Commit aa227685 authored by Stephan Kreutzer's avatar Stephan Kreutzer

prototype-6 added.

parent 8547d527
Stephan Kreutzer, Bahnhofstraße 71, 74321 Bietigheim-Bissingen, GERMANY (https://skreutzer.de, <[email protected]>).
Christian Huke, Steinhalderstraße 12, 66999 Hinterweidenthal, GERMANY (<[email protected]>).
This diff is collapsed.
This diff is collapsed.
/* Copyright (C) 2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
"use strict";
function LoadInputControl(idEntry)
{
let updateControlDiv = document.getElementById('update_control');
let entryTextSpan = document.getElementById("entry_text");
if (updateControlDiv == null ||
entryTextSpan == null)
{
return -1;
}
for (let i = updateControlDiv.childNodes.length - 1; i >= 0; i--)
{
removeNode(updateControlDiv.childNodes[i], updateControlDiv);
}
if (idEntry > 0)
{
let form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "entry.php?id=" + idEntry);
let fieldset = document.createElement("fieldset");
let textarea = document.createElement("textarea");
textarea.setAttribute("name", "text");
textarea.setAttribute("rows", "24");
textarea.setAttribute("cols", "80");
{
let textareaText = document.createTextNode(entryTextSpan.innerText);
textarea.appendChild(textareaText);
}
let submit = document.createElement("input");
submit.setAttribute("type", "submit");
submit.setAttribute("name", "submit");
submit.setAttribute("value", "Update");
let cancel = document.createElement("input");
cancel.setAttribute("type", "button");
cancel.setAttribute("onclick", "LoadInputControl(0);");
cancel.setAttribute("value", "Cancel");
fieldset.appendChild(textarea);
fieldset.appendChild(submit);
fieldset.appendChild(cancel);
form.appendChild(fieldset);
updateControlDiv.appendChild(form);
}
return 0;
}
function ToggleRevisions()
{
let revisionsDiv = document.getElementById("revisions");
if (revisionsDiv == null)
{
return -1;
}
if (revisionsDiv.style.display === "block")
{
revisionsDiv.style.display = "none";
}
else
{
revisionsDiv.style.display = "block";
}
return 0;
}
// Stupid JavaScript has a cloneNode(deep), but no removeNode(deep).
function removeNode(element, parent)
{
// TODO: Reverse delete for performance.
while (element.hasChildNodes == true)
{
removeNode(element.lastChild, element);
}
parent.removeChild(element);
}
<?php
/* Copyright (C) 2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file $/web/index.php
* @author Stephan Kreutzer
* @since 2019-07-28
*/
require_once("./libraries/https.inc.php");
if (empty($_SESSION) === true)
{
@session_start();
}
if (isset($_POST['logout']) === true &&
isset($_SESSION['user_id']) === true)
{
$_SESSION = array();
if (isset($_COOKIE[session_name()]) == true)
{
setcookie(session_name(), '', time()-42000, '/');
}
}
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".
"<!DOCTYPE html\n".
" PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\n".
" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n".
"<html version=\"-//W3C//DTD XHTML 1.1//EN\" xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.w3.org/1999/xhtml http://www.w3.org/MarkUp/SCHEMA/xhtml11.xsd\" xml:lang=\"en\" lang=\"en\">\n".
" <head>\n".
" <meta http-equiv=\"content-type\" content=\"application/xhtml+xml; charset=UTF-8\"/>\n".
" <title>GBA</title>\n".
" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"/>\n".
" <style type=\"text/css\">\n".
" body\n".
" {\n".
" font-family: monospace;\n".
" }\n".
" </style>\n".
" </head>\n".
" <body>\n";
if (isset($_POST['name']) !== true ||
isset($_POST['password']) !== true)
{
echo " <div>\n".
" <h1>GBA</h1>\n".
" <div>\n";
if (isset($_POST['install_done']) == true)
{
if (@unlink(dirname(__FILE__)."/install/install.php") === true)
{
clearstatcache();
}
else
{
echo " <p class=\"error\">\n".
" The installation was already completed successfully, but it was unable to delete itself. Please delete at least the file <tt>\$/install/install.php</tt> or additionally the entire directory <tt>\$/install/</tt> manually.\n".
" </p>\n";
}
}
if (file_exists("./install/install.php") === true &&
isset($_GET['skipinstall']) != true)
{
echo " <form action=\"install/install.php\" method=\"post\">\n".
" <fieldset>\n".
" <input type=\"submit\" value=\"Install\"/><br/>\n".
" </fieldset>\n".
" </form>\n";
require_once("./license.inc.php");
echo getHTMLLicenseNotification("license");
}
else
{
require_once("./libraries/user_management.inc.php");
if (isset($_SESSION['user_id']) === true &&
isset($_SESSION['instance_path']) === true)
{
$lhs = str_replace("\\", "/", dirname(__FILE__));
if ($lhs === $_SESSION['instance_path'])
{
require_once("./libraries/dialog_management.inc.php");
$dialogs = GetDialogsByUserId($_SESSION['user_id']);
if (is_array($dialogs) !== true)
{
echo " <p class=\"error\">\n".
" Database query failed.\n".
" </p>\n".
" </div>\n".
" </div>\n".
" </body>\n".
"</html>\n";
exit(-1);
}
if (count($dialogs) > 0)
{
echo " <ul>\n";
foreach ($dialogs as $dialog)
{
echo " <li><a href=\"entry.php?dialog=".$dialog['id'];
if ($_SESSION['user_id'] === (int)$dialog['id_users_initiator'])
{
if ((int)$dialog['id_entries_initiator_entry_last'] > 0)
{
echo "&amp;entry=".$dialog['id_entries_initiator_entry_last'];
}
echo "\">".htmlspecialchars($dialog['initiator_title'], ENT_XHTML, "UTF-8")."</a>";
}
else if ($_SESSION['user_id'] === (int)$dialog['id_users_participant'])
{
if ((int)$dialog['id_entries_participant_entry_last'] > 0)
{
echo "&amp;entry=".$dialog['id_entries_participant_entry_last'];
}
echo "\">".htmlspecialchars($dialog['participant_title'], ENT_XHTML, "UTF-8")."</a>";
}
echo "</li>\n";
}
echo " </ul>\n";
}
else
{
echo " <p>\n".
" Nothing yet.\n".
" </p>\n";
}
}
echo " <form action=\"index.php\" method=\"post\">\n".
" <fieldset>\n".
" <input type=\"submit\" name=\"logout\" value=\"Log out\"/><br/>\n".
" </fieldset>\n".
" </form>\n";
}
else
{
echo " <p>\n".
" Welcome!\n".
" </p>\n".
" <p>\n".
" Login (or <a href=\"register.php\">register</a>):\n".
" </p>\n".
" <form action=\"index.php\" method=\"post\">\n".
" <fieldset>\n".
" <input name=\"name\" type=\"text\" size=\"20\" maxlength=\"60\"/> Name<br />\n".
" <input name=\"password\" type=\"password\" size=\"20\" maxlength=\"60\"/> Password<br />\n".
" <input type=\"submit\" value=\"OK\"/><br/>\n".
" </fieldset>\n".
" </form>\n";
require_once("./license.inc.php");
echo getHTMLLicenseNotification("license");
}
}
echo " </div>\n".
" <div>\n".
" <a href=\"license.php\">Licensing</a>\n".
" </div>\n".
" </div>\n".
" </body>\n".
"</html>\n".
"\n";
}
else
{
require_once("./libraries/user_management.inc.php");
$user = NULL;
$result = getUserByName($_POST['name']);
if (is_array($result) !== true)
{
echo " <div>\n".
" <p class=\"error\">\n".
" Can’t connect to database.\n".
" </p>\n".
" </div>\n".
" </body>\n".
"</html>\n";
exit(-1);
}
if (count($result) === 0)
{
echo " <div>\n".
" <p class=\"error\">\n".
" Login failed.\n".
" </p>\n".
" <a href=\"index.php\">Retry</a>\n".
" </div>\n".
" </body>\n".
"</html>\n";
exit(0);
}
else
{
// The user does exist, he wants to login.
if ($result[0]['password'] === hash('sha512', $result[0]['salt'].$_POST['password']))
{
$user = array("id" => (int)$result[0]['id'],
"role" => (int)$result[0]['role']);
}
else
{
echo " <div>\n".
" <p class=\"error\">\n".
" Login failed.\n".
" </p>\n".
" <a href=\"index.php\">Retry</a>\n".
" </div>\n".
" </body>\n".
"</html>\n";
exit(0);
}
}
if (is_array($user) === true)
{
$_SESSION = array();
$_SESSION['instance_path'] = str_replace("\\", "/", dirname(__FILE__));
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $_POST['name'];
$_SESSION['user_role'] = $user['role'];
echo " <div>\n".
" <p class=\"success\">\n".
" Login was successful!\n".
" </p>\n".
" <div>\n".
" <a href=\"index.php\">Continue</a>\n".
" </div>\n".
" </div>\n";
}
echo " </body>\n".
"</html>\n";
}
?>
This diff is collapsed.
<FilesMatch "(.*)" >
Deny from all
</FilesMatch>
This diff is collapsed.
<?php
/* Copyright (C) 2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file $/web/libraries/dialog_management.inc.php
* @author Stephan Kreutzer
* @since 2019-09-06
*/
require_once(dirname(__FILE__)."/database.inc.php");
//require_once(dirname(__FILE__)."/user_defines.inc.php");
define("ERRORCODE_DIALOGMANAGEMENT_GETDIALOGBYID_NORESULTS", -3);
// This could check for the user ID as well, but if no entries
// are found with the dialog ID and user ID, then it's not really
// clear if that's because of a non-existent dialog ID or a mismatch
// for the user ID...
function GetDialogById($id)
{
if (Database::Get()->IsConnected() !== true)
{
return -1;
}
$dialog = Database::Get()->Query("SELECT `id_users_initiator`,\n".
" `initiator_title`,\n".
" `initiator_mode`,\n".
" `id_entries_initiator_entry_last`,\n".
" `initiator_last_action`,\n".
" `id_users_participant`,\n".
" `participant_title`,\n".
" `participant_mode`,\n".
" `id_entries_participant_entry_last`,\n".
" `participant_last_action`\n".
"FROM `".Database::Get()->GetPrefix()."dialogs`\n".
"WHERE `id`=?\n",
array($id),
array(Database::TYPE_INT));
if (is_array($dialog) !== true)
{
return -2;
}
if (count($dialog) <= 0)
{
return ERRORCODE_DIALOGMANAGEMENT_GETDIALOGBYID_NORESULTS;
}
return $dialog[0];
}
function GetDialogsByUserId($idUser)
{
if (Database::Get()->IsConnected() !== true)
{
return -1;
}
$dialogs = Database::Get()->Query("SELECT `id`,\n".
" `id_users_initiator`,\n".
" `initiator_title`,\n".
" `initiator_mode`,\n".
" `id_entries_initiator_entry_last`,\n".
" `initiator_last_action`,\n".
" `id_users_participant`,\n".
" `participant_title`,\n".
" `participant_mode`,\n".
" `id_entries_participant_entry_last`,\n".
" `participant_last_action`\n".
"FROM `".Database::Get()->GetPrefix()."dialogs`\n".
"WHERE `id_users_initiator`=? OR\n".
" `id_users_participant`=?\n".
"ORDER BY `id` ASC",
array($idUser, $idUser),
array(Database::TYPE_INT, Database::TYPE_INT));
if (is_array($dialogs) !== true)
{
return -2;
}
return $dialogs;
}
?>
<?php
/* Copyright (C) 2016-2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file $/web/libraries/https.inc.php
* @author Stephan Kreutzer
* @since 2016-10-23
*/
if (isset($_SERVER['HTTPS']) === true)
{
if ($_SERVER['HTTPS'] === "on")
{
define("HTTPS_ENABLED", true);
}
else
{
define("HTTPS_ENABLED", false);
}
}
else
{
define("HTTPS_ENABLED", false);
}
if (HTTPS_ENABLED !== true)
{
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 302);
exit(-1);
}
?>
<?php
/* Copyright (C) 2017-2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file $/web/libraries/session.inc.php
* @author Stephan Kreutzer
* @since 2017-04-23
*/
if (empty($_SESSION) === true)
{
if (@session_start() !== true)
{
http_response_code(403);
exit(-1);
}
}
if (isset($_SESSION['user_id']) !== true)
{
http_response_code(403);
exit(-1);
}
if (isset($_SESSION['user_role']) !== true)
{
http_response_code(403);
exit(-1);
}
if (isset($_SESSION['instance_path']) !== true)
{
http_response_code(500);
exit(-1);
}
{
$lhs = str_replace("\\", "/", dirname(__FILE__));
$rhs = str_replace("\\", "/", $_SESSION['instance_path'])."/libraries";
if ($lhs !== $rhs)
{
http_response_code(403);
exit(-1);
}
}
?>
<?php
/* Copyright (C) 2016-2019 Stephan Kreutzer
*
* This file is part of GBA.
*
* GBA is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3 or any later version,
* as published by the Free Software Foundation.
*
* GBA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License 3 for more details.
*
* You should have received a copy of the GNU Affero General Public License 3
* along with GBA. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @file $/web/libraries/user_defines.inc.php
* @author Stephan Kreutzer
* @since 2016-11-20
*/
define("USER_ROLE_ADMIN", 1);
define("USER_ROLE_USER", 2);
?>