Skip to content

Commit

Permalink
push
Browse files Browse the repository at this point in the history
  • Loading branch information
Aaron Junker committed Sep 14, 2020
1 parent bb83aba commit 9502d03
Show file tree
Hide file tree
Showing 9 changed files with 24 additions and 21 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ This is a release Candidate version. Issues will be tracked in #49
* Moved blogsite, index and HTTP-Errors to page.php
* Added all translations
* Updated files to new code conventions
* Changed de.gravatar.com to gravatar.com
## Removed
* Removed is_there_usoc.json
* /errors/*
Expand Down
2 changes: 1 addition & 1 deletion site/admin/login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
$_POST["B"] = $_SESSION['temp_User_Name'];
}
while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC)){
if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(@password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])==$zeile["Password"]||isset($_SESSION["code"])) ){
if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(password_verify($_POST["P"],$zeile["Password"])||isset($_SESSION["code"]))){
$login = True;
$user_id = $zeile["Id"];
$user_name = $zeile["Username"];
Expand Down
8 changes: 3 additions & 5 deletions site/install/step2.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,14 @@
echo "Can't connect to Database.";
exit("Error!");
}
$salt = substr(str_shuffle(str_repeat(implode('', range('!','z')), $length)), 0, 25);
$pass = password_hash($_POST["Pass"],PASSWORD_DEFAULT,["salt"=>$salt]);
$pass = password_hash($_POST["Pass"],PASSWORD_DEFAULT);
$Name = $_POST["Name"];
$Author = $_POST["Author"];
$lang = $_POST["Lang"];
$UserName = $_POST["UserName"];
$sql= <<<HEREDOC
CREATE TABLE `Settings` (
`Id` int(20) NOT NULL,
`Id` int(20) NOT NULL,
`Name` varchar(99) NOT NULL,
`Value` varchar(99) NOT NULL,
`Type` varchar(4) NOT NULL
Expand All @@ -41,7 +40,6 @@
(10, 'site.lang', '$lang', 'Text'),
(11, 'site.robots', 'index, follow', 'Text'),
(12, '2fa.name', '', 'Text'),
(13, 'login.salt', '$salt', 'Text');
ALTER TABLE `Settings`
ADD PRIMARY KEY (`Id`);
Expand Down Expand Up @@ -113,7 +111,7 @@
MODIFY ID int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
COMMIT;
HEREDOC;

mysqli_multi_query($db_link,$sql);
//File configuration.php creation
$file = <<<'HEREDOC'
Expand Down
7 changes: 6 additions & 1 deletion site/lang/en-en.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
"style.darkmode": "Darkmode",
"style.lightmode": "Normalmode",
"login": "login",
"login.g": "Login",
"login.already_logged_in": "You're already logged in",
"login.form_error": "Form error!",
"login.login_closed": "Login closed",
Expand Down Expand Up @@ -56,11 +57,14 @@
"login.fail_same_password": "Not the same password",
"login.fillout": "Please fill out everything",
"login.logout": "You're logged out",
"login.logout.action": "Logout",
"blog": "blog",
"blog.readmore": "Read more...",
"login.account.password_changed": "Password changed",
"error.offline": "<h1>Page offline</h1>\n <p>This page is no longer available.</p>",
"error.410": "Gone. This resource is not longer here.",
"register": "register",
"register.g": "Register",
"register.succeed": "Register succeeded",
"register.closed": "Register closed",
"blog.overwiew": "Blog overview",
Expand Down Expand Up @@ -89,5 +93,6 @@
"admin.welcome": "Welcome!",
"profile": "Profile",
"profile.settings": "Profile settings",
""
"profile.changePP": "Change profile picture on Gravatar.com",
"accessibility.skipnavigation": "Skip Navigation"
}
5 changes: 2 additions & 3 deletions site/login/changepass.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
$db_erg = mysqli_query( $db_link, $sql );
while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC))
{
if(md5($zeile["Id"]) == $_SESSION['User_ID']&&$zeile["Password"]==password_hash($_POST["oldpass"],PASSWORD_DEFAULT,["salt"=>$U->getSetting("login.salt")])){
if(md5($zeile["Id"]) == $_SESSION['User_ID']&&password_verify($_POST["oldpass"],$zeile["Password"])){
$passc = True;
}
}
Expand All @@ -25,9 +25,8 @@
$passc = False;
echo $U->getLang("login.changepass.fail");
}
echo $passc;
if($passc){
$sql = "UPDATE User SET password='".password_hash($_POST["oldpass"],PASSWORD_DEFAULT,["salt"=>$U->getSetting("login.salt")])."' WHERE Id='".$_SESSION['User_ID']."';";
$sql = "UPDATE User SET password='".password_hash($_POST["newpass"])."' WHERE Id='".$_SESSION['User_ID']."';";
echo $sql;
$db_erg = mysqli_query( $db_link, $sql );
}
Expand Down
2 changes: 1 addition & 1 deletion site/login/login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
$_POST["B"] = $_SESSION['temp_User_Name'];
}
while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC)){
if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(@password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])==$zeile["Password"]||isset($_SESSION["code"])) ){
if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(password_verify($_POST["P"],$zeile["Password"])||isset($_SESSION["code"])) ){
$login = True;
$user_id = $zeile["Id"];
$user_name = $zeile["Username"];
Expand Down
2 changes: 1 addition & 1 deletion site/login/register.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
$register = False;
}
if($register){
$sql = 'INSERT INTO User (Username, Mail, Password, Type) VALUES ('."'".$_POST["U"]."'".','."'".$_POST["M"]."'".','."'".password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])."'".',0);';
$sql = 'INSERT INTO User (Username, Mail, Password, Type) VALUES ('."'".$_POST["U"]."'".','."'".$_POST["M"]."'".','."'".password_hash($_POST["P"],PASSWORD_DEFAULT)."'".',0);';
if($db_erg = mysqli_query( $db_link, $sql )){
echo $U->getLang("register.succeed");
header("Location: ".$USOC["DOMAIN"]);
Expand Down
2 changes: 1 addition & 1 deletion site/profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ function onSignIn(googleUser) {
<?php
echo $U->getPP();
?>
<br><a target="_blank" href="https://de.gravatar.com"><button>Profilbild ändern auf Gravatar.com</button></a><br />
<br><a target="_blank" href="https://gravatar.com"><button><?php $U->getLang("profile.changePP") ?></button></a><br />
<?php
$db_link = mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DATABASE);
$sql = "SELECT * FROM User WHERE Username='".$_SESSION["User_Name"]."'";
Expand Down
16 changes: 8 additions & 8 deletions site/siteelements/header.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@
<a id="skipnavigation" href="<?php echo $_SERVER["PHP_SELF"];
if(isset($_GET["URL"])){
echo "?URL=".$_GET["URL"];
}?>#maincontent">Skip navigation </a>
}?>#maincontent"><?php $U->getLang("accessibility.skipnavigation"); ?></a>
<a href="index.php" id="headerlink"><img src="logo.png" height="100" alt="Logo" /><h1><?php echo $U->getSetting("site.name") ?></h1></a>
<br />
<div style="border-top: 1px;border-top-style:solid;border-top-color:black;">
<ul id="menu">
<li class="menuitem"><a href="page.php?URL=index">Home</a></li>
<li class="menuitem"><a href="blogsite.php">Blog</a></li>
<li class="menuitem"><a href="blogsite">Blog</a></li>
<li class="menuitem dropdown">
<a href="javascript:void(0)" class="dropbtn">Sites</a>
<div class="dropdown-content">
Expand All @@ -37,20 +37,20 @@ function register_open(){
session_start();
}
if(isset($_SESSION["User_ID"])){
echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="javascript:void(0)">'.$_SESSION["User_Name"].'</a><div style="right:0.5%;" class="dropdown-content"><a href="changepassword.php" onmouseover="menuhover()" class="dropdownlink">Passwort wechseln</a><br /><a href="profil.php" onmouseover="menuhover()" class="dropdownlink">Profileinstellungen</a><br /><a href="logout.php" onmouseover="menuhover()" class="dropdownlink">Ausloggen</a></div></li>';
echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="javascript:void(0)">'.$_SESSION["User_Name"].'</a><div style="right:0.5%;" class="dropdown-content"><a href="changepassword.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("login.changepass").'</a><br /><a href="profil.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("profile.settings").'</a><br /><a href="logout.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("login.logout.action").'</a></div></li>';
if(isset($_SESSION["Admin"])){
echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="'.$USOC["Admin"].'">Adminbereich</a>';
echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="'.$USOC["Admin"].'">'.$U->getLang("admin").'</a>';
if(isset($_GET["URL"])&&preg_match('/(page)/i',$_SERVER["PHP_SELF"])){
echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=editor&SiteName='.$_GET["URL"].'">Seite bearbeiten</a></div>';
echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=editor&SiteName='.$_GET["URL"].'">'.$U->getLang("admin.edit.site").'</a></div>';
}elseif(isset($_GET["URL"])&&preg_match('/(blog)/i',$_SERVER["PHP_SELF"])){
echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=blogeditor&SiteName='.$_GET["URL"].'">Seite bearbeiten</a></div>';
echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=blogeditor&SiteName='.$_GET["URL"].'">'.$U->getLang("admin.edit.site").'</a></div>';
}
echo "</li>";
}
}else{
echo '<li class="menuitem" style="float:right;"><a href="login.php">Login</a></li>';
echo '<li class="menuitem" style="float:right;"><a href="login.php">'.$U->getLang("login.g").'</a></li>';
if(register_open()){
echo '<li class="menuitem" style="float:right;"><a href="register.php">Registrieren</a></li>';
echo '<li class="menuitem" style="float:right;"><a href="register.php">'.$U->getLang("register.g").'</a></li>';
}
}
?>
Expand Down

0 comments on commit 9502d03

Please sign in to comment.