bryanpedini/OpenShorte.old
Archived
0
0
Fork 0
Code Releases Activity

Refactored database, refactored config file, corrected login redirection

Browse Source 
Moved database function in class "Database";
Corrected database-using webpages accordingly;
Moved config file from PHP to JSON with more config variables;
Corrected login page redirection on wrong username or password.
This commit is contained in:
Bryan Pedini
2019-03-21 12:07:23 +01:00
parent 4eaf1d0829
commit 4a6630bacb
10 changed files with 143 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
config.json Normal file
View File

@@ -0,0 +1,11 @@
{
"installed": false,
"db": {
"host": "127.0.0.1",
"port": 3306,
"username": "",
"password": "",
"name": ""
},
"installation_path": ""
}

11
config.php
View File

@@ -1,11 +0,0 @@
<?php
$config = [
'db' => [
'host' => '127.0.0.1',
'port' => 3306,
'username' => 'database_user',
'password' => 'database_password',
'name' => 'my_database_name',
],
];
?>

32
functions.php
View File

@@ -1,29 +1,5 @@
<?php <?php
require_once ( 'config.php' ); require_once ( 'lib/php/classes/Database.php' );
function db_connect ( ) {
global $config;
$connection = new MySQLi ( $config [ 'db' ] [ 'host' ], $config [ 'db' ] [ 'username' ], $config [ 'db' ] [ 'password' ], $config [ 'db' ] [ 'name' ], $config [ 'db' ] [ 'port' ] );
if ( $connection->connect_errno ) {
die ( "Database connection failed." );
}
return $connection;
}
function db_prepare ( MySQLi $connection, string $query ) {
if ( ! ( $statement = $connection -> prepare ( $query ) ) ) {
die ( "Prepare failed: (" . $connection->errno . ") " . $connection->error );
}
return $statement;
}
function db_bind ( MySQLi_stmt $statement, array $params ) {
if ( ! call_user_func_array ( array ( $statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
die ( "Binding parameters failed: (" . $statement->errno . ") " . $statement->error );
}
}
function db_execute ( $statement ) {
if ( ! $statement->execute ( ) ) {
die ( "Execute failed: (" . $statement->errno . ") " . $statement->error );
}
}
function split_uri_array ( string $php_self, string $request_uri ) : Array { function split_uri_array ( string $php_self, string $request_uri ) : Array {
$uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) ); $uri = substr ( $request_uri, strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ), strlen ( $request_uri ) - strlen ( substr ( $php_self, 0, strrpos ( $php_self, 'index.php' ) ) ) );
$arr = Array ( ); $arr = Array ( );
@@ -37,4 +13,10 @@
$arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1); $arr [ ] = substr ( $uri, $last_arg_pos, $i - $last_arg_pos + 1);
return $arr; return $arr;
} }
function load_config ( ) : array {
$config = file_get_contents ( 'config.json' );
$config = json_decode ( $config, true );
$config [ 'installation_path' ] = $_SERVER [ 'DOCUMENT_ROOT' ] . $config [ 'installation_path' ];
return $config;
}
?> ?>

1
index.php
View File

@@ -2,6 +2,7 @@
session_start ( ); session_start ( );
require_once ( 'config.php' ); require_once ( 'config.php' );
require_once ( 'functions.php' ); require_once ( 'functions.php' );
$config = load_config ( );
$request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] ); $request = split_uri_array ( $_SERVER [ 'SCRIPT_NAME' ], $_SERVER [ 'REQUEST_URI' ] );
if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) { if ( isset ( $request [ 0 ] ) && $request [ 0 ] != "" ) {
switch ( $request [ 0 ] ) { switch ( $request [ 0 ] ) {

12
js/login.js
View File

@@ -1,4 +1,4 @@
function login() { function login ( ) {
var username = document.getElementById ( "form-username" ).value; var username = document.getElementById ( "form-username" ).value;
var password = document.getElementById ( "form-password" ).value; var password = document.getElementById ( "form-password" ).value;
password = SHA512 ( password ); password = SHA512 ( password );
@@ -13,7 +13,7 @@ function login() {
window.location.href = script_name; window.location.href = script_name;
} }
else { else {
document.getElementById ( "responsetext" ).innerHTML = response [ 'error_message' ]; console.log ( response [ 'error_message' ] );
} }
} }
else { else {
@@ -26,3 +26,11 @@ function login() {
data.append('password', password); data.append('password', password);
xhr.send( data ); xhr.send( data );
} }
$(function ( ) {
$( '.form-group input' ).keyup( function ( e ) {
if ( e.keyCode == 13 ) {
login();
}
});
});

37
lib/css/login.css Normal file
View File

@@ -0,0 +1,37 @@
body {
overflow-x: hidden;
}
.login-container{
margin-top: 5%;
margin-bottom: 5%;
margin-left: 30%;
}
.login-form-1{
padding: 5%;
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
}
.login-form-1 h3{
text-align: center;
color: #333;
}
.login-container form{
padding: 10%;
}
.btnSubmit
{
width: 50%;
border-radius: 1rem;
padding: 1.5%;
border: none;
cursor: pointer;
}
.login-form-1 .btnSubmit{
font-weight: 600;
color: #fff;
background-color: #0062cc;
}
.login-form-1 .ForgetPwd{
color: #0062cc;
font-weight: 600;
text-decoration: none;
}

44
lib/php/classes/Database.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
class database {
private $config;
private $connection;
private $statement;
public function __construct ( $config ) {
if ( $config ) {
$this->config = $config;
}
else {
die ( "You can't initialize a database connection without proper configuration." );
}
}
public function connect ( ) : void {
$this->connection = new MySQLi ( $this->config [ 'host' ], $this->config [ 'username' ], $this->config [ 'password' ], $this->config [ 'name' ], $this->config [ 'port' ] );
if ( $this->connection->connect_errno ) {
die ( "Database connection failed." );
}
}
public function prepare ( string $query ) : void {
if ( ! ( $this->statement = $this->connection->prepare ( $query ) ) ) {
die ( "Prepare failed: (" . $this->connection->errno . ") " . $this->connection->error );
}
}
public function bind ( array $params ) : void {
if ( ! call_user_func_array ( array ( $this->statement, "bind_param" ), array_merge ( $params [ 0 ], $params [ 1 ] ) ) ) {
die ( "Binding parameters failed: (" . $this->statement->errno . ") " . $this->statement->error );
}
}
public function execute ( ) : void {
if ( ! $this->statement->execute ( ) ) {
die ( "Execute failed: (" . $this->statement->errno . ") " . $this->statement->error );
}
}
public function get_result ( ) : MySQLi_result {
return $this->statement->get_result ( );
}
}

11
lib/php/go.php
View File

@@ -5,15 +5,16 @@
die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" ); die ( "You can't be forwarded to a non numerical URL link ID. If you think this is incorrect, please send an email to shorte@dev.bryanpedini.it with this URL: https://sh.bjphoster.com/?go=" . $link_id . " for more investigations" );
} }
$link_id = (int) $link_id; $link_id = (int) $link_id;
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT links.URL FROM links WHERE links.ID = ?" ); $database->connect ( );
$database->prepare ( "SELECT links.URL FROM links WHERE links.ID = ?" );
$parameters = [ $parameters = [
[ "i" ], [ "i" ],
[ &$link_id ], [ &$link_id ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
if ( ! $row ) { if ( ! $row ) {
http_response_code ( 404 ); http_response_code ( 404 );

24
lib/php/insert.php
View File

@@ -4,17 +4,18 @@
} }
if ( isset ( $_POST [ 'url' ] ) ) { if ( isset ( $_POST [ 'url' ] ) ) {
$url = $_POST [ 'url' ]; $url = $_POST [ 'url' ];
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" ); $database->connect ( );
$database->prepare ( "INSERT INTO `links` ( `ID`, `URL`, `created_by` ) VALUES ( NULL, ?, " . $_SESSION [ 'user_id' ] . " );" );
$parameters = [ $parameters = [
[ "s" ], [ "s" ],
[ &$url ], [ &$url ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$statement = db_prepare ( $db_connection, "SELECT COUNT( links.ID ) as `count` FROM links;"); $database->prepare ( "SELECT COUNT( links.ID ) as `count` FROM links;");
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
header ( 'Content-Type: application/json' ); header ( 'Content-Type: application/json' );
$response = [ $response = [
@@ -25,10 +26,11 @@
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
} }
else { else {
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] ); $database->connect ( );
db_execute ( $statement ); $database->prepare ( "SELECT links.ID, links.URL FROM links WHERE links.created_by = " . $_SESSION [ 'user_id' ] );
$result = $statement->get_result ( ); $database->execute ( );
$result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
?> ?>
<!DOCTYPE html> <!DOCTYPE html>

64
lib/php/login.php
View File

@@ -4,21 +4,22 @@
exit; exit;
} }
if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) { if ( isset ( $session [ 1 ] ) && $session [ 1 ] == "forgot" ) {
include ( 'lib/php/forgotpassword.php' ); include ( $config [ 'installation_path ' ] . '/lib/php/forgotpassword.php' );
exit; exit;
} }
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) { if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
$username = $_POST [ 'username' ]; $username = $_POST [ 'username' ];
$password = $_POST [ 'password' ]; $password = $_POST [ 'password' ];
$db_connection = db_connect ( ); $database = new Database ( $config [ 'db' ] );
$statement = db_prepare ( $db_connection, "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" ); $database->connect ( );
$database->prepare ( "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
$parameters = [ $parameters = [
[ "ss" ], [ "ss" ],
[ &$username, &$password ], [ &$username, &$password ],
]; ];
db_bind ( $statement, $parameters ); $database->bind ( $parameters );
db_execute ( $statement ); $database->execute ( );
$result = $statement->get_result ( ); $result = $database->get_result ( );
$row = $result->fetch_assoc ( ); $row = $result->fetch_assoc ( );
if ( ! $row ) { if ( ! $row ) {
header ( 'Content-Type: application/json' ); header ( 'Content-Type: application/json' );
@@ -27,6 +28,7 @@
'error_message' => 'Username or password not correct.', 'error_message' => 'Username or password not correct.',
]; ];
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
exit;
} }
else { else {
$_SESSION [ 'user_id' ] = $row [ 'id' ]; $_SESSION [ 'user_id' ] = $row [ 'id' ];
@@ -36,6 +38,7 @@
'message' => 'Authentication succesfully executed.', 'message' => 'Authentication succesfully executed.',
]; ];
echo ( json_encode ( $response ) ); echo ( json_encode ( $response ) );
exit;
} }
} }
else { else {
@@ -44,46 +47,8 @@
<html> <html>
<head> <head>
<title>BJPHoster URL Shortener | Login</title> <title>BJPHoster URL Shortener | Login</title>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css"> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet">
<style> <link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/css/login.css" rel="stylesheet">
body {
overflow-x: hidden;
}
.login-container{
margin-top: 5%;
margin-bottom: 5%;
margin-left: 30%;
}
.login-form-1{
padding: 5%;
box-shadow: 0 5px 8px 0 rgba(0, 0, 0, 0.2), 0 9px 26px 0 rgba(0, 0, 0, 0.19);
}
.login-form-1 h3{
text-align: center;
color: #333;
}
.login-container form{
padding: 10%;
}
.btnSubmit
{
width: 50%;
border-radius: 1rem;
padding: 1.5%;
border: none;
cursor: pointer;
}
.login-form-1 .btnSubmit{
font-weight: 600;
color: #fff;
background-color: #0062cc;
}
.login-form-1 .ForgetPwd{
color: #0062cc;
font-weight: 600;
text-decoration: none;
}
</style>
</head> </head>
<body> <body>
<div class="container login-container"> <div class="container login-container">
@@ -98,7 +63,7 @@
<input type="password" class="form-control" placeholder="Password" value="" id="form-password" /> <input type="password" class="form-control" placeholder="Password" value="" id="form-password" />
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="submit" class="btnSubmit" value="Login" onclick="login()" /> <input type="button" class="btnSubmit" value="Login" onclick="login()" />
</div> </div>
<div class="form-group"> <div class="form-group">
<a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a> <a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a>
@@ -106,9 +71,8 @@
</form> </form>
</div> </div>
</div> </div>
<div id="responsetext"></div> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="js/sha512.min.js"></script> <script src="js/sha512.min.js"></script>
<script src="js/login.js"></script> <script src="js/login.js"></script>
<script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script> <script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>