Wide ranging updates to most areas of the system

.gitignore

@@ -1,2 +1,3 @@
 posts/*
+media/*
 blog_pass_hash.txt

admin.php

@@ -1,20 +1,20 @@
 <?php
-  $logged_in = $_COOKIE["checkin"] ?? null;
-  if ( !$logged_in || $logged_in != "waiting for expiry" ) {
-    header("Location: /blog_log.php");
-    die();
-  }
+  include_once "logcheck.php";
   $post_success = $_GET["success"] ?? null;
 
   // Get the file list
   $files = array_values( array_diff( scandir( "./posts" ), array('..', '.')));
-  rsort($files);
+  rsort( $files );
+  $media_files = array_values ( array_diff( scandir( "./media" ), ["..", "."] ) );
+  sort( $media_files );
   include_once "common.php";
 ?>
 <!DOCTYPE html>
 <html lang="en">
   <head>
     <title>Administration</title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
     <style>
       header, main{width:90%;max-width:900px;margin:2em auto}
       hr.small-divider{width:25%;margin: 2em auto}
@@ -23,13 +23,12 @@
       table{width:calc(100% - 1em)}
       .error{background:darkred;color:pink}
       ul.inline li{display:inline-block; margin:0}
-      ul.inline li:not(:last-child)::after{content: ' | '}
+      ul.inline.pipe li:not(:last-child)::after{content: ' | '}
       ul.list-style-none{list-style:none;margin:0;padding:0}
       header ul.inline{position:absolute;top:0;right:2em;margin:0}
       header ul.inline li{background:#333;color:#DDD;border-radius:0 0 10px 10px;padding:0.5em;margin:0 5px}
       header ul.inline li a{color:#DDD;text-decoration:none}
-      header ul.inline li::after{content:'' !important}
-      .post-list tbody tr:nth-child(odd){background-color: #DDD}
+      tbody tr:nth-child(odd){background-color: #DDD}
       td{padding-left:1em}
       details {border: 1px solid #aaa;border-radius: 4px;padding: 0.5em 0.5em 0}
       summary {font-weight: bold;margin: -0.5em -0.5em 0;padding: 0.5em}
@@ -57,6 +56,35 @@
       <p><a href="/post.php?f=<?php echo $files[0]; ?>">New post</a> successfully added!</p>
       <?php elseif ( $post_success === "2" ): ?>
       <p>File updated successfully!</p>
+      <?php elseif ( $post_success === "3" ): ?>
+      <p>Media uploaded successfully!</p>
+      <?php elseif ( $post_success === "4" ): ?>
+        <div class="error">
+          <h2>Error</h2>
+          <p>Your media upload was too large (&gt; 1.5mb)</p>
+        </div>
+      <?php elseif ( $post_success === "5" ): ?>
+        <div class="error">
+          <h2>Error</h2>
+          <p>
+						Your media upload was <em>not</em> a supported file type:
+						<ul>
+              <li>azw3</li>
+              <li>css</li>
+              <li>epub</li>
+              <li>gif</li>
+              <li>html</li>
+              <li>jpeg</li>
+              <li>jpg</li>
+              <li>mobi</li>
+              <li>pdf</li>
+              <li>png</li>
+              <li>svg</li>
+            </ul>
+          </p>
+        </div>
+      <?php elseif ( $post_success === "6" ): ?>
+      <p>Deletion was successful!</p>
       <?php endif; ?>
       <details>
         <summary>New Post</summary>
@@ -93,9 +121,9 @@
                   <td>$link</td>
                   <td>{$parts["time"]}</td>
                   <td>
-                    <ul class="inline list-style-none">
+                    <ul class="inline list-style-none pipe">
                       <li><a href="edit.php?file=posts%2F$del">Edit</a></li>
-                      <li><a href="delete_post.php?f=$del">Delete</a></li>
+                      <li><a href="delete_data.php?f=$del&k=posts">Delete</a></li>
                     </ul>
                   </td>
                 </tr>
@@ -108,11 +136,50 @@ HTML;
       </details>
       <hr class="small-divider">
       <details>
-        <summary>Misc.</summary>
+        <summary>Site Actions</summary>
         <ul>
           <li><a href="edit.php?file=css%2Fstyle.css">Edit CSS</a></li>
         </ul>
       </details>
+      <hr class="small-divider">
+      <details>
+        <summary>Upload Media</summary>
+        <form action="/upload.php" method="post" enctype="multipart/form-data">
+          <h2>New Media</h2>
+          <p>
+            <label>File: <input type="file" name="mediaUpload"></label>
+          </p>
+          <input type="submit" value="Submit">
+        </form>
+      </details>
+      <hr class="small-divider">
+      <details class="media-list">
+        <summary>Media Files</summary>
+        <table>
+          <thead>
+            <tr>
+              <th>File</th>
+              <th>Delete</th>
+            </tr>
+          </thead>
+          <tbody>
+            <?php
+              foreach( $media_files as $f ) {
+                $link = make_post_link( $f, false );
+                $out = <<<HTML
+                <tr>
+                  <td>$link</td>
+                  <td>
+                    <a href="delete_data.php?f=$f&k=media">Delete</a>
+                  </td>
+                </tr>
+HTML;
+                echo $out;
+              }
+            ?>
+          </tbody>
+        </table>
+      </details>
     </main>
   </body>
 </html>

blog_log.php

@@ -6,9 +6,10 @@
     header("Location: /admin.php");
     die();
   }
-  $secret = $_POST["secret"] ?? null;
-  if ( $secret ) {
-    $secret = hash( "sha256", $secret );
+  $user = $_POST["user"] ?? null;
+  $pass = $_POST["password"] ?? null;
+  if ( $pass && $user ) {
+    $secret = hash( "sha256", $user . $secret );
     if ( $secret ) {
       $current = file_get_contents( PW_FILE );
       if ( $current) {
@@ -34,17 +35,43 @@
 <html lang="en">
   <head>
     <title>A secret opens the door</title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+      form{width:400px;max-width:80%;margin:2em auto}
+      .slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
+      input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
+      input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
+      input:focus{border-color:#333}
+      .logo{width:300px;max-width:60%;margin:3em auto 0em}
+      img{width:100%}
+      h1{text-align:center;font-size:1.5rem}
+    </style>
   </head>
   <body>
+    <div class="logo">
+      <img src="chickadee.svg">
+    </div>
     <div>
       <?php if ( $invalid ): ?>
         <p id="error-message">
-          An invalid secret was whispered.
+          An invalid username or password was given.
         </p>
       <?php endif; ?>
+      <div class="slant"></div>
       <form action="/blog_log.php" method="post">
-        <label>Whisper a secret&mldr; <input type="password" name="secret" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
+        <h1>Log In</h1>
+        <p>
+          <label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
+        </p>
+        <p>
+          <label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
+        </p>
+        <p>
+          <input type="submit" value="Submit">
+        </p>
       </form>
+      <div class="slant"></div>
     </div>
   </body>
 </html>

common.php

@@ -1,12 +1,16 @@
 <?php
 
-function make_post_link( $a ) {
-  $parts = split_filename( $a );
-  return sprintf(
-    '<a href="post.php?f=%s">%s</a>',
-    $parts["encoded"],
-    $parts["title"]
-  );
+function make_post_link( $a, $post=true ) {
+  if ( $post ) {
+    $parts = split_filename( $a );
+    return sprintf(
+      '<a href="post.php?f=%s">%s</a>',
+      $parts["encoded"],
+      $parts["title"]
+    );
+  } else {
+    return '<a href="media/' . $a . '" target="_blank">media/' . $a . '</a>'; 
+  }
 }
 
 function title_from_filename( $fn ) {

config.php

@@ -1,5 +1,10 @@
 <?php
 
+if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
+  header("Location: 404.php");
+  die();
+}
+
 /*
  * This will appear in the header and title
  * for much of the site.
@@ -39,4 +44,4 @@ const SITE_FOOTER = false;
 /*
  * Change the base language of your site here.
  */
-const LANG = "en";
+const SITE_LANG = "en";

css/style.css

@@ -16,3 +16,5 @@ body.post main h4,
 body.post main h5,
 body.post main h6{font-family:serif}
 body.post main{max-width:900px}
+
+img{max-width:100%}

delete_data.php

@@ -0,0 +1,35 @@
+<?php
+include_once "logcheck.php";
+$file = $_GET["f"] ?? null;
+$kind = $_GET["k"] ?? null;
+
+// Err if all parts didnt arrive
+if ( !file || !$kind ) {
+	header("Location: /admin.php?success=0");
+	die();
+}
+
+// Err if not a valid prefix
+if ( $kind !== "media" && $kind !== "posts" ) {
+	header("Location: /admin.php?success=0");
+	die();
+}
+
+$path = realpath( $kind . "/" . $file );
+
+// Err if file does not exist
+if ( !file_exists($path) ) {
+	error_log( "File does not exist: " . $path );
+	header("Location: /admin.php?success=0");
+	die();
+}
+
+if ( is_writable( $path ) ) {
+	$success = unlink( $path ) ? "6" : "0";
+	header("Location: /admin.php?success=" . $success);
+	die();
+} else {
+	error_log( "File not writable: " . $path );
+	header("Location: /admin.php?success=0");
+	die();
+}

edit.php

@@ -1,9 +1,5 @@
 <?php
-  $logged_in = $_COOKIE["checkin"] ?? null;
-  if ( !$logged_in || $logged_in != "waiting for expiry" ) {
-    header("Location: /blog_log.php");
-    die();
-  }
+  include_once "logcheck.php";
   include_once "common.php";
 
   $update = $_POST["data"] ?? null;
@@ -46,6 +42,7 @@
 <html lang="en">
   <head>
     <title>Administration - Edit</title>
+    <meta charset="utf-8">
     <style>
       header, main{width:90%;max-width:900px;margin:2em auto}
       hr.small-divider{width:25%;margin: 2em auto}

index.php

@@ -6,9 +6,11 @@
   include_once "config.php";
 ?>
 <!DOCTYPE html>
-<html lang="en">
+<html lang="<?php echo SITE_LANG; ?>">
   <head>
     <title><?php echo SITE_NAME; ?></title>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
     <link rel="stylesheet" href="/css/style.css">
     <link rel="stylesheet" href="/css/admin-bar.css">
   </head>

logcheck.php

@@ -0,0 +1,12 @@
+<?php
+
+if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
+  header("Location: 404.php");
+  die();
+}
+
+$logged_in = $_COOKIE["checkin"] ?? null;
+if ( !$logged_in || $logged_in != "waiting for expiry" ) {
+  header("Location: /blog_log.php");
+  die();
+}

post.php

@@ -1,4 +1,5 @@
 <?php
+  include_once "logcheck.php";
   include_once "common.php";
   include_once "config.php";
   $f = $_GET["f"] ?? null;
@@ -16,11 +17,13 @@
 	$html = Parsedown::instance()->text( $data );
 ?>
 <!DOCTYPE html>
-<html lang="en">
+<html lang="<?php echo SITE_LANG; ?>">
   <head>
     <title><?php echo $parts["title"]; ?></title>
     <link rel="stylesheet" href="/css/style.css">
     <link rel="stylesheet" href="/css/admin-bar.css">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
   </head>
   <body class="post">
     <?php include_once "admin-bar-partial.php"; ?>

upload.php

@@ -0,0 +1,43 @@
+<?php
+include_once "logcheck.php";
+
+error_log("Upload");
+$f = $_FILES["mediaUpload"] ?? null;
+if ( !$f ) {
+  header("Location: admin.php?success=0");
+  die();
+}
+error_log("Got file");
+
+$target_dir = "media/";
+$target_file = $target_dir . urlencode(basename( $f["name"] ) );
+$uploadOk = 1;
+$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
+// Check if image file is a actual image or fake image
+$check = getimagesize($f["tmp_name"]);
+if($check !== false) {
+  if ( file_exists( $target_file ) ) {
+    // Check if file already exists
+    $uploadOk = "0";
+  } else if ($f["size"] > 1500000) {
+    // Check file size
+    $uploadOk = "4";
+	} else if(
+    !in_array( 
+      $imageFileType,
+      ["svg", "jpg", "jpeg", "png", "gif", "pdf",
+      "epub", "azw3", "mobi", "html", "css" ]
+    )){
+		$uploadOk = 5;
+  } else {
+    $done = move_uploaded_file($f["tmp_name"], $target_file);
+    if ( $done ) {
+      $uploadOk = "3";
+    } else {
+      $uploadOk = "0";
+    }
+  }
+}
+
+header("Location: admin.php?success=" . $uploadOk);
+die();