1
0
Fork 0

Wide ranging updates to most areas of the system

This commit is contained in:
sloum 2023-12-20 15:54:57 -08:00
parent f7da5f4969
commit 136e826e95
13 changed files with 284 additions and 32 deletions

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
posts/*
media/*
blog_pass_hash.txt

View File

@ -1,20 +1,20 @@
<?php
$logged_in = $_COOKIE["checkin"] ?? null;
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
header("Location: /blog_log.php");
die();
}
include_once "logcheck.php";
$post_success = $_GET["success"] ?? null;
// Get the file list
$files = array_values( array_diff( scandir( "./posts" ), array('..', '.')));
rsort($files);
rsort( $files );
$media_files = array_values ( array_diff( scandir( "./media" ), ["..", "."] ) );
sort( $media_files );
include_once "common.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Administration</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
header, main{width:90%;max-width:900px;margin:2em auto}
hr.small-divider{width:25%;margin: 2em auto}
@ -23,13 +23,12 @@
table{width:calc(100% - 1em)}
.error{background:darkred;color:pink}
ul.inline li{display:inline-block; margin:0}
ul.inline li:not(:last-child)::after{content: ' | '}
ul.inline.pipe li:not(:last-child)::after{content: ' | '}
ul.list-style-none{list-style:none;margin:0;padding:0}
header ul.inline{position:absolute;top:0;right:2em;margin:0}
header ul.inline li{background:#333;color:#DDD;border-radius:0 0 10px 10px;padding:0.5em;margin:0 5px}
header ul.inline li a{color:#DDD;text-decoration:none}
header ul.inline li::after{content:'' !important}
.post-list tbody tr:nth-child(odd){background-color: #DDD}
tbody tr:nth-child(odd){background-color: #DDD}
td{padding-left:1em}
details {border: 1px solid #aaa;border-radius: 4px;padding: 0.5em 0.5em 0}
summary {font-weight: bold;margin: -0.5em -0.5em 0;padding: 0.5em}
@ -57,6 +56,35 @@
<p><a href="/post.php?f=<?php echo $files[0]; ?>">New post</a> successfully added!</p>
<?php elseif ( $post_success === "2" ): ?>
<p>File updated successfully!</p>
<?php elseif ( $post_success === "3" ): ?>
<p>Media uploaded successfully!</p>
<?php elseif ( $post_success === "4" ): ?>
<div class="error">
<h2>Error</h2>
<p>Your media upload was too large (&gt; 1.5mb)</p>
</div>
<?php elseif ( $post_success === "5" ): ?>
<div class="error">
<h2>Error</h2>
<p>
Your media upload was <em>not</em> a supported file type:
<ul>
<li>azw3</li>
<li>css</li>
<li>epub</li>
<li>gif</li>
<li>html</li>
<li>jpeg</li>
<li>jpg</li>
<li>mobi</li>
<li>pdf</li>
<li>png</li>
<li>svg</li>
</ul>
</p>
</div>
<?php elseif ( $post_success === "6" ): ?>
<p>Deletion was successful!</p>
<?php endif; ?>
<details>
<summary>New Post</summary>
@ -93,9 +121,9 @@
<td>$link</td>
<td>{$parts["time"]}</td>
<td>
<ul class="inline list-style-none">
<ul class="inline list-style-none pipe">
<li><a href="edit.php?file=posts%2F$del">Edit</a></li>
<li><a href="delete_post.php?f=$del">Delete</a></li>
<li><a href="delete_data.php?f=$del&k=posts">Delete</a></li>
</ul>
</td>
</tr>
@ -108,11 +136,50 @@ HTML;
</details>
<hr class="small-divider">
<details>
<summary>Misc.</summary>
<summary>Site Actions</summary>
<ul>
<li><a href="edit.php?file=css%2Fstyle.css">Edit CSS</a></li>
</ul>
</details>
<hr class="small-divider">
<details>
<summary>Upload Media</summary>
<form action="/upload.php" method="post" enctype="multipart/form-data">
<h2>New Media</h2>
<p>
<label>File: <input type="file" name="mediaUpload"></label>
</p>
<input type="submit" value="Submit">
</form>
</details>
<hr class="small-divider">
<details class="media-list">
<summary>Media Files</summary>
<table>
<thead>
<tr>
<th>File</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
foreach( $media_files as $f ) {
$link = make_post_link( $f, false );
$out = <<<HTML
<tr>
<td>$link</td>
<td>
<a href="delete_data.php?f=$f&k=media">Delete</a>
</td>
</tr>
HTML;
echo $out;
}
?>
</tbody>
</table>
</details>
</main>
</body>
</html>

View File

@ -6,9 +6,10 @@
header("Location: /admin.php");
die();
}
$secret = $_POST["secret"] ?? null;
if ( $secret ) {
$secret = hash( "sha256", $secret );
$user = $_POST["user"] ?? null;
$pass = $_POST["password"] ?? null;
if ( $pass && $user ) {
$secret = hash( "sha256", $user . $secret );
if ( $secret ) {
$current = file_get_contents( PW_FILE );
if ( $current) {
@ -34,17 +35,43 @@
<html lang="en">
<head>
<title>A secret opens the door</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
form{width:400px;max-width:80%;margin:2em auto}
.slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
input:focus{border-color:#333}
.logo{width:300px;max-width:60%;margin:3em auto 0em}
img{width:100%}
h1{text-align:center;font-size:1.5rem}
</style>
</head>
<body>
<div class="logo">
<img src="chickadee.svg">
</div>
<div>
<?php if ( $invalid ): ?>
<p id="error-message">
An invalid secret was whispered.
An invalid username or password was given.
</p>
<?php endif; ?>
<div class="slant"></div>
<form action="/blog_log.php" method="post">
<label>Whisper a secret&mldr; <input type="password" name="secret" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
<h1>Log In</h1>
<p>
<label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
</p>
<p>
<label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
</p>
<p>
<input type="submit" value="Submit">
</p>
</form>
<div class="slant"></div>
</div>
</body>
</html>

54
chickadee.svg Normal file

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 392 KiB

View File

@ -1,12 +1,16 @@
<?php
function make_post_link( $a ) {
$parts = split_filename( $a );
return sprintf(
'<a href="post.php?f=%s">%s</a>',
$parts["encoded"],
$parts["title"]
);
function make_post_link( $a, $post=true ) {
if ( $post ) {
$parts = split_filename( $a );
return sprintf(
'<a href="post.php?f=%s">%s</a>',
$parts["encoded"],
$parts["title"]
);
} else {
return '<a href="media/' . $a . '" target="_blank">media/' . $a . '</a>';
}
}
function title_from_filename( $fn ) {

View File

@ -1,5 +1,10 @@
<?php
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
header("Location: 404.php");
die();
}
/*
* This will appear in the header and title
* for much of the site.
@ -39,4 +44,4 @@ const SITE_FOOTER = false;
/*
* Change the base language of your site here.
*/
const LANG = "en";
const SITE_LANG = "en";

View File

@ -16,3 +16,5 @@ body.post main h4,
body.post main h5,
body.post main h6{font-family:serif}
body.post main{max-width:900px}
img{max-width:100%}

35
delete_data.php Normal file
View File

@ -0,0 +1,35 @@
<?php
include_once "logcheck.php";
$file = $_GET["f"] ?? null;
$kind = $_GET["k"] ?? null;
// Err if all parts didnt arrive
if ( !file || !$kind ) {
header("Location: /admin.php?success=0");
die();
}
// Err if not a valid prefix
if ( $kind !== "media" && $kind !== "posts" ) {
header("Location: /admin.php?success=0");
die();
}
$path = realpath( $kind . "/" . $file );
// Err if file does not exist
if ( !file_exists($path) ) {
error_log( "File does not exist: " . $path );
header("Location: /admin.php?success=0");
die();
}
if ( is_writable( $path ) ) {
$success = unlink( $path ) ? "6" : "0";
header("Location: /admin.php?success=" . $success);
die();
} else {
error_log( "File not writable: " . $path );
header("Location: /admin.php?success=0");
die();
}

View File

@ -1,9 +1,5 @@
<?php
$logged_in = $_COOKIE["checkin"] ?? null;
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
header("Location: /blog_log.php");
die();
}
include_once "logcheck.php";
include_once "common.php";
$update = $_POST["data"] ?? null;
@ -46,6 +42,7 @@
<html lang="en">
<head>
<title>Administration - Edit</title>
<meta charset="utf-8">
<style>
header, main{width:90%;max-width:900px;margin:2em auto}
hr.small-divider{width:25%;margin: 2em auto}

View File

@ -6,9 +6,11 @@
include_once "config.php";
?>
<!DOCTYPE html>
<html lang="en">
<html lang="<?php echo SITE_LANG; ?>">
<head>
<title><?php echo SITE_NAME; ?></title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/css/style.css">
<link rel="stylesheet" href="/css/admin-bar.css">
</head>

12
logcheck.php Normal file
View File

@ -0,0 +1,12 @@
<?php
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
header("Location: 404.php");
die();
}
$logged_in = $_COOKIE["checkin"] ?? null;
if ( !$logged_in || $logged_in != "waiting for expiry" ) {
header("Location: /blog_log.php");
die();
}

View File

@ -1,4 +1,5 @@
<?php
include_once "logcheck.php";
include_once "common.php";
include_once "config.php";
$f = $_GET["f"] ?? null;
@ -16,11 +17,13 @@
$html = Parsedown::instance()->text( $data );
?>
<!DOCTYPE html>
<html lang="en">
<html lang="<?php echo SITE_LANG; ?>">
<head>
<title><?php echo $parts["title"]; ?></title>
<link rel="stylesheet" href="/css/style.css">
<link rel="stylesheet" href="/css/admin-bar.css">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body class="post">
<?php include_once "admin-bar-partial.php"; ?>

43
upload.php Normal file
View File

@ -0,0 +1,43 @@
<?php
include_once "logcheck.php";
error_log("Upload");
$f = $_FILES["mediaUpload"] ?? null;
if ( !$f ) {
header("Location: admin.php?success=0");
die();
}
error_log("Got file");
$target_dir = "media/";
$target_file = $target_dir . urlencode(basename( $f["name"] ) );
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
$check = getimagesize($f["tmp_name"]);
if($check !== false) {
if ( file_exists( $target_file ) ) {
// Check if file already exists
$uploadOk = "0";
} else if ($f["size"] > 1500000) {
// Check file size
$uploadOk = "4";
} else if(
!in_array(
$imageFileType,
["svg", "jpg", "jpeg", "png", "gif", "pdf",
"epub", "azw3", "mobi", "html", "css" ]
)){
$uploadOk = 5;
} else {
$done = move_uploaded_file($f["tmp_name"], $target_file);
if ( $done ) {
$uploadOk = "3";
} else {
$uploadOk = "0";
}
}
}
header("Location: admin.php?success=" . $uploadOk);
die();