From b5a5ca64687f11c79fd27181a2851021b9693c1b Mon Sep 17 00:00:00 2001 From: Fluffy-Bean <michal-gdula@protonmail.com> Date: Wed, 28 Sep 2022 14:36:45 +0000 Subject: [PATCH] Implementing Sanity checks into the website --- account.php | 57 ++++-- app/app.php | 89 +++++++++ app/image/image.php | 360 ++++++++++++++++++------------------- app/settings/manifest.json | 2 +- index.php | 29 ++- 5 files changed, 331 insertions(+), 206 deletions(-) diff --git a/account.php b/account.php index cbf0c1d..8d789cf 100644 --- a/account.php +++ b/account.php @@ -1,24 +1,24 @@ -<?php require_once __DIR__."/app/required.php"; ?> +<?php + require_once __DIR__."/app/required.php"; + + use App\Account; + use App\Diff; + use App\Sanity; + + $user_info = new Account(); + $diff = new Diff(); + $sanity = new Sanity(); + + $profile_info = $user_info->get_user_info($conn, $_SESSION['id']); +?> <!DOCTYPE html> <html> - -<head> - <?php require_once __DIR__."/assets/ui/header.php"; ?> -</head> - + <head> + <?php require_once __DIR__."/assets/ui/header.php"; ?> + </head> <body> - <?php - require_once __DIR__."/assets/ui/nav.php"; - - use App\Account; - use App\Diff; - - $user_info = new Account(); - $diff = new Diff(); - - $profile_info = $user_info->get_user_info($conn, $_SESSION['id']); - ?> + <?php require_once __DIR__."/assets/ui/nav.php"; ?> <?php if ($user_info->is_loggedin()) { @@ -82,10 +82,10 @@ <div class="warningDecoration defaultSpacing defaultFonts"> <h2>Account</h2> <a class='btn btn-bad' href='password-reset.php'><img class='svg' src='assets/icons/password.svg'>Reset Password</a> - <button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Delete account</button> + <button class="btn btn-bad" onclick="deleteAccount()"><img class='svg' src='assets/icons/trash.svg'>Forget me forever</button> <br> <p>Don't leave! I'm with the science team!</p> - <a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Logout</a> + <a class='btn btn-bad' href='app/account/logout.php'><img class='svg' src='assets/icons/sign-out.svg'>Forget Me</a> </div> <script> function deleteAccount() { @@ -379,6 +379,25 @@ } </script> </div> + + <div class="warningDecoration defaultSpacing defaultFonts"> + <h2>Sanity check</h2> + <?php + $check_sanity = $sanity->get_results(); + + if (empty($check_sanity) || !isset($check_sanity)) { + echo "<p class='btn btn-good' style='outline: none;'>No errors! Lookin' good</p>"; + } else { + foreach ($check_sanity as $result) { + if (str_contains($result, "Critical")) { + echo "<p class='btn btn-bad' style='outline: none; cursor: default;'>".$result."</p>"; + } elseif (str_contains($result, "Warning")) { + echo "<p class='btn btn-warning' style='outline: none; cursor: default;'>".$result."</p>"; + } + } + } + ?> + </div> <?php } } else { diff --git a/app/app.php b/app/app.php index 5eb7d2c..258c602 100644 --- a/app/app.php +++ b/app/app.php @@ -266,3 +266,92 @@ class Diff { return $string ? implode(', ', $string) . ' ago' : 'just now'; } } + +class Sanity { + function check_json() { + $results = array(); + + if (!is_file(__DIR__."/settings/manifest.json")) { + $results[] = "Critical: manifest.json is missing"; + } else { + $manifest = json_decode(file_get_contents(__DIR__."/settings/manifest.json"), true); + + if (!isset($manifest['user_name']) || empty($manifest['user_name']) || $manifest['user_name'] == "[your name]") { + $results[] = "Warning: manifest.json is missing yor name"; + } + if ($manifest['upload']['rename_on_upload'] == true ) { + if (!isset($manifest['upload']['rename_to']) || empty($manifest['upload']['rename_to'])) { + $results[] = "Critical: manifest.json is missing what you're renaming your files to"; + } else { + $rename_to = $manifest['upload']['rename_to']; + $rename_rate = 0; + + if (str_contains($rename_to, '{{autoinc}}')) $rename_rate = 5; + if (str_contains($rename_to, '{{time}}')) $rename_rate = 5; + + if (str_contains($rename_to, '{{date}}')) $rename_rate += 2; + if (str_contains($rename_to, '{{filename}}')) $rename_rate += 2; + + if (str_contains($rename_to, '{{username}}') || str_contains($rename_to, '{{userid}}')) $rename_rate += 1; + + if ($rename_rate == 0 || $rename_rate < 2) { + $results[] = "Critical: You will encounter errors when uploading images due to filenames, update your manifest.json"; + } elseif ($rename_rate < 5 && $rename_rate > 2) { + $results[] = "Warning: You may encounter errors when uploading images due to filenames, concider update your manifest.json"; + } + } + } + + if ($manifest['is_testing']) { + $results[] = "Warning: You are currently in testing mode, errors will be displayed to the user"; + } + } + + return $results; + } + + function check_files() { + $results = array(); + + if (!is_dir("images")) { + $results[] = "Critical: You need to setup an images folder, follow the guide on the GitHub repo"; + } + if (!is_dir("images/pfp")) { + $results[] = "Critical: You need to setup an pfp folder, follow the guide on the GitHub repo"; + } + if (!is_dir("images/previews")) { + $results[] = "Critical: You need to setup an previews folder, follow the guide on the GitHub repo"; + } + if (!is_dir("images/thumbnails")) { + $results[] = "Critical: You need to setup an thumbnails folder, follow the guide on the GitHub repo"; + } + + return $results; + } + + function check_version() { + $results = array(); + + if (PHP_VERSION_ID < 50102) { + $results[] = "Critical: Your current version of PHP is ".PHP_VERSION.". The reccomended version is 8.1.2"; + } + + return $results; + } + + function get_results() { + $results = array(); + + foreach ($this->check_json() as $result) { + $results[] = $result; + } + foreach ($this->check_files() as $result) { + $results[] = $result; + } + foreach ($this->check_version() as $result) { + $results[] = $result; + } + + return $results; + } +} \ No newline at end of file diff --git a/app/image/image.php b/app/image/image.php index 3733751..495db75 100644 --- a/app/image/image.php +++ b/app/image/image.php @@ -23,62 +23,62 @@ $user_ip = $user_info->get_ip(); |------------------------------------------------------------- */ if (isset($_POST['submit_delete'])) { - // Get all image info - $image_array = $image_info->get_image_info($conn, $_POST['id']); + // Get all image info + $image_array = $image_info->get_image_info($conn, $_POST['id']); - // If user owns image or has the ID of 1 - if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { - // Delete from table - $sql = "DELETE FROM images WHERE id = ?"; - if ($stmt = mysqli_prepare($conn, $sql)) { - mysqli_stmt_bind_param($stmt, "i", $_POST['id']); + // If user owns image or has the ID of 1 + if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { + // Delete from table + $sql = "DELETE FROM images WHERE id = ?"; + if ($stmt = mysqli_prepare($conn, $sql)) { + mysqli_stmt_bind_param($stmt, "i", $_POST['id']); - // Attempt to execute the prepared statement - if (mysqli_stmt_execute($stmt)) { - // See if image is in the directory - if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) { - unlink(dirname(__DIR__)."/images/".$image_array['imagename']); - } - // Delete thumbnail if exitsts - if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) { - unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']); - } - // Delete preview if exitsts - if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) { - unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']); - } - // TP user to the homepage with a success message - mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')"); - $_SESSION['del'] = $_POST['id']; - ?> - <script> - window.location.replace("index.php"); - </script> - <?php - } else { - ?> - <script> - sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } + // Attempt to execute the prepared statement + if (mysqli_stmt_execute($stmt)) { + // See if image is in the directory + if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) { + unlink(dirname(__DIR__)."/images/".$image_array['imagename']); + } + // Delete thumbnail if exitsts + if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) { + unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']); + } + // Delete preview if exitsts + if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) { + unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']); + } + // TP user to the homepage with a success message + mysqli_query($conn, "INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image " . $_POST['id'] . "')"); + $_SESSION['del'] = $_POST['id']; + ?> + <script> + window.location.replace("index.php"); + </script> + <?php + } else { + ?> + <script> + sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } } @@ -96,53 +96,53 @@ if (isset($_POST['submit_delete'])) { |------------------------------------------------------------- */ if (isset($_POST['submit_description'])) { - // Get all image info - $image_array = $image_info->get_image_info($conn, $_POST['id']); - // If user owns image or has the ID of 1 - if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { - // getting ready forSQL asky asky - $sql = "UPDATE images SET alt=? WHERE id=?"; + // Get all image info + $image_array = $image_info->get_image_info($conn, $_POST['id']); + // If user owns image or has the ID of 1 + if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { + // getting ready forSQL asky asky + $sql = "UPDATE images SET alt=? WHERE id=?"; - // Checking if databse is doing ok - if ($stmt = mysqli_prepare($conn, $sql)) { - mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id); + // Checking if databse is doing ok + if ($stmt = mysqli_prepare($conn, $sql)) { + mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id); - // Setting parameters - $param_alt = $_POST['input']; - $param_id = $_POST['id']; + // Setting parameters + $param_alt = $_POST['input']; + $param_id = $_POST['id']; - // Attempt to execute the prepared statement - if (mysqli_stmt_execute($stmt)) { - ?> - <script> - sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); - flyoutClose(); - </script> - <?php - } else { - ?> - <script> - sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } + // Attempt to execute the prepared statement + if (mysqli_stmt_execute($stmt)) { + ?> + <script> + sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); + flyoutClose(); + </script> + <?php + } else { + ?> + <script> + sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } } @@ -154,56 +154,56 @@ if (isset($_POST['submit_description'])) { |------------------------------------------------------------- */ if (isset($_POST['submit_tags'])) { - // Get all image info - $image_array = $image_info->get_image_info($conn, $_POST['id']); - // If user owns image or has the ID of 1 - if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { - // Clean input - $tags_string = $make_stuff->tags(trim($_POST['input'])); + // Get all image info + $image_array = $image_info->get_image_info($conn, $_POST['id']); + // If user owns image or has the ID of 1 + if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) { + // Clean input + $tags_string = $make_stuff->tags(trim($_POST['input'])); - // getting ready forSQL asky asky - $sql = "UPDATE images SET tags=? WHERE id=?"; + // getting ready forSQL asky asky + $sql = "UPDATE images SET tags=? WHERE id=?"; - // Checking if databse is doing ok - if ($stmt = mysqli_prepare($conn, $sql)) { - mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id); + // Checking if databse is doing ok + if ($stmt = mysqli_prepare($conn, $sql)) { + mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id); - // Setting parameters - $param_tags = $tags_string; - $param_id = $_POST['id']; + // Setting parameters + $param_tags = $tags_string; + $param_id = $_POST['id']; - // Attempt to execute the prepared statement - if (mysqli_stmt_execute($stmt)) { - ?> - <script> - sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); - flyoutClose(); - </script> - <?php - } else { - ?> - <script> - sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } else { - ?> - <script> - sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } + // Attempt to execute the prepared statement + if (mysqli_stmt_execute($stmt)) { + ?> + <script> + sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); + flyoutClose(); + </script> + <?php + } else { + ?> + <script> + sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } else { + ?> + <script> + sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } } @@ -215,42 +215,42 @@ if (isset($_POST['submit_tags'])) { |------------------------------------------------------------- */ if (isset($_POST['submit_author'])) { - // If user has the ID of 1 - if ($user_info->is_admin($conn, $_SESSION['id'])) { - // getting ready forSQL asky asky - $sql = "UPDATE images SET author=? WHERE id=?"; + // If user has the ID of 1 + if ($user_info->is_admin($conn, $_SESSION['id'])) { + // getting ready forSQL asky asky + $sql = "UPDATE images SET author=? WHERE id=?"; - // Checking if databse is doing ok - if ($stmt = mysqli_prepare($conn, $sql)) { - mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id); + // Checking if databse is doing ok + if ($stmt = mysqli_prepare($conn, $sql)) { + mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id); - // Setting parameters - $param_author = $_POST['input']; - $param_id = $_POST["id"]; + // Setting parameters + $param_author = $_POST['input']; + $param_id = $_POST["id"]; - // Attempt to execute the prepared statement - if (mysqli_stmt_execute($stmt)) { - ?> - <script> - sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); - flyoutClose(); - </script> - <?php - } else { - ?> - <script> - sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } - } - } else { - ?> - <script> - sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg'); - flyoutClose(); - </script> - <?php - } -} \ No newline at end of file + // Attempt to execute the prepared statement + if (mysqli_stmt_execute($stmt)) { + ?> + <script> + sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg'); + flyoutClose(); + </script> + <?php + } else { + ?> + <script> + sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } + } + } else { + ?> + <script> + sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg'); + flyoutClose(); + </script> + <?php + } +} diff --git a/app/settings/manifest.json b/app/settings/manifest.json index 1c84162..5727eda 100644 --- a/app/settings/manifest.json +++ b/app/settings/manifest.json @@ -24,7 +24,7 @@ "Eat hotchip and lie" ], "license":"GPL 3.0", - "version": "22.09.26", + "version": "22.09.28", "user_name": "[your name]", "is_testing": true, "upload": { diff --git a/index.php b/index.php index 9919753..49495ac 100644 --- a/index.php +++ b/index.php @@ -1,12 +1,18 @@ -<?php require_once __DIR__."/app/required.php"; ?> +<?php + require_once __DIR__."/app/required.php"; + + use App\Account; + use App\Sanity; + + $user_info = new Account(); + $sanity = new Sanity(); +?> <!DOCTYPE html> <html> - -<head> - <?php require_once __DIR__."/assets/ui/header.php"; ?> -</head> - + <head> + <?php require_once __DIR__."/assets/ui/header.php"; ?> + </head> <body> <?php require_once __DIR__."/assets/ui/nav.php"; @@ -26,6 +32,17 @@ </script> <?php unset($_SESSION['welc']); + + if ($user_info->is_admin($conn, $_SESSION['id'])) { + $check_sanity = $sanity->get_results(); + if (!empty($check_sanity) || isset($check_sanity)) { + ?> + <script> + sniffleAdd('Uh oh', 'Website has not passed some Sanity checks, please check your settings for more information', 'var(--warning)', 'assets/icons/warning.svg'); + </script> + <?php + } + } } ?>