, ['cache' => $twig = new Twig_Environment($loader, ['cache' =>
root('cache/'), 'autoescape' => false]); root('cache/'), 'autoescape' => false]);
// -------------------------------------
// authentication
global $logged_id;
global $logged_in; $logged_in = false;
$test_id = user_logged_in();
$logged_id = $test_id ?? 0;
if ($logged_id != 0) {
$logged_in = true;
}
// ------------------------------------- // -------------------------------------
// global variable declaration // global variable declaration
@ -67,6 +80,12 @@ $twig_exports = array('theme' => $GLOBALS['theme'],
'user' => $GLOBALS['user'], 'user' => $GLOBALS['user'],
'posts' => $GLOBALS['posts'], 'posts' => $GLOBALS['posts'],
'post' => $GLOBALS['post'], 'post' => $GLOBALS['post'],
'instance_title' => $GLOBALS['instance_title']); 'user_prefix_id' => $GLOBALS['user_prefix_id'],
'user_prefix_name' => $GLOBALS['user_prefix_name'],
'post_prefix_id' => $GLOBALS['post_prefix_id'],
'post_prefix_name' => $GLOBALS['post_prefix_name'],
'instance_title' => $GLOBALS['instance_title'],
'logged_id' => $GLOBALS['logged_id'],
'logged_in' => $GLOBALS['logged_in']);
?> ?>

View File

@ -12,9 +12,9 @@
// NUMBER STRING ARRAY [STRING] --> NIL // NUMBER STRING ARRAY [STRING] --> NIL
// Make sure a user is both authenticated *and* permitted to do a given task, // Make sure a user is both authenticated *and* permitted to do a given task,
// aka in the right login-class. // aka in the right login-class.
function auth_enforce($id, $password, $permitted, $message="do that") { function auth_enforce($id, $permitted, $message="do that") {
if (!user_valid_password($id, $password)) { if (!user_logged_in()) {
input_error("Sorry, your user-name or password is wrong."); input_error("Sorry, you're not logged in!");
} }
$class = user_class($id); $class = user_class($id);
@ -22,6 +22,7 @@ function auth_enforce($id, $password, $permitted, $message="do that") {
perm_error("Mate, only a " . comma_sep($permitted, " or ") perm_error("Mate, only a " . comma_sep($permitted, " or ")
. " can " . $message . "-- you hecking " . " can " . $message . "-- you hecking "
. $class . "!"); . $class . "!");
return false;
} }
} }

View File

@ -25,4 +25,11 @@ function string_wrap($value) {
function strings_wrap($array) { function strings_wrap($array) {
return array_map("string_wrap", $array); return array_map("string_wrap", $array);
} }
// STRING NUMBER --> STRING
// Return the nth word of a given string (space-seperated)
function word_nth($string, $number) {
return explode(" ", $string)[$number];
}
?> ?>

91
res/lib/token.php Normal file
View File

@ -0,0 +1,91 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
function user_token_generate($id) {
return crypt($id . rand(0, 5000000));
}
// NUMBER --> NUMBER
// Generate a new login-token and associate it with the user's account.
// Returns the token number.
function user_token_set($id, $token) {
setcookie("token", $token, time() + 60*60*24*30, "/");
setcookie("id", $id, time() + 60*60*24*30, "/");
echo "token" . $token;
db_set_cell("lusers", "id", $id, "token", $token);
return $token;
}
// NUMBER NUMBER --> BOOLEAN
// Return whether or not a token is valid for a certain user account
function user_token_validate($id, $token) {
$valid_token = db_get_cell("lusers", "id", $id, "token");
if (html_entity_decode($token) == $valid_token) {
return true;
} else {
return false;
}
}
// -------------------------------------
// NUMBER --> NIL
// Log a user in
function user_log_in($id) {
$token = user_token_generate($id);
user_token_set($id, $token);
return true;
}
// NUMBER --> NIL
// Log out a user, by burning the DB-token, and eating the log-in cookies
function user_log_out($id) {
user_token_set($id, "escapee");
setcookie("token", "escapee", time(), "/");
setcookie("id", "death, the destroyer", time(), "/");
return true;
}
// -------------------------------------
// NIL --> NUMBER/BOOLEAN
// Return whether or not a user is logged in-- if yes, return user ID
function user_logged_in() {
$id = $_COOKIE['id'] ?? 1;
$token = $_COOKIE['token'] ?? 1;
if (user_token_validate($id, $token)) {
return $id;
} else {
return false;
}
}
// -------------------------------------
// NUMBER STRING --> BOOLEAN
// Return whether or not a given password is valid.
function user_valid_password($id, $password) {
if (password_verify($password, user_get($id, "hash"))) {
return true;
} else {
return false;
}
}
?>

View File

@ -131,64 +131,13 @@ function user_posts($id) {
// Return an array filled with all of a user's relevant data. // Return an array filled with all of a user's relevant data.
function user_data($id) { function user_data($id) {
return array('full_name' => user_full_name($id), return array('full_name' => user_full_name($id),
'first_name' => word_nth(user_full_name($id), 0),
'name' => user_name($id), 'name' => user_name($id),
'bio' => user_biography($id), 'bio' => user_biography($id),
'class' => user_class($id),
'email' => user_email($id), 'email' => user_email($id),
'website' => user_website($id), 'website' => user_website($id),
'posts' => user_posts($id)); 'posts' => user_posts($id));
} }
// -------------------------------------
// NUMBER --> NUMBER
// Generate a new login-token and associate it with the user's account.
// Returns the token number.
function user_token_create($id) {
$token = rand(0, 5000000);
db_set_cell("lusers", "id", $id, "token", rand(0, 5000000));
return $token;
}
// NUMBER NUMBER --> BOOLEAN
// Return whether or not a token is valid for a certain user account
function user_token_validate($id, $token) {
$valid_token = db_get_cell("lusers", "id", $id, "token");
if ($token == $valid_token) {
return true;
} else {
return false;
}
}
// -------------------------------------
// NUMBER --> NIL
// Log a user in-- create a token, then make a cookie with said token.
function user_log_in($id) {
$token = user_token_create($id);
setcookie("token", $token, 2628000);
setcookie("id", $id, 2628000);
}
function logged() {
if (user_token_validate($id, $_COOKIE['token'])) {
return $id;
} else {
return "no";
}
}
// -------------------------------------
// NUMBER STRING --> BOOLEAN
// Return whether or not a given password is valid.
function user_valid_password($id, $password) {
return password_verify($password, user_get($id, "hash"));
}
?> ?>

View File

@ -1,35 +1,91 @@
/* The color-combo we're using:
* https://www.colorcombos.com/color-schemes/116/ColorCombo116.html */
body { body {
background-color: #CECFCE; background-color: #FFFFFF;
font-family: sans-serif; font-family: sans-serif;
font-size: 17px; font-size: 17px;
color: #073642; color: #073642;
width: 100%; width: 100%;
} }
p {
max-width: 700px;
padding-left: 10%;
}
form {
background-color: #EFEFEF;
margin: 10px;
border-radius: 5px;
max-width: 900px;
padding: 10px;
}
form label {
width: 100px;
display: inline-block;
font-weight: bold;
align: left;
}
.button {
background-color: #993232;
color: #FFFFFF;
padding: 10px;
border-radius: 5px;
}
.button a {
color: inherit;
text-decoration: none;
}
.button:hover {
background-color: #AFB170;
}
/* -------------------------------------
* navbar
* -----------------------------------*/
nav { nav {
background-color: #84596B; background-color: #993232;
color: #FFFFFF;
width: 100%; width: 100%;
margin: 0; margin: 0;
padding: 0; padding: 0;
} }
nav ul { nav ul {
background-color: #84596B; background-color: inherit;
color: inherit;
overflow: hidden; overflow: hidden;
color: #FFFFFF;
} }
nav li { nav li {
background-color: inherit;
color: inherit;
display: block; display: block;
margin-left: 20px; margin-left: 20px;
margin-right: 20px; margin-right: 20px;
background-color: #84596B;
float: left; float: left;
padding: 10px; padding: 10px;
} }
nav li a {
background-color: inherit;
color: inherit;
text-decoration: none;
color: #FFFFFF;
}
nav li:hover {
background-color: #AFB170;
}
.right {
float: right;
}
#star { #star {
margin-left: 1px; margin-left: 1px;
margin-right: 1px; margin-right: 1px;
@ -43,32 +99,38 @@ nav li {
background-color: inherit; background-color: inherit;
} }
nav li:hover {
background-color: #AFB170;
}
nav li a {
text-decoration: none;
color: #FFFFFF;
}
.right {
float: right;
}
p {
max-width: 700px;
padding-left: 10%;
}
.post_card { /* -------------------------------------
height: 200px; * meta_post_card_*
display: inline-block; * -----------------------------------*/
overflow: hidden;
max-width: 200px; .card {
border-style: solid; float: left;
max-width: 370px;
border-style: dotted;
border-width: 2px; border-width: 2px;
border-color: #B58AA5; border-color: #B58AA5;
border-radius: 5px; border-radius: 5px;
margin: 10px;
}
.card p {
padding-right: 30px;
padding-left: 30px;
padding-bottom: 30px;
}
.title {
text-align: center;
}
.date {
font-size: 17px;
text-align: center;
}
.author {
font-size: 15px;
text-align: center;
} }

View File

@ -0,0 +1,11 @@
article {
max-width: 900px;
border-width: 2px;
border-style: dotted;
border-color: #B58AA5;
border-radius: 5px;
}
.title .author .date {
text-align: center;
}

View File

@ -1 +0,0 @@
/* This is the CSS file for the post page *only* */

View File

@ -0,0 +1,15 @@
.user_info {
max-width: 900px;
border-width: 2px;
border-style: dotted;
border-color: #B58AA5;
border-radius: 5px;
}
.text {
margin: 20px;
}
.title .author .date {
text-align: center;
}

View File

@ -28,7 +28,6 @@
<hr /> <hr />
<p><label>Login Group</label> <p><label>Login Group</label>
<select name="login"> <select name="login">
<option value="contributor">Contributor</option> <option value="contributor">Contributor</option>
@ -71,3 +70,11 @@
<p><input type="submit" /></p> <p><input type="submit" /></p>
</form> </form>
</section> </section>
<section>
<form action="private/post_delete.php" method="post">
<label>Post ID</label> <input type="number" name="id" />
<input type="submit" />
</form>
</section>

View File

@ -2,6 +2,8 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" <link rel="stylesheet" type="text/css"
href="{{ depth }}res/themes/{{ theme }}/css/global.css"> href="{{ depth }}res/themes/{{ theme }}/css/global.css">
<link rel="stylesheet" type="text/css" <link rel="stylesheet" type="text/css"

View File

@ -1,5 +1,5 @@
{% for post_id in posts %} {% for post_id in posts %}
{% set post_id = post_id %} {% set post_id = post_id %}
{{ include('meta_post_card.twig.html') }} {{ include('meta_post_card_big.twig.html') }}
{% endfor %} {% endfor %}

View File

@ -1,15 +1,15 @@
<ul class="post_card"> <article class="card">
<li> <h2 class="title">
<a href="{{ depth }}p/index.php?id={{ post_id }}"> <a href="{{ depth }}p/index.php?id={{ post_id }}">
{{ post[post_id]['title'] }} {{ post[post_id]['title'] }}
</a> </a>
</li> </h2>
{% set author = post[post_id]['author'] %} {% set author = post[post_id]['author'] %}
<li> <h3 class="date">{{ post[post_id]['date'] }}</h3>
<h4 class="author">
<a href="{{ depth }}u/index.php?id={{ author }}"> <a href="{{ depth }}u/index.php?id={{ author }}">
{{ user[author]['full_name'] }} {{ user[author]['full_name'] }}
</a> </a>
</li> </h4>
<li>{{ post[post_id]['date'] }}</li> <p>{{ post[post_id]['text'] }}</p>
<li><p>{{ post[post_id]['desc'] }}</p></li> </article>
</ul>

View File

@ -0,0 +1,2 @@
{{ include('meta_post_card_header.twig.html') }}
{{ include('meta_post_card_big_body.twig.html') }}

View File

@ -0,0 +1,2 @@
<p>{{ post[post_id]['text'] }}</p>
</article>

View File

@ -0,0 +1,13 @@
<article class="card">
<h2 class="title">
<a href="{{ depth }}p/index.php?id={{ post_id }}">
{{ post[post_id]['title'] }}
</a>
</h2>
{% set author = post[post_id]['author'] %}
<h3 class="date">{{ post[post_id]['date'] }}</h3>
<h4 class="author">
<a href="{{ depth }}u/index.php?id={{ author }}">
{{ user[author]['full_name'] }}
</a>
</h4>

View File

@ -0,0 +1,2 @@
{{ include('meta_post_card_header.twig.html') }}
{{ include('meta_post_card_mini_body.twig.html') }}

View File

@ -0,0 +1,2 @@
<p>{{ post[post_id]['desc'] }}</p>
</article>

View File

@ -0,0 +1,8 @@
<article class="card">
<h2 class="title">
<a href="{{ depth }}u/?id={{ user_id }}">
{{ user[user_id]['full_name'] }}
</a>
</h2>
<p>{{ user[user_id]['bio'] }}</p>
</article>

View File

@ -10,8 +10,22 @@
<li id="nav_users"> <li id="nav_users">
<a href="{{ depth }}u/list/">Users</a> <a href="{{ depth }}u/list/">Users</a>
</li> </li>
{% if logged_in %}
<li class="right" id="nav_logout">
<a href="{{ depth }}u/out/">Logout</a>
</li>
<li class="right" id="nav_user">
<a href="{{ depth }}{{ user_prefix_id}}{{ logged_id }}">
{{ user[logged_id]['first_name'] }}
</a>
</li>
{% else %}
<li class="right" id="nav_login">
<a href="{{ depth }}u/old/">Login</a>
</li>
<li class="right" id="nav_register"> <li class="right" id="nav_register">
<a href="{{ depth }}u/new/">Register</a> <a href="{{ depth }}u/new/">Register</a>
</li> </li>
{% endif %}
</ul> </ul>
</nav> </nav>

View File

@ -1,9 +1,23 @@
<h1>{{ post_title }}</h1> <article>
<h2>By <h1 class="title">{{ post_title }}</h1>
<a href="{{ depth }}u/index.php?name={{ user[post_author]['name'] }}"> <h2 class="author">By
<a href="{{ depth }}{{ user_prefix_name}}{{ user[post_author]['name'] }}">
{{ user[post_author]['full_name'] }} {{ user[post_author]['full_name'] }}
</a> </a>
</h2> </h2>
<h3>{{ post_date }}</h3> <h3 class="date">{{ post_date }} - {{ post_id }}</h3>
<p>{{ post_text }}</p>
{% set logged_class = user[logged_id]['class'] %}
{% if (post_author == logged_id) or (logged_class == "archmage")
or (logged_class == "wizard") %}
<p>
<a class="button" href="edit/?id={{ post_id }}">Edit post</a>
<a class="button" href="oust/?id={{ post_id }}">Delete post</a>
</p>
{% endif %}
<!-- ====================================================================== -->
<div class="text">{{ post_text }}</div>
</article>

View File

@ -1,19 +1,9 @@
<table> {% if logged_in == true %}
{% for id in posts %} <p><a class="button" href="new">New post</a></p>
<tr> {% endif %}
<td>
<a href="{{ depth }}p/index.php?id={{ id }}"> {% for post_id in posts %}
{{ post[id]['title'] }} {% set post_id = post_id %}
</a> {{ include('meta_post_card_mini.twig.html') }}
</td>
<td>
<a href="{{ depth }}u/?id={{ post[id]['author'] }}">
{{ user[post[id]['author']]['full_name'] }}
</a>
</td>
<td>
{{ post[id]['date'] }}
</td>
</tr>
{% endfor %} {% endfor %}
</table>

View File

@ -1,17 +1,5 @@
<section id="creation"> <section id="creation">
<form id="post_creation" action="private/post_create.php" method="post"> <form id="post_creation" action="private/post_create.php" method="post">
<section class="authentication">
<p><label>Username</label>
<input name="auth_user" type="text" />
</p>
<p><label>Password</label>
<input name="auth_pass" type="password">
</p>
</section>
<hr />
<section class="post_metadata"> <section class="post_metadata">
<p><label>Title</label><input name="title" type="text" /></p> <p><label>Title</label><input name="title" type="text" /></p>
<p><label>Desc</label><input name="desc" type="text" /></p> <p><label>Desc</label><input name="desc" type="text" /></p>
@ -23,6 +11,8 @@
<textarea name="text" rows="20" cols="80"></textarea> <textarea name="text" rows="20" cols="80"></textarea>
</section> </section>
<p><input type="submit" /></p> <hr />
<p><input class="button" type="submit" /></p>
</form> </form>
</section> </section>

View File

@ -0,0 +1,49 @@
<form id="user_redaction" action="private/user_edit.php?id={{ user_id }}"
method="post">
<p><label>Full Name</label><input name="full_name" type="text"
value="{{ user_full_name }}" /> </p>
<p><label>E-mail</label><input name="email" type="email"
value="{{ user_email }}" /></p>
<p><label>Website</label><input name="url" type="url"
value="{{ user_website }}" /></p>
<p><label>Biography</label>
<textarea cols=80 rows=5 name="bio">{{ user_bio }}</textarea>
</p>
<hr />
{% if user[logged_id]['class'] == "archmage" %}
<p><label>Login Group</label>
<select name="login">
<option value="{{ user[user_id]['class'] }}">
Current</option>
<option value="contributor">Contributor</option>
<option value="spectator">Spectator</option>
<option value="wizard">Wizard</option>
<option value="archmage">Archmage</option>
</select>
</p>
{% endif %}
<p><input class="button" type="submit" /></p>
</form>
{% if user_id == logged_id %}
<form id="user_new_password" action="private/new_password.php" method="post">
<p><label>Old Password</label>
<input name="password" type="password" /></p>
<hr />
<p><label>New Password</label>
<input name="new_password" type="password" /></p>
<p><label>Repeat Password</label>
<input name="new_password_repeat" type="password" /></p>
<hr />
<p><input class="button" type="submit" /></p>
</form>
{% endif %}

View File

@ -1,11 +1,21 @@
<h1>{{ user_full_name }}</h1> <article class="user_info">
<h3>{{ user_website }} &lt;{{ user_email }}&gt;</h3> <h1 class="title">{{ user_full_name }}</h1>
<h3>({{ user_name }})</h3> <h3 class="author">{{ user_website }} &lt;{{ user_email }}&gt;</h3>
<p>{{ user_bio }}</p> <h3 class="date">({{ user_name }})</h3>
<div class="text">{{ user_bio }}</div>
</article>
<p>
{% if (logged_id == user_id) or (user[logged_id]['class'] == "archmage")
or (user[logged_id]['class'] == "wizard") %}
<a class="button" href="edit/?id={{ user_id }}">Edit profile</a>
<a class="button" href="delete">Delete user</a>
{% endif %}
</p>
{% for post_id in user_posts %} {% for post_id in user_posts %}
{% set post_id = post_id %} {% set post_id = post_id %}
{{ include ('meta_post_card.twig.html') }} {{ include ('meta_post_card_mini.twig.html') }}
{% endfor %} {% endfor %}
</ul> </ul>

View File

@ -1,7 +1,3 @@
<ul id="user_list">
{% for user_id in users %} {% for user_id in users %}
<a href="{{ depth }}u/index.php?id={{ user_id }}"> {{ include('meta_user_card.twig.html') }}
<li class="user_name">{{ user[user_id]['full_name'] }}</li>
</a>
{% endfor %} {% endfor %}
</ul>

View File

@ -1,15 +1,24 @@
<form id="user_creation" action="private/user_create.php" method="post"> <form id="user_creation" action="private/user_create.php" method="post">
<p><label>Username</label><input name="name" type="text" /></p> <p><label>Username</label> <input name="username" type="text" /></p>
<p><label>Password</label> <input name="password" type="password" /></p> <p><label>Password</label> <input name="password" type="password" /></p>
<p><label>Repeat Password</label>
<input name="password_repeat" type="password" /></p>
<hr /> <hr />
<p><label>Full Name</label><input name="full_name" type="text" /></p> <p><label>Full Name</label><input name="full_name" type="text" /></p>
<p><label>Biography</label><input name="bio" type="text" /> </p> <p><label>E-mail</label>
<p><label>E-mail</label><input name="email" type="email" /></p> <input name="email" type="email"
<p><label>Website</label><input name="url" type="url" /></p> placeholder="user@domain.tld" /></p>
<p><label>Website</label>
<input name="url" type="url"
placeholder="https://domain.tld" /></p>
<p><label>Biography</label>
<textarea cols=80 rows=5 name="bio"
placeholder="Say something about yourself!"></textarea>
</p>
<hr /> <hr />
<p><input type="submit" /></p> <p><input class="button" type="submit" /></p>
</form> </form>

45
u/edit/index.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
$title = "Control Panel";
$depth = "../../";
$mark = "u_edit_index";
include $depth . "res/lib/load.php";
// -------------------------------------
$cur_id = user_logged_in();
$edit_id = $_GET['id'] ?? $cur_id;
// -------------------------------------
$local_exports = array('user_id' => $edit_id,
'user_full_name' => unscrub(user_full_name($edit_id)),
'user_name' => user_name($edit_id),
'user_bio' => unscrub(user_biography($edit_id)),
'user_email' => user_email($edit_id),
'user_website' => user_website($edit_id));
// --------------------------------------
switch (1) {
case (user_logged_in() == false):
general_error("You're not even logged in, fool! >;c");
break;
case ($cur_id != $edit_id):
auth_enforce($cur_id, array("wizard", "archmage"), "edit other
people's accounts");
break;
}
display_page($mark, $depth, $title, $local_exports);
?>

View File

@ -0,0 +1,42 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
$depth = "../../../";
include $depth . "res/lib/load.php";
$id = user_logged_in();
$old_password = $_POST['password'];
$password = $_POST['new_password'];
$password_repeat = $_POST['new_password_repeat'];
// -------------------------------------
input_enforce(array($password),
array("Password"),
array("string"));
if ($password != $password_repeat) {
general_error("Your passwords don't match.");
}
if (!user_valid_password($id, $old_password)) {
general_error("Your old password was wrong.");
}
// -------------------------------------
$password = password_hash($password, PASSWORD_BCRYPT, array('cost' => 11));
user_set($id, "hash", $password);
root_redirect("");
?>

View File

@ -0,0 +1,54 @@
<?php
/* This file is free software: you can redistribute it and/or modify
it under the terms of version 3 of the GNU Affero General Public
License as published by the Free Software Foundation.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. */
$depth = "../../../";
include $depth . "res/lib/load.php";
$cur_id = user_logged_in();
$edit_id = $_GET['id'] ?? user_logged_in();
$full = scrub($_POST['full_name']);
$bio = scrub($_POST['bio']);
$email = scrub($_POST['email']);
$url = scrub($_POST['url']);
$class = scrub($_POST['login']) ?? false;
// -------------------------------------
input_enforce(array($full, $bio, $email, $url),
array("Full name", "Biography", "E-mail", "URL"),
array("string", "string", "email", "url"));
// -------------------------------------
switch (1) {
case (user_logged_in() == false):
general_error("Guests can't edit accounts, nerd!");
break;
case ($cur_id != $edit_id):
auth_enforce($cur_id, array("wizard", "archmage"), "edit other
people's accounts");
continue;
}
if ($class != false) {
$auth = auth_enforce($cur_id, array("archmage"),
"edit other people's classes");
if ($auth != false) {
$user_set($edit_id, "class", $class);
}
}
user_set($edit_id, "full_name", $full);
user_set($edit_id, "biography", $bio);
user_set($edit_id, "email", $email);
user_set($edit_id, "website", $url);
?>

View File

@ -47,7 +47,7 @@ array_map($push_post_data, $user_posts);
$local_exports = array('user_id' => $id, $local_exports = array('user_id' => $id,
'user_full_name' => unscrub(user_full_name($id)), 'user_full_name' => unscrub(user_full_name($id)),
'user_name' => $name, 'user_name' => $name,
'usr_bio' => unscrub(user_biography($id)), 'user_bio' => unscrub(user_biography($id)),
'user_email' => user_email($id), 'user_email' => user_email($id),
'user_website' => user_website($id), 'user_website' => user_website($id),
'user_posts' => $user_posts, 'user_posts' => $user_posts,

View File

@ -15,10 +15,17 @@ include "../../res/lib/load.php";
// -------------------------------------- // --------------------------------------
if ($GLOBALS['registration'] == true) { switch (1) {
case (user_logged_in() != false):
general_error("You can't make an account… while using another
account. LOL");
break;
case ($GLOBALS['registration'] == true):
display_page($mark, $depth, $title); display_page($mark, $depth, $title);
} else { break;
default:
general_error("Sorry, registration's disabled on this server!"); general_error("Sorry, registration's disabled on this server!");
break;
} }
?> ?>

View File

@ -20,10 +20,6 @@ $pass = scrub($_POST['password']);
// ------------------------------------- // -------------------------------------
if ($GLOBALS['registration'] != true) {
general_error("Sorry, registration's disabled on this server!");
}
input_enforce(array($name, $full, $bio, $email, $url, $pass), input_enforce(array($name, $full, $bio, $email, $url, $pass),
array("Username", "Full name", "Biography", "E-mail", array("Username", "Full name", "Biography", "E-mail",
"URL", "Password"), "URL", "Password"),
@ -32,8 +28,19 @@ input_enforce(array($name, $full, $bio, $email, $url, $pass),
// ------------------------------------- // -------------------------------------
user_create($name, $pass, "contributor", $full, $email, $url, $bio); switch (1) {
case (user_logged_in() != false):
general_error("You can't make an account… while logged in to
another account. LOL");
break;
case ($GLOBALS['registration'] != true):
general_error("Sorry, registration's disabled on this server!");
break;
default:
user_create($name, $pass, "contributor", $full, $email, $url,
$bio);
root_redirect("u/index.php?name=" . $name); root_redirect("u/index.php?name=" . $name);
break;
}
?> ?>

View File

@ -15,6 +15,14 @@ include "../../res/lib/load.php";
// -------------------------------------- // --------------------------------------
switch (1) {
case (user_logged_in() != false):
general_error("You've already done that, you know. Log in, I
mean. You OK there, friend?");
break;
default:
display_page($mark, $depth, $title); display_page($mark, $depth, $title);
}
?> ?>

View File

@ -11,21 +11,32 @@
$depth = "../../../"; $depth = "../../../";
include "../../../res/lib/load.php"; include "../../../res/lib/load.php";
$user = scrub($_POST['name']); $user = $_POST['name'];
$pass = scrub($_POST['password']); $pass = $_POST['password'];
// ------------------------------------- // -------------------------------------
$user_id = user_name_to_id($user);
input_enforce(array($user, $pass), input_enforce(array($user, $pass),
array("Username", "Password"), array("Username", "Password"),
array("user_name", "string")); array("user_name", "string"));
// ------------------------------------- // -------------------------------------
if (user_valid_password(user_name_to_id($user), $pass)) { switch (1) {
user_log_in(user_name_to_id($user)); case (user_logged_in() != false):
general_error("You've already done that, you know. Log in, I
mean. You OK there, friend?");
break;
default:
if (user_valid_password($user_id, $pass)) {
user_log_in($user_id);
root_redirect($GLOBALS['user_prefix_id'] . $user_id);
} else {
general_error("Sorry, it looks like you have the
wrong username or password!");
}
break;
} }
root_redirect("u/index.php?name=" . $user);
?> ?>