diff --git a/config/docker/reset.sql b/config/docker/reset.sql new file mode 100644 index 0000000..793da23 --- /dev/null +++ b/config/docker/reset.sql @@ -0,0 +1,5 @@ +USE camagru; +DROP TABLE `like`; +DROP TABLE comment; +DROP TABLE post; +DROP TABLE user; \ No newline at end of file diff --git a/config/setup.php b/config/setup.php index da42fe8..ae321d4 100644 --- a/config/setup.php +++ b/config/setup.php @@ -1,15 +1,6 @@ initiate(); +if ($userManager !== NULL && $success = $userManager->initiate()) + $info = $info . "

Website is ok


"; else - $success = false; -ob_start(); -?> -
-

Setup tried

- Website is ok

"; - ?> -
- \ No newline at end of file + $info = $info . "

Error during database init


"; +$content = ""; \ No newline at end of file diff --git a/controller/password_reset.php b/controller/password_reset.php index bfaad7e..331ecda 100644 --- a/controller/password_reset.php +++ b/controller/password_reset.php @@ -1,23 +1,24 @@ get_mail($_POST["mail"]))) + && !empty($user = $userManager->get_mail($_POST["mail"]))) { - if ($database->initiatePasswordReset($_POST["mail"])) - $done = "

Reset account mail sent

"; + if ($userManager->initiatePasswordReset($_POST["mail"])) + $info = $info . "

Reset account mail sent

"; else - $done = "

Unable to send reset mail, + $info = $info . "

Unable to send reset mail, check if your mail is valid

"; require ($_SERVER["DOCUMENT_ROOT"] . "/views/ask_password_reset.php"); } else if (isset($_GET["token"]) && isset($_GET["mail"])) { - if (!empty($user = $database->get_mail($_GET["mail"])[0]) - && $user["check_token"] === $_GET["token"]) + echo $_GET["token"] . "
"; + if (!empty($user = $userManager->get_mail($_GET["mail"])) + && $user[0]["check_token"] === $_GET["token"]) { - var_dump($user["reset_date"]); require ($_SERVER["DOCUMENT_ROOT"] . "/views/chose_new_password.php"); } + var_dump($user[0]["reset_date"]); } else require ($_SERVER["DOCUMENT_ROOT"] . "/views/ask_password_reset.php"); \ No newline at end of file diff --git a/controller/signin.php b/controller/signin.php index d381227..69bed99 100644 --- a/controller/signin.php +++ b/controller/signin.php @@ -1,14 +1,14 @@ validNewMail($_POST["mail"]); - $validPass = $database->validNewPassword($_POST["password"]); - $validLogin = $database->validNewLogin($_POST["login"]); + $validMail = $userManager->validNewMail($_POST["mail"]); + $validPass = $userManager->validNewPassword($_POST["password"]); + $validLogin = $userManager->validNewLogin($_POST["login"]); if ($validMail && $validPass && $validLogin) { - $querySuccess = $database->newUser($_POST["login"], + $querySuccess = $userManager->newUser($_POST["login"], $_POST["mail"], $_POST["password"]); } } diff --git a/index.php b/index.php index 69e94d2..d8e7eb6 100644 --- a/index.php +++ b/index.php @@ -2,24 +2,23 @@ session_start(); require_once ("config/database.php"); require_once ("config/site.php"); -require_once ("model/class_database.php"); +require_once ("model/UserManager.php"); $title = "Camagru"; $content = "

Welcome To Camagru

"; +$info = ""; try { - $database = new Database($DB_DSN, $DB_USER, $DB_PASSWORD, $SITE_ADDRESS); + $userManager = new UserManager($DB_DSN, $DB_USER, $DB_PASSWORD, $SITE_ADDRESS); if (isset($_SESSION) && isset($_SESSION["user"]) && $_SESSION["user"] != "" - && $database != NULL && empty($database->get_user($_SESSION["user"]))) + && $userManager != NULL && empty($userManager->get_user($_SESSION["user"]))) $_SESSION["user"] = ""; } catch (Exception $e) { - $database = NULL; + $userManager = NULL; $info = "

Fatal database error


"; -} - -if ($database === NULL) $info = $DB_ERROR; +} /************* Router ************/ @@ -29,13 +28,13 @@ if (isset($_POST) && isset($_POST["submit"]) && $_POST["submit"] === "Login" && isset($_POST["login"]) && isset($_POST["password"]) - && ($auth = $database->authenticate( + && ($auth = $userManager->authenticate( $_POST["login"], $_POST["password"]))) $_SESSION["user"] = $_POST["login"]; require("controller/login.php"); } else if ($_GET["action"] === "logout") { - if ($database !== NULL) { + if ($userManager !== NULL) { if (isset($_SESSION) && isset($_SESSION["user"]) && $_SESSION["user"] != "") $_SESSION["user"] = ""; @@ -52,10 +51,10 @@ else if ($_GET["action"] === "verify") { $done = 0; if (isset($_GET["user"]) && isset($_GET["token"]) - && $database->verify_user($_GET["user"], $_GET["token"])) - $info = $info . ("

Account activated


"); + && $userManager->verify_user($_GET["user"], $_GET["token"])) + $info = $info . "

Account activated


"; else - $info = $info . ("

Error wrong token/login


");; + $info = $info . "

Error wrong token/login


"; } else if ($_GET["action"] === "reset") { require("controller/password_reset.php"); diff --git a/model/DatabaseManager.php b/model/DatabaseManager.php new file mode 100644 index 0000000..a1bc75d --- /dev/null +++ b/model/DatabaseManager.php @@ -0,0 +1,85 @@ +PDO = new PDO($DB_DSN, $DB_USER, $DB_PASSWORD, + array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); + $this->SITE_ADDRESS = $SITE_ADDRESS; + } + catch (Exception $exception) + { + throw new Exception("Cannot connect to database"); + } + } + + public function initiate() + { + try + { + $this->PDO->exec(" + CREATE TABLE IF NOT EXISTS user ( + id INT NOT NULL AUTO_INCREMENT UNIQUE, + login VARCHAR(20) NOT NULL, + password VARCHAR(128), + mail VARCHAR(254), + check_token VARCHAR(128), + reset_token VARCHAR(128), + creation_date TIMESTAMP NOT NULL DEFAULT now(), + reset_date TIMESTAMP, + is_verified INT NOT NULL DEFAULT 0, + PRIMARY KEY (id)) + ENGINE = InnoDB;"); + + $this->PDO->exec(" + CREATE TABLE IF NOT EXISTS post ( + id INT NOT NULL AUTO_INCREMENT UNIQUE, + user_id INT NOT NULL, + image VARCHAR(100), + description VARCHAR(256), + post_date TIMESTAMP NOT NULL DEFAULT now(), + PRIMARY KEY (id), + CONSTRAINT fk_user_id + FOREIGN KEY (user_id) + REFERENCES user (id)) + ENGINE = InnoDB;"); + + $this->PDO->exec(" + CREATE TABLE IF NOT EXISTS comment ( + id INT NOT NULL AUTO_INCREMENT UNIQUE, + post_id INT NOT NULL, + `text` VARCHAR(256) NOT NULL, + comment_date TIMESTAMP NOT NULL DEFAULT now(), + PRIMARY KEY (id), + CONSTRAINT fk_post_id + FOREIGN KEY (post_id) + REFERENCES post (id)) + ENGINE = InnoDB;"); + + $this->PDO->exec(" + CREATE TABLE IF NOT EXISTS `like` ( + post_id INT NOT NULL, + user_id INT NOT NULL, + CONSTRAINT fk_like_post_id FOREIGN KEY (post_id) REFERENCES post(id), + CONSTRAINT fk_like_user_id FOREIGN KEY (user_id) REFERENCES user(id)) + ENGINE = InnoDB; + "); + return true; + } + catch (Exception $e) + { + return false; + } + } + + protected function generate_random_token() + { + return bin2hex(openssl_random_pseudo_bytes(16)); + } +} \ No newline at end of file diff --git a/model/class_database.php b/model/UserManager.php similarity index 59% rename from model/class_database.php rename to model/UserManager.php index 55a7935..7ab3eec 100644 --- a/model/class_database.php +++ b/model/UserManager.php @@ -1,115 +1,52 @@ PDO = new PDO($DB_DSN, $DB_USER, $DB_PASSWORD, - array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); - $this->SITE_ADDRESS = $SITE_ADDRESS; - } catch (Exception $exception) { - throw new Exception("Cannot connect to database"); - } - } - - public function initiate() { - try { - $this->PDO->exec(" - CREATE TABLE IF NOT EXISTS user ( - id INT NOT NULL AUTO_INCREMENT UNIQUE, - login VARCHAR(20) NOT NULL, - password VARCHAR(128), - mail VARCHAR(254), - check_token VARCHAR(128), - reset_token VARCHAR(128), - reset_date TIMESTAMP, - is_verified INT NOT NULL DEFAULT 0, - PRIMARY KEY (id)) - ENGINE = InnoDB;"); - - $this->PDO->exec(" - CREATE TABLE IF NOT EXISTS post ( - id INT NOT NULL AUTO_INCREMENT UNIQUE, - user_id INT NOT NULL, - image VARCHAR(100), - description VARCHAR(256), - post_date TIMESTAMP NOT NULL DEFAULT now(), - PRIMARY KEY (id), - CONSTRAINT fk_user_id - FOREIGN KEY (user_id) - REFERENCES user (id)) - ENGINE = InnoDB;"); - - $this->PDO->exec(" - CREATE TABLE IF NOT EXISTS comment ( - id INT NOT NULL AUTO_INCREMENT UNIQUE, - post_id INT NOT NULL, - `text` VARCHAR(256) NOT NULL, - comment_date TIMESTAMP NOT NULL DEFAULT now(), - PRIMARY KEY (id), - CONSTRAINT fk_post_id - FOREIGN KEY (post_id) - REFERENCES post (id)) - ENGINE = InnoDB;"); - - $this->PDO->exec(" - CREATE TABLE IF NOT EXISTS `like` ( - post_id INT NOT NULL, - user_id INT NOT NULL, - CONSTRAINT fk_like_post_id FOREIGN KEY (post_id) REFERENCES post(id), - CONSTRAINT fk_like_user_id FOREIGN KEY (user_id) REFERENCES user(id)) - ENGINE = InnoDB; - "); - return true; - } catch (Exception $e) { - return false; - } - } - - private function hash_pw($pw) { return hash("SHA512", $pw); } - private function generate_random_token() { - return bin2hex(openssl_random_pseudo_bytes(16)); - } - - public function validNewMail ($mail) { + public function validNewMail($mail) + { return isset($mail) && filter_var($mail, FILTER_VALIDATE_EMAIL) && empty($this->get_mail($mail)); } - public function validNewPassword ($password) { + public function validNewPassword($password) + { return isset($password) && strlen($password) >= 8 && preg_match('/[A-Za-z].*[0-9]|[0-9].*[A-Za-z]/', $password); } - public function validNewLogin ($login) { + public function validNewLogin($login) + { return isset($login) && strlen($login) >= 4 && empty($this->get_user($login)); } - public function validChars ($login) { + public function validChars($login) + { /*if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $login))*/ if (preg_match('/[\\\]/', $login)) return false; return true; } - public function get_mail($mail) { + public function get_mail($mail) + { try { $query = $this->PDO->prepare(" SELECT * FROM user WHERE mail LIKE :mail"); $query->execute(array(":mail" => $mail)); return ($query->fetchAll()); - } catch (Exception $e) { + } + catch (Exception $e) + { return false; } } @@ -133,7 +70,7 @@ public function newUser($login, $mail, $password) $token = $this->generate_random_token(); $query = $this->PDO->prepare(" INSERT INTO user VALUES - (NULL, :login, :password, :mail, :token, NULL, NULL, 0);"); + (NULL, :login, :password, :mail, :token, NULL, NULL, NULL, 0);"); $query->execute(array( ':login' => $login, ':password' => $password, @@ -167,7 +104,7 @@ public function newUser($login, $mail, $password) } } - public function initiatePasswordReset ($mail) { + public function initiatePasswordReset($mail) { try { if (empty($user = $this->get_mail($mail)[0]) || !isset($user['id'])) @@ -177,6 +114,7 @@ public function initiatePasswordReset ($mail) { else { $token = $this->generate_random_token(); + var_dump($token); $query = $this->PDO->prepare(" UPDATE user SET reset_token = :token AND reset_date = now() @@ -188,24 +126,27 @@ public function initiatePasswordReset ($mail) { "?action=reset&mail={$mail}&token={$token}"; $message = "
" . + text-align: center; + background-color: #e98e4e; + border-radius: 20px; + color: whitesmoke; + padding: 30px;'>" . "

Hello {$user["login"]}


- Someone asked to reset your password, if it's not you just ignore this email
" . - "Reset Password
" . - "Otherwise click to the link to enter your new password
"; + Someone asked to reset your password, if it's not you just ignore this email
" . + "Otherwise click to the link to set a new password" . + "Reset Password
"; return $query > 0 && $this->sendUserMail($mail, 'Password reset', $message); } - } catch (Exception $e) { + } + catch (Exception $e) + { return false; } } - public function verify_user ($login, $token) { + public function verify_user($login, $token) + { try { if ($this->validChars($login) @@ -220,27 +161,34 @@ public function verify_user ($login, $token) { ':login' => $login, ':token' => $token)); return ($query->rowCount() > 0); - } else if (isset($user) && $user["is_verified"] == 1) + } + else if (isset($user) && $user["is_verified"] == 1) return true; - } catch (Exception $e) { + } + catch (Exception $e) + { return false; } return false; } - public function get_user($login) { + public function get_user($login) + { try { $query = $this->PDO->prepare(" SELECT * FROM user WHERE login LIKE :login"); $query->execute(array(":login" => $login)); return ($query->fetchAll()); - } catch (Exception $e) { + } + catch (Exception $e) + { return false; } } - public function authenticate ($login, $password) { + public function authenticate($login, $password) + { try { if (!$this->validChars($login) || $login === "" || $password === "") @@ -252,7 +200,9 @@ public function authenticate ($login, $password) { AND user.password = :password"); $query->execute(array(':login' => $login, ':password' => $password)); return !empty($query->fetchAll()); - } catch (Exception $e) { + } + catch (Exception $e) + { return false; } } diff --git a/views/login_form.php b/views/login_form.php index 10d82cb..b91496d 100644 --- a/views/login_form.php +++ b/views/login_form.php @@ -1,4 +1,5 @@ - +$content = ob_get_clean(); ?> diff --git a/views/structure/template.php b/views/structure/template.php index ebe7b49..e3d93f4 100644 --- a/views/structure/template.php +++ b/views/structure/template.php @@ -2,7 +2,7 @@ - <?= $title ?> + <?=$title?> @@ -14,17 +14,17 @@ Account Login"); + echo "Login"; else - echo("Logout");?> + echo "Logout";?>
-
- +