lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

sql table update ye

Browse Source
This commit is contained in:
Lain Iwakura 2025-06-16 01:08:16 +03:00
parent 602811599d
commit b160348533
No known key found for this signature in database
GPG Key ID: C7C18257F2ADC6F8
3 changed files with 111 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main/db.sql
View File

@ -12,7 +12,8 @@ CREATE TABLE users (
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
pgp_key TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
is_moderator TINYINT(1) NOT NULL DEFAULT 0
);
CREATE TABLE registrations (

47
main/index.php
View File

@ -1,4 +1,5 @@
<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
@ -17,6 +18,18 @@ try {
die('Connection failed: ' . $e->getMessage());
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: index.php');
exit;
}
function is_registered($db, $username) {
$stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
$stmt->execute([$username]);
return $stmt->fetchColumn() ? true : false;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);
@ -24,16 +37,30 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$is_encrypted = isset($_POST['encrypted']) ? 1 : 0;
if ($username && $message) {
if (is_registered($db, $username)) {
if (!isset($_SESSION['username']) || $_SESSION['username'] !== $username) {
$error = 'Это имя занято. Войдите для отправки.';
}
}
if (empty($error)) {
try {
$stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
$stmt->execute([$username, $message, $signature, $is_encrypted]);
} catch (PDOException $e) {
die('Database error: ' . $e->getMessage());
}
}
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
}
}
}
if (isset($_GET['delete']) && isset($_SESSION['is_moderator']) && $_SESSION['is_moderator']) {
$msg_id = (int)$_GET['delete'];
$db->prepare('DELETE FROM messages WHERE id = ?')->execute([$msg_id]);
header('Location: index.php');
exit;
}
try {
$stmt = $db->query('SELECT * FROM messages ORDER BY created_at DESC LIMIT 50');
@ -54,10 +81,20 @@ try {
<div class="header">
<h1>Text0Nly</h1>
<div class="header-buttons">
<?php if (isset($_SESSION['username'])): ?>
<span>👤 <?= htmlspecialchars($_SESSION['username']) ?><?php if (!empty($_SESSION['is_moderator'])) echo ' (mod)'; ?></span>
<a href="?logout=1">Logout</a>
<?php else: ?>
<a href="login.php">Login</a>
<a href="register.php">Register</a>
<?php endif; ?>
</div>
</div>
<?php if (!empty($error)): ?>
<div class="error" style="color:red; margin-bottom:10px;"> <?= htmlspecialchars($error) ?> </div>
<?php endif; ?>
<div class="messages-container" id="messages">
<?php foreach ($messages as $msg): ?>
<div class="message">
@ -71,13 +108,19 @@ try {
<?php if ($msg['signature']): ?>
<div class="signature">Signature: <?= htmlspecialchars($msg['signature']) ?></div>
<?php endif; ?>
<?php if (!empty($_SESSION['is_moderator'])): ?>
<form method="get" style="display:inline">
<input type="hidden" name="delete" value="<?= $msg['id'] ?>">
<button type="submit" style="color:#a00; background:none; border:none; cursor:pointer;">удалить</button>
</form>
<?php endif; ?>
</div>
<?php endforeach; ?>
</div>
<div class="form-container">
<form method="post">
<input type="text" name="username" placeholder="Your username" required maxlength="50">
<input type="text" name="username" placeholder="Your username" required maxlength="50" value="<?= isset($_SESSION['username']) ? htmlspecialchars($_SESSION['username']) : '' ?>">
<textarea name="message" placeholder="Your message" required></textarea>
<textarea name="signature" placeholder="PGP signature (optional)"></textarea>
<div class="checkbox-wrapper">

57
main/login.php Normal file
View File

@ -0,0 +1,57 @@
<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');
$config = require 'config.php';
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = $_POST['password'] ?? '';
if ($username && $password) {
$stmt = $db->prepare('SELECT id, password, is_moderator FROM users WHERE username = ?');
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $username;
$_SESSION['is_moderator'] = $user['is_moderator'];
header('Location: index.php');
exit;
} else {
$error = 'Invalid username or password';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<div class="header"><h1>Login</h1></div>
<?php if ($error): ?>
<div class="error" style="color:red; margin-bottom:10px;"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<form method="post" class="form-container">
<input type="text" name="username" placeholder="Username" required maxlength="50">
<input type="password" name="password" placeholder="Password" required>
<button type="submit">Login</button>
</form>
<div style="margin-top:10px;"><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></div>
</div>
</body>
</html>