biglyderv/bigly-chat
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

minor fixes

Browse source
This commit is contained in:
biglyderv 2025-02-05 01:27:45 -05:00
parent daace699a6
commit 2ce4424db7
20 changed files with 674 additions and 621 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

144
docs/api/comment.php
View file

@ -1,88 +1,92 @@
<?php
require(__DIR__ . "/../../libs/page.php");
$ref = 1732684297;
function getOut($typer, $idr) {
if ($typer == 'user' || $typer == 'comment') {
header("Location: " . '/' . $typer . '.php?id=' . htmlspecialchars($idr));
die();
}
require(__DIR__ . "/../../libs/page.php");
header("Location: /");
$ref = 1732684297;
function getOut($typer, $idr)
{
if ($typer == 'user' || $typer == 'comment') {
header("Location: " . '/' . $typer . '.php?id=' . htmlspecialchars($idr));
die();
}
}
function post_handler() {
global $ref;
global $username;
global $db;
if (!$username || !array_key_exists('post',$_POST)) return;
$postie = $_POST['post'];
$postType = (array_key_exists('type',$_POST)) ? $_POST['type'] : 'root';
$postId = (array_key_exists('id',$_POST)) ? $_POST['id'] : 'root';
header("Location: /");
die();
}
if (strlen($postie) < 1 || strlen($postie) > 1024) {
getOut($postType,$postId);
}
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
$fid = bin2hex(random_bytes(16));
function post_handler()
{
global $ref;
global $username;
global $db;
if (!$username || !array_key_exists('post', $_POST)) {
return;
}
$type = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$type = strtolower($type);
$postie = $_POST['post'];
$postType = (array_key_exists('type', $_POST)) ? $_POST['type'] : 'root';
$postId = (array_key_exists('id', $_POST)) ? $_POST['id'] : 'root';
$mime = mime_content_type('test' . $type);
if (strlen($postie) < 1 || strlen($postie) > 1024) {
getOut($postType, $postId);
}
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
$fid = bin2hex(random_bytes(16));
$legal = ['png','gif','jpeg','jpg','mp4','webm','mp3','wav'];
$type = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (in_array($type, $legal)) {
move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pic/' . $fid . '.' . $type);
$postie .= "\nhttps://" . $_SERVER['HTTP_HOST'] . '/pic/' . $fid . '.' . $type;
}
}
$type = strtolower($type);
$poid = bin2hex(random_bytes(16));
$stmt = $db->prepare("SELECT * FROM comment WHERE username = ? ORDER BY date DESC");
$stmt->execute([
$username
]);
$userposts = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$mime = mime_content_type('test' . $type);
if ($userposts[0]['date'] - (microtime(true) - $ref) > -3) {
echo "You have been rate limited.";
return;
}
$legal = ['png','gif','jpeg','jpg','mp4','webm','mp3','wav'];
if (in_array($type, $legal)) {
move_uploaded_file($_FILES['file']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pic/' . $fid . '.' . $type);
$postie .= "\nhttps://" . $_SERVER['HTTP_HOST'] . '/pic/' . $fid . '.' . $type;
}
}
$poid = bin2hex(random_bytes(16));
$stmt = $db->prepare("SELECT * FROM comment WHERE username = ? ORDER BY date DESC");
$stmt->execute([
$username
]);
$userposts = $stmt->fetchAll(PDO::FETCH_DEFAULT);
if ($userposts[0]['date'] - (microtime(true) - $ref) > -3) {
echo "You have been rate limited.";
return;
}
$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
$stmt->execute([$username,$postType,$postId,microtime(true) - $ref,$postie,$poid]);
$postieP = "https://nbg.dervland.net/comment.php?id=" . $poid;
$user10 = ':system';
if ($postType == 'user') {
$postie = "A user commented on your wall: " . $postieP;
$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
$stmt->execute([$username,$postType,$postId,microtime(true) - $ref,$postie,$poid]);
$stmt->execute([$user10,'notification',$postId,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
} elseif ($postType == 'comment') {
$stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
$stmt->execute([
$postId
]);
$posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$postieP = "https://nbg.dervland.net/comment.php?id=" . $poid;
$posts2 = $posts1[0]['username'];
$postie = "A user replied to your post: " . $postieP;
$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
$stmt->execute([$user10,'notification',$posts2,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
}
$user10 = ':system';
if ($postType == 'user') {
$postie = "A user commented on your wall: " . $postieP;
$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
$stmt->execute([$user10,'notification',$postId,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
} else if ($postType == 'comment') {
$stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
$stmt->execute([
$postId
]);
$posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$posts2 = $posts1[0]['username'];
getOut($postType, $postId);
}
$postie = "A user replied to your post: " . $postieP;
$stmt = $db->prepare("INSERT INTO main.comment (username, targetType, targetId, date, content, id) VALUES (?,?,?,?,?,?)");
$stmt->execute([$user10,'notification',$posts2,microtime(true) - $ref,$postie,bin2hex(random_bytes(16))]);
}
getOut($postType,$postId);
}
post_handler();
?>
post_handler();

25
docs/api/followjson.php
View file

@ -1,16 +1,17 @@
<?php
require(__DIR__ . "/../../libs/page.php");
function get_handler() {
global $db;
$stmt = $db->prepare("SELECT * FROM main.follow");
$stmt->execute([]);
$result = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$result = array_reverse($result,true);
require(__DIR__ . "/../../libs/page.php");
echo json_encode($result);
}
function get_handler()
{
global $db;
get_handler();
?>
$stmt = $db->prepare("SELECT * FROM main.follow");
$stmt->execute([]);
$result = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$result = array_reverse($result, true);
echo json_encode($result);
}
get_handler();

6
docs/auth.php
View file

@ -1,5 +1,5 @@
<?php
require(__DIR__ . "/../libs/auth.php");
global $username;
echo $username;
require(__DIR__ . "/../libs/auth.php");
global $username;
echo $username;
?>

18
docs/comment.php
View file

@ -1,11 +1,11 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$ref = 1732684297;
page_header();
comments("comment",$_GET['id']);
page_footer();
?>
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$ref = 1732684297;
page_header();
comments("comment", $_GET['id']);
page_footer();

9
docs/css/main.css
View file

@ -134,7 +134,8 @@ pre {
padding: 10px;
margin-bottom: 10px;
align-items: center;
width: var(--elem-width);
flex-wrap: wrap;
width: var(--elem-width);
border-radius: var(--border-radius);
}
@ -186,12 +187,16 @@ iframe {
border: none;
}
.header a {
width: 60px;
}
.header a, .clickie {
text-decoration: none;
color: inherit;
font-weight: bold;
margin: 5px;
display: flex;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;

30
docs/index.php
View file

@ -1,13 +1,13 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
page_header();
if (!is_null($username)) {
//comments("root","root");
}
if (!($_GET['page'] > 0)) { ?>
page_header();
if (!is_null($username)) {
//comments("root","root");
}
if (!($_GET['page'] > 0)) { ?>
<div class="banner"><img class="banner-background" src="/img/newlogo.svg">
<div class="banner-content">
<h1>BiglyChat</h1>
@ -17,15 +17,13 @@
<h2>Community</h2>
<a class="form-button" href="/tou.php">Terms of Use</a>
<a class="form-button" href="/stats.php?ref=<?php echo $username ?>">Suggested Users</a>
<a class="form-button" href="/stats.php">Top Users</a>
<a class="form-button" href="https://dervland.net/">More Projects</a>
</div>
</div>
<?php
}
//if (is_null($username)) {
comments("root","root");
//}
page_footer();
<?php
}
//if (is_null($username)) {
comments("root", "root");
//}
page_footer();
?>

103
docs/login.php
View file

@ -1,55 +1,60 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
function post_handler() {
global $db;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST)) {
return '';
}
$user = $_POST['user'];
$pass = $_POST['pass'];
$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) return 'Username does not exist.';
$verified = password_verify($pass,$result['password']);
if (!$verified) return 'Password is wrong.';
$token = bin2hex(random_bytes(32));
$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
$stmt->execute([$user,$token]);
setcookie("token", $token, time()+3600*24);
if (isset($_GET['next'])) {
$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
echo "<script>window.location.href = '$gett'</script>";
page_footer();
die();
}
header("Location: /");
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
function post_handler()
{
global $db;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('pass', $_POST) || !array_key_exists('user', $_POST)) {
return '';
}
$user = $_POST['user'];
$pass = $_POST['pass'];
$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
return 'Username does not exist.';
}
$verified = password_verify($pass, $result['password']);
if (!$verified) {
return 'Password is wrong.';
}
$token = bin2hex(random_bytes(32));
$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
$stmt->execute([$user,$token]);
setcookie("token", $token, time() + 3600 * 24);
if (isset($_GET['next'])) {
$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
echo "<script>window.location.href = '$gett'</script>";
page_footer();
die();
}
page_header();
$form_message = post_handler();
form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
));
header("Location: /");
die();
}
page_footer();
?>
page_header();
$form_message = post_handler();
form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
));
page_footer();

21
docs/logout.php
View file

@ -1,13 +1,12 @@
<?php
require(__DIR__ . "/../libs/page.php");
page_header();
if (isset($_COOKIE)) {
foreach ( $_COOKIE as $key => $value )
{
setcookie( $key, FALSE );
}
header("Location: /");
die();
require(__DIR__ . "/../libs/page.php");
page_header();
if (isset($_COOKIE)) {
foreach ($_COOKIE as $key => $value) {
setcookie($key, false);
}
page_footer();
?>
header("Location: /");
die();
}
page_footer();

123
docs/meta.php
View file

@ -1,61 +1,63 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$roles = array();
page_header();
// this is a mess
function get_handler() {
global $db;
global $username;
global $user;
global $bio;
global $followers;
global $following;
global $roles;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('id',$_GET)) {
die();
}
$user = $_GET['id'];
if (array_key_exists('type',$_GET)) {
$type = $_GET['type'];
if ($type == 'follow') {
follow();
} else if ($type == 'settings') {
settings();
}
}
$stmt = $db->prepare("SELECT * FROM main.user WHERE UPPER(username) LIKE UPPER(?)"); //weirdly, this requires a schema name
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE target = ?");
$stmt->execute([$user]);
$following = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ?");
$stmt->execute([$user]);
$followers = $stmt->fetchAll(PDO::FETCH_DEFAULT);
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$roles = array();
page_header();
// this is a mess
function get_handler()
{
global $db;
global $username;
global $user;
global $bio;
global $followers;
global $following;
global $roles;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('id', $_GET)) {
die();
}
get_handler();
//todo: rewrite
$user = $_GET['id'];
if (array_key_exists('type', $_GET)) {
$type = $_GET['type'];
if ($type == 'follow') {
follow();
} elseif ($type == 'settings') {
settings();
}
}
$stmt = $db->prepare("SELECT * FROM main.user WHERE UPPER(username) LIKE UPPER(?)"); //weirdly, this requires a schema name
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE target = ?");
$stmt->execute([$user]);
$following = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ?");
$stmt->execute([$user]);
$followers = $stmt->fetchAll(PDO::FETCH_DEFAULT);
}
get_handler();
//todo: rewrite
?>
<h2>Following</h2>
<?php
foreach ($following as $user) { $usern = $user['username']; ?>
<?php
foreach ($following as $user) {
$usern = $user['username']; ?>
<div class='comment'>
<div class="avatar">
<img src="/pfp/<?php echo $usern ?>.png" class="avatar-img">
@ -69,14 +71,15 @@
</div>
</div>
</div>
<?php
}
<?php
}
?>
<h2>Followers</h2>
<?php
foreach ($followers as $user) { $usern = $user['target']; ?>
<?php
foreach ($followers as $user) {
$usern = $user['target']; ?>
<div class='comment'>
<div class="avatar">
<img src="/pfp/<?php echo $usern ?>.png" class="avatar-img">
@ -90,9 +93,9 @@
</div>
</div>
</div>
<?php
}
<?php
}
?>
<?php
page_footer();
<?php
page_footer();
?>

18
docs/notif.php
View file

@ -1,11 +1,11 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$ref = 1732684297;
page_header();
comments("notification",$username,true);
page_footer();
?>
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$ref = 1732684297;
page_header();
comments("notification", $username, true);
page_footer();

113
docs/register.php
View file

@ -1,58 +1,61 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
function post_handler() {
global $db;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST) || !array_key_exists('pass2',$_POST)) {
return '';
}
$user = $_POST['user'];
$pass = $_POST['pass'];
$pass2 = $_POST['pass2'];
preg_match("/[^A-Za-z0-9\-\_]/",$user,$matches);
if ($pass != $pass2) {
return 'Passwords are not the same.';
}
if (isset($matches) && count($matches) > 0) {
return 'Username contains invalid characters.';
}
if (strlen($user) < 1 || strlen($user) > 32) {
return 'Username is too long or short.';
}
$stmt = $db->prepare("SELECT username FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) return 'Username is taken.';
$hashed = password_hash($pass, PASSWORD_DEFAULT);
$stmt = $db->prepare("INSERT INTO main.auth (username, password) VALUES (?, ?)");
$stmt->execute([$user,$hashed]);
header("Location: /");
die();
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
function post_handler()
{
global $db;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('pass', $_POST) || !array_key_exists('user', $_POST) || !array_key_exists('pass2', $_POST)) {
return '';
}
page_header();
$form_message = post_handler();
form("Join", $form_message, array(
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => ''),
array('key' => 'Password (again)', 'type' => 'password', 'name' => 'pass2', 'default' => '')
));
page_footer();
?>
$user = $_POST['user'];
$pass = $_POST['pass'];
$pass2 = $_POST['pass2'];
preg_match("/[^A-Za-z0-9\-\_]/", $user, $matches);
if ($pass != $pass2) {
return 'Passwords are not the same.';
}
if (isset($matches) && count($matches) > 0) {
return 'Username contains invalid characters.';
}
if (strlen($user) < 1 || strlen($user) > 32) {
return 'Username is too long or short.';
}
$stmt = $db->prepare("SELECT username FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
return 'Username is taken.';
}
$hashed = password_hash($pass, PASSWORD_DEFAULT);
$stmt = $db->prepare("INSERT INTO main.auth (username, password) VALUES (?, ?)");
$stmt->execute([$user,$hashed]);
header("Location: /");
die();
}
page_header();
$form_message = post_handler();
form("Join", $form_message, array(
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => ''),
array('key' => 'Password (again)', 'type' => 'password', 'name' => 'pass2', 'default' => '')
));
page_footer();

76
docs/stats.php
View file

@ -1,42 +1,52 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
function cmp($a, $b) {
if ($a == $b) {
return 0;
}
return ($a > $b) ? -1 : 1;
}
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
page_header();
function cmp($a, $b)
{
if ($a == $b) {
return 0;
}
return ($a > $b) ? -1 : 1;
}
function get_handler() {
$api = file_get_contents("https://nbg.dervland.net/node/top?ref=" . $_GET['ref']);
$pr = json_decode($api);
foreach ($pr as $usern => $rr) { ?>
<div class='comment'>
<div class="avatar">
<img src="/pfp/<?php echo $usern ?>.png" class="avatar-img">
<div>
<div><b>
page_header();
?>
<div>
<a class="form-button" href="?username=<?php echo $username ?>">Local</a>
<a class="form-button" href="?">Global</a>
</div>
<?php
function get_handler()
{
$api = file_get_contents("https://nbg.dervland.net/node/top?ref=" . $_GET['ref']);
$pr = json_decode($api);
foreach ($pr as $usern => $rr) { ?>
<div class='comment'>
<div class="avatar">
<img src="/pfp/<?php echo $usern ?>.png" class="avatar-img">
<div>
<div><b>
<a class="link" href="/user.php?id=<?php echo $usern ?>">
<?php echo $usern ?>
<?php echo $usern ?>
</a>
</b>
</div>
</div>
</div>
<div><b>Power</b>: <?php echo $rr ?></div>
</div>
<?php }
}
</b>
</div>
</div>
</div>
<div><b>Power</b>: <?php echo $rr ?></div>
</div>
<?php }
}
get_handler();
get_handler();
?>
<?php
page_footer();
page_footer();
?>

4
docs/tou.php
View file

@ -1,6 +1,6 @@
<?php
require(__DIR__ . "/../libs/page.php");
page_header();
require(__DIR__ . "/../libs/page.php");
page_header();
?>
<div class="comment">

193
docs/user.php
View file

@ -1,98 +1,105 @@
<?php
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$roles = array();
page_header();
// this is a mess
function get_handler() {
global $db;
global $username;
global $user;
global $bio;
global $followers;
global $following;
global $roles;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('id',$_GET)) {
die();
}
$user = $_GET['id'];
if (array_key_exists('type',$_GET)) {
$type = $_GET['type'];
if ($type == 'follow') {
follow();
} else if ($type == 'settings') {
settings();
}
}
$stmt = $db->prepare("SELECT * FROM main.user WHERE UPPER(username) LIKE UPPER(?)"); //weirdly, this requires a schema name
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$bio = isset($result) ? $result['bio'] : 'This user has not set a bio.';
$stmt = $db->prepare("SELECT * FROM main.follow WHERE target = ?");
$stmt->execute([$user]);
$following = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ?");
$stmt->execute([$user]);
$followers = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.role WHERE username = ?");
$stmt->execute([$user]);
$roles = $stmt->fetchAll(PDO::FETCH_DEFAULT);
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
require(__DIR__ . "/../libs/comment.php");
$roles = array();
page_header();
// this is a mess
function get_handler()
{
global $db;
global $username;
global $user;
global $bio;
global $followers;
global $following;
global $roles;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('id', $_GET)) {
die();
}
function follow() {
global $db;
global $username;
global $user;
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ? AND target = ?");
$user = $_GET['id'];
if (array_key_exists('type', $_GET)) {
$type = $_GET['type'];
if ($type == 'follow') {
follow();
} elseif ($type == 'settings') {
settings();
}
}
$stmt = $db->prepare("SELECT * FROM main.user WHERE UPPER(username) LIKE UPPER(?)"); //weirdly, this requires a schema name
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$bio = isset($result) ? $result['bio'] : 'This user has not set a bio.';
$stmt = $db->prepare("SELECT * FROM main.follow WHERE target = ?");
$stmt->execute([$user]);
$following = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ?");
$stmt->execute([$user]);
$followers = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM main.role WHERE username = ?");
$stmt->execute([$user]);
$roles = $stmt->fetchAll(PDO::FETCH_DEFAULT);
}
function follow()
{
global $db;
global $username;
global $user;
$stmt = $db->prepare("SELECT * FROM main.follow WHERE username = ? AND target = ?");
$stmt->execute([$user,$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (is_null($username)) {
return;
}
if ($result) {
$stmt = $db->prepare("DELETE FROM main.follow WHERE username = ? AND target = ?");
$stmt->execute([$user,$username]);
} else {
$stmt = $db->prepare("INSERT INTO main.follow (username,target) VALUES (?,?)");
$stmt->execute([$user,$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (is_null($username)) return;
if ($result) {
$stmt = $db->prepare("DELETE FROM main.follow WHERE username = ? AND target = ?");
$stmt->execute([$user,$username]);
} else {
$stmt = $db->prepare("INSERT INTO main.follow (username,target) VALUES (?,?)");
$stmt->execute([$user,$username]);
}
}
function settings() {
global $db;
global $username;
global $user;
if (is_null($username)) return;
$stmt = $db->prepare("DELETE FROM main.user WHERE username = ?");
$stmt->execute([$username]);
$stmt = $db->prepare("INSERT INTO main.user (username,bio) VALUES (?,?)");
$stmt->execute([$username,$_POST['desc']]);
move_uploaded_file($_FILES['avatar']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pfp/' . $username . '.png');
}
function settings()
{
global $db;
global $username;
global $user;
if (is_null($username)) {
return;
}
get_handler();
$stmt = $db->prepare("DELETE FROM main.user WHERE username = ?");
$stmt->execute([$username]);
$stmt = $db->prepare("INSERT INTO main.user (username,bio) VALUES (?,?)");
$stmt->execute([$username,$_POST['desc']]);
move_uploaded_file($_FILES['avatar']['tmp_name'], $_SERVER["DOCUMENT_ROOT"] . '/../docs/pfp/' . $username . '.png');
}
get_handler();
?>
<form class="banner" enctype="multipart/form-data" method="POST" action="/user.php?id=<?php echo $user ?>&type=follow">
<img class="banner-background" src="/pfp/<?php echo $user ?>.png">
@ -124,10 +131,10 @@
form("Your Settings", $form_message, array(
array('key' => 'Bio', 'type' => 'textarea', 'name' => 'desc', 'default' => $bio),
array('key' => 'Avatar', 'type' => 'file', 'name' => 'avatar', 'default' => '')
),'/user.php?id=' . $user . '&type=settings');
), '/user.php?id=' . $user . '&type=settings');
}
comments('user',$user);
comments('user', $user);
page_footer();
page_footer();
?>

71
libs/auth.php
View file

@ -1,32 +1,41 @@
<?php
require(__DIR__ . "/test_secret.php");
function auth($token) {
if (is_null($token)) return null;
require(__DIR__ . "/test_secret.php");
global $db;
function auth($token)
{
if (is_null($token)) {
return null;
}
$stmt = $db->prepare("SELECT * FROM main.token WHERE token = ?");
$stmt->execute([$token]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) return null;
$username = $result['username'];
$stmt = $db->prepare("SELECT * FROM main.auth WHERE username = ?");
$stmt->execute([$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) return null;
$stmt = $db->prepare("SELECT * FROM main.ban WHERE username = ?");
$stmt->execute([$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) return $username;
$reason = $result['reason']; ?>
global $db;
$stmt = $db->prepare("SELECT * FROM main.token WHERE token = ?");
$stmt->execute([$token]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
return null;
}
$username = $result['username'];
$stmt = $db->prepare("SELECT * FROM main.auth WHERE username = ?");
$stmt->execute([$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
return null;
}
$stmt = $db->prepare("SELECT * FROM main.ban WHERE username = ?");
$stmt->execute([$username]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
return $username;
}
$reason = $result['reason']; ?>
<!DOCTYPE html>
<html>
<body>
@ -35,9 +44,9 @@
</body>
</html>
<?php die();
}
if (array_key_exists('token',$_COOKIE)) {
$username = auth($_COOKIE['token']);
}
}
if (array_key_exists('token', $_COOKIE)) {
$username = auth($_COOKIE['token']);
}
?>

155
libs/comment.php
View file

@ -1,42 +1,49 @@
<?php
require(__DIR__ . "/markdown.php");
function comments($typer, $idr, $disable = false) {
$ref = 1732684297;
global $username;
global $db;
$page = array_key_exists('page',$_GET) ? ($_GET['page']) : 0;
$mode = array_key_exists('mode',$_GET) ? ($_GET['mode']) : 'all';
if ($username && !$disable) {
form("Broadcast your thoughts...", '', array(
array('key' => 'Your message', 'type' => 'textarea', 'name' => 'post', 'default' => ''),
array('key' => '','type' => 'hidden','name' => 'type', 'default' => $typer),
array('key' => '','type' => 'hidden','name' => 'id', 'default' => $idr),
array('key' => 'Attachments', 'type' => 'file', 'name' => 'file', 'default' => '')
),'/api/comment.php');
}
require(__DIR__ . "/markdown.php");
function comments($typer, $idr, $disable = false)
{
$ref = 1732684297;
global $username;
global $db;
$page = array_key_exists('page', $_GET) ? ($_GET['page']) : 0;
$mode = array_key_exists('mode', $_GET) ? ($_GET['mode']) : 'all';
if ($username && !$disable) {
form("Broadcast your thoughts...", '', array(
array('key' => 'Your message', 'type' => 'textarea', 'name' => 'post', 'default' => ''),
array('key' => '','type' => 'hidden','name' => 'type', 'default' => $typer),
array('key' => '','type' => 'hidden','name' => 'id', 'default' => $idr),
array('key' => 'Attachments', 'type' => 'file', 'name' => 'file', 'default' => '')
), '/api/comment.php');
}
$qs = parse_url($_SERVER['REQUEST_URI']);
$qs = parse_url($_SERVER['REQUEST_URI']);
if (is_null($qs)) $qs = array('query' => '?');
$qsq = $qs['query'];
if (is_null($qs)) {
$qs = array('query' => '?');
}
$qsq = $qs['query'];
$qss = array();
parse_str($qsq,$qss);
$qss = array();
$qss['page'] = $page + 1;
$qs_next = http_build_query($qss);
$qss['page'] = $page - 1;
$qs_prev = http_build_query($qss);
$qss['page'] = $page;
$qss['mode'] = 'all';
$qs_1 = http_build_query($qss);
parse_str($qsq, $qss);
$qss['mode'] = 'followers';
$qs_2 = http_build_query($qss);
?>
$qss['page'] = $page + 1;
$qs_next = http_build_query($qss);
$qss['page'] = $page - 1;
$qs_prev = http_build_query($qss);
$qss['page'] = $page;
$qss['mode'] = 'all';
$qs_1 = http_build_query($qss);
$qss['mode'] = 'followers';
$qs_2 = http_build_query($qss);
?>
<div>
<a class="form-button" href="?<?php echo $qs_1 ?>">Everyone</a>
<a class="form-button" href="?<?php echo $qs_2 ?>">Following</a>
</div>
<div>
<?php if ($page > 0) { ?>
<a class="form-button" href="?<?php echo $qs_prev ?>">Previous</a>
@ -44,60 +51,58 @@
<a class="form-button" href="?<?php echo $qs_next ?>">Next</a>
</div>
<div>
<a class="form-button" href="?<?php echo $qs_1 ?>">Everyone</a>
<a class="form-button" href="?<?php echo $qs_2 ?>">Following</a>
</div>
<?php
$posts = array();
$posts = array();
$theId = $idr;
$theId = $idr;
while (true) {
$stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
$stmt->execute([
$theId
]);
$posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
if (is_null($posts1) || count($posts1) < 1) break;
$theId = $posts1[0]['targetid'];
$posts = array_merge($posts1,$posts);
}
while (true) {
$stmt = $db->prepare("SELECT * FROM comment WHERE id = ? ORDER BY date DESC");
$stmt->execute([
$theId
]);
$posts1 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
if (is_null($posts1) || count($posts1) < 1) {
break;
}
$theId = $posts1[0]['targetid'];
$posts = array_merge($posts1, $posts);
}
if ($mode == 'all') {
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? ORDER BY date DESC LIMIT ? OFFSET ?");
$stmt->execute([
$typer,
$idr,
10,
$page * 10
]);
} else {
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? AND username IN (SELECT username FROM main.follow WHERE target = ?) ORDER BY date DESC LIMIT ? OFFSET ?");
$stmt->execute([
$typer,
$idr,
$username,
10,
$page * 10
]);
}
$posts2 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
if ($mode == 'all') {
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? ORDER BY date DESC LIMIT ? OFFSET ?");
$stmt->execute([
$typer,
$idr,
10,
$page * 10
]);
} else {
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? AND username IN (SELECT username FROM main.follow WHERE target = ?) ORDER BY date DESC LIMIT ? OFFSET ?");
$stmt->execute([
$typer,
$idr,
$username,
10,
$page * 10
]);
}
$edge = count($posts);
$posts = array_merge($posts,$posts2);
$posts2 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
?>
$edge = count($posts);
$posts = array_merge($posts, $posts2);
?>
<meta property="og:title" content="NewBiglyChat" />
<meta property="og:type" content="article" />
<meta property="og:url" content="<?php echo "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]" ?>" />
<meta property="og:description" content="<?php echo htmlspecialchars($posts[$edge - 1]['content']) ?>" />
<meta property="og:image" content="https://nbg.dervland.net/img/newlogo.svg" />
<?php
foreach ($posts as $key => $post) {
if ($key == $edge) { ?>
foreach ($posts as $key => $post) {
if ($key == $edge) { ?>
<h2>Replies</h2>
<?php } ?>
<div class='comment'>
@ -111,7 +116,7 @@
</b></div>
<div><b>
<a class='link' href='/comment.php?id=<?php echo $post['id'] ?>'>
<?php echo date(DATE_RFC2822,$post['date'] + $ref) ?>
<?php echo date(DATE_RFC2822, $post['date'] + $ref) ?>
</a>
</b></div>
</div>
@ -120,5 +125,5 @@
<a class="clickie" href="/comment.php?id=<?php echo $post['id']?>"><img class="header-img header-link" src="/img/mail.svg">Replies</a>
</div>
<?php }
}
}
?>

5
libs/form.php
View file

@ -1,5 +1,6 @@
<?php
function form($title, $form_message, $inputs, $action = '') { ?>
function form($title, $form_message, $inputs, $action = '')
{ ?>
<form class='form' enctype="multipart/form-data" method="POST" action="<?php echo $action ?>">
<h1 class="form-heading">
<?php echo $title ?>
@ -8,7 +9,7 @@
<?php echo htmlspecialchars($form_message) ?>
</span>
<?php
foreach ($inputs as $kv) { ?>
foreach ($inputs as $kv) { ?>
<span class='form-key'>
<?php echo htmlspecialchars($kv['key']) ?>
</span>

83
libs/markdown.php
View file

@ -1,43 +1,44 @@
<?php
function markdown($text) {
$search = array (
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(png|jpg|jpeg|gif))~i',
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(mp3|wav))~i',
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(webm|mp4))~i',
//'~(https://studio\.penguinmod\.com/[^\s<?#]*[#]([^\s<]*))~i',
//'~(https://studio\.penguinmod\.com/[^\s<?#]*[?#]?([^\s<#]*)[#]?([^\s<]*))~i',
'~(?:\s|^)(?:(https?)://([^\s<]+)|(www\.[^\s<]+?\.[^\s<]+))(?<![\.,:])~i',
'~(?:@)([^\s]+)(?:\s|$)~i',
'~(\[b\])(.*?)(\[\/b\])~i',
'~(\[i\])(.*?)(\[\/i\])~i',
'~(\[u\])(.*?)(\[\/u\])~i',
'~(\[ul\])(.*?)(\[\/ul\])~i',
'~(\[li\])(.*?)(\[\/li\])~i',
'~(\[h\])(.*?)(\[\/h\])~i',
'~(\[url=)(.*?)(\])(.*?)(\[\/url\])~i',
'~(\[url\])(.*?)(\[\/url\])~i'
);
$replace = array (
'<a class="link" href="$1" target="_blank"><div>$1</div><img src="$1" class="img"></a>',
'<a class="link" href="$1" target="_blank"><div>$1</div><audio controls src="$1"></a>',
'<a class="link" href="$1" target="_blank"><div>$1</div><video controls class="img"><source src="$1"/></video></a>',
//'https://studio.penguinmod.com/?#$2',
//'<a class="link" href="$1" target="_blank"><div>$1</div><iframe src="https://studio.penguinmod.com/embed?$2#$3"></iframe></a>',
'<a class="link" href="$0" target="_blank">$0</a>',
'<a class="link" href="/user.php?id=$1" target="_blank">@$1</a>',
'<strong>$2</strong>',
'<em>$2</em>',
'<u>$2</u>',
'<ul>$2</ul>',
'<li>$2</li>',
'<h2>$2</h2>',
'<a class="link" href="$2" target="_blank">$4</a>',
'<a class="link" href="$2" target="_blank">$2</a>'
);
$text = preg_replace($search, $replace, $text);
return $text;
}
function markdown($text)
{
$search = array(
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(png|jpg|jpeg|gif))~i',
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(mp3|wav))~i',
'~(https://[^.]+\.dervland\.net/[^\s<]+\.(webm|mp4))~i',
//'~(https://studio\.penguinmod\.com/[^\s<?#]*[#]([^\s<]*))~i',
//'~(https://studio\.penguinmod\.com/[^\s<?#]*[?#]?([^\s<#]*)[#]?([^\s<]*))~i',
'~(?:\s|^)(?:(https?)://([^\s<]+)|(www\.[^\s<]+?\.[^\s<]+))(?<![\.,:])~i',
'~(?:@)([^\s]+)(?:\s|$)~i',
'~(\[b\])(.*?)(\[\/b\])~i',
'~(\[i\])(.*?)(\[\/i\])~i',
'~(\[u\])(.*?)(\[\/u\])~i',
'~(\[ul\])(.*?)(\[\/ul\])~i',
'~(\[li\])(.*?)(\[\/li\])~i',
'~(\[h\])(.*?)(\[\/h\])~i',
'~(\[url=)(.*?)(\])(.*?)(\[\/url\])~i',
'~(\[url\])(.*?)(\[\/url\])~i'
);
$replace = array(
'<a class="link" href="$1" target="_blank"><div>$1</div><img src="$1" class="img"></a>',
'<a class="link" href="$1" target="_blank"><div>$1</div><audio controls src="$1"></a>',
'<a class="link" href="$1" target="_blank"><div>$1</div><video controls class="img"><source src="$1"/></video></a>',
//'https://studio.penguinmod.com/?#$2',
//'<a class="link" href="$1" target="_blank"><div>$1</div><iframe src="https://studio.penguinmod.com/embed?$2#$3"></iframe></a>',
'<a class="link" href="$0" target="_blank">$0</a>',
'<a class="link" href="/user.php?id=$1" target="_blank">@$1</a>',
'<strong>$2</strong>',
'<em>$2</em>',
'<u>$2</u>',
'<ul>$2</ul>',
'<li>$2</li>',
'<h2>$2</h2>',
'<a class="link" href="$2" target="_blank">$4</a>',
'<a class="link" href="$2" target="_blank">$2</a>'
);
$text = preg_replace($search, $replace, $text);
return $text;
}
?>

78
libs/page.php
View file

@ -1,43 +1,45 @@
<?php
require(__DIR__ . "/auth.php");
require(__DIR__ . "/auth.php");
global $username;
function page_header()
{
global $db;
global $username;
function page_header() {
global $db;
global $username;
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? ORDER BY date DESC");
$stmt->execute([
"notification",
$username,
]);
$posts2 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$stmt = $db->prepare("SELECT * FROM comment WHERE targetType = ? AND targetId = ? ORDER BY date DESC");
$stmt->execute([
"notification",
$username,
]);
$edge = count($posts2);
?>
<!DOCTYPE html>
<html>
<head>
<title>BiglyChat</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1">
<link rel="icon" href="/img/bgc.svg">
$posts2 = $stmt->fetchAll(PDO::FETCH_DEFAULT);
$edge = count($posts2);
?>
<!DOCTYPE html>
<html>
<head>
<title>BiglyChat</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1">
<link rel="icon" href="/img/bgc.svg">
<link rel="stylesheet" href="/css/main.css">
</head>
<body>
<div class="header">
<a href="/"><img class="header-img header-link" src="/img/bgc.svg">BiglyChat</a>
<?php
if (isset($username)) { ?>
<a href="/user.php?id=<?php echo $username ?>"><img class="header-img header-link" src="/img/home.svg">Home</a>
<a href="/notif.php"> <img class="header-img header-link" src="/img/mail.svg"><span>Mail<sub> <?php echo $edge?></sub></span></a>
<a href="/logout.php"><img class="header-img header-link" src="/img/logout.svg">Leave</a>
<?php } else { ?>
<a href="/login.php"><img class="header-img header-link" src="/img/home.svg">Join</a>
<?php }
?>
</div>
<?php }
function page_footer() { ?>
</body>
</html>
<?php }
</head>
<body>
<div class="header">
<a href="/"><img class="header-img header-link" src="/img/bgc.svg">BiglyChat</a>
<?php if (isset($username)) { ?>
<a href="/user.php?id=<?php echo $username ?>"><img class="header-img header-link" src="/pfp/<?php echo $username ?>.png">Wall</a>
<a href="/notif.php"> <img class="header-img header-link" src="/img/mail.svg"><span>Mail<sub> <?php echo $edge?></sub></span></a>
<a href="/stats.php?username=<?php echo $username ?>"><img class="header-img header-link" src="/img/home.svg">Users</a>
<a href="/logout.php"><img class="header-img header-link" src="/img/logout.svg">Leave</a>
<?php } else { ?>
<a href="/login.php"><img class="header-img header-link" src="/img/home.svg">Join</a>
<a href="/stats.php"><img class="header-img header-link" src="/img/home.svg">Users</a>
<?php }
?>
</div>
<?php }
function page_footer()
{ ?>
</body>
</html>
<?php }
?>

20
scripts/init.php
View file

@ -1,11 +1,11 @@
<?php
require(__DIR__ . "/../libs/test_secret.php");
global $db;
$sql = file_get_contents('../scripts/init.sql', true);
$db->exec($sql);
echo "Database was set up.";
?>
require(__DIR__ . "/../libs/test_secret.php");
global $db;
$sql = file_get_contents('../scripts/init.sql', true);
$db->exec($sql);
echo "Database was set up.";