bryanpedini/OpenShorte.old
Archived
0
0
Fork 0
Code Releases Activity

Refactored database, refactored config file, corrected login redirection

Browse Source 
Moved database function in class "Database";
Corrected database-using webpages accordingly;
Moved config file from PHP to JSON with more config variables;
Corrected login page redirection on wrong username or password.
This commit is contained in:
Bryan Pedini 2019-03-21 12:07:23 +01:00
parent 4eaf1d0829
commit 4a6630bacb
No known key found for this signature in database
GPG Key ID: 688D440AE31B40C2
10 changed files with 143 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config.json Normal file
View File

@ -0,0 +1,11 @@
{
"installed": false,
"db": {
"host": "127.0.0.1",
"port": 3306,
"username": "",
"password": "",
"name": ""
},
"installation_path": ""
}

11
config.php
View File

@ -1,11 +0,0 @@
<?php
$config = [
'db' => [
'host' => '127.0.0.1',
'port' => 3306,
'username' => 'database_user',
'password' => 'database_password',
'name' => 'my_database_name',
],
];
?>

32
functions.php
View File

@ -1,29 +1,5 @@
<?php <?php
require_once ( 'config.php' ); require_once ( 'lib/php/classes/Database.php' );
function db_connect ( ) {
global $config;
$connection = new MySQLi ( $config [ 'db' ] [ 'host' ], $config [ 'db' ] [ 'username' ], $config [ 'db' ] [ 'password' ], $config [ 'db' ] [ 'name' ], $config [ 'db' ] [ 'port' ] );
if ( $connection->connect_errno ) {
die ( "Database connection failed." );
}
return $connection;
}
function db_prepare ( MySQLi $connection, string $query ) {
if ( ! ( $statement = $connection -> prepare ( $query ) ) ) {
die ( "Prepare failed: (" . $connection->errno . ") " . $connection->error );
}
return $statement;
}
function db_bind ( MySQLi_stmt $statement, array $params ) {
if ( ! call_user_func_array ( array ( $statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
die ( "Binding parameters failed: (" . $statement->errno . ") " . $statement->error );
}
}
function db_execute ( $statement ) {
if ( ! $statement->execute ( ) ) {
die ( "Execute failed: (" . $statement->errno . ") " . $statement->error );
}
}
function split_uri_array ( string $php_self, string $request_uri ) : Array { function split_uri_array ( string $php_self, string $request_uri ) : Array {
$uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) ); $uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) );
$arr = Array ( ); $arr = Array ( );
@ -37,4 +13,10 @@
$arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1); $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1);
return $arr; return $arr;
} }
function load_config ( ) : array {
$config = file_get_contents ( 'config.json' );
$config = json_decode ( $config, true );
$config [ 'installation_path' ] = $_SERVER [ 'DOCUMENT_ROOT' ] . $config [ 'installation_path' ];
return $config;
}
?> ?>

1
index.php
View File

@ -2,6 +2,7 @@
session_start ( ); session_start ( );
require_once ( 'config.php' ); require_once ( 'config.php' );
require_once ( 'functions.php' ); require_once ( 'functions.php' );
$config = load_config ( );
$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] ); $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) { if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
switch ( $request [ 0 ] ) { switch ( $request [ 0 ] ) {

12
js/login.js
View File

@ -1,4 +1,4 @@
function login() { function login ( ) {
var username = document.getElementById ( "form-username" ).value; var username = document.getElementById ( "form-username" ).value;
var password = document.getElementById ( "form-password" ).value; var password = document.getElementById ( "form-password" ).value;
password = SHA512 ( password ); password = SHA512 ( password );
@ -13,7 +13,7 @@ function login() {
window.location.href = script_name; window.location.href = script_name;
} }
else { else {
document.getElementById ( "responsetext" ).innerHTML = response [ 'error_message' ]; console.log ( response [ 'error_message' ] );
} }
} }
else { else {
@ -26,3 +26,11 @@ function login() {
data.append('password', password); data.append('password', password);
xhr.send( data ); xhr.send( data );
} }
$(function ( ) {
$( '.form-group input' ).keyup( function ( e ) {
if ( e.keyCode == 13 ) {
login();
}
});
});

37
lib/css/login.css Normal file
View File

@ -0,0 +1,37 @@
body {
overflow-x: hidden;
}
.login-container{
margin-top: 5%;
margin-bottom: 5%;
margin-left: 30%;
}
.login-form-1{
padding: 5%;
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
}
.login-form-1 h3{
text-align: center;
color: #333;
}
.login-container form{
padding: 10%;
}
.btnSubmit
{
width: 50%;
border-radius: 1rem;
padding: 1.5%;
border: none;
cursor: pointer;
}
.login-form-1 .btnSubmit{
font-weight: 600;
color: #fff;
background-color: #0062cc;
}
.login-form-1 .ForgetPwd{
color: #0062cc;
font-weight: 600;
text-decoration: none;
}

44
lib/php/classes/Database.php Normal file
View File

@ -0,0 +1,44 @@
<?php
class database {
private $config;
private $connection;
private $statement;
public function __construct ( $config ) {
if ( $config ) {
$this->config = $config;
}
else {
die ( "You can't initialize a database connection without proper configuration." );
}
}
public function connect ( ) : void {
$this->connection = new MySQLi ( $this->config [ 'host' ], $this->config [ 'username' ], $this->config [ 'password' ], $this->config [ 'name' ], $this->config [ 'port' ] );
if ( $this->connection->connect_errno ) {
die ( "Database connection failed." );
}
}
public function prepare ( string $query ) : void {
if ( ! ( $this->statement = $this->connection->prepare ( $query ) ) ) {
die ( "Prepare failed: (" . $this->connection->errno . ") " . $this->connection->error );
}
}
public function bind ( array $params ) : void {
if ( ! call_user_func_array ( array ( $this->statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
die ( "Binding parameters failed: (" . $this->statement->errno . ") " . $this->statement->error );
}
}
public function execute ( ) : void {
if ( ! $this->statement->execute ( ) ) {
die ( "Execute failed: (" . $this->statement->errno . ") " . $this->statement->error );
}
}
public function get_result ( ) : MySQLi_result {
return $this->statement->get_result ( );
}
}

11
lib/php/go.php
View File

@ -5,15 +5,16 @@
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" ); die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
} }
$link_id = (int) $link_id; $link_id = (int) $link_id;
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" ); $database->connect ( );
$database->prepare ( "SELECT links.URL FROM links WHERE links.ID = ?" );
$parameters = [ $parameters = [
[ "i" ], [ "i" ],
[ &$link_id ], [ &$link_id ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
if ( ! $row ) { if ( ! $row ) {
http_response_code ( 404 ); http_response_code ( 404 );

24
lib/php/insert.php
View File

@ -4,17 +4,18 @@
} }
if ( isset ( $_POST [ 'url' ] ) ) { if ( isset ( $_POST [ 'url' ] ) ) {
$url = $_POST [ 'url' ]; $url = $_POST [ 'url' ];
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" ); $database->connect ( );
$database->prepare ( "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
$parameters = [ $parameters = [
[ "s" ], [ "s" ],
[ &$url ], [ &$url ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;"); $database->prepare ( "SELECT COUNT( links.ID ) as `count` FROM links;");
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
header ( 'Content-Type: application/json' ); header ( 'Content-Type: application/json' );
$response = [ $response = [
@ -25,10 +26,11 @@
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
} }
else { else {
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] ); $database->connect ( );
db_execute ( $statement ); $database->prepare ( "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
$result = $statement->get_result ( ); $database->execute ( );
$result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
?> ?>
<!DOCTYPE html> <!DOCTYPE html>

64
lib/php/login.php
View File

@ -4,21 +4,22 @@
exit; exit;
} }
if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) { if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) {
include ( 'lib/php/forgotpassword.php' ); include ( $config [ 'installation_path ' ] . '/lib/php/forgotpassword.php' );
exit; exit;
} }
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) { if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
$username = $_POST [ 'username' ]; $username = $_POST [ 'username' ];
$password = $_POST [ 'password' ]; $password = $_POST [ 'password' ];
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" ); $database->connect ( );
$database->prepare ( "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
$parameters = [ $parameters = [
[ "ss" ], [ "ss" ],
[ &$username, &$password ], [ &$username, &$password ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
if ( ! $row ) { if ( ! $row ) {
header ( 'Content-Type: application/json' ); header ( 'Content-Type: application/json' );
@ -27,6 +28,7 @@
'error_message' => 'Username or password not correct.', 'error_message' => 'Username or password not correct.',
]; ];
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
exit;
} }
else { else {
$_SESSION [ 'user_id' ] = $row [ 'id' ]; $_SESSION [ 'user_id' ] = $row [ 'id' ];
@ -36,6 +38,7 @@
'message' => 'Authentication succesfully executed.', 'message' => 'Authentication succesfully executed.',
]; ];
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
exit;
} }
} }
else { else {
@ -44,46 +47,8 @@
<html> <html>
<head> <head>
<title>BJPHoster URL Shortener | Login</title> <title>BJPHoster URL Shortener | Login</title>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css"> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet">
<style> <link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/css/login.css" rel="stylesheet">
body {
overflow-x: hidden;
}
.login-container{
margin-top: 5%;
margin-bottom: 5%;
margin-left: 30%;
}
.login-form-1{
padding: 5%;
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
}
.login-form-1 h3{
text-align: center;
color: #333;
}
.login-container form{
padding: 10%;
}
.btnSubmit
{
width: 50%;
border-radius: 1rem;
padding: 1.5%;
border: none;
cursor: pointer;
}
.login-form-1 .btnSubmit{
font-weight: 600;
color: #fff;
background-color: #0062cc;
}
.login-form-1 .ForgetPwd{
color: #0062cc;
font-weight: 600;
text-decoration: none;
}
</style>
</head> </head>
<body> <body>
<div class="container login-container"> <div class="container login-container">
@ -98,7 +63,7 @@
<input type="password" class="form-control" placeholder="Password" value="" id="form-password" /> <input type="password" class="form-control" placeholder="Password" value="" id="form-password" />
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="submit" class="btnSubmit" value="Login" onclick="login()" /> <input type="button" class="btnSubmit" value="Login" onclick="login()" />
</div> </div>
<div class="form-group"> <div class="form-group">
<a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a> <a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a>
@ -106,9 +71,8 @@
</form> </form>
</div> </div>
</div> </div>
<div id="responsetext"></div> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="js/sha512.min.js"></script> <script src="js/sha512.min.js"></script>
<script src="js/login.js"></script> <script src="js/login.js"></script>
<script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script> <script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>