From 4a6630bacb2237853f69a5be5082943d321b3e9c Mon Sep 17 00:00:00 2001
From: Bryan Pedini <bryanpedini@bryanpedini.it>
Date: Thu, 21 Mar 2019 12:07:23 +0100
Subject: [PATCH] Refactored database, refactored config file, corrected login
 redirection Moved database function in class "Database"; Corrected
 database-using webpages accordingly; Moved config file from PHP to JSON with
 more config variables; Corrected login page redirection on wrong username or
 password.

---
 config.json                  | 11 +++++++
 config.php                   | 11 -------
 functions.php                | 32 ++++--------------
 index.php                    |  1 +
 js/login.js                  | 12 +++++--
 lib/css/login.css            | 37 +++++++++++++++++++++
 lib/php/classes/Database.php | 44 +++++++++++++++++++++++++
 lib/php/go.php               | 11 ++++---
 lib/php/insert.php           | 24 +++++++-------
 lib/php/login.php            | 64 ++++++++----------------------------
 10 files changed, 143 insertions(+), 104 deletions(-)
 create mode 100644 config.json
 delete mode 100644 config.php
 create mode 100644 lib/css/login.css
 create mode 100644 lib/php/classes/Database.php

diff --git a/config.json b/config.json
new file mode 100644
index 0000000..0980c91
--- /dev/null
+++ b/config.json
@@ -0,0 +1,11 @@
+{
+    "installed": false,
+    "db": {
+        "host": "127.0.0.1",
+        "port": 3306,
+        "username": "",
+        "password": "",
+        "name": ""
+    },
+    "installation_path": ""
+}
\ No newline at end of file
diff --git a/config.php b/config.php
deleted file mode 100644
index b4dfadc..0000000
--- a/config.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-    $config = [
-        'db' => [
-            'host' => '127.0.0.1',
-            'port' => 3306,
-            'username' => 'database_user',
-            'password' => 'database_password',
-            'name' => 'my_database_name',
-        ],
-    ];
-?>
diff --git a/functions.php b/functions.php
index 417b44f..1e5aec7 100644
--- a/functions.php
+++ b/functions.php
@@ -1,29 +1,5 @@
 <?php
-    require_once ( 'config.php' );
-    function db_connect ( ) {
-        global $config;
-        $connection = new MySQLi ( $config [ 'db' ] [ 'host' ], $config [ 'db' ] [ 'username' ], $config [ 'db' ] [ 'password' ], $config [ 'db' ] [ 'name' ], $config [ 'db' ] [ 'port' ] );
-        if ( $connection->connect_errno ) {
-            die ( "Database connection failed." );
-        }
-        return $connection;
-    }
-    function db_prepare ( MySQLi $connection, string $query ) {
-        if ( ! ( $statement = $connection -> prepare ( $query ) ) ) {
-            die ( "Prepare failed: (" . $connection->errno . ") " . $connection->error );
-        }
-        return $statement;
-    }
-    function db_bind ( MySQLi_stmt $statement, array $params ) {
-        if ( ! call_user_func_array ( array ( $statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
-            die ( "Binding parameters failed: (" . $statement->errno . ") " . $statement->error );
-        }
-    }
-    function db_execute ( $statement ) {
-        if ( ! $statement->execute ( ) ) {
-            die ( "Execute failed: (" . $statement->errno . ") " . $statement->error );
-        }
-    }
+    require_once ( 'lib/php/classes/Database.php' );
     function split_uri_array ( string $php_self, string $request_uri ) : Array {
         $uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) );
         $arr = Array ( );
@@ -37,4 +13,10 @@
         $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1);
         return $arr;
     }
+    function load_config ( ) : array {
+        $config = file_get_contents ( 'config.json' );
+        $config = json_decode ( $config, true );
+        $config [ 'installation_path' ] = $_SERVER [ 'DOCUMENT_ROOT' ] . $config [ 'installation_path' ];
+        return $config;
+    }
 ?>
diff --git a/index.php b/index.php
index ca3bb6c..b9802a5 100644
--- a/index.php
+++ b/index.php
@@ -2,6 +2,7 @@
     session_start ( );
     require_once ( 'config.php' );
     require_once ( 'functions.php' );
+    $config = load_config ( );
     $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
     if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
         switch ( $request [ 0 ] ) {
diff --git a/js/login.js b/js/login.js
index 9dd686d..8555cd7 100644
--- a/js/login.js
+++ b/js/login.js
@@ -1,4 +1,4 @@
-function login() {
+function login ( ) {
     var username = document.getElementById ( "form-username" ).value;
     var password = document.getElementById ( "form-password" ).value;
     password = SHA512 ( password );
@@ -13,7 +13,7 @@ function login() {
                     window.location.href = script_name;
                 }
                 else {
-                    document.getElementById ( "responsetext" ).innerHTML = response [ 'error_message' ];
+                    console.log ( response [ 'error_message' ] );
                 }
             }
         else {
@@ -26,3 +26,11 @@ function login() {
     data.append('password', password);
     xhr.send( data );
 }
+
+$(function ( ) {
+    $( '.form-group input' ).keyup( function ( e ) {
+        if ( e.keyCode == 13 ) {
+            login();
+        }
+    });
+});
diff --git a/lib/css/login.css b/lib/css/login.css
new file mode 100644
index 0000000..9059f16
--- /dev/null
+++ b/lib/css/login.css
@@ -0,0 +1,37 @@
+body {
+    overflow-x: hidden;
+}
+.login-container{
+    margin-top: 5%;
+    margin-bottom: 5%;
+    margin-left: 30%;
+}
+.login-form-1{
+    padding: 5%;
+    box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
+}
+.login-form-1 h3{
+    text-align: center;
+    color: #333;
+}
+.login-container form{
+    padding: 10%;
+}
+.btnSubmit
+{
+    width: 50%;
+    border-radius: 1rem;
+    padding: 1.5%;
+    border: none;
+    cursor: pointer;
+}
+.login-form-1 .btnSubmit{
+    font-weight: 600;
+    color: #fff;
+    background-color: #0062cc;
+}
+.login-form-1 .ForgetPwd{
+    color: #0062cc;
+    font-weight: 600;
+    text-decoration: none;
+}
\ No newline at end of file
diff --git a/lib/php/classes/Database.php b/lib/php/classes/Database.php
new file mode 100644
index 0000000..92b841c
--- /dev/null
+++ b/lib/php/classes/Database.php
@@ -0,0 +1,44 @@
+<?php
+    class database {
+        private $config;
+        private $connection;
+        private $statement;
+
+        public function __construct ( $config ) {
+            if ( $config ) {
+                $this->config = $config;
+            }
+            else {
+                die ( "You can't initialize a database connection without proper configuration." );
+            }
+        }
+
+        public function connect ( ) : void {
+            $this->connection = new MySQLi ( $this->config [ 'host' ], $this->config [ 'username' ], $this->config [ 'password' ], $this->config [ 'name' ], $this->config [ 'port' ] );
+            if ( $this->connection->connect_errno ) {
+                die ( "Database connection failed." );
+            }
+        }
+
+        public function prepare ( string $query ) : void {
+            if ( ! ( $this->statement = $this->connection->prepare ( $query ) ) ) {
+                die ( "Prepare failed: (" . $this->connection->errno . ") " . $this->connection->error );
+            }
+        }
+
+        public function bind ( array $params ) : void {
+            if ( ! call_user_func_array ( array ( $this->statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
+                die ( "Binding parameters failed: (" . $this->statement->errno . ") " . $this->statement->error );
+            }
+        }
+
+        public function execute ( ) : void {
+            if ( ! $this->statement->execute ( ) ) {
+                die ( "Execute failed: (" . $this->statement->errno . ") " . $this->statement->error );
+            }
+        }
+
+        public function get_result ( ) : MySQLi_result {
+            return $this->statement->get_result ( );
+        }
+    }
\ No newline at end of file
diff --git a/lib/php/go.php b/lib/php/go.php
index 1d99b73..9bf4cec 100644
--- a/lib/php/go.php
+++ b/lib/php/go.php
@@ -5,15 +5,16 @@
             die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
         }
         $link_id = (int) $link_id;
-        $db_connection = db_connect ( );
-        $statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
+        $database = new Database ( $config [ 'db' ] );
+        $database->connect ( );
+        $database->prepare ( "SELECT links.URL FROM links WHERE links.ID = ?" );
         $parameters = [
             [ "i" ],
             [ &$link_id ],
         ];
-        db_bind ( $statement, $parameters );
-        db_execute ( $statement );
-        $result = $statement->get_result ( );
+        $database->bind ( $parameters );
+        $database->execute ( );
+        $result = $database->get_result ( );
         $row = $result->fetch_assoc ( );
         if ( ! $row ) {
             http_response_code ( 404 );
diff --git a/lib/php/insert.php b/lib/php/insert.php
index 83e6789..b9d8f49 100644
--- a/lib/php/insert.php
+++ b/lib/php/insert.php
@@ -4,17 +4,18 @@
     }
     if ( isset ( $_POST [ 'url' ] ) ) {
         $url = $_POST [ 'url' ];
-        $db_connection = db_connect ( );
-        $statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
+        $database = new Database ( $config [ 'db' ] );
+        $database->connect ( );
+        $database->prepare ( "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
         $parameters = [
             [ "s" ],
             [ &$url ],
         ];
-        db_bind ( $statement, $parameters );
-        db_execute ( $statement );
-        $statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
-        db_execute ( $statement );
-        $result = $statement->get_result ( );
+        $database->bind ( $parameters );
+        $database->execute ( );
+        $database->prepare ( "SELECT COUNT( links.ID ) as `count` FROM links;");
+        $database->execute ( );
+        $result = $database->get_result ( );
         $row = $result->fetch_assoc ( );
         header ( 'Content-Type: application/json' );
         $response = [
@@ -25,10 +26,11 @@
         echo ( json_encode ( $response ) );
     }
     else {
-        $db_connection = db_connect ( );
-        $statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
-        db_execute ( $statement );
-        $result = $statement->get_result ( );
+        $database = new Database ( $config [ 'db' ] );
+        $database->connect ( );
+        $database->prepare ( "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
+        $database->execute ( );
+        $result = $database->get_result ( );
         $row = $result->fetch_assoc ( );
 ?>
 <!DOCTYPE html>
diff --git a/lib/php/login.php b/lib/php/login.php
index e412a56..c90f700 100644
--- a/lib/php/login.php
+++ b/lib/php/login.php
@@ -4,21 +4,22 @@
         exit;
     }
     if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) {
-        include ( 'lib/php/forgotpassword.php' );
+        include ( $config [ 'installation_path ' ] . '/lib/php/forgotpassword.php' );
         exit;
     }
     if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
         $username = $_POST [ 'username' ];
         $password = $_POST [ 'password' ];
-        $db_connection = db_connect ( );
-        $statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
+        $database = new Database ( $config [ 'db' ] );
+        $database->connect ( );
+        $database->prepare ( "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
         $parameters = [
             [ "ss" ],
             [ &$username, &$password ],
         ];
-        db_bind ( $statement, $parameters );
-        db_execute ( $statement );
-        $result = $statement->get_result ( );
+        $database->bind ( $parameters );
+        $database->execute ( );
+        $result = $database->get_result ( );
         $row = $result->fetch_assoc ( );
         if ( ! $row ) {
             header ( 'Content-Type: application/json' );
@@ -27,6 +28,7 @@
                 'error_message' => 'Username or password not correct.',
             ];
             echo ( json_encode ( $response ) );
+            exit;
         }
         else {
             $_SESSION [ 'user_id' ] = $row [ 'id' ];
@@ -36,6 +38,7 @@
                 'message' => 'Authentication succesfully executed.',
             ];
             echo ( json_encode ( $response ) );
+            exit;
         }
     }
     else {
@@ -44,46 +47,8 @@
 <html>
     <head>
         <title>BJPHoster URL Shortener | Login</title>
-        <link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
-        <style>
-            body {
-                overflow-x: hidden;
-            }
-            .login-container{
-                margin-top: 5%;
-                margin-bottom: 5%;
-                margin-left: 30%;
-            }
-            .login-form-1{
-                padding: 5%;
-                box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
-            }
-            .login-form-1 h3{
-                text-align: center;
-                color: #333;
-            }
-            .login-container form{
-                padding: 10%;
-            }
-            .btnSubmit
-            {
-                width: 50%;
-                border-radius: 1rem;
-                padding: 1.5%;
-                border: none;
-                cursor: pointer;
-            }
-            .login-form-1 .btnSubmit{
-                font-weight: 600;
-                color: #fff;
-                background-color: #0062cc;
-            }
-            .login-form-1 .ForgetPwd{
-                color: #0062cc;
-                font-weight: 600;
-                text-decoration: none;
-            }
-        </style>
+        <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet">
+        <link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/css/login.css" rel="stylesheet">
     </head>
     <body>
     <div class="container login-container">
@@ -98,7 +63,7 @@
                         <input type="password" class="form-control" placeholder="Password" value="" id="form-password" />
                     </div>
                     <div class="form-group">
-                        <input type="submit" class="btnSubmit" value="Login" onclick="login()" />
+                        <input type="button" class="btnSubmit" value="Login" onclick="login()" />
                     </div>
                     <div class="form-group">
                         <a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a>
@@ -106,9 +71,8 @@
                 </form>
             </div>
         </div>
-        <div id="responsetext"></div>
-        <script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
-        <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
         <script src="js/sha512.min.js"></script>
         <script src="js/login.js"></script>
         <script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>