You've already forked OpenShorte.old
Refactored database, refactored config file, corrected login redirection
Moved database function in class "Database"; Corrected database-using webpages accordingly; Moved config file from PHP to JSON with more config variables; Corrected login page redirection on wrong username or password.
This commit is contained in:
Bryan Pedini
37
lib/css/login.css
Normal file
37
lib/css/login.css
Normal file
@@ -0,0 +1,37 @@
|
||||
body {
|
||||
overflow-x: hidden;
|
||||
}
|
||||
.login-container{
|
||||
margin-top: 5%;
|
||||
margin-bottom: 5%;
|
||||
margin-left: 30%;
|
||||
}
|
||||
.login-form-1{
|
||||
padding: 5%;
|
||||
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
|
||||
}
|
||||
.login-form-1 h3{
|
||||
text-align: center;
|
||||
color: #333;
|
||||
}
|
||||
.login-container form{
|
||||
padding: 10%;
|
||||
}
|
||||
.btnSubmit
|
||||
{
|
||||
width: 50%;
|
||||
border-radius: 1rem;
|
||||
padding: 1.5%;
|
||||
border: none;
|
||||
cursor: pointer;
|
||||
}
|
||||
.login-form-1 .btnSubmit{
|
||||
font-weight: 600;
|
||||
color: #fff;
|
||||
background-color: #0062cc;
|
||||
}
|
||||
.login-form-1 .ForgetPwd{
|
||||
color: #0062cc;
|
||||
font-weight: 600;
|
||||
text-decoration: none;
|
||||
}
|
||||
44
lib/php/classes/Database.php
Normal file
44
lib/php/classes/Database.php
Normal file
@@ -0,0 +1,44 @@
|
||||
<?php
|
||||
class database {
|
||||
private $config;
|
||||
private $connection;
|
||||
private $statement;
|
||||
|
||||
public function __construct ( $config ) {
|
||||
if ( $config ) {
|
||||
$this->config = $config;
|
||||
}
|
||||
else {
|
||||
die ( "You can't initialize a database connection without proper configuration." );
|
||||
}
|
||||
}
|
||||
|
||||
public function connect ( ) : void {
|
||||
$this->connection = new MySQLi ( $this->config [ 'host' ], $this->config [ 'username' ], $this->config [ 'password' ], $this->config [ 'name' ], $this->config [ 'port' ] );
|
||||
if ( $this->connection->connect_errno ) {
|
||||
die ( "Database connection failed." );
|
||||
}
|
||||
}
|
||||
|
||||
public function prepare ( string $query ) : void {
|
||||
if ( ! ( $this->statement = $this->connection->prepare ( $query ) ) ) {
|
||||
die ( "Prepare failed: (" . $this->connection->errno . ") " . $this->connection->error );
|
||||
}
|
||||
}
|
||||
|
||||
public function bind ( array $params ) : void {
|
||||
if ( ! call_user_func_array ( array ( $this->statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
|
||||
die ( "Binding parameters failed: (" . $this->statement->errno . ") " . $this->statement->error );
|
||||
}
|
||||
}
|
||||
|
||||
public function execute ( ) : void {
|
||||
if ( ! $this->statement->execute ( ) ) {
|
||||
die ( "Execute failed: (" . $this->statement->errno . ") " . $this->statement->error );
|
||||
}
|
||||
}
|
||||
|
||||
public function get_result ( ) : MySQLi_result {
|
||||
return $this->statement->get_result ( );
|
||||
}
|
||||
}
|
||||
@@ -5,15 +5,16 @@
|
||||
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
|
||||
}
|
||||
$link_id = (int) $link_id;
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" );
|
||||
$database = new Database ( $config [ 'db' ] );
|
||||
$database->connect ( );
|
||||
$database->prepare ( "SELECT links.URL FROM links WHERE links.ID = ?" );
|
||||
$parameters = [
|
||||
[ "i" ],
|
||||
[ &$link_id ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$database->bind ( $parameters );
|
||||
$database->execute ( );
|
||||
$result = $database->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
http_response_code ( 404 );
|
||||
|
||||
@@ -4,17 +4,18 @@
|
||||
}
|
||||
if ( isset ( $_POST [ 'url' ] ) ) {
|
||||
$url = $_POST [ 'url' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
|
||||
$database = new Database ( $config [ 'db' ] );
|
||||
$database->connect ( );
|
||||
$database->prepare ( "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
|
||||
$parameters = [
|
||||
[ "s" ],
|
||||
[ &$url ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;");
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$database->bind ( $parameters );
|
||||
$database->execute ( );
|
||||
$database->prepare ( "SELECT COUNT( links.ID ) as `count` FROM links;");
|
||||
$database->execute ( );
|
||||
$result = $database->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
header ( 'Content-Type: application/json' );
|
||||
$response = [
|
||||
@@ -25,10 +26,11 @@
|
||||
echo ( json_encode ( $response ) );
|
||||
}
|
||||
else {
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$database = new Database ( $config [ 'db' ] );
|
||||
$database->connect ( );
|
||||
$database->prepare ( "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
|
||||
$database->execute ( );
|
||||
$result = $database->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
|
||||
@@ -4,21 +4,22 @@
|
||||
exit;
|
||||
}
|
||||
if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) {
|
||||
include ( 'lib/php/forgotpassword.php' );
|
||||
include ( $config [ 'installation_path ' ] . '/lib/php/forgotpassword.php' );
|
||||
exit;
|
||||
}
|
||||
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
|
||||
$username = $_POST [ 'username' ];
|
||||
$password = $_POST [ 'password' ];
|
||||
$db_connection = db_connect ( );
|
||||
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
|
||||
$database = new Database ( $config [ 'db' ] );
|
||||
$database->connect ( );
|
||||
$database->prepare ( "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
|
||||
$parameters = [
|
||||
[ "ss" ],
|
||||
[ &$username, &$password ],
|
||||
];
|
||||
db_bind ( $statement, $parameters );
|
||||
db_execute ( $statement );
|
||||
$result = $statement->get_result ( );
|
||||
$database->bind ( $parameters );
|
||||
$database->execute ( );
|
||||
$result = $database->get_result ( );
|
||||
$row = $result->fetch_assoc ( );
|
||||
if ( ! $row ) {
|
||||
header ( 'Content-Type: application/json' );
|
||||
@@ -27,6 +28,7 @@
|
||||
'error_message' => 'Username or password not correct.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
||||
@@ -36,6 +38,7 @@
|
||||
'message' => 'Authentication succesfully executed.',
|
||||
];
|
||||
echo ( json_encode ( $response ) );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else {
|
||||
@@ -44,46 +47,8 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>BJPHoster URL Shortener | Login</title>
|
||||
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
|
||||
<style>
|
||||
body {
|
||||
overflow-x: hidden;
|
||||
}
|
||||
.login-container{
|
||||
margin-top: 5%;
|
||||
margin-bottom: 5%;
|
||||
margin-left: 30%;
|
||||
}
|
||||
.login-form-1{
|
||||
padding: 5%;
|
||||
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
|
||||
}
|
||||
.login-form-1 h3{
|
||||
text-align: center;
|
||||
color: #333;
|
||||
}
|
||||
.login-container form{
|
||||
padding: 10%;
|
||||
}
|
||||
.btnSubmit
|
||||
{
|
||||
width: 50%;
|
||||
border-radius: 1rem;
|
||||
padding: 1.5%;
|
||||
border: none;
|
||||
cursor: pointer;
|
||||
}
|
||||
.login-form-1 .btnSubmit{
|
||||
font-weight: 600;
|
||||
color: #fff;
|
||||
background-color: #0062cc;
|
||||
}
|
||||
.login-form-1 .ForgetPwd{
|
||||
color: #0062cc;
|
||||
font-weight: 600;
|
||||
text-decoration: none;
|
||||
}
|
||||
</style>
|
||||
<link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/css/login.css" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
<div class="container login-container">
|
||||
@@ -98,7 +63,7 @@
|
||||
<input type="password" class="form-control" placeholder="Password" value="" id="form-password" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="submit" class="btnSubmit" value="Login" onclick="login()" />
|
||||
<input type="button" class="btnSubmit" value="Login" onclick="login()" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a>
|
||||
@@ -106,9 +71,8 @@
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<div id="responsetext"></div>
|
||||
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
|
||||
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
|
||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
|
||||
<script src="js/sha512.min.js"></script>
|
||||
<script src="js/login.js"></script>
|
||||
<script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>
|
||||
|
||||
Reference in New Issue
Block a user