From 9c48d2e0da5d3375d4dd8f2844c997de8f79b0f8 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 00:55:38 -0400 Subject: [PATCH 01/15] Fix date help order to match input field. --- user/new.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/new.php b/user/new.php index ad65beb..e07f446 100644 --- a/user/new.php +++ b/user/new.php @@ -5,7 +5,7 @@ start_html("Create new post");

Create new post

-Date: (YYYY-MM-DD) +Date: (DD-MM-YYYY)
Title:

From b6cc8dd776dde720cd9cbe857751841551e4283a Mon Sep 17 00:00:00 2001 From: Elyrith Date: Fri, 9 Aug 2013 20:44:18 -0400 Subject: [PATCH 02/15] Create table for users and admin user --- .gitignore | 1 + blogtable.sql | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4276bf9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +index.php diff --git a/blogtable.sql b/blogtable.sql index beeeae2..6e8d492 100644 --- a/blogtable.sql +++ b/blogtable.sql @@ -1,7 +1,18 @@ CREATE TABLE `blog` ( - `postnumber` int(11) NOT NULL AUTO_INCREMENT, + `postnumber` int(11) NOT NULL AUTO_INCREMENT, `date` date NOT NULL, `title` text COLLATE utf8_unicode_ci NOT NULL, `posttext` text COLLATE utf8_unicode_ci NOT NULL, PRIMARY KEY (`postnumber`) ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +CREATE TABLE `users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `username` varchar(20) NOT NULL, + `name` varchar(40) NOT NULL, + `password` varchar(64) NOT NULL, + `session` int(64), + PRIMARY KEY (`id`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +INSERT INTO `users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), NULL); From c8706fc865f853305d9ca3f7a8bf7f83f72bbd93 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Fri, 9 Aug 2013 22:33:27 -0400 Subject: [PATCH 03/15] Version 1 of DB auth. Only works with user/login.php for now. --- includes/dbconnect.php | 1 + 1 file changed, 1 insertion(+) diff --git a/includes/dbconnect.php b/includes/dbconnect.php index 4c4550c..c79d11d 100644 --- a/includes/dbconnect.php +++ b/includes/dbconnect.php @@ -1,4 +1,5 @@ Date: Fri, 9 Aug 2013 22:34:58 -0400 Subject: [PATCH 04/15] Version 1 of DB auth. Only works with user/login.php for now. --- .gitignore | 1 - includes/login_form.inc | 16 ++++++++++++++++ user/login.php | 32 ++++++++++++++++++++++++++++++++ user/login_form.inc | 16 ++++++++++++++++ 4 files changed, 64 insertions(+), 1 deletion(-) delete mode 100644 .gitignore create mode 100644 includes/login_form.inc create mode 100644 user/login.php create mode 100644 user/login_form.inc diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 4276bf9..0000000 --- a/.gitignore +++ /dev/null @@ -1 +0,0 @@ -index.php diff --git a/includes/login_form.inc b/includes/login_form.inc new file mode 100644 index 0000000..a0c8427 --- /dev/null +++ b/includes/login_form.inc @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + +
Username
Password
diff --git a/user/login.php b/user/login.php new file mode 100644 index 0000000..c5993a9 --- /dev/null +++ b/user/login.php @@ -0,0 +1,32 @@ + + +Login + +You are a valid user!
"; + echo "Your username is $_POST[username]
"; + echo "Your password is $_POST[password]

"; + include("login_form.inc"); + } else { + unset($_POST['do']); + echo "

You are not authorized. Please try again.

"; + include("login_form.inc"); + } + + break; +} else { + include("login_form.inc"); +} +?> + + diff --git a/user/login_form.inc b/user/login_form.inc new file mode 100644 index 0000000..a0c8427 --- /dev/null +++ b/user/login_form.inc @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + +
Username
Password
From 21a833a3eb462063255d3f4cb69d92f078c24bc3 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Fri, 9 Aug 2013 23:38:42 -0400 Subject: [PATCH 05/15] Login working, but not cookie. --- includes/login_form.inc | 2 +- user/login.php | 32 -------------------------------- user/login_form.inc | 16 ---------------- user/new.php | 1 + 4 files changed, 2 insertions(+), 49 deletions(-) delete mode 100644 user/login.php delete mode 100644 user/login_form.inc diff --git a/includes/login_form.inc b/includes/login_form.inc index a0c8427..77103c4 100644 --- a/includes/login_form.inc +++ b/includes/login_form.inc @@ -1,4 +1,4 @@ - + diff --git a/user/login.php b/user/login.php deleted file mode 100644 index c5993a9..0000000 --- a/user/login.php +++ /dev/null @@ -1,32 +0,0 @@ - - -Login - -You are a valid user!
"; - echo "Your username is $_POST[username]
"; - echo "Your password is $_POST[password]

"; - include("login_form.inc"); - } else { - unset($_POST['do']); - echo "

You are not authorized. Please try again.

"; - include("login_form.inc"); - } - - break; -} else { - include("login_form.inc"); -} -?> - - diff --git a/user/login_form.inc b/user/login_form.inc deleted file mode 100644 index a0c8427..0000000 --- a/user/login_form.inc +++ /dev/null @@ -1,16 +0,0 @@ - - - -
- - - - - - - - - - - -
Username
Password
diff --git a/user/new.php b/user/new.php index e07f446..54f8c3c 100644 --- a/user/new.php +++ b/user/new.php @@ -1,6 +1,7 @@

Create new post

From c7a1d05e4f12fdb8443bead7b70876455b5af275 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 00:36:04 -0400 Subject: [PATCH 06/15] Lost login.inc somehow. *shrug* --- includes/login.inc | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 includes/login.inc diff --git a/includes/login.inc b/includes/login.inc new file mode 100644 index 0000000..5a9184e --- /dev/null +++ b/includes/login.inc @@ -0,0 +1,35 @@ +You are a valid user!
"; +# echo "Your username is $_POST[username]
"; +# echo "Your password is $_POST[password]

"; + $_COOKIE['monkey'] = '1'; + setcookie('monkey',$_COOKIE['monkey']); + session_start(); + session_register[login];$_SESSION[login] = '1'; + session_register[count];$_SESSION[count]++; + } else { + unset($_POST['do']); + echo "

You are not authorized. Please try again.

"; + include("login_form.inc"); + break; + } + +} +?> From 4dd163139f9b86962c3f86cd5f331436b3514778 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 01:17:23 -0400 Subject: [PATCH 07/15] Database-based login working for user/new.php. --- includes/login.inc | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/includes/login.inc b/includes/login.inc index 5a9184e..8e62561 100644 --- a/includes/login.inc +++ b/includes/login.inc @@ -1,35 +1,26 @@ You are a valid user!
"; -# echo "Your username is $_POST[username]
"; -# echo "Your password is $_POST[password]

"; - $_COOKIE['monkey'] = '1'; - setcookie('monkey',$_COOKIE['monkey']); - session_start(); - session_register[login];$_SESSION[login] = '1'; - session_register[count];$_SESSION[count]++; + if (mysql_num_rows($result) === 1) { + unset($_POST['do']); + $_COOKIE['session'] = 1; + setcookie('session',$_COOKIE['session']); } else { unset($_POST['do']); - echo "

You are not authorized. Please try again.

"; +# $_COOKIE['session']++; + echo "Login failed. Please try again."; include("login_form.inc"); break; } - } ?> From 18a067a902ec93d1ff1149e70cc928cf7709bf61 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 01:38:23 -0400 Subject: [PATCH 08/15] All user/ pages require authentication against database users. --- includes/login.inc | 13 +++++++------ user/edit.php | 1 + user/editpost.php | 2 ++ user/index.php | 1 + user/updatepost.php | 1 + 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/includes/login.inc b/includes/login.inc index 8e62561..8a527c1 100644 --- a/includes/login.inc +++ b/includes/login.inc @@ -1,9 +1,6 @@ diff --git a/user/edit.php b/user/edit.php index 5a068e9..7a1a26a 100644 --- a/user/edit.php +++ b/user/edit.php @@ -1,6 +1,7 @@

Find post to edit

diff --git a/user/editpost.php b/user/editpost.php index 9d33e70..45447fd 100644 --- a/user/editpost.php +++ b/user/editpost.php @@ -6,6 +6,8 @@ require "../includes/dbconnect.php"; require "../includes/htmlcode.php"; start_html("Edit post"); +include "../includes/login.inc"; + print "

Edit post

"; $query = "SELECT * FROM blog WHERE date='$_GET[date]' AND title='$_GET[title]'"; diff --git a/user/index.php b/user/index.php index 30b3fa7..14877eb 100644 --- a/user/index.php +++ b/user/index.php @@ -1,6 +1,7 @@

simplog user interface

diff --git a/user/updatepost.php b/user/updatepost.php index 6c79e1e..e4748aa 100644 --- a/user/updatepost.php +++ b/user/updatepost.php @@ -6,6 +6,7 @@ require "../includes/dbconnect.php"; require "../includes/htmlcode.php"; start_html("Post updated"); +include "../includes/login.inc"; $query = "UPDATE blog SET date='$_POST[date]', title='$_POST[title]', From f5a1d52994570cbd0983b6a1a5f701a989bbcded Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 14:06:14 -0400 Subject: [PATCH 09/15] Created basic install.php to create the tables and admin user. --- install.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 install.php diff --git a/install.php b/install.php new file mode 100644 index 0000000..b6b42f9 --- /dev/null +++ b/install.php @@ -0,0 +1,48 @@ + + +

Installer

+ +"; +} else { + echo "Table 'Blog' created successfully.
"; +} + +# Try to create 'users' table +$sql = "CREATE TABLE `users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64) NOT NULL,`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; +$result = mysql_query($sql); +if (mysql_error()) { + echo mysql_error() . ".
"; +} else { + echo "Table 'Users' created successfully.
"; +} + +# Try to create 'admin' user +$sql = "INSERT INTO `users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), RAND(10000), NULL);"; +$result = mysql_query($sql); +if (mysql_error()) { + echo "User 'admin' already exists.
"; +} else { + echo "User 'admin/admin' created successfully.
"; +} + +end_html(); +?> From 12e02dda1cce061e68ec68b6aa9a594fdc59a636 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 14:19:44 -0400 Subject: [PATCH 10/15] Update README with database installer info. --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 438f871..7805e0b 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,21 @@ simplog.php is intended to be included (with php include) on your webpage, there How do I create the MySQL table? -------------------------------- -Either create a new database and possibly a new user or use an existing database/user and run the command: + +Either create a new mysql user and database or use an existing one, then either: + +Option 1) Go to http://mydomain.tld/path-to-simplog/install.php + + or... + +Option 2) Run this command from the shell: mysql -u -p < blogtable.sql -You'll be asked to enter the passwor for the user, enter it. Now you have created the table for the blog. Now you can start filling it with blog posts. +You'll be asked to enter the password for the user, enter it. + + +Now you have created the table for the blog. Now you can start filling it with blog posts. Contributing ------------ From 84a11cc73bdb02a981403218ec698613f3b9f999 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sat, 10 Aug 2013 14:28:27 -0400 Subject: [PATCH 11/15] Add comments to includes/login.inc --- includes/login.inc | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/includes/login.inc b/includes/login.inc index 8a527c1..529ddd8 100644 --- a/includes/login.inc +++ b/includes/login.inc @@ -1,25 +1,35 @@ Date: Sat, 10 Aug 2013 14:32:21 -0400 Subject: [PATCH 12/15] Update README. --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7805e0b..bf15ffb 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,9 @@ simplog is a (very) simple PHP blog engine. It's supposed to be implemented into What's missing? --------------- -Not much really as of 2013-07-27, depending on how you plan to use it. Included is a template to create the MySQL table, a small HTML and PHP file to create new posts, an index.php file that displays your posts and a config file to connect to a database and set number of posts per page. Now there is also a HTML file to find your posts and edit/update them. Note that you need to protect the user directory yourself (with for example a .htaccess file), or else everyone can post on your blog. +Not much really as of 2013-07-27, depending on how you plan to use it. Included is a template to create the MySQL table, a small HTML and PHP file to create new posts, an index.php file that displays your posts and a config file to connect to a database and set number of posts per page. Now there is also a HTML file to find your posts and edit/update them. + +You no longer need to protect the user/ directory yourself. Authentication is done using the database. Usage ----- From be86ecdaa1768a0e2df5074ccdd8e707abc080d6 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Sun, 11 Aug 2013 22:44:10 -0400 Subject: [PATCH 13/15] Renamed users table so it doesn't conflict with another site, in case you use the same database. --- includes/login.inc | 2 +- install.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/login.inc b/includes/login.inc index 529ddd8..c39570b 100644 --- a/includes/login.inc +++ b/includes/login.inc @@ -10,7 +10,7 @@ if ( $_COOKIE['session'] ) { // If yes, continue loading page as normal # Attempt login require "dbconnect.php"; - $sql = "SELECT id,username FROM users WHERE username='$_POST[username]' and password=PASSWORD('$_POST[password]')"; + $sql = "SELECT id,username FROM blog_users WHERE username='$_POST[username]' and password=PASSWORD('$_POST[password]')"; $result = mysql_query($sql) or die (mysql_error()); # echo "Results: " . mysql_num_rows($result); // Debugging line diff --git a/install.php b/install.php index b6b42f9..3e4aca8 100644 --- a/install.php +++ b/install.php @@ -26,8 +26,8 @@ if (mysql_error()) { echo "Table 'Blog' created successfully.
"; } -# Try to create 'users' table -$sql = "CREATE TABLE `users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64) NOT NULL,`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; +# Try to create 'blog_users' table +$sql = "CREATE TABLE `blog_users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64) NOT NULL,`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; $result = mysql_query($sql); if (mysql_error()) { echo mysql_error() . ".
"; @@ -36,7 +36,7 @@ if (mysql_error()) { } # Try to create 'admin' user -$sql = "INSERT INTO `users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), RAND(10000), NULL);"; +$sql = "INSERT INTO `blog_users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), RAND(10000), NULL);"; $result = mysql_query($sql); if (mysql_error()) { echo "User 'admin' already exists.
"; From f3c493bbaba1ec2c5672640d2682119647dbf334 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Fri, 16 Aug 2013 20:35:28 -0400 Subject: [PATCH 14/15] Removed NOT NULL from users db, salt field since it's not implemented yet. --- install.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.php b/install.php index 3e4aca8..2de1d1e 100644 --- a/install.php +++ b/install.php @@ -27,7 +27,7 @@ if (mysql_error()) { } # Try to create 'blog_users' table -$sql = "CREATE TABLE `blog_users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64) NOT NULL,`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; +$sql = "CREATE TABLE `blog_users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64),`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; $result = mysql_query($sql); if (mysql_error()) { echo mysql_error() . ".
"; From b411bd3b272c3caabe2946c76cae51efd84ef7a3 Mon Sep 17 00:00:00 2001 From: Elyrith Date: Fri, 16 Aug 2013 20:44:06 -0400 Subject: [PATCH 15/15] Removed salt from database completely. To be worked out later. --- install.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install.php b/install.php index 2de1d1e..484f4f2 100644 --- a/install.php +++ b/install.php @@ -27,7 +27,7 @@ if (mysql_error()) { } # Try to create 'blog_users' table -$sql = "CREATE TABLE `blog_users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`salt` int(64),`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; +$sql = "CREATE TABLE `blog_users` (`id` int(11) NOT NULL AUTO_INCREMENT,`username` varchar(20) NOT NULL,`name` varchar(40) NOT NULL,`password` varchar(64) NOT NULL,`session` int(64), PRIMARY KEY (`id`)) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; $result = mysql_query($sql); if (mysql_error()) { echo mysql_error() . ".
"; @@ -36,7 +36,7 @@ if (mysql_error()) { } # Try to create 'admin' user -$sql = "INSERT INTO `blog_users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), RAND(10000), NULL);"; +$sql = "INSERT INTO `blog_users` (`id`, `username`, `name`, `password`, `session`) VALUES (NULL, 'admin', 'Admin', PASSWORD('admin'), NULL);"; $result = mysql_query($sql); if (mysql_error()) { echo "User 'admin' already exists.
";