From b5a5ca64687f11c79fd27181a2851021b9693c1b Mon Sep 17 00:00:00 2001
From: Fluffy-Bean <michal-gdula@protonmail.com>
Date: Wed, 28 Sep 2022 14:36:45 +0000
Subject: [PATCH] Implementing Sanity checks into the website

---
 account.php                |  57 ++++--
 app/app.php                |  89 +++++++++
 app/image/image.php        | 360 ++++++++++++++++++-------------------
 app/settings/manifest.json |   2 +-
 index.php                  |  29 ++-
 5 files changed, 331 insertions(+), 206 deletions(-)

diff --git a/account.php b/account.php
index cbf0c1d..8d789cf 100644
--- a/account.php
+++ b/account.php
@@ -1,24 +1,24 @@
-<?php require_once __DIR__."/app/required.php"; ?>
+<?php
+	require_once __DIR__."/app/required.php";
+	
+	use App\Account;
+	use App\Diff;
+	use App\Sanity;
+
+	$user_info = new Account();
+	$diff = new Diff();
+	$sanity = new Sanity();
+
+	$profile_info = $user_info->get_user_info($conn, $_SESSION['id']);
+?>
 
 <!DOCTYPE html>
 <html>
-
-<head>
-	<?php require_once __DIR__."/assets/ui/header.php"; ?>
-</head>
-
+	<head>
+		<?php require_once __DIR__."/assets/ui/header.php"; ?>
+	</head>
 <body>
-	<?php
-		require_once __DIR__."/assets/ui/nav.php";
-
-		use App\Account;
-		use App\Diff;
-
-		$user_info = new Account();
-		$diff = new Diff();
-
-		$profile_info = $user_info->get_user_info($conn, $_SESSION['id']);
-	?>
+	<?php require_once __DIR__."/assets/ui/nav.php"; ?>
 
 		<?php
 		if ($user_info->is_loggedin()) {
@@ -82,10 +82,10 @@
 			<div class="warningDecoration defaultSpacing defaultFonts">
 				<h2>Account</h2>
 				<a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a>
-				<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button>
+				<button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Forget me forever</button>
 				<br>
 				<p>Don't leave! I'm with the science team!</p>
-				<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a>
+				<a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Forget Me</a>
 			</div>
 			<script>
 				function deleteAccount() {
@@ -379,6 +379,25 @@
 							}
 						</script>
 					</div>
+
+					<div class="warningDecoration defaultSpacing defaultFonts">
+							<h2>Sanity check</h2>
+							<?php
+								$check_sanity = $sanity->get_results();
+
+								if (empty($check_sanity) || !isset($check_sanity)) {
+									echo "<p class='btn btn-good' style='outline: none;'>No errors! Lookin' good</p>";
+								} else {
+									foreach ($check_sanity as $result) {
+										if (str_contains($result, "Critical")) {
+											echo "<p class='btn btn-bad' style='outline: none; cursor: default;'>".$result."</p>";
+										} elseif (str_contains($result, "Warning")) {
+											echo "<p class='btn btn-warning' style='outline: none; cursor: default;'>".$result."</p>";
+										}
+									}
+								}
+							?>
+					</div>
 					<?php
 				}
 		} else {
diff --git a/app/app.php b/app/app.php
index 5eb7d2c..258c602 100644
--- a/app/app.php
+++ b/app/app.php
@@ -266,3 +266,92 @@ class Diff {
         return $string ? implode(', ', $string) . ' ago' : 'just now';
     }
 }
+
+class Sanity  {
+    function check_json() {
+        $results = array();
+
+        if (!is_file(__DIR__."/settings/manifest.json")) {
+            $results[] = "Critical: manifest.json is missing";
+        } else {
+            $manifest = json_decode(file_get_contents(__DIR__."/settings/manifest.json"), true);
+
+            if (!isset($manifest['user_name']) || empty($manifest['user_name']) || $manifest['user_name'] == "[your name]") {
+                $results[] = "Warning: manifest.json is missing yor name";
+            }
+            if ($manifest['upload']['rename_on_upload'] == true ) {
+                if (!isset($manifest['upload']['rename_to']) || empty($manifest['upload']['rename_to'])) {
+                    $results[] = "Critical: manifest.json is missing what you're renaming your files to";
+                } else {
+                    $rename_to = $manifest['upload']['rename_to'];
+                    $rename_rate = 0;
+
+                    if (str_contains($rename_to, '{{autoinc}}')) $rename_rate = 5;
+                    if (str_contains($rename_to, '{{time}}')) $rename_rate = 5;
+
+                    if (str_contains($rename_to, '{{date}}')) $rename_rate += 2;
+                    if (str_contains($rename_to, '{{filename}}')) $rename_rate += 2;
+
+                    if (str_contains($rename_to, '{{username}}') || str_contains($rename_to, '{{userid}}')) $rename_rate += 1;
+
+                    if ($rename_rate == 0 || $rename_rate < 2) {
+                        $results[] = "Critical: You will encounter errors when uploading images due to filenames, update your manifest.json";
+                    } elseif ($rename_rate < 5 && $rename_rate > 2) {
+                        $results[] = "Warning: You may encounter errors when uploading images due to filenames, concider update your manifest.json";
+                    }
+                }
+            }
+
+            if ($manifest['is_testing']) {
+                $results[] = "Warning: You are currently in testing mode, errors will be displayed to the user";
+            }
+        }
+
+        return $results;
+    }
+
+    function check_files() {
+        $results = array();
+
+        if (!is_dir("images")) {
+            $results[] = "Critical: You need to setup an images folder, follow the guide on the GitHub repo";
+        }
+        if (!is_dir("images/pfp")) {
+            $results[] = "Critical: You need to setup an pfp folder, follow the guide on the GitHub repo";
+        }
+        if (!is_dir("images/previews")) {
+            $results[] = "Critical: You need to setup an previews folder, follow the guide on the GitHub repo";
+        }
+        if (!is_dir("images/thumbnails")) {
+            $results[] = "Critical: You need to setup an thumbnails folder, follow the guide on the GitHub repo";
+        }
+
+        return $results;
+    }
+
+    function check_version() {
+        $results = array();
+
+        if (PHP_VERSION_ID < 50102) {
+            $results[] = "Critical: Your current version of PHP is ".PHP_VERSION.". The reccomended version is 8.1.2";
+        }
+
+        return $results;
+    }
+
+    function get_results() {
+        $results = array();
+
+        foreach ($this->check_json() as $result) {
+            $results[] = $result;
+        }
+        foreach ($this->check_files() as $result) {
+            $results[] = $result;
+        }
+        foreach ($this->check_version() as $result) {
+            $results[] = $result;
+        }
+
+        return $results;
+    }
+}
\ No newline at end of file
diff --git a/app/image/image.php b/app/image/image.php
index 3733751..495db75 100644
--- a/app/image/image.php
+++ b/app/image/image.php
@@ -23,62 +23,62 @@ $user_ip = $user_info->get_ip();
  |-------------------------------------------------------------
 */
 if (isset($_POST['submit_delete'])) {
-  // Get all image info
-  $image_array = $image_info->get_image_info($conn, $_POST['id']);
+	// Get all image info
+	$image_array = $image_info->get_image_info($conn, $_POST['id']);
 
-  // If user owns image or has the ID of 1
-  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
-    // Delete from table
-    $sql = "DELETE FROM images WHERE id = ?";
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "i", $_POST['id']);
+	// If user owns image or has the ID of 1
+	if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
+		// Delete from table
+		$sql = "DELETE FROM images WHERE id = ?";
+		if ($stmt = mysqli_prepare($conn, $sql)) {
+			mysqli_stmt_bind_param($stmt, "i", $_POST['id']);
 
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        // See if image is in the directory
-        if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {
-          unlink(dirname(__DIR__)."/images/".$image_array['imagename']);
-        }
-        // Delete thumbnail if exitsts
-        if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {
-          unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);
-        }
-        // Delete preview if exitsts
-        if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {
-          unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);
-        }
-        // TP user to the homepage with a success message
-        mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')");
-        $_SESSION['del'] = $_POST['id'];
-        ?>
-        <script>
-          window.location.replace("index.php");
-        </script>
-        <?php
-      } else {
-        ?>
-        <script>
-          sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');
-          flyoutClose();
-        </script>
-        <?php
-      }
-    } else {
-      ?>
-      <script>
-        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-        flyoutClose();
-      </script>
-      <?php
-    }
-  } else {
-    ?>
-    <script>
-      sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
-      flyoutClose();
-    </script>
-    <?php
-  }
+			// Attempt to execute the prepared statement
+			if (mysqli_stmt_execute($stmt)) {
+				// See if image is in the directory
+				if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {
+					unlink(dirname(__DIR__)."/images/".$image_array['imagename']);
+				}
+				// Delete thumbnail if exitsts
+				if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {
+					unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);
+				}
+				// Delete preview if exitsts
+				if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {
+					unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);
+				}
+				// TP user to the homepage with a success message
+				mysqli_query($conn, "INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image " . $_POST['id'] . "')");
+				$_SESSION['del'] = $_POST['id'];
+				?>
+					<script>
+						window.location.replace("index.php");
+					</script>
+				<?php
+			} else {
+				?>
+					<script>
+						sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');
+						flyoutClose();
+					</script>
+				<?php
+			}
+		} else {
+			?>
+				<script>
+					sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+					flyoutClose();
+				</script>
+			<?php
+		}
+	} else {
+		?>
+			<script>
+				sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
+				flyoutClose();
+			</script>
+		<?php
+	}
 }
 
 
@@ -96,53 +96,53 @@ if (isset($_POST['submit_delete'])) {
  |-------------------------------------------------------------
 */
 if (isset($_POST['submit_description'])) {
-  // Get all image info
-  $image_array = $image_info->get_image_info($conn, $_POST['id']);
-  // If user owns image or has the ID of 1
-  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
-    // getting ready forSQL asky asky
-    $sql = "UPDATE images SET alt=? WHERE id=?";
+	// Get all image info
+	$image_array = $image_info->get_image_info($conn, $_POST['id']);
+	// If user owns image or has the ID of 1
+	if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
+		// getting ready forSQL asky asky
+		$sql = "UPDATE images SET alt=? WHERE id=?";
 
-    // Checking if databse is doing ok
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
+		// Checking if databse is doing ok
+		if ($stmt = mysqli_prepare($conn, $sql)) {
+			mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
 
-      // Setting parameters
-      $param_alt = $_POST['input'];
-      $param_id = $_POST['id'];
+			// Setting parameters
+			$param_alt = $_POST['input'];
+			$param_id = $_POST['id'];
 
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        ?>
-        <script>
-          sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
-          flyoutClose();
-        </script>
-        <?php
-      } else {
-        ?>
-        <script>
-          sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-          flyoutClose();
-        </script>
-        <?php
-      }
-    } else {
-      ?>
-      <script>
-        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-        flyoutClose();
-      </script>
-      <?php
-    }
-  } else {
-    ?>
-    <script>
-      sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
-      flyoutClose();
-    </script>
-    <?php
-  }
+			// Attempt to execute the prepared statement
+			if (mysqli_stmt_execute($stmt)) {
+				?>
+					<script>
+						sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
+						flyoutClose();
+					</script>
+				<?php
+			} else {
+				?>
+					<script>
+						sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+						flyoutClose();
+					</script>
+				<?php
+			}
+		} else {
+			?>
+				<script>
+					sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+					flyoutClose();
+				</script>
+			<?php
+		}
+	} else {
+		?>
+			<script>
+				sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
+				flyoutClose();
+			</script>
+		<?php
+	}
 }
 
 
@@ -154,56 +154,56 @@ if (isset($_POST['submit_description'])) {
  |-------------------------------------------------------------
 */
 if (isset($_POST['submit_tags'])) {
-  // Get all image info
-  $image_array = $image_info->get_image_info($conn, $_POST['id']);
-  // If user owns image or has the ID of 1
-  if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
-    // Clean input
-    $tags_string = $make_stuff->tags(trim($_POST['input']));
+	// Get all image info
+	$image_array = $image_info->get_image_info($conn, $_POST['id']);
+	// If user owns image or has the ID of 1
+	if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
+		// Clean input
+		$tags_string = $make_stuff->tags(trim($_POST['input']));
 
-    // getting ready forSQL asky asky
-    $sql = "UPDATE images SET tags=? WHERE id=?";
+		// getting ready forSQL asky asky
+		$sql = "UPDATE images SET tags=? WHERE id=?";
 
-    // Checking if databse is doing ok
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);
+		// Checking if databse is doing ok
+		if ($stmt = mysqli_prepare($conn, $sql)) {
+			mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);
 
-      // Setting parameters
-      $param_tags = $tags_string;
-      $param_id = $_POST['id'];
+			// Setting parameters
+			$param_tags = $tags_string;
+			$param_id = $_POST['id'];
 
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        ?>
-        <script>
-          sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
-          flyoutClose();
-        </script>
-        <?php
-      } else {
-        ?>
-        <script>
-          sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-          flyoutClose();
-        </script>
-        <?php
-      }
-    } else {
-      ?>
-      <script>
-        sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-        flyoutClose();
-      </script>
-      <?php
-    }
-  } else {
-    ?>
-    <script>
-      sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');
-      flyoutClose();
-    </script>
-    <?php
-  }
+			// Attempt to execute the prepared statement
+			if (mysqli_stmt_execute($stmt)) {
+				?>
+					<script>
+						sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
+						flyoutClose();
+					</script>
+				<?php
+			} else {
+				?>
+					<script>
+						sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+						flyoutClose();
+					</script>
+				<?php
+			}
+		} else {
+			?>
+				<script>
+					sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+					flyoutClose();
+				</script>
+			<?php
+			}
+	} else {
+		?>
+			<script>
+				sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');
+				flyoutClose();
+			</script>
+		<?php
+	}
 }
 
 
@@ -215,42 +215,42 @@ if (isset($_POST['submit_tags'])) {
  |-------------------------------------------------------------
 */
 if (isset($_POST['submit_author'])) {
-  // If user has the ID of 1
-  if ($user_info->is_admin($conn, $_SESSION['id'])) {
-    // getting ready forSQL asky asky
-    $sql = "UPDATE images SET author=? WHERE id=?";
+	// If user has the ID of 1
+	if ($user_info->is_admin($conn, $_SESSION['id'])) {
+		// getting ready forSQL asky asky
+		$sql = "UPDATE images SET author=? WHERE id=?";
 
-    // Checking if databse is doing ok
-    if ($stmt = mysqli_prepare($conn, $sql)) {
-      mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);
+		// Checking if databse is doing ok
+		if ($stmt = mysqli_prepare($conn, $sql)) {
+			mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);
 
-      // Setting parameters
-      $param_author = $_POST['input'];
-      $param_id = $_POST["id"];
+			// Setting parameters
+			$param_author = $_POST['input'];
+			$param_id = $_POST["id"];
 
-      // Attempt to execute the prepared statement
-      if (mysqli_stmt_execute($stmt)) {
-        ?>
-        <script>
-          sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
-          flyoutClose();
-        </script>
-        <?php
-      } else {
-        ?>
-        <script>
-          sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
-          flyoutClose();
-        </script>
-        <?php
-      }
-    }
-  } else {
-    ?>
-    <script>
-      sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');
-      flyoutClose();
-    </script>
-    <?php
-  }
-}
\ No newline at end of file
+			// Attempt to execute the prepared statement
+			if (mysqli_stmt_execute($stmt)) {
+				?>
+					<script>
+						sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
+						flyoutClose();
+					</script>
+				<?php
+			} else {
+				?>
+					<script>
+						sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
+						flyoutClose();
+					</script>
+				<?php
+			}
+		}
+	} else {
+		?>
+			<script>
+				sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');
+				flyoutClose();
+			</script>
+		<?php
+	}
+}
diff --git a/app/settings/manifest.json b/app/settings/manifest.json
index 1c84162..5727eda 100644
--- a/app/settings/manifest.json
+++ b/app/settings/manifest.json
@@ -24,7 +24,7 @@
         "Eat hotchip and lie"
     ],
     "license":"GPL 3.0",
-    "version": "22.09.26",
+    "version": "22.09.28",
     "user_name": "[your name]",
     "is_testing": true,
     "upload": {
diff --git a/index.php b/index.php
index 9919753..49495ac 100644
--- a/index.php
+++ b/index.php
@@ -1,12 +1,18 @@
-<?php require_once __DIR__."/app/required.php"; ?>
+<?php
+	require_once __DIR__."/app/required.php";
+	
+	use App\Account;
+	use App\Sanity;
+
+	$user_info = new Account();
+	$sanity = new Sanity();
+?>
 
 <!DOCTYPE html>
 <html>
-
-<head>
-	<?php require_once __DIR__."/assets/ui/header.php"; ?>
-</head>
-
+	<head>
+		<?php require_once __DIR__."/assets/ui/header.php"; ?>
+	</head>
 <body>
 	<?php
 		require_once __DIR__."/assets/ui/nav.php"; 
@@ -26,6 +32,17 @@
 				</script>
 			<?php
 			unset($_SESSION['welc']);
+
+			if ($user_info->is_admin($conn, $_SESSION['id'])) {
+				$check_sanity = $sanity->get_results();
+				if (!empty($check_sanity) || isset($check_sanity)) {
+					?>
+						<script>
+							sniffleAdd('Uh oh', 'Website has not passed some Sanity checks, please check your settings for more information', 'var(--warning)', 'assets/icons/warning.svg');
+						</script>
+					<?php
+				}
+			}
 		}
 	?>