mirror of
https://git.sr.ht/~iwakuralain/text0Nly
synced 2025-07-27 15:36:11 +00:00
everything BROKEN
This commit is contained in:
Lain Iwakura
parent
37e4df333d
commit
1b5e36c34d
@ -1,77 +1,26 @@
|
||||
CREATE TABLE messages (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
username VARCHAR(50) NOT NULL,
|
||||
message TEXT NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
is_deleted BOOLEAN DEFAULT FALSE,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
signature TEXT,
|
||||
is_encrypted BOOLEAN DEFAULT FALSE,
|
||||
INDEX idx_created_at (created_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
);
|
||||
|
||||
CREATE TABLE users (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
username VARCHAR(50) UNIQUE NOT NULL,
|
||||
username VARCHAR(50) NOT NULL UNIQUE,
|
||||
password VARCHAR(255) NOT NULL,
|
||||
pgp_key TEXT,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
last_login TIMESTAMP NULL,
|
||||
login_attempts INT DEFAULT 0,
|
||||
is_moderator TINYINT(1) NOT NULL DEFAULT 0,
|
||||
login_attempts INT NOT NULL DEFAULT 0,
|
||||
last_attempt TIMESTAMP NULL,
|
||||
is_blocked BOOLEAN DEFAULT FALSE,
|
||||
is_blocked TINYINT(1) NOT NULL DEFAULT 0,
|
||||
block_reason TEXT,
|
||||
INDEX idx_username (username)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE user_blocks (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
blocker_id INT NOT NULL,
|
||||
blocked_id INT NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
UNIQUE KEY unique_block (blocker_id, blocked_id)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE activity_log (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT,
|
||||
action VARCHAR(50) NOT NULL,
|
||||
ip_address VARCHAR(45),
|
||||
user_agent TEXT,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL,
|
||||
INDEX idx_created_at (created_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE sessions (
|
||||
id VARCHAR(128) PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
ip_address VARCHAR(45),
|
||||
user_agent TEXT,
|
||||
last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
INDEX idx_last_activity (last_activity)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE rate_limits (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
ip_address VARCHAR(45) NOT NULL,
|
||||
action VARCHAR(50) NOT NULL,
|
||||
attempts INT DEFAULT 1,
|
||||
last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
UNIQUE KEY unique_ip_action (ip_address, action),
|
||||
INDEX idx_last_attempt (last_attempt)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE csrf_tokens (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
token VARCHAR(64) NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
expires_at TIMESTAMP NOT NULL,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
UNIQUE KEY unique_token (token),
|
||||
INDEX idx_expires_at (expires_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
);
|
||||
|
||||
CREATE TABLE registrations (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
|
||||
@ -9,17 +9,21 @@ header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsa
|
||||
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
||||
session_start();
|
||||
|
||||
$debug = [];
|
||||
try {
|
||||
$config = require 'config.php';
|
||||
$debug[] = "Config loaded";
|
||||
|
||||
$db = new PDO(
|
||||
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
|
||||
$config['db']['user'],
|
||||
$config['db']['pass']
|
||||
);
|
||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
$debug[] = "Database connected";
|
||||
} catch (PDOException $e) {
|
||||
error_log("Database connection error: " . $e->getMessage());
|
||||
die("Database connection error");
|
||||
$debug[] = "Database error: " . $e->getMessage();
|
||||
die("Database connection error: " . $e->getMessage());
|
||||
}
|
||||
|
||||
$error = '';
|
||||
@ -29,35 +33,45 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
|
||||
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
|
||||
|
||||
$debug[] = "Login attempt for: " . $username;
|
||||
|
||||
if ($username && $password) {
|
||||
try {
|
||||
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
|
||||
$stmt->execute([$username]);
|
||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$debug[] = "User found: " . ($user ? 'yes' : 'no');
|
||||
|
||||
if ($user) {
|
||||
if ($user['is_blocked']) {
|
||||
$error = 'Account is blocked';
|
||||
$debug[] = "Account blocked";
|
||||
} else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
|
||||
$error = 'Too many login attempts';
|
||||
$debug[] = "Too many attempts";
|
||||
} else if (password_verify($password, $user['password'])) {
|
||||
$stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
|
||||
$stmt->execute([$user['id']]);
|
||||
$_SESSION['user_id'] = $user['id'];
|
||||
$_SESSION['username'] = $username;
|
||||
$debug[] = "Login successful";
|
||||
header('Location: index.php');
|
||||
exit;
|
||||
} else {
|
||||
$stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
|
||||
$stmt->execute([$user['id']]);
|
||||
$error = 'Invalid password';
|
||||
$debug[] = "Invalid password";
|
||||
}
|
||||
} else {
|
||||
$error = 'User not found';
|
||||
$debug[] = "User not found";
|
||||
}
|
||||
} catch (PDOException $e) {
|
||||
error_log("Login error: " . $e->getMessage());
|
||||
$error = 'Server error';
|
||||
$debug[] = "SQL Error: " . $e->getMessage();
|
||||
$debug[] = "SQL State: " . $e->getCode();
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -74,6 +88,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
|
||||
.error { color: red; }
|
||||
.success { color: green; }
|
||||
.debug { background: #f5f5f5; padding: 10px; margin: 10px 0; font-family: monospace; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
@ -95,6 +110,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
<button type="submit">Login</button>
|
||||
</form>
|
||||
<p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p>
|
||||
|
||||
<?php if (!empty($debug)): ?>
|
||||
<div class="debug">
|
||||
<strong>Debug info:</strong><br>
|
||||
<?php foreach ($debug as $line): ?>
|
||||
<?= htmlspecialchars($line) ?><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</body>
|
||||
</html>
|
||||
<?php ob_end_flush(); ?>
|
||||
@ -13,78 +13,3 @@ DELIMITER ;
|
||||
|
||||
CALL migrate_if_needed();
|
||||
DROP PROCEDURE IF EXISTS migrate_if_needed;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
username VARCHAR(50) UNIQUE NOT NULL,
|
||||
password VARCHAR(255) NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
last_login TIMESTAMP NULL,
|
||||
login_attempts INT DEFAULT 0,
|
||||
last_attempt TIMESTAMP NULL,
|
||||
is_blocked BOOLEAN DEFAULT FALSE,
|
||||
INDEX idx_username (username)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS messages (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
message TEXT NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
is_deleted BOOLEAN DEFAULT FALSE,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
INDEX idx_created_at (created_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS user_blocks (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
blocker_id INT NOT NULL,
|
||||
blocked_id INT NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (blocker_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
FOREIGN KEY (blocked_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
UNIQUE KEY unique_block (blocker_id, blocked_id)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS activity_log (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT,
|
||||
action VARCHAR(50) NOT NULL,
|
||||
ip_address VARCHAR(45),
|
||||
user_agent TEXT,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL,
|
||||
INDEX idx_created_at (created_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS sessions (
|
||||
id VARCHAR(128) PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
ip_address VARCHAR(45),
|
||||
user_agent TEXT,
|
||||
last_activity TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
INDEX idx_last_activity (last_activity)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS rate_limits (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
ip_address VARCHAR(45) NOT NULL,
|
||||
action VARCHAR(50) NOT NULL,
|
||||
attempts INT DEFAULT 1,
|
||||
last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
UNIQUE KEY unique_ip_action (ip_address, action),
|
||||
INDEX idx_last_attempt (last_attempt)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS csrf_tokens (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_id INT NOT NULL,
|
||||
token VARCHAR(64) NOT NULL,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
|
||||
expires_at TIMESTAMP NOT NULL,
|
||||
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
|
||||
UNIQUE KEY unique_token (token),
|
||||
INDEX idx_expires_at (expires_at)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
|
||||
Loading…
x
Reference in New Issue
Block a user