lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

everything BROKEN

Browse Source
This commit is contained in:
Lain Iwakura 2025-06-16 02:23:39 +03:00
parent 37e4df333d
commit 1b5e36c34d
No known key found for this signature in database
GPG Key ID: C7C18257F2ADC6F8
3 changed files with 39 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
main/create.sql
View File

@ -1,77 +1,26 @@
CREATE TABLE messages ( CREATE TABLE messages (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL, username VARCHAR(50) NOT NULL,
message TEXT NOT NULL, message TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_deleted BOOLEAN DEFAULT FALSE, signature TEXT,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE, is_encrypted BOOLEAN DEFAULT FALSE,
INDEX idx_created_at (created_at) INDEX idx_created_at (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; );
CREATE TABLE users ( CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL, username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL, password VARCHAR(255) NOT NULL,
pgp_key TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_login TIMESTAMP NULL, is_moderator TINYINT(1) NOT NULL DEFAULT 0,
login_attempts INT DEFAULT 0, login_attempts INT NOT NULL DEFAULT 0,
last_attempt TIMESTAMP NULL, last_attempt TIMESTAMP NULL,
is_blocked BOOLEAN DEFAULT FALSE, is_blocked TINYINT(1) NOT NULL DEFAULT 0,
block_reason TEXT,
INDEX idx_username (username) INDEX idx_username (username)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; );
CREATE TABLE user_blocks (
id INT AUTO_INCREMENT PRIMARY KEY,
blocker_id INT NOT NULL,
blocked_id INT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE,
FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE KEY unique_block (blocker_id, blocked_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE activity_log (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT,
action VARCHAR(50) NOT NULL,
ip_address VARCHAR(45),
user_agent TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL,
INDEX idx_created_at (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE sessions (
id VARCHAR(128) PRIMARY KEY,
user_id INT NOT NULL,
ip_address VARCHAR(45),
user_agent TEXT,
last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
INDEX idx_last_activity (last_activity)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE rate_limits (
id INT AUTO_INCREMENT PRIMARY KEY,
ip_address VARCHAR(45) NOT NULL,
action VARCHAR(50) NOT NULL,
attempts INT DEFAULT 1,
last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY unique_ip_action (ip_address, action),
INDEX idx_last_attempt (last_attempt)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE csrf_tokens (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(64) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
expires_at TIMESTAMP NOT NULL,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE KEY unique_token (token),
INDEX idx_expires_at (expires_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE registrations ( CREATE TABLE registrations (
id INT AUTO_INCREMENT PRIMARY KEY, id INT AUTO_INCREMENT PRIMARY KEY,

30
main/login.php
View File

@ -9,17 +9,21 @@ header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsa
header('Strict-Transport-Security: max-age=31536000; includeSubDomains'); header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
session_start(); session_start();
$debug = [];
try { try {
$config = require 'config.php'; $config = require 'config.php';
$debug[] = "Config loaded";
$db = new PDO( $db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}", "mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'], $config['db']['user'],
$config['db']['pass'] $config['db']['pass']
); );
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$debug[] = "Database connected";
} catch (PDOException $e) { } catch (PDOException $e) {
error_log("Database connection error: " . $e->getMessage()); $debug[] = "Database error: " . $e->getMessage();
die("Database connection error"); die("Database connection error: " . $e->getMessage());
} }
$error = ''; $error = '';
@ -28,36 +32,46 @@ $success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$debug[] = "Login attempt for: " . $username;
if ($username && $password) { if ($username && $password) {
try { try {
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?'); $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
$stmt->execute([$username]); $stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC); $user = $stmt->fetch(PDO::FETCH_ASSOC);
$debug[] = "User found: " . ($user ? 'yes' : 'no');
if ($user) { if ($user) {
if ($user['is_blocked']) { if ($user['is_blocked']) {
$error = 'Account is blocked'; $error = 'Account is blocked';
$debug[] = "Account blocked";
} else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) { } else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
$error = 'Too many login attempts'; $error = 'Too many login attempts';
$debug[] = "Too many attempts";
} else if (password_verify($password, $user['password'])) { } else if (password_verify($password, $user['password'])) {
$stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?'); $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
$_SESSION['user_id'] = $user['id']; $_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
$debug[] = "Login successful";
header('Location: index.php'); header('Location: index.php');
exit; exit;
} else { } else {
$stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?'); $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
$error = 'Invalid password'; $error = 'Invalid password';
$debug[] = "Invalid password";
} }
} else { } else {
$error = 'User not found'; $error = 'User not found';
$debug[] = "User not found";
} }
} catch (PDOException $e) { } catch (PDOException $e) {
error_log("Login error: " . $e->getMessage());
$error = 'Server error'; $error = 'Server error';
$debug[] = "SQL Error: " . $e->getMessage();
$debug[] = "SQL State: " . $e->getCode();
} }
} }
} }
@ -74,6 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; } button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
.error { color: red; } .error { color: red; }
.success { color: green; } .success { color: green; }
.debug { background: #f5f5f5; padding: 10px; margin: 10px 0; font-family: monospace; }
</style> </style>
</head> </head>
<body> <body>
@ -95,6 +110,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<button type="submit">Login</button> <button type="submit">Login</button>
</form> </form>
<p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p> <p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p>
<?php if (!empty($debug)): ?>
<div class="debug">
<strong>Debug info:</strong><br>
<?php foreach ($debug as $line): ?>
<?= htmlspecialchars($line) ?><br>
<?php endforeach; ?>
</div>
<?php endif; ?>
</body> </body>
</html> </html>
<?php ob_end_flush(); ?> <?php ob_end_flush(); ?>

77
main/migrate.sql
View File

@ -12,79 +12,4 @@ END //
DELIMITER ; DELIMITER ;
CALL migrate_if_needed(); CALL migrate_if_needed();
DROP PROCEDURE IF EXISTS migrate_if_needed; DROP PROCEDURE IF EXISTS migrate_if_needed;
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_login TIMESTAMP NULL,
login_attempts INT DEFAULT 0,
last_attempt TIMESTAMP NULL,
is_blocked BOOLEAN DEFAULT FALSE,
INDEX idx_username (username)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS messages (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
message TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_deleted BOOLEAN DEFAULT FALSE,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
INDEX idx_created_at (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS user_blocks (
id INT AUTO_INCREMENT PRIMARY KEY,
blocker_id INT NOT NULL,
blocked_id INT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE,
FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE KEY unique_block (blocker_id, blocked_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS activity_log (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT,
action VARCHAR(50) NOT NULL,
ip_address VARCHAR(45),
user_agent TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL,
INDEX idx_created_at (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS sessions (
id VARCHAR(128) PRIMARY KEY,
user_id INT NOT NULL,
ip_address VARCHAR(45),
user_agent TEXT,
last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
INDEX idx_last_activity (last_activity)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS rate_limits (
id INT AUTO_INCREMENT PRIMARY KEY,
ip_address VARCHAR(45) NOT NULL,
action VARCHAR(50) NOT NULL,
attempts INT DEFAULT 1,
last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY unique_ip_action (ip_address, action),
INDEX idx_last_attempt (last_attempt)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
CREATE TABLE IF NOT EXISTS csrf_tokens (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
token VARCHAR(64) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
expires_at TIMESTAMP NOT NULL,
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE KEY unique_token (token),
INDEX idx_expires_at (expires_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;