caharkness/PlainSQLiteBlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed visibility input to public toggle, added many ways to authenticate via headers and POST data

Browse Source
This commit is contained in:
Conner Harkness 2025-08-14 14:44:51 -06:00
parent ba391f7304
commit 2db45400bd
9 changed files with 90 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
footer.php
View File

@ -2,11 +2,7 @@
$strDefaults =
"---
Copyright ©
* [Website Home](/)
* [Post](/post)
* [CSS](/edit/css)";
Copyright © Application Owner";
$strDefaults = preg_replace("/[ ]{4,}/", "", $strDefaults);
$strContent = Settings::get("footer", $strDefaults, true);

7
header.php
View File

@ -1,8 +1,11 @@
<?php
$strDefaults =
"[Website Home](/) —
"# localhost
[Home](/) ·
[Post](/post) ·
[CSS](/edit/css)
[Edit](/edit) ·
[User](/user/info) ·
---";

52
lib/PostRender.php
View File

@ -19,12 +19,12 @@
$intRenderedRows = 0;
$intList = Request::getParam("v") == "list";
$intJson = Request::getParam("v") == "json";
$intText = Request::getParam("v") == "text";
$intText = Request::getParam("v") == "md";
if ($intJson)
Respond::json(PostRender::processRows($varRows));
$strTextBuffer = "";
$strBuffer = "";
?>
@ -37,11 +37,33 @@
preg_match("/(^|\n).*?([A-Za-z0-9].*?(\!|\.|\,|\?|\n))/i", $strText, $varTitles);
$strTitle = $varTitles[2];
$strTitle = trim($strTitle);
$intUpdated = Util::diff($r["created"], $r["updated"]) >= 500;
$strDatePreposition = "on";
$strDateUsed = $r["created"];
if ($intUpdated)
{
$strDatePreposition = "updated";
$strDateUsed = $r["updated"];
}
$strDateUsed = "{$strDateUsed} UTC";
$intOwnership = UserAuth::has("is_admin") || $varUser["username"] == $r["username"];
$fncFooter = function()
{
?>
<?php
};
?>
<?php if ($intList): ?>
<div class="post-listing">
<div class="post-title">
<a href="/<?= $r["id"]; ?>"><?= $strTitle; ?></a> &middot; by <?= $r["username"]; ?>
<a href="/<?= $r["id"]; ?>"><?= $strTitle; ?></a>
&middot; by <?= $r["username"]; ?>
</div>
</div>
<?php
@ -53,7 +75,7 @@
<?php if ($intRenderedRows > 0): ?>
<hr />
<?php
$strTextBuffer .= "\n\n---\n\n";
$strBuffer .= "\n\n---\n\n";
?>
<?php endif; ?>
@ -62,33 +84,27 @@
<div class="post-body">
<?php PageRender::markdown($r["content"]); ?>
<?php
$strTextBuffer .= $r["content"];
$strBuffer .= $r["content"];
?>
</div>
<div class="post-footer">
<div class="post-author">by <?= $r["username"]; ?></div>
<div class="post-date">on <?= $r["created"]; ?> UTC</div>
<div class="post-date"><?= $strDatePreposition; ?> <?= $strDateUsed; ?></div>
<div class="post-links">
<a href="/<?= $r["id"]; ?>">Permalink</a> &middot;
<a href="<?= $r["location"]; ?>">Related</a>
<?php
$intOwnership =
UserAuth::has("is_admin") ||
$varUser["username"] == $r["username"];
?>
<?php if ($intOwnership): ?>
&middot; <a href="/post/<?= $r["id"]; ?>">Edit</a>
<?php endif; ?>
</div>
<?php
$strTextBuffer .= "\n";
$strTextBuffer .= "\n* by {$r["username"]}";
$strTextBuffer .= "\n* on {$r["created"]}";
$strBuffer .= "\n";
$strBuffer .= "\n* by {$r["username"]}";
$strBuffer .= "\n* {$strDatePreposition} {$strDateUsed}";
?>
</div>
</div>
@ -99,7 +115,7 @@
<?php if ($intRenderedRows < 1): ?>
<?php
$strMessage = "Sorry, there is nothing here to show.";
$strTextBuffer .= $strMessage;
$strBuffer .= $strMessage;
?>
<div><?= $strMessage; ?></div>
<?php endif; ?>
@ -111,8 +127,8 @@
ob_clean();
header("Content-Type: text/plain");
$strTextBuffer = Settings::makeReplacements($strTextBuffer);
echo $strTextBuffer;
$strBuffer = Settings::makeReplacements($strBuffer);
echo $strBuffer;
ob_end_flush();
exit;

35
lib/UserAuth.php
View File

@ -8,6 +8,16 @@
{
$strToken = Cookie::get("token");
if ($strToken == null)
{
// Attempt to read token from X-Token header first:
$strToken = Request::getHeader("X-Token");
// Then try reading it directly from the POST:
if (Request::posts("token"))
$strToken = Request::getPosted("token");
}
if ($strToken !== null)
if (strlen($strToken) > 0)
{
@ -63,11 +73,11 @@
return true;
$varUser = UserAuth::getUser();
$strUsername = $varUser["username"] ?? null;
$varRegex = [
["/user/i", ($varUser == null)],
["/admin/i", (!UserAuth::has("is_admin"))],
];
$strUsername = "";
if ($varUser !== null)
if (array_key_exists("username", $varUser))
$strUsername = $varUser["username"] ?? "";
// Support arrays with username and visibility keys:
if (is_array($strVisibility))
@ -89,22 +99,15 @@
if (preg_match("/^(admin|hid(e|den)|invisible|no(ne|body)|private)$/i", $strVisibility))
return false;
if (preg_match("/{$strUsername}/i", $strVisibility)) return true;
if (strlen($strUsername) > 0)
if (preg_match("/{$strUsername}/i", $strVisibility))
return true;
// Handle showing the post to everyone:
if (preg_match("/^(|(every|any)(body|one))|all|public)$/i", $strVisibility))
if (preg_match("/^(|(every|any)(body|one)|all|public)$/i", $strVisibility))
return true;
$intExit = 0;
foreach ($varRegex as $re)
if (preg_match($re[0], $strVisibility))
if ($re[1])
$intExit = 1;
if ($intExit == 1)
return false;
return true;
}
}
?>

7
pages/index.php
View File

@ -13,7 +13,7 @@
where
id = ?
order by
created desc",
updated desc",
intval($strArg1));
}
@ -27,7 +27,7 @@
where
username like ?
order by
created desc",
updated desc",
$strArg1);
}
@ -40,9 +40,10 @@
location like ?
or location like '*'
order by
created desc",
updated desc",
Request::getPath());
}
?>
<?php PageRender::message(); ?>
<?php PostRender::rows($varPosts); ?>

30
pages/post.php
View File

@ -10,8 +10,9 @@
$strLocation = Request::getParam("to") ?? "";
$strVisibility = "";
$strVerb = "Create";
$intPublic = 0;
if (strlen($strId) > 0)
if ($strId !== null && strlen($strId) > 0)
{
$strVerb = "Edit";
$varRows = $c->query("SELECT * from posts where id = ?", $strId);
@ -26,6 +27,10 @@
$strContent = $varRow["content"];
$strLocation = $varRow["location"];
$strVisibility = $varRow["visibility"];
$intPublic = 0;
if ($strVisibility == "public")
$intPublic = 1;
if (!UserAuth::has("is_admin"))
if ($varUser["username"] !== $varRow["username"])
@ -36,11 +41,19 @@
}
if (Request::posts("location", "content", "visibility"))
if (Request::posts("location", "content", "visibility", "public"))
{
$strLocation = Request::getPosted("location");
$strContent = Request::getPosted("content");
$strVisibility = Request::getPosted("visibility");
$intPublic = intval(Request::getPosted("public"));
if (!preg_match("/^\//", $strLocation))
$strLocation = "/{$strLocation}";
$strVisibility = "private";
if ($intPublic == 1)
$strVisibility = "public";
if ($strId == null || strlen($strId) < 1)
{
@ -120,13 +133,16 @@
</tr>
<tr>
<td><label>Visible To</label></td>
<td><label>Public</label></td>
<td>
<input type="hidden" name="visibility" value="" />
<input type="hidden" name="public" value="0" />
<input
type="text"
name="visibility"
placeholder="everyone"
value="<?= $strVisibility; ?>" />
type="checkbox"
name="public"
value="1"
<?= $intPublic == 1? "checked": "" ?>
/>
</td>
</tr>

10
pages/search.php
View File

@ -18,16 +18,8 @@
where
content like concat('%', ?, '%')
order by
created desc",
updated desc",
$strQuery);
$i = 0;
for ($i = 0; $i < count($varPosts); $i++)
{
$varOld = $varPosts[$i];
$varOld["content"] = preg_replace("/\b({$strQuery})\b/i", "<mark>$1</mark>", $varOld["content"]);
$varPosts[$i] = $varOld;
}
}
?>

49
pages/user/index.php
View File

@ -1,49 +0,0 @@
<?php
global $c;
$strError = null;
if (UserAuth::getUser() == null)
Respond::redirect("/user/signin");
$varUser = UserAuth::getUser();
if ($varUser == null)
Respond::redirect("/");
try
{
if (Request::posts("user_name", "display_name"))
{
$strUsername = Request::getPosted("user_name");
$strDisplayName = Request::getPosted("display_name");
if (!preg_match("/^[A-Za-z0-9]{1,}$/", $strUsername))
throw new Exception("Username must be alphanumeric characters only");
$c->query(
"INSERT or replace into users (email, user_name, display_name)
select
?,
?,
?",
$varUser["email"],
$strUsername,
$strDisplayName);
PageRender::message("Profile updated", "success");
}
}
catch (Exception $x)
{
PageRender::message($x->getMessage(), "danger");
}
$strUsername = $varUser["username"];
PageRender::message("You are signed in as {$strUsername}.");
?>
<?php PageRender::message(); ?>
<ul>
<li><a href="/user/signout">Sign out</a></li>
</ul>

2
pages/user/signin.php
View File

@ -38,7 +38,7 @@
"Successfully signed in",
"info");
Respond::redirect("/user");
Respond::redirect("/user/info");
}
}