From 2a236b02da098bfb9ce2a38432e7b08f8726f754 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:37:53 +0930 Subject: [PATCH 01/50] Create SECURITY.md --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..61335f7 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 4.x.x | :white_check_mark: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From a0c989ad948c20aafa50a780ee2b02165ea7539b Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:41:11 +0930 Subject: [PATCH 02/50] Create psalm.yml --- .github/workflows/psalm.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/psalm.yml diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml new file mode 100644 index 0000000..23a0e26 --- /dev/null +++ b/.github/workflows/psalm.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Psalm Security Scan + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '43 10 * * 6' + +permissions: + contents: read + +jobs: + php-security: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Psalm Security Scan + uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif From 531359ac6bbcdd1606b19944a3d65cd93ef4db7d Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:50:20 +0930 Subject: [PATCH 03/50] Update psalm.yml --- .github/workflows/psalm.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 23a0e26..3e892a5 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -12,7 +12,7 @@ on: # The branches below must be a subset of the branches above branches: [ "master" ] schedule: - - cron: '43 10 * * 6' + - cron: '27 4 * * 5' permissions: contents: read @@ -31,6 +31,20 @@ jobs: - name: Psalm Security Scan uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + with: + security_analysis: true + report_file: results.sarif + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif + + - name: Psalm – Static Analysis for PHP + uses: psalm/psalm-github-actions@2.3.0 + with: + security_analysis: true + report_file: results.sarif - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v2 From 9fc8263323834b0d69ff9df6c7a775f86954fe9b Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:52:51 +0930 Subject: [PATCH 04/50] Update psalm.yml --- .github/workflows/psalm.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 3e892a5..97bade1 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -31,9 +31,6 @@ jobs: - name: Psalm Security Scan uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 - with: - security_analysis: true - report_file: results.sarif - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v2 From 4bea39d6ff6c54c66d6f52f2d51a16bf3f9c5611 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:54:41 +0930 Subject: [PATCH 05/50] Disabled composer requirements --- .github/workflows/psalm.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 97bade1..8fd28e2 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -31,6 +31,9 @@ jobs: - name: Psalm Security Scan uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + with: + composer_require_dev: false + composer_ignore_platform_reqs: false - name: Upload Security Analysis results to GitHub uses: github/codeql-action/upload-sarif@v2 @@ -40,6 +43,8 @@ jobs: - name: Psalm – Static Analysis for PHP uses: psalm/psalm-github-actions@2.3.0 with: + composer_require_dev: false + composer_ignore_platform_reqs: false security_analysis: true report_file: results.sarif From 11d79c349e5459dfe95ddf16abe0dd7c30b8d544 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:58:57 +0930 Subject: [PATCH 06/50] Reset of palm... --- .github/workflows/psalm.yml | 51 ++++++++----------------------------- 1 file changed, 10 insertions(+), 41 deletions(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 8fd28e2..c9aaa71 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -1,54 +1,23 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. +name: Psalm Static analysis -name: Psalm Security Scan - -on: - push: - branches: [ "master" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "master" ] - schedule: - - cron: '27 4 * * 5' - -permissions: - contents: read +on: [push, pull_request] jobs: - php-security: + psalm: + name: Psalm runs-on: ubuntu-latest - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - steps: - name: Checkout code - uses: actions/checkout@v3 - - - name: Psalm Security Scan - uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 - with: - composer_require_dev: false - composer_ignore_platform_reqs: false + uses: actions/checkout@v2 - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + - name: Psalm + uses: docker://ghcr.io/psalm/psalm-github-actions:5.7.7 with: - sarif_file: results.sarif - - - name: Psalm – Static Analysis for PHP - uses: psalm/psalm-github-actions@2.3.0 - with: - composer_require_dev: false - composer_ignore_platform_reqs: false + composer_require_dev: true + composer_ignore_platform_reqs: true security_analysis: true report_file: results.sarif - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif From 5cff19d05f2d31b2ceee7be7023d5bdb7c3fff27 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:00:16 +0930 Subject: [PATCH 07/50] Update psalm.yml --- .github/workflows/psalm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index c9aaa71..761fc67 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -13,7 +13,7 @@ jobs: - name: Psalm uses: docker://ghcr.io/psalm/psalm-github-actions:5.7.7 with: - composer_require_dev: true + composer_require_dev: false composer_ignore_platform_reqs: true security_analysis: true report_file: results.sarif From 5abfc628a49df401e8df30db74cbcf8fc474258b Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:04:18 +0930 Subject: [PATCH 08/50] Create composer.json --- composer.json | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 composer.json diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..7a4a3e2 --- /dev/null +++ b/composer.json @@ -0,0 +1,34 @@ +{ + "authors": [ + { + "name": "Philipinho (Philip)", + "homepage": "https://github.com/Philipinho", + "role": "Developer" + }, + { + "name": "7s9n (Hussein Sarea)", + "homepage": "https://github.com/7s9n", + "role": "Contributor" + } + { + "name": "ankheur (Pierrick Rancoeur)", + "homepage": "https://github.com/ankheur", + "role": "Contributor" + } + { + "name": "terzinnorbert", + "homepage": "https://github.com/terzinnorbert", + "role": "Contributor" + } + { + "name": "myckgoncalves (Myck Gonçalves)", + "homepage": "https://github.com/myckgoncalves", + "role": "Contributor" + } + { + "name": "rastating", + "homepage": "https://github.com/rastating", + "role": "Contributor" + } + ] +} From 2f7fccd17c6d408c64b62fae293a5d111c97a8b9 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:07:16 +0930 Subject: [PATCH 09/50] Update composer.json --- composer.json | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index 7a4a3e2..10ea3b1 100644 --- a/composer.json +++ b/composer.json @@ -1,4 +1,9 @@ { + "name": "composer/composer", + "type": "library", + "description": "Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.", + "keywords": [ + ], "authors": [ { "name": "Philipinho (Philip)", @@ -9,26 +14,29 @@ "name": "7s9n (Hussein Sarea)", "homepage": "https://github.com/7s9n", "role": "Contributor" - } + }, { "name": "ankheur (Pierrick Rancoeur)", "homepage": "https://github.com/ankheur", "role": "Contributor" - } + }, { "name": "terzinnorbert", "homepage": "https://github.com/terzinnorbert", "role": "Contributor" - } + }, { "name": "myckgoncalves (Myck Gonçalves)", "homepage": "https://github.com/myckgoncalves", "role": "Contributor" - } + }, { "name": "rastating", "homepage": "https://github.com/rastating", "role": "Contributor" } - ] + ], + "require": { + "php": "^7.2.5 || ^8.0" + } } From 3fa8ddb5ae0ae9b23b5434a30f12abbb4075a899 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:11:09 +0930 Subject: [PATCH 10/50] Updated to Upload-sarif@v2 Also removed stuff about composer, since a basic one exists to satisfy requirements for one. --- .github/workflows/psalm.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 761fc67..9f7d5a9 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -13,11 +13,9 @@ jobs: - name: Psalm uses: docker://ghcr.io/psalm/psalm-github-actions:5.7.7 with: - composer_require_dev: false - composer_ignore_platform_reqs: true security_analysis: true report_file: results.sarif - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif From 9224ce9fe1fbe17a2f6eaa82ab3d873a4d34fe76 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:19:32 +0930 Subject: [PATCH 11/50] Added permissions to code scan --- .github/workflows/psalm.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 9f7d5a9..aa9764a 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -4,6 +4,20 @@ on: [push, pull_request] jobs: psalm: + permissions: + actions: read + checks: read + contents: read + deployments: none + id-token: none + issues: write + discussions: read + packages: read + pages: none + pull-requests: write + repository-projects: read + security-events: write + statuses: write name: Psalm runs-on: ubuntu-latest steps: From 6ba29edc71ab9aedf4bb4553a355773d7109a309 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:27:46 +0930 Subject: [PATCH 12/50] Back ported code from donejeh https://github.com/donejeh/Simple-PHP-Blog/commit/6f211f7748b3f289bee6ae0600f11ab6c7e9dd83 --- admin.php | 1 + 1 file changed, 1 insertion(+) diff --git a/admin.php b/admin.php index 6a0163e..8edab0c 100644 --- a/admin.php +++ b/admin.php @@ -61,6 +61,7 @@ + view post

"; ?> Edit | Delete From 96558a7b3b8130e77f19cdc1cff838931aee08e4 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:34:15 +0930 Subject: [PATCH 13/50] Fixed formatting via Intelephense Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 25 ++++++++-------- cat.php | 4 +-- categories.php | 12 ++++---- connect.php | 14 ++++----- del.php | 2 +- edit.php | 14 ++++----- functions.php | 16 +++++----- generate_slugs.php | 12 ++++---- header.php | 62 +++++++++++++++++++------------------- index.php | 74 +++++++++++++++++++++++----------------------- login.php | 24 ++++++++------- new.php | 17 ++++++----- search.php | 48 ++++++++++++++---------------- security.php | 2 +- view.php | 12 ++++---- 15 files changed, 171 insertions(+), 167 deletions(-) diff --git a/admin.php b/admin.php index 8edab0c..d725ef7 100644 --- a/admin.php +++ b/admin.php @@ -3,14 +3,14 @@ require_once 'header.php'; require_once 'security.php'; ?> -

Admin Dashboard

-
-

Welcome ,

-

Create new post

-

Generate slugs (SEO URLs)

+

Admin Dashboard

+
+

Welcome ,

+

Create new post

+

Generate slugs (SEO URLs)

-
-
Posts
+
+
Posts
$totalpages) { $page = $totalpages; @@ -54,20 +54,19 @@ $author = $row['posted_by']; $time = $row['date']; - $permalink = "p/".$id ."/".$slug; - ?> + $permalink = "p/" . $id . "/" . $slug; +?> view post

"; ?> - Edit | Delete + Edit | Delete - "; diff --git a/cat.php b/cat.php index 7c47b62..7636837 100644 --- a/cat.php +++ b/cat.php @@ -2,7 +2,7 @@ require_once 'connect.php'; require_once 'header.php'; -$id = (INT)$_GET['id']; +$id = (int)$_GET['id']; if ($id < 1) { header("location: index.php"); } @@ -51,4 +51,4 @@ echo ''; } -include("footer.php"); \ No newline at end of file +include("footer.php"); diff --git a/categories.php b/categories.php index b3b8a58..d4b158d 100644 --- a/categories.php +++ b/categories.php @@ -1,22 +1,24 @@ -

Categories

+
+

Categories +

"; while ($row = mysqli_fetch_assoc($result)) { $id = $row['id']; $catname = $row['catname']; $description = $row['description']; - ?> +?>

- "; -}else{ +} else { echo "
No Category found.
"; } diff --git a/connect.php b/connect.php index c666e57..2e4ae42 100644 --- a/connect.php +++ b/connect.php @@ -2,16 +2,16 @@ ob_start(); session_start(); -$dbhost = "localhost"; -$dbuser = "root"; -$dbpass = ""; -$dbname = "newblog"; -$charset = "utf8"; +$dbhost = "localhost"; +$dbuser = "root"; +$dbpass = ""; +$dbname = "newblog"; +$charset = "utf8"; $dbcon = mysqli_connect($dbhost, $dbuser, $dbpass); if (!$dbcon) { die("Connection failed" . mysqli_connect_error()); } -mysqli_select_db($dbcon,$dbname); -mysqli_set_charset($dbcon,$charset); +mysqli_select_db($dbcon, $dbname); +mysqli_set_charset($dbcon, $charset); diff --git a/del.php b/del.php index 9bdf8d0..000e26a 100644 --- a/del.php +++ b/del.php @@ -13,4 +13,4 @@ echo "Failed to delete." . mysqli_connect_error(); } } -mysqli_close($dbcon); \ No newline at end of file +mysqli_close($dbcon); diff --git a/edit.php b/edit.php index f013b86..66c4793 100644 --- a/edit.php +++ b/edit.php @@ -3,7 +3,7 @@ require_once 'header.php'; require_once 'security.php'; -$id = (INT)$_GET['id']; +$id = (int)$_GET['id']; if ($id < 1) { header("location: index.php"); } @@ -18,7 +18,7 @@ $title = $row['title']; $description = $row['description']; $slug = $row['slug']; -$permalink = "p/". $id."/".$slug; +$permalink = "p/" . $id . "/" . $slug; if (isset($_POST['upd'])) { $id = $_POST['id']; @@ -36,13 +36,13 @@ } ?> -
+

Edit Post -

-

Goto post

+

Goto post

@@ -64,12 +64,12 @@

- Delete Post
+ Delete Post +

-
+ "; } @@ -26,21 +26,19 @@ $description = $row['description']; $slug = $row['slug']; - if (is_null($slug)){ + if (is_null($slug)) { $new_slug = slug($title); $sql2 = "UPDATE posts SET slug = '$new_slug' WHERE id = $id"; if (mysqli_query($dbcon, $sql2)) { - $permalink = "p/".$id."/".$new_slug; + $permalink = "p/" . $id . "/" . $new_slug; - echo "Slug successfully generated for $title
" ; + echo "Slug successfully generated for $title
"; } else { echo "Failed to generate slug for post ID: $id." . mysqli_connect_error(); } - } - } -mysqli_close($dbcon); \ No newline at end of file +mysqli_close($dbcon); diff --git a/header.php b/header.php index 0d5754f..4df9907 100644 --- a/header.php +++ b/header.php @@ -2,15 +2,16 @@ require_once 'functions.php'; require_once 'config.php'; -if (!empty(SITE_ROOT)){ - $url_path = "/".SITE_ROOT."/"; -} else{ +if (!empty(SITE_ROOT)) { + $url_path = "/" . SITE_ROOT . "/"; +} else { $url_path = "/"; } ?> + @@ -20,32 +21,33 @@ + -
-

PHP Blog

-
- -
- Home - New Post"; - echo "Admin Panel"; - echo "Logout"; - } else { - echo "Login"; - } - ?> -
- -
-
-

- -

-

- -

-
-
\ No newline at end of file +
+

PHP Blog

+
+ +
+ Home + New Post"; + echo "Admin Panel"; + echo "Logout"; + } else { + echo "Login"; + } + ?> +
+ +
+
+

+ +

+

+ +

+
+
\ No newline at end of file diff --git a/index.php b/index.php index 03fc66c..97939d6 100644 --- a/index.php +++ b/index.php @@ -19,7 +19,7 @@ $page = 1; if (isset($_GET['page']) && is_numeric($_GET['page'])) { - $page = (INT)$_GET['page']; + $page = (int)$_GET['page']; } if ($page > $totalpages) { @@ -37,56 +37,56 @@ if (mysqli_num_rows($result) < 1) { echo '
No post yet!
'; } else { - while ($row = mysqli_fetch_assoc($result)) { + while ($row = mysqli_fetch_assoc($result)) { - $id = htmlentities($row['id']); - $title = htmlentities($row['title']); - $des = htmlentities(strip_tags($row['description'])); - $slug = htmlentities($row['slug']); - $time = htmlentities($row['date']); + $id = htmlentities($row['id']); + $title = htmlentities($row['title']); + $des = htmlentities(strip_tags($row['description'])); + $slug = htmlentities($row['slug']); + $time = htmlentities($row['date']); - $permalink = "p/".$id ."/".$slug; + $permalink = "p/" . $id . "/" . $slug; - echo '
'; - echo "

$title

"; + echo '

'; + echo "

$title

"; - echo substr($des, 0, 100); + echo substr($des, 0, 100); - echo '

'; - echo "Read more...

"; + echo '
'; + echo "Read more...

"; - echo '
'; - echo "
$time
"; - echo '
'; -} + echo '
'; + echo "
$time
"; + echo '
'; + } -echo "

"; + echo "

"; -if ($page > 1) { - echo "«"; - $prevpage = $page - 1; - echo "<"; -} + if ($page > 1) { + echo "«"; + $prevpage = $page - 1; + echo "<"; + } -$range = 5; -for ($x = $page - $range; $x < ($page + $range) + 1; $x++) { - if (($x > 0) && ($x <= $totalpages)) { - if ($x == $page) { - echo "
$x
"; - } else { - echo "$x"; + $range = 5; + for ($x = $page - $range; $x < ($page + $range) + 1; $x++) { + if (($x > 0) && ($x <= $totalpages)) { + if ($x == $page) { + echo "
$x
"; + } else { + echo "$x"; + } } } -} -if ($page != $totalpages) { - $nextpage = $page + 1; - echo ">"; - echo "»"; -} + if ($page != $totalpages) { + $nextpage = $page + 1; + echo ">"; + echo "»"; + } -echo "

"; + echo "

"; } include("categories.php"); diff --git a/login.php b/login.php index 09265c4..6967ad1 100644 --- a/login.php +++ b/login.php @@ -22,16 +22,18 @@ echo "
Incorrect username or password.
"; } } - ?> +?> + +
+ + + + +

+
-
- - - - -

-
- - ", - $permalink); + $permalink = "p/" . mysqli_insert_id($dbcon) . "/" . $slug; + printf( + "Posted successfully. ", + $permalink + ); } else { - ?> +?>
@@ -35,7 +36,7 @@

- +

@@ -44,7 +45,7 @@

- Showing results for $q
"; + echo "
Showing results for $q
"; - while ($row = mysqli_fetch_assoc($result)) { + while ($row = mysqli_fetch_assoc($result)) { - $id = htmlentities($row['id']); - $title = htmlentities($row['title']); - $des = htmlentities(strip_tags($row['description'])); - $slug = htmlentities(strip_tags($row['slug'])); - $time = htmlentities($row['date']); + $id = htmlentities($row['id']); + $title = htmlentities($row['title']); + $des = htmlentities(strip_tags($row['description'])); + $slug = htmlentities(strip_tags($row['slug'])); + $time = htmlentities($row['date']); - $permalink = "p/".$id ."/".$slug; + $permalink = "p/" . $id . "/" . $slug; - echo '
'; - echo "

$title

"; + echo '

'; + echo "

$title

"; - echo substr($des, 0, 100); + echo substr($des, 0, 100); - echo '

'; - echo "Read more..."; - - echo '
'; - echo "$time
"; - echo '
'; - - } + echo '

'; + echo "Read more..."; + echo '
'; + echo "$time
"; + echo '
'; } + } } include("footer.php"); diff --git a/security.php b/security.php index 33df578..919b90d 100644 --- a/security.php +++ b/security.php @@ -2,4 +2,4 @@ if (!isset($_SESSION['username'])) { header("location: login.php"); exit(); -} \ No newline at end of file +} diff --git a/view.php b/view.php index 98d2341..057c02e 100644 --- a/view.php +++ b/view.php @@ -2,7 +2,7 @@ require_once 'connect.php'; require_once 'header.php'; -$id = (INT)$_GET['id']; +$id = (int)$_GET['id']; if ($id < 1) { header("location: $url_path"); } @@ -37,12 +37,12 @@ -
[Edit]
+?> +
[Edit]
- [Delete]
- del.php?id=" onclick="return confirm('Are you sure you want to delete this post?'); ">[Delete] + +'; From 4cf146ff47ed5a4327c8766a9dac8e6633bac090 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:35:59 +0930 Subject: [PATCH 14/50] Back ported ytyeoh's fix for full width Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edit.php b/edit.php index 66c4793..41e7e5c 100644 --- a/edit.php +++ b/edit.php @@ -36,7 +36,7 @@ } ?> -
+
From 96f9197247ec5186cce2c6c9faa66e44f086fb4b Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:44:21 +0930 Subject: [PATCH 15/50] Added Apple Mac & VScode ignore list Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- .gitignore | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.gitignore b/.gitignore index 485dee6..8ea58cf 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,44 @@ .idea +/uploads/* + +# General Apple files +.DS_Store +.AppleDouble +.LSOverride + +# Apple Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix From e8f251d6e99df76c2ca1a362259b9417bed01340 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:49:12 +0930 Subject: [PATCH 16/50] Updated Trumbowyg to 2.27.3 Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- footer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/footer.php b/footer.php index 510dadc..1b1e8b2 100644 --- a/footer.php +++ b/footer.php @@ -4,7 +4,7 @@

- + From 0446201b18e18dcf42e447ede027504cbe70761c Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:50:48 +0930 Subject: [PATCH 17/50] Updated style to use img 100% Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- view.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/view.php b/view.php index 057c02e..d6e4424 100644 --- a/view.php +++ b/view.php @@ -24,7 +24,7 @@ $author = $row['posted_by']; $time = $row['date']; -echo '
'; +echo '
'; echo "

$title

"; echo '
'; From d3d433769d94fbd7996ac95f0e5691af10108b23 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:53:33 +0930 Subject: [PATCH 18/50] Fixed missing quotation mark. Updated trumbowyg css to 2.27.3 Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- header.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/header.php b/header.php index 4df9907..05d111b 100644 --- a/header.php +++ b/header.php @@ -14,12 +14,12 @@ - + PHP Blog - + From fdac3563be4527803a0f1158449a075c7d78c3dd Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 20:58:27 +0930 Subject: [PATCH 19/50] Added license file Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- LICENSE | 1 + 1 file changed, 1 insertion(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ea64188 --- /dev/null +++ b/LICENSE @@ -0,0 +1 @@ +//TODO \ No newline at end of file From eeb89b9f7a12dc380c79ec1cf3cabbd29636cd3d Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:19:48 +0930 Subject: [PATCH 20/50] Moved DB config to config.php Moved require config.php to header.php Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 1 - cat.php | 1 - config.php | 12 ++++++++++-- connect.php | 12 +++--------- del.php | 1 - edit.php | 1 - generate_slugs.php | 6 +++--- header.php | 3 ++- index.php | 1 - login.php | 1 - new.php | 1 - search.php | 1 - view.php | 1 - 13 files changed, 18 insertions(+), 24 deletions(-) diff --git a/admin.php b/admin.php index d725ef7..3e78f66 100644 --- a/admin.php +++ b/admin.php @@ -1,5 +1,4 @@ diff --git a/cat.php b/cat.php index 7636837..b7b63e3 100644 --- a/cat.php +++ b/cat.php @@ -1,5 +1,4 @@ diff --git a/login.php b/login.php index 6967ad1..fcfd661 100644 --- a/login.php +++ b/login.php @@ -1,5 +1,4 @@ Login'; diff --git a/new.php b/new.php index 9546aaf..12db9d6 100644 --- a/new.php +++ b/new.php @@ -1,5 +1,4 @@ Date: Sun, 3 Sep 2023 21:21:21 +0930 Subject: [PATCH 21/50] Updated to ignore pull request (dont know if bad) Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- .vscode/settings.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..6c2ff60 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "githubPullRequests.ignoredPullRequestBranches": [ + "master" + ] +} \ No newline at end of file From c06a1f5619a940504a352273069ddc67a6a4d8dc Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:21:29 +0930 Subject: [PATCH 22/50] Formatting. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- config.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/config.php b/config.php index d3cd4da..358ee7b 100644 --- a/config.php +++ b/config.php @@ -1,7 +1,4 @@ Date: Sun, 3 Sep 2023 21:25:10 +0930 Subject: [PATCH 23/50] Fix security issue #5 Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- login.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/login.php b/login.php index fcfd661..55d712d 100644 --- a/login.php +++ b/login.php @@ -26,7 +26,7 @@
From 2fa666b48ae564e0b8f64dc1f100ff2c4cbd6af3 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:26:30 +0930 Subject: [PATCH 24/50] Fix security issue #3 Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edit.php b/edit.php index 9468b95..5da907f 100644 --- a/edit.php +++ b/edit.php @@ -44,7 +44,7 @@

Goto post

- +

From 8214f2ba51c0ae8a482a2b0b1f1807796ddbedbb Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:37:58 +0930 Subject: [PATCH 25/50] Updated checkout to v3 Moved name around for formatting Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- .github/workflows/psalm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index aa9764a..931deb7 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -4,6 +4,7 @@ on: [push, pull_request] jobs: psalm: + name: Psalm permissions: actions: read checks: read @@ -18,11 +19,10 @@ jobs: repository-projects: read security-events: write statuses: write - name: Psalm runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Psalm uses: docker://ghcr.io/psalm/psalm-github-actions:5.7.7 From 1c0f0afaa3f3bf874e30899cdaf001f1bf8cf848 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:44:44 +0930 Subject: [PATCH 26/50] Fix security issues #6 & #7 Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- edit.php | 2 +- login.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/edit.php b/edit.php index 5da907f..4c3a8f7 100644 --- a/edit.php +++ b/edit.php @@ -44,7 +44,7 @@

Goto post

- +

diff --git a/login.php b/login.php index 55d712d..1a40514 100644 --- a/login.php +++ b/login.php @@ -1,6 +1,8 @@ Login'; if (isset($_POST['log'])) { @@ -26,7 +28,7 @@ From a7732e21146f2112991dd8d59c3c3aadbf82e323 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Sun, 3 Sep 2023 21:54:41 +0930 Subject: [PATCH 27/50] File cleanup. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 2 +- edit.php | 2 +- connect.php => functions/connect.php | 0 functions.php => functions/functions.php | 0 security.php => functions/security.php | 0 header.php | 4 ++-- new.php | 2 +- 7 files changed, 5 insertions(+), 5 deletions(-) rename connect.php => functions/connect.php (100%) rename functions.php => functions/functions.php (100%) rename security.php => functions/security.php (100%) diff --git a/admin.php b/admin.php index 3e78f66..7cd3e06 100644 --- a/admin.php +++ b/admin.php @@ -1,6 +1,6 @@

Admin Dashboard

diff --git a/edit.php b/edit.php index 4c3a8f7..dd0cfa4 100644 --- a/edit.php +++ b/edit.php @@ -1,6 +1,6 @@ Date: Sun, 3 Sep 2023 22:07:11 +0930 Subject: [PATCH 28/50] Fixed missing semicolons Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- header.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/header.php b/header.php index 2d92bfc..7a250d2 100644 --- a/header.php +++ b/header.php @@ -1,7 +1,7 @@ Date: Sun, 3 Sep 2023 22:24:39 +0930 Subject: [PATCH 29/50] fix references for functions. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- generate_slugs.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/generate_slugs.php b/generate_slugs.php index 7980b8c..6b56d36 100644 --- a/generate_slugs.php +++ b/generate_slugs.php @@ -1,8 +1,8 @@ Date: Wed, 6 Sep 2023 17:07:46 +0930 Subject: [PATCH 30/50] Updated config to explain site_root better Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.php b/config.php index 358ee7b..bf70d5f 100644 --- a/config.php +++ b/config.php @@ -8,5 +8,5 @@ define('DB_CHARSET', 'utf8'); // What character set are we using /* Define some settings for the blog */ - define('SITE_ROOT', ''); // If installed on a sub-folder, replace the empty constant with the folder's name + define('SITE_ROOT', ''); // If installed on a sub-folder. E.g. if installed to 'www.example.com/blog', enter 'blog' for SITE_ROOT define('PAGINATION', 10); // Pagination results per page \ No newline at end of file From 296e96b8b94d0d86dd947640887810f976d9482c Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 17:18:15 +0930 Subject: [PATCH 31/50] Added a debug mode, so errors can be seen. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 6 ++++++ cat.php | 6 ++++++ config.php | 21 +++++++++++---------- del.php | 6 ++++++ edit.php | 6 ++++++ functions/connect.php | 4 ++++ functions/functions.php | 5 +++++ functions/security.php | 6 ++++++ generate_slugs.php | 6 ++++++ header.php | 6 ++++++ index.php | 6 ++++++ login.php | 6 ++++++ logout.php | 6 ++++++ new.php | 6 ++++++ search.php | 6 ++++++ view.php | 6 ++++++ 16 files changed, 98 insertions(+), 10 deletions(-) diff --git a/admin.php b/admin.php index 7cd3e06..cfacded 100644 --- a/admin.php +++ b/admin.php @@ -1,4 +1,10 @@ diff --git a/cat.php b/cat.php index b7b63e3..218ba80 100644 --- a/cat.php +++ b/cat.php @@ -1,4 +1,10 @@ diff --git a/login.php b/login.php index 1a40514..ce0d5ed 100644 --- a/login.php +++ b/login.php @@ -1,4 +1,10 @@ Date: Wed, 6 Sep 2023 17:37:21 +0930 Subject: [PATCH 32/50] Fixed up debug mode options. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 5 +++-- cat.php | 4 ++-- del.php | 4 ++-- edit.php | 9 +++++---- functions/connect.php | 8 ++++++-- functions/functions.php | 1 + functions/security.php | 2 +- generate_slugs.php | 11 ++++++----- header.php | 8 ++++---- index.php | 3 ++- login.php | 12 +++++------- logout.php | 6 ------ new.php | 6 +++--- search.php | 4 ++-- view.php | 4 ++-- 15 files changed, 44 insertions(+), 43 deletions(-) diff --git a/admin.php b/admin.php index cfacded..a54e0ab 100644 --- a/admin.php +++ b/admin.php @@ -1,12 +1,13 @@

Admin Dashboard

diff --git a/cat.php b/cat.php index 218ba80..688c742 100644 --- a/cat.php +++ b/cat.php @@ -1,12 +1,12 @@ Goto post - +

diff --git a/functions/connect.php b/functions/connect.php index 263ab5e..eed988e 100644 --- a/functions/connect.php +++ b/functions/connect.php @@ -1,7 +1,11 @@

diff --git a/login.php b/login.php index ce0d5ed..809ad87 100644 --- a/login.php +++ b/login.php @@ -1,15 +1,16 @@ Login'; -$CurrentUser = htmlentities(strip_tags($_POST['username']), ENT_SUBSTITUTE); +if (isset($_POST['username'])) {$CurrentUser = htmlentities(strip_tags($_POST['username']), ENT_SUBSTITUTE);} -echo '

Login

'; if (isset($_POST['log'])) { $username = mysqli_real_escape_string($dbcon, $_POST['username']); @@ -21,7 +22,6 @@ $row = mysqli_fetch_assoc($result); $row_count = mysqli_num_rows($result); - if ($row_count == 1 && password_verify($password, $row['password'])) { $_SESSION['username'] = $username; header("location: admin.php"); @@ -33,9 +33,7 @@ - +

diff --git a/logout.php b/logout.php index b5c7419..9cc139d 100644 --- a/logout.php +++ b/logout.php @@ -1,10 +1,4 @@ Date: Wed, 6 Sep 2023 18:04:19 +0930 Subject: [PATCH 33/50] Changed login to detect for * Valid post with username & password * Added more comments to explain the process. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- login.php | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/login.php b/login.php index 809ad87..b4c63c4 100644 --- a/login.php +++ b/login.php @@ -1,6 +1,9 @@ Incorrect username or password.
"; + } else { + // We have data for a username, now lets save it in a SQL safe string (e.g. automatically add escape characters, etc.) + $username = mysqli_real_escape_string($dbcon, $_POST['username']); + } - $sql = "SELECT * FROM admin WHERE username = '$username'"; + // Do the same for the password field. + if (empty(trim($_POST["password"]))) { + echo "
Incorrect username or password.
"; + } else { + // And again save the password in a SQL safe string + $password = mysqli_real_escape_string($dbcon, $_POST['password']); + } + // Build the SQL statement to get the user details (so we can then verify the user exists AND that the password is valid) + $sql = "SELECT 'id', 'username', 'password' FROM admin WHERE username = '$username'"; + + // Request the data from the SQL server, process it AND count the number of rows. $result = mysqli_query($dbcon, $sql); $row = mysqli_fetch_assoc($result); $row_count = mysqli_num_rows($result); + // Check that the user only exists once in the SQL database AND that the password is matching. if ($row_count == 1 && password_verify($password, $row['password'])) { + // This part we store some information in the PHP session information, so we can use it as a later time (e.g. the user ID) + $_SESSION['userid'] = $row['id']; $_SESSION['username'] = $username; + $_SESSION["loggedin"] = true; + + // Now we redirect the user to the admin portal. header("location: admin.php"); } else { echo "
Incorrect username or password.
"; @@ -36,7 +63,7 @@ -

+

Date: Wed, 6 Sep 2023 18:08:08 +0930 Subject: [PATCH 34/50] Changed 'admin' table to 'users' table Added `displayname` to the 'users' table Added code for storing the `displayname` in the php session Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- database.sql | 21 +++++++++++---------- login.php | 4 +++- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/database.sql b/database.sql index 5d95549..e99551c 100644 --- a/database.sql +++ b/database.sql @@ -25,23 +25,24 @@ SET time_zone = "+00:00"; -- -------------------------------------------------------- -- --- Table structure for table `admin` +-- Table structure for table `users` -- -CREATE TABLE `admin` ( +CREATE TABLE `users` ( `id` int(11) NOT NULL, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, - `date` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp() + `date` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), + `displayname` varchar(255) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8; -- --- Dumping data for table `admin` +-- Dumping data for table `users` -- -INSERT INTO `admin` (`id`, `username`, `password`, `email`, `date`) VALUES -(1, 'Admin', '$2y$10$FfhPYubR4sOXAFSd3NzyQ.C77L4.qIsCa/YlYZCn.2eK8rfWr6oiq', 'admin@example.org', '2021-09-19 14:39:53'); +INSERT INTO `users` (`id`, `username`, `password`, `email`, `date`, `displayname`) VALUES +(1, 'Admin', '$2y$10$FfhPYubR4sOXAFSd3NzyQ.C77L4.qIsCa/YlYZCn.2eK8rfWr6oiq', 'admin@example.org', '2021-09-19 14:39:53', 'Administrator'); -- -------------------------------------------------------- @@ -85,9 +86,9 @@ INSERT INTO `posts` (`id`, `title`, `description`, `slug`, `posted_by`, `date`) -- -- --- Indexes for table `admin` +-- Indexes for table `users` -- -ALTER TABLE `admin` +ALTER TABLE `users` ADD PRIMARY KEY (`id`), ADD UNIQUE KEY `username` (`username`), ADD UNIQUE KEY `email` (`email`); @@ -110,9 +111,9 @@ ALTER TABLE `posts` -- -- --- AUTO_INCREMENT for table `admin` +-- AUTO_INCREMENT for table `users` -- -ALTER TABLE `admin` +ALTER TABLE `users` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; -- diff --git a/login.php b/login.php index b4c63c4..5fcf3b7 100644 --- a/login.php +++ b/login.php @@ -36,7 +36,8 @@ } // Build the SQL statement to get the user details (so we can then verify the user exists AND that the password is valid) - $sql = "SELECT 'id', 'username', 'password' FROM admin WHERE username = '$username'"; + $sql = "SELECT 'id', 'username', 'password' FROM users WHERE username = '$username'"; + $sql = "SELECT 'id', 'username', 'password', 'displayname' FROM users WHERE username = '$username'"; // Request the data from the SQL server, process it AND count the number of rows. $result = mysqli_query($dbcon, $sql); @@ -46,6 +47,7 @@ // Check that the user only exists once in the SQL database AND that the password is matching. if ($row_count == 1 && password_verify($password, $row['password'])) { // This part we store some information in the PHP session information, so we can use it as a later time (e.g. the user ID) + $_SESSION['displayname'] = $row['displayname']; $_SESSION['userid'] = $row['id']; $_SESSION['username'] = $username; $_SESSION["loggedin"] = true; From 04dd538fced418faf66945d75fa65bdb84cd8411 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:14:19 +0930 Subject: [PATCH 35/50] Fixed bug with SQL statement Updated admin to use displayname on welcome Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 2 +- login.php | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/admin.php b/admin.php index a54e0ab..e4c4dcd 100644 --- a/admin.php +++ b/admin.php @@ -11,7 +11,7 @@ ?>

Admin Dashboard

-

Welcome ,

+

Welcome ,

Create new post

Generate slugs (SEO URLs)

diff --git a/login.php b/login.php index 5fcf3b7..1e87469 100644 --- a/login.php +++ b/login.php @@ -21,7 +21,7 @@ // Now to check if the username field is not empty, otherwise throw an error. if (empty(trim($_POST["username"]))) { - echo "
Incorrect username or password.
"; + echo "
Username or password not supplied.
"; } else { // We have data for a username, now lets save it in a SQL safe string (e.g. automatically add escape characters, etc.) $username = mysqli_real_escape_string($dbcon, $_POST['username']); @@ -29,15 +29,14 @@ // Do the same for the password field. if (empty(trim($_POST["password"]))) { - echo "
Incorrect username or password.
"; + echo "
Username or password not supplied!
"; } else { // And again save the password in a SQL safe string $password = mysqli_real_escape_string($dbcon, $_POST['password']); } // Build the SQL statement to get the user details (so we can then verify the user exists AND that the password is valid) - $sql = "SELECT 'id', 'username', 'password' FROM users WHERE username = '$username'"; - $sql = "SELECT 'id', 'username', 'password', 'displayname' FROM users WHERE username = '$username'"; + $sql = "SELECT `id`, `username`, `password`, `displayname` FROM users WHERE username = '$username'"; // Request the data from the SQL server, process it AND count the number of rows. $result = mysqli_query($dbcon, $sql); From ea1c8fc68292ad80d50df667bae248c08203c1ad Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:17:34 +0930 Subject: [PATCH 36/50] Created install.php, file is tmp storage for setup Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- functions/install.php | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 functions/install.php diff --git a/functions/install.php b/functions/install.php new file mode 100644 index 0000000..45dd4ac --- /dev/null +++ b/functions/install.php @@ -0,0 +1,10 @@ +// FILE IS NOT IN USE + + +"; +} \ No newline at end of file From b16d57bc609188e2477d14c14759ad6eeefa11f1 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:18:07 +0930 Subject: [PATCH 37/50] Moved SQL for creating slug column to install.php Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- generate_slugs.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/generate_slugs.php b/generate_slugs.php index 39f671b..7577126 100644 --- a/generate_slugs.php +++ b/generate_slugs.php @@ -11,11 +11,6 @@ ini_set("display_errors", 1); } -$slug_sql = "ALTER TABLE `posts` ADD `slug` VARCHAR(255) NULL DEFAULT NULL AFTER `description`;"; - -if (mysqli_query($dbcon, $slug_sql)) { - echo "slug column added successfully.
"; -} $sql = "SELECT * FROM posts WHERE slug IS NULL"; From 23cd5b42e880104fb9299f3dd4d8652656d6d709 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:30:20 +0930 Subject: [PATCH 38/50] Added category table to the database. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- database.sql | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/database.sql b/database.sql index e99551c..3907a1b 100644 --- a/database.sql +++ b/database.sql @@ -71,6 +71,16 @@ CREATE TABLE `posts` ( `date` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp() ) ENGINE=MyISAM DEFAULT CHARSET=utf8; +-- +-- Table structure for table `category` +-- +CREATE TABLE `category` ( + `id` int(11) NOT NULL, + `categoryname` varchar(255) NOT NULL, + `description` text, + `date` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp() +) ENGINE=MyISAM DEFAULT CHARSET=utf8; + -- -- Dumping data for table `posts` -- @@ -106,6 +116,13 @@ ALTER TABLE `page` ALTER TABLE `posts` ADD PRIMARY KEY (`id`); +-- +-- Indexes for table `posts` +-- +ALTER TABLE `category` + ADD PRIMARY KEY (`id`), + ADD UNIQUE KEY `categoryname` (`categoryname`); + -- -- AUTO_INCREMENT for dumped tables -- @@ -126,7 +143,13 @@ ALTER TABLE `page` -- AUTO_INCREMENT for table `posts` -- ALTER TABLE `posts` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; + +-- +-- AUTO_INCREMENT for table `posts` +-- +ALTER TABLE `category` + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1; COMMIT; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; From 850add31ce1395393e4b1a1d000d2a165b3e85cd Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:31:55 +0930 Subject: [PATCH 39/50] Moved the redirect to index page, if logging out Moved the redirect to login page, if not logged in Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- logout.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/logout.php b/logout.php index 9cc139d..a2aaefc 100644 --- a/logout.php +++ b/logout.php @@ -1,8 +1,8 @@ Date: Wed, 6 Sep 2023 18:53:26 +0930 Subject: [PATCH 40/50] Removed generate_slugs.php isnt required any more. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- admin.php | 1 - generate_slugs.php => depreciated/generate_slugs.php | 0 functions/install.php | 8 -------- 3 files changed, 9 deletions(-) rename generate_slugs.php => depreciated/generate_slugs.php (100%) diff --git a/admin.php b/admin.php index e4c4dcd..4f1e135 100644 --- a/admin.php +++ b/admin.php @@ -13,7 +13,6 @@

Welcome ,

Create new post

-

Generate slugs (SEO URLs)

Posts
diff --git a/generate_slugs.php b/depreciated/generate_slugs.php similarity index 100% rename from generate_slugs.php rename to depreciated/generate_slugs.php diff --git a/functions/install.php b/functions/install.php index 45dd4ac..3f771e8 100644 --- a/functions/install.php +++ b/functions/install.php @@ -1,10 +1,2 @@ // FILE IS NOT IN USE - -"; -} \ No newline at end of file From fcdb736523ef509038ad36e6113206ce928718b9 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 18:55:03 +0930 Subject: [PATCH 41/50] removed config.yml as its not required for script. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- _config.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 _config.yml diff --git a/_config.yml b/_config.yml deleted file mode 100644 index c419263..0000000 --- a/_config.yml +++ /dev/null @@ -1 +0,0 @@ -theme: jekyll-theme-cayman \ No newline at end of file From 6fbeb53a0a903222b37cb6325910d1754fa7dea6 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:10:20 +0930 Subject: [PATCH 42/50] Updated logic for debug_mode to use true/false Updated readme to be consistant with the code Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 42 ++++++++++++++++++++-------------- admin.php | 2 +- cat.php | 2 +- config.php | 2 +- del.php | 2 +- depreciated/generate_slugs.php | 2 +- edit.php | 2 +- functions/connect.php | 2 +- functions/functions.php | 2 +- functions/security.php | 2 +- header.php | 2 +- index.php | 2 +- login.php | 2 +- new.php | 2 +- search.php | 2 +- view.php | 2 +- 16 files changed, 40 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 758e35a..d950ecb 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,29 @@ # Simple-PHP-Blog -Simple blog system for personal development using procedural PHP and MYSQL. +Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey For educational purposes only. -# Setup - -Update the `connect.php` file with your database credentials. -Import the `database.sql` file. - -If installed on a sub-folder, edit the `config.php` and replace the empty constant with the folder's name. - -The pagination results per page can be set on the `config.php` file. +Setup +===== +1. Create a MySQL database on your MySQL server, take note of the details (username, password, database name, server name) +2. Import the `database.sql` file into the new database you created +3. Edit the `config.php` file + 1. Edit the MySQL details to match your SQL server login details (e.g. server name, username, password, database) + 2. Edit the `SITE_ROOT` if you are putting it in a folder/sub-directory (e.g. www.example.com/myblog/, you would enter 'myblog' there) + 3. _OPTIONAL_ Change the number of blog posts to show per page with the `PAGINATION` option + 4. _OPTIONAL_ Set the `DEBUG_MODE` option to `true` if you want/need to see any and all errors +4. Upload all the files to your web server +5. Go to your new site (e.g. www.example.com/myblog/) ### URL Rewrite -The latest update introduces 'slugs', also known as 'SEO URLs'. -After you update to the latest version, click on the "Generate slugs (SEO URLs)" button on the admin dashboard and slugs will be generated for all existing posts. +The system now uses **slugs**, also known as **SEO URLs** -The blog posts URL structure is like this: `http://localhost/p/4/apple-reveals-apple-watch-series-7` +The blog posts URL structure is like this: `http://www.example.com/myblog/p/4/apple-reveals-apple-watch-series-7`, where the `p/4/apple-reveals-apple-watch-series-7` is the slug -If you use Apache, enable the Apache rewrite module for the .htaccess rewrite rule to work. +#### Apache servers +There is an .htaccess file that has the required rewrite module and rule in the files. +#### Nginx servers If you use NGINX, you can insert something similar to the code below in your NGINX configuration block. ``` location / { @@ -27,14 +31,18 @@ location / { } ``` -# Default Admin Login +Using the Simple-PHP-Blog +===== +The system is quite easy to use, as there isnt much work required to do a simple blog. If you are building your own from scratch this will give the head start that you need. + +## Default Admin Login Username: admin Password: 12345 -There is no way to update the admin password through the dashboard yet. -To change your password, hash your password with PHP's `password_hash()` function. Then update the database value with the new password hash. +**__There is no way to update the admin password through the dashboard yet.__** +**__To change your password, hash your password with PHP's `password_hash()` function. Then update the database value with the new password hash.__** -# Screenshots +## Screenshots ![screenshot_01](https://user-images.githubusercontent.com/16838612/66112823-78d32e00-e5c3-11e9-9b38-93ba488071e0.jpg) ![screenshot_02](https://user-images.githubusercontent.com/16838612/66112874-8d172b00-e5c3-11e9-97e4-590da5675100.jpg) diff --git a/admin.php b/admin.php index 4f1e135..5d45f66 100644 --- a/admin.php +++ b/admin.php @@ -3,7 +3,7 @@ require_once 'functions/security.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/cat.php b/cat.php index 688c742..96c4017 100644 --- a/cat.php +++ b/cat.php @@ -2,7 +2,7 @@ require_once 'header.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/config.php b/config.php index 8fa631c..6fba2fa 100644 --- a/config.php +++ b/config.php @@ -10,4 +10,4 @@ /* Define some settings for the blog */ define('SITE_ROOT', ''); // If installed on a sub-folder. E.g. if installed to 'www.example.com/blog', enter 'blog' for SITE_ROOT define('PAGINATION', 10); // Pagination results per page -define('DEBUG_MODE', 1); // Turns on all debug errors \ No newline at end of file +define('DEBUG_MODE', false); // Turns on all debug errors \ No newline at end of file diff --git a/del.php b/del.php index bf5c7b7..4c6d069 100644 --- a/del.php +++ b/del.php @@ -2,7 +2,7 @@ require_once 'security.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/depreciated/generate_slugs.php b/depreciated/generate_slugs.php index 7577126..3b48b52 100644 --- a/depreciated/generate_slugs.php +++ b/depreciated/generate_slugs.php @@ -6,7 +6,7 @@ require_once 'functions/security.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/edit.php b/edit.php index 3c99c65..5cdd594 100644 --- a/edit.php +++ b/edit.php @@ -3,7 +3,7 @@ require_once 'functions/security.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/functions/connect.php b/functions/connect.php index eed988e..80fd7ce 100644 --- a/functions/connect.php +++ b/functions/connect.php @@ -2,7 +2,7 @@ require_once 'config.php'; # Turn on debug mode, and show all errors. -if (DEBUG_MODE == 1) { +if (DEBUG_MODE == true) { error_reporting(E_ALL); ini_set("display_errors", 1); } diff --git a/functions/functions.php b/functions/functions.php index 6a6a645..c2cc7b1 100644 --- a/functions/functions.php +++ b/functions/functions.php @@ -1,7 +1,7 @@ Date: Wed, 6 Sep 2023 19:11:10 +0930 Subject: [PATCH 43/50] fixed sub list Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d950ecb..af236d2 100644 --- a/README.md +++ b/README.md @@ -8,10 +8,10 @@ Setup 1. Create a MySQL database on your MySQL server, take note of the details (username, password, database name, server name) 2. Import the `database.sql` file into the new database you created 3. Edit the `config.php` file - 1. Edit the MySQL details to match your SQL server login details (e.g. server name, username, password, database) - 2. Edit the `SITE_ROOT` if you are putting it in a folder/sub-directory (e.g. www.example.com/myblog/, you would enter 'myblog' there) - 3. _OPTIONAL_ Change the number of blog posts to show per page with the `PAGINATION` option - 4. _OPTIONAL_ Set the `DEBUG_MODE` option to `true` if you want/need to see any and all errors + 1. Edit the MySQL details to match your SQL server login details (e.g. server name, username, password, database) + 2. Edit the `SITE_ROOT` if you are putting it in a folder/sub-directory (e.g. www.example.com/myblog/, you would enter 'myblog' there) + 3. _OPTIONAL_ Change the number of blog posts to show per page with the `PAGINATION` option + 4. _OPTIONAL_ Set the `DEBUG_MODE` option to `true` if you want/need to see any and all errors 4. Upload all the files to your web server 5. Go to your new site (e.g. www.example.com/myblog/) From 8face65dcb24db7eead42a74f2ed64f915708253 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:13:46 +0930 Subject: [PATCH 44/50] Fix horizontal rules Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index af236d2..d7a31ac 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ Simple blog system for personal development using procedural PHP and MySQLi. It For educational purposes only. Setup -===== +=== + 1. Create a MySQL database on your MySQL server, take note of the details (username, password, database name, server name) 2. Import the `database.sql` file into the new database you created 3. Edit the `config.php` file @@ -32,7 +33,8 @@ location / { ``` Using the Simple-PHP-Blog -===== +=== + The system is quite easy to use, as there isnt much work required to do a simple blog. If you are building your own from scratch this will give the head start that you need. ## Default Admin Login From e967e1e2da1b52f7e766cccfcbac0dafd3cbb771 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:17:06 +0930 Subject: [PATCH 45/50] Minor grammar and note updates. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d7a31ac..79300d5 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # Simple-PHP-Blog -Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey +Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey. If you are building your own from scratch this will give the head start that you need. For educational purposes only. +** Security is not guaranteed with this system, best efforts have been made to make it secure ** Setup === @@ -35,7 +36,7 @@ location / { Using the Simple-PHP-Blog === -The system is quite easy to use, as there isnt much work required to do a simple blog. If you are building your own from scratch this will give the head start that you need. +The system is quite easy to use, as there isnt much work required to do a simple blog. ## Default Admin Login Username: admin From 777566d43a625be074368a09863260a4b7440c1c Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:17:41 +0930 Subject: [PATCH 46/50] Fixed note formatting Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 79300d5..97f7ddf 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey. If you are building your own from scratch this will give the head start that you need. For educational purposes only. -** Security is not guaranteed with this system, best efforts have been made to make it secure ** +**__Security is not guaranteed with this system, best efforts have been made to make it secure__** Setup === From b75f989067d4a764bfb68994c50ee1f156b2e1db Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:18:19 +0930 Subject: [PATCH 47/50] formatting Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 97f7ddf..4e4c566 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey. If you are building your own from scratch this will give the head start that you need. For educational purposes only. + **__Security is not guaranteed with this system, best efforts have been made to make it secure__** Setup From cd856a2cf92bc67adde0c4f425db741fc64f47f7 Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Wed, 6 Sep 2023 19:38:30 +0930 Subject: [PATCH 48/50] Fixed issue with post deletion. Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- del.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/del.php b/del.php index 4c6d069..b9efa05 100644 --- a/del.php +++ b/del.php @@ -1,5 +1,6 @@ Date: Fri, 8 Sep 2023 15:15:28 +0930 Subject: [PATCH 49/50] Create FUNDING.yml Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- .github/FUNDING.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..5bb7043 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +# These are supported funding model platforms + +github: [Nephiaust] From 8817e78d1b2b86d5f3f3378cec3c0a01d05fdc5c Mon Sep 17 00:00:00 2001 From: Nephiaust <29741794+Nephiaust@users.noreply.github.com> Date: Fri, 8 Sep 2023 15:16:51 +0930 Subject: [PATCH 50/50] Update FUNDING.yml Signed-off-by: Nephiaust <29741794+Nephiaust@users.noreply.github.com> --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 5bb7043..c28aea0 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,3 @@ # These are supported funding model platforms -github: [Nephiaust] +github: ['Nephiaust']