caharkness/PlainSQLiteBlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed visibility input to public toggle, added many ways to authenticate via headers and POST data

Browse Source
This commit is contained in:
Conner Harkness 2025-08-14 14:44:51 -06:00
parent ba391f7304
commit 2db45400bd
9 changed files with 90 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
footer.php
View File

@ -2,11 +2,7 @@
$strDefaults = $strDefaults =
"--- "---
Copyright © Copyright © Application Owner";
* [Website Home](/)
* [Post](/post)
* [CSS](/edit/css)";
$strDefaults = preg_replace("/[ ]{4,}/", "", $strDefaults); $strDefaults = preg_replace("/[ ]{4,}/", "", $strDefaults);
$strContent = Settings::get("footer", $strDefaults, true); $strContent = Settings::get("footer", $strDefaults, true);

7
header.php
View File

@ -1,8 +1,11 @@
<?php <?php
$strDefaults = $strDefaults =
"[Website Home](/) — "# localhost
[Home](/) ·
[Post](/post) · [Post](/post) ·
[CSS](/edit/css) [Edit](/edit) ·
[User](/user/info) ·
---"; ---";

52
lib/PostRender.php
View File

@ -19,12 +19,12 @@
$intRenderedRows = 0; $intRenderedRows = 0;
$intList = Request::getParam("v") == "list"; $intList = Request::getParam("v") == "list";
$intJson = Request::getParam("v") == "json"; $intJson = Request::getParam("v") == "json";
$intText = Request::getParam("v") == "text"; $intText = Request::getParam("v") == "md";
if ($intJson) if ($intJson)
Respond::json(PostRender::processRows($varRows)); Respond::json(PostRender::processRows($varRows));
$strTextBuffer = ""; $strBuffer = "";
?> ?>
@ -37,11 +37,33 @@
preg_match("/(^|\n).*?([A-Za-z0-9].*?(\!|\.|\,|\?|\n))/i", $strText, $varTitles); preg_match("/(^|\n).*?([A-Za-z0-9].*?(\!|\.|\,|\?|\n))/i", $strText, $varTitles);
$strTitle = $varTitles[2]; $strTitle = $varTitles[2];
$strTitle = trim($strTitle); $strTitle = trim($strTitle);
$intUpdated = Util::diff($r["created"], $r["updated"]) >= 500;
$strDatePreposition = "on";
$strDateUsed = $r["created"];
if ($intUpdated)
{
$strDatePreposition = "updated";
$strDateUsed = $r["updated"];
}
$strDateUsed = "{$strDateUsed} UTC";
$intOwnership = UserAuth::has("is_admin") || $varUser["username"] == $r["username"];
$fncFooter = function()
{
?>
<?php
};
?> ?>
<?php if ($intList): ?> <?php if ($intList): ?>
<div class="post-listing">
<div class="post-title"> <div class="post-title">
<a href="/<?= $r["id"]; ?>"><?= $strTitle; ?></a> &middot; by <?= $r["username"]; ?> <a href="/<?= $r["id"]; ?>"><?= $strTitle; ?></a>
&middot; by <?= $r["username"]; ?>
</div>
</div> </div>
<?php <?php
@ -53,7 +75,7 @@
<?php if ($intRenderedRows > 0): ?> <?php if ($intRenderedRows > 0): ?>
<hr /> <hr />
<?php <?php
$strTextBuffer .= "\n\n---\n\n"; $strBuffer .= "\n\n---\n\n";
?> ?>
<?php endif; ?> <?php endif; ?>
@ -62,33 +84,27 @@
<div class="post-body"> <div class="post-body">
<?php PageRender::markdown($r["content"]); ?> <?php PageRender::markdown($r["content"]); ?>
<?php <?php
$strTextBuffer .= $r["content"]; $strBuffer .= $r["content"];
?> ?>
</div> </div>
<div class="post-footer"> <div class="post-footer">
<div class="post-author">by <?= $r["username"]; ?></div> <div class="post-author">by <?= $r["username"]; ?></div>
<div class="post-date">on <?= $r["created"]; ?> UTC</div> <div class="post-date"><?= $strDatePreposition; ?> <?= $strDateUsed; ?></div>
<div class="post-links"> <div class="post-links">
<a href="/<?= $r["id"]; ?>">Permalink</a> &middot; <a href="/<?= $r["id"]; ?>">Permalink</a> &middot;
<a href="<?= $r["location"]; ?>">Related</a> <a href="<?= $r["location"]; ?>">Related</a>
<?php
$intOwnership =
UserAuth::has("is_admin") ||
$varUser["username"] == $r["username"];
?>
<?php if ($intOwnership): ?> <?php if ($intOwnership): ?>
&middot; <a href="/post/<?= $r["id"]; ?>">Edit</a> &middot; <a href="/post/<?= $r["id"]; ?>">Edit</a>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php <?php
$strTextBuffer .= "\n"; $strBuffer .= "\n";
$strTextBuffer .= "\n* by {$r["username"]}"; $strBuffer .= "\n* by {$r["username"]}";
$strTextBuffer .= "\n* on {$r["created"]}"; $strBuffer .= "\n* {$strDatePreposition} {$strDateUsed}";
?> ?>
</div> </div>
</div> </div>
@ -99,7 +115,7 @@
<?php if ($intRenderedRows < 1): ?> <?php if ($intRenderedRows < 1): ?>
<?php <?php
$strMessage = "Sorry, there is nothing here to show."; $strMessage = "Sorry, there is nothing here to show.";
$strTextBuffer .= $strMessage; $strBuffer .= $strMessage;
?> ?>
<div><?= $strMessage; ?></div> <div><?= $strMessage; ?></div>
<?php endif; ?> <?php endif; ?>
@ -111,8 +127,8 @@
ob_clean(); ob_clean();
header("Content-Type: text/plain"); header("Content-Type: text/plain");
$strTextBuffer = Settings::makeReplacements($strTextBuffer); $strBuffer = Settings::makeReplacements($strBuffer);
echo $strTextBuffer; echo $strBuffer;
ob_end_flush(); ob_end_flush();
exit; exit;

35
lib/UserAuth.php
View File

@ -8,6 +8,16 @@
{ {
$strToken = Cookie::get("token"); $strToken = Cookie::get("token");
if ($strToken == null)
{
// Attempt to read token from X-Token header first:
$strToken = Request::getHeader("X-Token");
// Then try reading it directly from the POST:
if (Request::posts("token"))
$strToken = Request::getPosted("token");
}
if ($strToken !== null) if ($strToken !== null)
if (strlen($strToken) > 0) if (strlen($strToken) > 0)
{ {
@ -63,11 +73,11 @@
return true; return true;
$varUser = UserAuth::getUser(); $varUser = UserAuth::getUser();
$strUsername = $varUser["username"] ?? null; $strUsername = "";
$varRegex = [
["/user/i", ($varUser == null)], if ($varUser !== null)
["/admin/i", (!UserAuth::has("is_admin"))], if (array_key_exists("username", $varUser))
]; $strUsername = $varUser["username"] ?? "";
// Support arrays with username and visibility keys: // Support arrays with username and visibility keys:
if (is_array($strVisibility)) if (is_array($strVisibility))
@ -89,22 +99,15 @@
if (preg_match("/^(admin|hid(e|den)|invisible|no(ne|body)|private)$/i", $strVisibility)) if (preg_match("/^(admin|hid(e|den)|invisible|no(ne|body)|private)$/i", $strVisibility))
return false; return false;
if (preg_match("/{$strUsername}/i", $strVisibility)) return true; if (strlen($strUsername) > 0)
if (preg_match("/{$strUsername}/i", $strVisibility))
return true;
// Handle showing the post to everyone: // Handle showing the post to everyone:
if (preg_match("/^(|(every|any)(body|one))|all|public)$/i", $strVisibility)) if (preg_match("/^(|(every|any)(body|one)|all|public)$/i", $strVisibility))
return true; return true;
$intExit = 0;
foreach ($varRegex as $re)
if (preg_match($re[0], $strVisibility))
if ($re[1])
$intExit = 1;
if ($intExit == 1)
return false; return false;
return true;
} }
} }
?> ?>

7
pages/index.php
View File

@ -13,7 +13,7 @@
where where
id = ? id = ?
order by order by
created desc", updated desc",
intval($strArg1)); intval($strArg1));
} }
@ -27,7 +27,7 @@
where where
username like ? username like ?
order by order by
created desc", updated desc",
$strArg1); $strArg1);
} }
@ -40,9 +40,10 @@
location like ? location like ?
or location like '*' or location like '*'
order by order by
created desc", updated desc",
Request::getPath()); Request::getPath());
} }
?> ?>
<?php PageRender::message(); ?>
<?php PostRender::rows($varPosts); ?> <?php PostRender::rows($varPosts); ?>

30
pages/post.php
View File

@ -10,8 +10,9 @@
$strLocation = Request::getParam("to") ?? ""; $strLocation = Request::getParam("to") ?? "";
$strVisibility = ""; $strVisibility = "";
$strVerb = "Create"; $strVerb = "Create";
$intPublic = 0;
if (strlen($strId) > 0) if ($strId !== null && strlen($strId) > 0)
{ {
$strVerb = "Edit"; $strVerb = "Edit";
$varRows = $c->query("SELECT * from posts where id = ?", $strId); $varRows = $c->query("SELECT * from posts where id = ?", $strId);
@ -26,6 +27,10 @@
$strContent = $varRow["content"]; $strContent = $varRow["content"];
$strLocation = $varRow["location"]; $strLocation = $varRow["location"];
$strVisibility = $varRow["visibility"]; $strVisibility = $varRow["visibility"];
$intPublic = 0;
if ($strVisibility == "public")
$intPublic = 1;
if (!UserAuth::has("is_admin")) if (!UserAuth::has("is_admin"))
if ($varUser["username"] !== $varRow["username"]) if ($varUser["username"] !== $varRow["username"])
@ -36,11 +41,19 @@
} }
if (Request::posts("location", "content", "visibility")) if (Request::posts("location", "content", "visibility", "public"))
{ {
$strLocation = Request::getPosted("location"); $strLocation = Request::getPosted("location");
$strContent = Request::getPosted("content"); $strContent = Request::getPosted("content");
$strVisibility = Request::getPosted("visibility"); $strVisibility = Request::getPosted("visibility");
$intPublic = intval(Request::getPosted("public"));
if (!preg_match("/^\//", $strLocation))
$strLocation = "/{$strLocation}";
$strVisibility = "private";
if ($intPublic == 1)
$strVisibility = "public";
if ($strId == null || strlen($strId) < 1) if ($strId == null || strlen($strId) < 1)
{ {
@ -120,13 +133,16 @@
</tr> </tr>
<tr> <tr>
<td><label>Visible To</label></td> <td><label>Public</label></td>
<td> <td>
<input type="hidden" name="visibility" value="" />
<input type="hidden" name="public" value="0" />
<input <input
type="text" type="checkbox"
name="visibility" name="public"
placeholder="everyone" value="1"
value="<?= $strVisibility; ?>" /> <?= $intPublic == 1? "checked": "" ?>
/>
</td> </td>
</tr> </tr>

10
pages/search.php
View File

@ -18,16 +18,8 @@
where where
content like concat('%', ?, '%') content like concat('%', ?, '%')
order by order by
created desc", updated desc",
$strQuery); $strQuery);
$i = 0;
for ($i = 0; $i < count($varPosts); $i++)
{
$varOld = $varPosts[$i];
$varOld["content"] = preg_replace("/\b({$strQuery})\b/i", "<mark>$1</mark>", $varOld["content"]);
$varPosts[$i] = $varOld;
}
} }
?> ?>

49
pages/user/index.php
View File

@ -1,49 +0,0 @@
<?php
global $c;
$strError = null;
if (UserAuth::getUser() == null)
Respond::redirect("/user/signin");
$varUser = UserAuth::getUser();
if ($varUser == null)
Respond::redirect("/");
try
{
if (Request::posts("user_name", "display_name"))
{
$strUsername = Request::getPosted("user_name");
$strDisplayName = Request::getPosted("display_name");
if (!preg_match("/^[A-Za-z0-9]{1,}$/", $strUsername))
throw new Exception("Username must be alphanumeric characters only");
$c->query(
"INSERT or replace into users (email, user_name, display_name)
select
?,
?,
?",
$varUser["email"],
$strUsername,
$strDisplayName);
PageRender::message("Profile updated", "success");
}
}
catch (Exception $x)
{
PageRender::message($x->getMessage(), "danger");
}
$strUsername = $varUser["username"];
PageRender::message("You are signed in as {$strUsername}.");
?>
<?php PageRender::message(); ?>
<ul>
<li><a href="/user/signout">Sign out</a></li>
</ul>

2
pages/user/signin.php
View File

@ -38,7 +38,7 @@
"Successfully signed in", "Successfully signed in",
"info"); "info");
Respond::redirect("/user"); Respond::redirect("/user/info");
} }
} }