From 1b5e36c34d910810b3949742060e695835b8ce48 Mon Sep 17 00:00:00 2001 From: Lain Iwakura Date: Mon, 16 Jun 2025 02:23:39 +0300 Subject: [PATCH] everything BROKEN --- main/create.sql | 73 +++++++-------------------------------------- main/login.php | 30 +++++++++++++++++-- main/migrate.sql | 77 +----------------------------------------------- 3 files changed, 39 insertions(+), 141 deletions(-) diff --git a/main/create.sql b/main/create.sql index 4fb6252..9ac08fb 100644 --- a/main/create.sql +++ b/main/create.sql @@ -1,77 +1,26 @@ CREATE TABLE messages ( id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT NOT NULL, + username VARCHAR(50) NOT NULL, message TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - is_deleted BOOLEAN DEFAULT FALSE, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, + signature TEXT, + is_encrypted BOOLEAN DEFAULT FALSE, INDEX idx_created_at (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +); CREATE TABLE users ( id INT AUTO_INCREMENT PRIMARY KEY, - username VARCHAR(50) UNIQUE NOT NULL, + username VARCHAR(50) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, + pgp_key TEXT, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - last_login TIMESTAMP NULL, - login_attempts INT DEFAULT 0, + is_moderator TINYINT(1) NOT NULL DEFAULT 0, + login_attempts INT NOT NULL DEFAULT 0, last_attempt TIMESTAMP NULL, - is_blocked BOOLEAN DEFAULT FALSE, + is_blocked TINYINT(1) NOT NULL DEFAULT 0, + block_reason TEXT, INDEX idx_username (username) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE user_blocks ( - id INT AUTO_INCREMENT PRIMARY KEY, - blocker_id INT NOT NULL, - blocked_id INT NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE, - FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE, - UNIQUE KEY unique_block (blocker_id, blocked_id) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE activity_log ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT, - action VARCHAR(50) NOT NULL, - ip_address VARCHAR(45), - user_agent TEXT, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL, - INDEX idx_created_at (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE sessions ( - id VARCHAR(128) PRIMARY KEY, - user_id INT NOT NULL, - ip_address VARCHAR(45), - user_agent TEXT, - last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, - INDEX idx_last_activity (last_activity) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE rate_limits ( - id INT AUTO_INCREMENT PRIMARY KEY, - ip_address VARCHAR(45) NOT NULL, - action VARCHAR(50) NOT NULL, - attempts INT DEFAULT 1, - last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UNIQUE KEY unique_ip_action (ip_address, action), - INDEX idx_last_attempt (last_attempt) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE csrf_tokens ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT NOT NULL, - token VARCHAR(64) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - expires_at TIMESTAMP NOT NULL, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, - UNIQUE KEY unique_token (token), - INDEX idx_expires_at (expires_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +); CREATE TABLE registrations ( id INT AUTO_INCREMENT PRIMARY KEY, diff --git a/main/login.php b/main/login.php index 094f781..f74ec5a 100644 --- a/main/login.php +++ b/main/login.php @@ -9,17 +9,21 @@ header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsa header('Strict-Transport-Security: max-age=31536000; includeSubDomains'); session_start(); +$debug = []; try { $config = require 'config.php'; + $debug[] = "Config loaded"; + $db = new PDO( "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", $config['db']['user'], $config['db']['pass'] ); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $debug[] = "Database connected"; } catch (PDOException $e) { - error_log("Database connection error: " . $e->getMessage()); - die("Database connection error"); + $debug[] = "Database error: " . $e->getMessage(); + die("Database connection error: " . $e->getMessage()); } $error = ''; @@ -28,36 +32,46 @@ $success = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); + + $debug[] = "Login attempt for: " . $username; if ($username && $password) { try { $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?'); $stmt->execute([$username]); $user = $stmt->fetch(PDO::FETCH_ASSOC); + + $debug[] = "User found: " . ($user ? 'yes' : 'no'); if ($user) { if ($user['is_blocked']) { $error = 'Account is blocked'; + $debug[] = "Account blocked"; } else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) { $error = 'Too many login attempts'; + $debug[] = "Too many attempts"; } else if (password_verify($password, $user['password'])) { $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?'); $stmt->execute([$user['id']]); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $username; + $debug[] = "Login successful"; header('Location: index.php'); exit; } else { $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?'); $stmt->execute([$user['id']]); $error = 'Invalid password'; + $debug[] = "Invalid password"; } } else { $error = 'User not found'; + $debug[] = "User not found"; } } catch (PDOException $e) { - error_log("Login error: " . $e->getMessage()); $error = 'Server error'; + $debug[] = "SQL Error: " . $e->getMessage(); + $debug[] = "SQL State: " . $e->getCode(); } } } @@ -74,6 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; } .error { color: red; } .success { color: green; } + .debug { background: #f5f5f5; padding: 10px; margin: 10px 0; font-family: monospace; } @@ -95,6 +110,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {

Register | Back to chat

+ + +
+ Debug info:
+ +
+ +
+ \ No newline at end of file diff --git a/main/migrate.sql b/main/migrate.sql index bd50738..e0e8ab4 100644 --- a/main/migrate.sql +++ b/main/migrate.sql @@ -12,79 +12,4 @@ END // DELIMITER ; CALL migrate_if_needed(); -DROP PROCEDURE IF EXISTS migrate_if_needed; - -CREATE TABLE IF NOT EXISTS users ( - id INT AUTO_INCREMENT PRIMARY KEY, - username VARCHAR(50) UNIQUE NOT NULL, - password VARCHAR(255) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - last_login TIMESTAMP NULL, - login_attempts INT DEFAULT 0, - last_attempt TIMESTAMP NULL, - is_blocked BOOLEAN DEFAULT FALSE, - INDEX idx_username (username) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS messages ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT NOT NULL, - message TEXT NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - is_deleted BOOLEAN DEFAULT FALSE, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, - INDEX idx_created_at (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS user_blocks ( - id INT AUTO_INCREMENT PRIMARY KEY, - blocker_id INT NOT NULL, - blocked_id INT NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE, - FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE, - UNIQUE KEY unique_block (blocker_id, blocked_id) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS activity_log ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT, - action VARCHAR(50) NOT NULL, - ip_address VARCHAR(45), - user_agent TEXT, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL, - INDEX idx_created_at (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS sessions ( - id VARCHAR(128) PRIMARY KEY, - user_id INT NOT NULL, - ip_address VARCHAR(45), - user_agent TEXT, - last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, - INDEX idx_last_activity (last_activity) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS rate_limits ( - id INT AUTO_INCREMENT PRIMARY KEY, - ip_address VARCHAR(45) NOT NULL, - action VARCHAR(50) NOT NULL, - attempts INT DEFAULT 1, - last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - UNIQUE KEY unique_ip_action (ip_address, action), - INDEX idx_last_attempt (last_attempt) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -CREATE TABLE IF NOT EXISTS csrf_tokens ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id INT NOT NULL, - token VARCHAR(64) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - expires_at TIMESTAMP NOT NULL, - FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, - UNIQUE KEY unique_token (token), - INDEX idx_expires_at (expires_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; \ No newline at end of file +DROP PROCEDURE IF EXISTS migrate_if_needed; \ No newline at end of file