From b8c5ef0419d08a9a062fe4397a79ef4ffa22b46c Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 10:05:11 +0100 Subject: [PATCH 01/21] Refactor --- index.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/index.php b/index.php index a3136d96..00d816a5 100644 --- a/index.php +++ b/index.php @@ -6,8 +6,6 @@ * @author Jay Trees */ -$version_new = '0.1.0'; - /** * Include */ @@ -73,7 +71,7 @@ if (!$options) { * Update */ if ($options) { - if (-1 === version_compare($options->version, $version_new)) { + if (-1 === version_compare($options->version, '0.2.0')) { $options->updateAvailable = true; } } From b65ea3a8bec3e9b23628201dcc883c6561a4f3c5 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 10:51:40 +0100 Subject: [PATCH 02/21] Add maintenance mode during update --- includes/assets/css/default.css | 7 ++++++ includes/assets/js/update.js | 28 ++++++++++++++++++++++ includes/pages/update.php | 41 +++++++++++++++++++++++++++++++++ index.php | 2 ++ 4 files changed, 78 insertions(+) create mode 100644 includes/assets/js/update.js create mode 100644 includes/pages/update.php diff --git a/includes/assets/css/default.css b/includes/assets/css/default.css index a478bc95..7234d370 100644 --- a/includes/assets/css/default.css +++ b/includes/assets/css/default.css @@ -12,3 +12,10 @@ .ui.modal > .actions { text-align: inherit; } + +/** + * Progress + */ +.ui.progress.nolabel:last-child { + margin: 0; +} diff --git a/includes/assets/js/update.js b/includes/assets/js/update.js new file mode 100644 index 00000000..18d648d0 --- /dev/null +++ b/includes/assets/js/update.js @@ -0,0 +1,28 @@ +$(function() { + const urlParams = new URLSearchParams(window.location.search); + + var retryIn = urlParams.has('interval') ? urlParams.get('interval') : 5; + var value = 0; + var total = retryIn * 1000; + + $('#retryIn').html(retryIn); + + setTimeout(function step() { + $('.ui.progress').progress({ + total: total, + value: value + }); + + if (value >= total) { + setTimeout(function() { + urlParams.set('interval', parseInt(retryIn) + 5); + + window.location.href = window.location.origin + '/?' + urlParams.toString(); + }, 1000); + } else { + value += 100; + + setTimeout(step, 100); + } + }, 100) +}); diff --git a/includes/pages/update.php b/includes/pages/update.php new file mode 100644 index 00000000..06ebad6a --- /dev/null +++ b/includes/pages/update.php @@ -0,0 +1,41 @@ + + */ + +use wishthis\{Page, User}; + +$page = new page(__FILE__, 'Update'); +$page->header(); +$page->navigation(); +?> + +
+
+

title ?>

+ + isLoggedIn()) { ?> + +
+

Maintenance

+

+ The administrator of this site is currently running an update. + This usually just takes a couple of seconds. +

+

+ Trying again in 5 seconds... +

+
+
+
+
+ +
+
+ +footer(); +?> diff --git a/index.php b/index.php index 00d816a5..5a25bc0d 100644 --- a/index.php +++ b/index.php @@ -73,6 +73,7 @@ if (!$options) { if ($options) { if (-1 === version_compare($options->version, '0.2.0')) { $options->updateAvailable = true; + $page = 'update'; } } @@ -92,5 +93,6 @@ if (file_exists($pagePath)) {

Not found

The requested URL was not found on this server.

Date: Tue, 18 Jan 2022 10:51:51 +0100 Subject: [PATCH 03/21] Improve user class --- includes/classes/user.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/classes/user.php b/includes/classes/user.php index 34d20e1f..fefdc2c6 100644 --- a/includes/classes/user.php +++ b/includes/classes/user.php @@ -17,7 +17,9 @@ class User public function __construct(int $id = -1) { if (-1 === $id) { - $this->id = $_SESSION['user']['id']; + if (isset($_SESSION['user']['id'])) { + $this->id = $_SESSION['user']['id']; + } } else { $this->id = $id; } From e35a9ccc40986a183423e1de52a4d57b4426bc03 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 10:58:25 +0100 Subject: [PATCH 04/21] Fix page reloading for logged in users --- includes/assets/js/update.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/includes/assets/js/update.js b/includes/assets/js/update.js index 18d648d0..440968b6 100644 --- a/includes/assets/js/update.js +++ b/includes/assets/js/update.js @@ -5,6 +5,10 @@ $(function() { var value = 0; var total = retryIn * 1000; + if (!$('.ui.progress').length) { + return; + } + $('#retryIn').html(retryIn); setTimeout(function step() { From 250c98bf7978f6209b33bd4b582d6f05cc31723c Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:38:06 +0100 Subject: [PATCH 05/21] Refactor --- index.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index 5a25bc0d..03123817 100644 --- a/index.php +++ b/index.php @@ -70,8 +70,10 @@ if (!$options) { /** * Update */ +define('VERSION', '0.2.0'); + if ($options) { - if (-1 === version_compare($options->version, '0.2.0')) { + if (-1 === version_compare($options->version, VERSION)) { $options->updateAvailable = true; $page = 'update'; } From 382b898009a9e44f5e416dab857d6d45d8f222da Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:40:43 +0100 Subject: [PATCH 06/21] Add updater to v0.2.0 --- includes/pages/update.php | 41 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/includes/pages/update.php b/includes/pages/update.php index 06ebad6a..862e8e34 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -11,6 +11,25 @@ use wishthis\{Page, User}; $page = new page(__FILE__, 'Update'); $page->header(); $page->navigation(); + +$user = new User(); + +/** + * Update + */ +if ('POST' === $_SERVER['REQUEST_METHOD']) { + /** Current version is below 0.1.0 */ + if (-1 === version_compare($options->version, '0.2.0')) { + $database->query('ALTER TABLE `users` + ADD `last_login` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP AFTER `password`, + ADD `isAdministrator` BOOLEAN NOT NULL AFTER `last_login` + ;'); + + $database->query('ALTER TABLE `wishlists` + ADD `url` VARCHAR(128) NOT NULL AFTER `name` + ;'); + } +} ?>
@@ -18,6 +37,26 @@ $page->navigation();

title ?>

isLoggedIn()) { ?> +
+

New version detected

+

Thank you for updating to v!

+

There have been some changes in the database, please run the updater.

+
+ +
+
+ Use at own risk +
+

Be sure to make backups before proceeding.

+
+
+
+ +
+

Maintenance

@@ -28,7 +67,7 @@ $page->navigation();

Trying again in 5 seconds...

-
+
From 329b7abce48623acd9b0ff80e2119a0013e75274 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:49:37 +0100 Subject: [PATCH 07/21] Fix updater to v0.2.0 --- includes/classes/options.php | 14 ++++++++++++++ includes/pages/update.php | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/includes/classes/options.php b/includes/classes/options.php index 50fe634b..e1130aa4 100644 --- a/includes/classes/options.php +++ b/includes/classes/options.php @@ -40,4 +40,18 @@ class Options return $value; } + + public function setOption(string $key, string $value): void + { + try { + $option = $this->database->query('UPDATE `options` + SET `value` + WHERE `key` = ' . $key . ' + ;'); + + $value = $option['value'] ?? ''; + } catch (\Throwable $th) { + //throw $th; + } + } } diff --git a/includes/pages/update.php b/includes/pages/update.php index 862e8e34..dcff9189 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -28,7 +28,15 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) { $database->query('ALTER TABLE `wishlists` ADD `url` VARCHAR(128) NOT NULL AFTER `name` ;'); + + $database->query('INSERT INTO `options` (`key`, `value`) VALUES ("version", "' . VERSION . '");'); + + // Use this for future versions since it didn't existsin 0.1.0 + // $options->setOption('version', VERSION); } + + header('Location: /?page=home'); + die(); } ?> From a82694c863448c62c8de5ce0b28c281769cfa660 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:57:27 +0100 Subject: [PATCH 08/21] Refactor --- includes/classes/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/classes/database.php b/includes/classes/database.php index 4089c463..d6760699 100644 --- a/includes/classes/database.php +++ b/includes/classes/database.php @@ -26,7 +26,7 @@ class Database $this->pdo = new \PDO($dsn, $this->user, $this->password, $options); } - public function query(string $query) + public function query(string $query): mixed { return $this->pdo->query( $query, From e259acbd4f900c38f797e55b8c407420104baf51 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:57:51 +0100 Subject: [PATCH 09/21] Set default administrator --- includes/pages/register.php | 17 +++++++++++++---- includes/pages/update.php | 4 ++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/includes/pages/register.php b/includes/pages/register.php index 711aaef7..15d1667f 100644 --- a/includes/pages/register.php +++ b/includes/pages/register.php @@ -11,10 +11,19 @@ use wishthis\Page; $page = new page(__FILE__, 'Register'); if (isset($_POST['email'], $_POST['password'])) { - $database->query('INSERT INTO `users` - (`email`, `password`) VALUES - ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '") - ;'); + $users = $database->query('SELECT * FROM `users`;')->fetchAll(); + + if (0 === count($users)) { + $database->query('INSERT INTO `users` + (`email`, `password`) VALUES + ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '") + ;'); + } else { + $database->query('INSERT INTO `users` + (`email`, `password`, `isAdministrator`) VALUES + ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '", ' . true . ') + ;'); + } header('Location: /?page=login'); die(); diff --git a/includes/pages/update.php b/includes/pages/update.php index dcff9189..f198eac5 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -24,6 +24,10 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) { ADD `last_login` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP AFTER `password`, ADD `isAdministrator` BOOLEAN NOT NULL AFTER `last_login` ;'); + $database->query('UPDATE `users` + SET `isAdministrator` = ' . true . ' + WHERE `id` = ' . $user->id . + ';'); $database->query('ALTER TABLE `wishlists` ADD `url` VARCHAR(128) NOT NULL AFTER `name` From 4e7148b8cdff74ea133ca5032a1a2567b8f8588e Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 11:57:59 +0100 Subject: [PATCH 10/21] Refactor --- includes/pages/update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/pages/update.php b/includes/pages/update.php index f198eac5..580f60ef 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -18,7 +18,7 @@ $user = new User(); * Update */ if ('POST' === $_SERVER['REQUEST_METHOD']) { - /** Current version is below 0.1.0 */ + /** Current version is below 0.2.0 */ if (-1 === version_compare($options->version, '0.2.0')) { $database->query('ALTER TABLE `users` ADD `last_login` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP AFTER `password`, From 1f68d75b88c83bbbb02877b23238f6035a843a48 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:03:04 +0100 Subject: [PATCH 11/21] Improve login and logout --- includes/pages/login.php | 6 +++++- includes/pages/logout.php | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/includes/pages/login.php b/includes/pages/login.php index 68938bc7..7ff01254 100644 --- a/includes/pages/login.php +++ b/includes/pages/login.php @@ -17,7 +17,11 @@ if (isset($_POST['email'], $_POST['password'])) { AND `password` = "' . sha1($_POST['password']) . '";' )->fetch(); - $_SESSION['user'] = $user; + if (false === $user) { + # code... + } else { + $_SESSION['user'] = $user; + } } if (isset($_SESSION['user'])) { diff --git a/includes/pages/logout.php b/includes/pages/logout.php index 62684ae9..516255e9 100644 --- a/includes/pages/logout.php +++ b/includes/pages/logout.php @@ -10,7 +10,12 @@ use wishthis\Page; $page = new page(__FILE__, 'Logout'); -session_destroy(); +if (PHP_SESSION_ACTIVE === session_status()) { + session_destroy(); + + header('Location: /?page=logout'); + die(); +} $page->header(); $page->navigation(); From 689c688199cf335eda13c7ed8fe68ed40fc12fce Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:06:43 +0100 Subject: [PATCH 12/21] Add installation instructions --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 64ed9cea..4aba9062 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,10 @@ Use at your own risk. ![Create a wishlist](/includes/assets/img/wishlist-create.png "Create a wishlist") ![Add a product](/includes/assets/img/wishlist-product-add.png "Add a product") +## Installation +1. Download the latest [release](https://github.com/grandeljay/wishthis/releases) and upload all files to your server +1. Follow the instructions of the installer + ## Contributing Install dependencies ``` From 24f223d92802c1572269851c47c50ce2bf8986b5 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:09:59 +0100 Subject: [PATCH 13/21] Add index to password --- includes/pages/install.php | 2 +- includes/pages/update.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/includes/pages/install.php b/includes/pages/install.php index 599dee51..7e8fc831 100644 --- a/includes/pages/install.php +++ b/includes/pages/install.php @@ -101,7 +101,7 @@ switch ($step) { $database->query('CREATE TABLE `users` ( `id` int PRIMARY KEY AUTO_INCREMENT, `email` varchar(64) NOT NULL UNIQUE, - `password` varchar(128) NOT NULL + `password` varchar(128) NOT NULL INDEX );'); /** diff --git a/includes/pages/update.php b/includes/pages/update.php index 580f60ef..9a2f46c7 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -28,6 +28,7 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) { SET `isAdministrator` = ' . true . ' WHERE `id` = ' . $user->id . ';'); + $database->query('ALTER TABLE `users` ADD INDEX(`password`);'); $database->query('ALTER TABLE `wishlists` ADD `url` VARCHAR(128) NOT NULL AFTER `name` From 6c32ce341575e9620384772c8b03edaceacebbaf Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:14:37 +0100 Subject: [PATCH 14/21] Add last_login --- includes/pages/login.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/includes/pages/login.php b/includes/pages/login.php index 7ff01254..1e39d725 100644 --- a/includes/pages/login.php +++ b/includes/pages/login.php @@ -11,10 +11,18 @@ use wishthis\Page; $page = new page(__FILE__, 'Login'); if (isset($_POST['email'], $_POST['password'])) { + $email = $_POST['email']; + $password = sha1($_POST['password']); + + $database->query('UPDATE `users` + SET `last_login` = NOW() + WHERE `email` = "' . $email . '" + AND `password` = "' . $password . '" + ;'); $user = $database->query( 'SELECT * FROM `users` - WHERE `email` = "' . $_POST['email'] . '" - AND `password` = "' . sha1($_POST['password']) . '";' + WHERE `email` = "' . $email . '" + AND `password` = "' . $password . '";' )->fetch(); if (false === $user) { From cfdd49bb237d2f722e4d79d6de42330cfab9e120 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:16:00 +0100 Subject: [PATCH 15/21] Fix wishlist not selecting on reload --- includes/assets/js/default.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/assets/js/default.js b/includes/assets/js/default.js index f5733374..ec00a022 100644 --- a/includes/assets/js/default.js +++ b/includes/assets/js/default.js @@ -1,9 +1,4 @@ $(function() { - /** - * URL Parameter - */ - const urlParams = new URLSearchParams(window.location.search); - /** * Fomantic UI */ @@ -20,6 +15,11 @@ $(function() { }); function wishlistRefresh() { + /** + * URL Parameter + */ + const urlParams = new URLSearchParams(window.location.search); + $('.ui.dropdown.wishlists').api({ action: 'get wishlists', method: 'GET', From 3dd6c276b4fa3a61798cba8c9cc42c122c0355f0 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:43:28 +0100 Subject: [PATCH 16/21] Allow sharing wishlist --- includes/assets/js/wishlist-view.js | 2 + includes/pages/install.php | 2 +- includes/pages/update.php | 3 +- includes/pages/wishlist-create.php | 11 ++- includes/pages/wishlist-view.php | 10 ++- includes/pages/wishlist.php | 128 ++++++++++++++++++++++++++++ index.php | 7 ++ 7 files changed, 155 insertions(+), 8 deletions(-) create mode 100644 includes/pages/wishlist.php diff --git a/includes/assets/js/wishlist-view.js b/includes/assets/js/wishlist-view.js index df0d476a..10dee88d 100644 --- a/includes/assets/js/wishlist-view.js +++ b/includes/assets/js/wishlist-view.js @@ -9,9 +9,11 @@ $(function() { if (wishlistValue) { $('.wishlist-view').removeClass('disabled'); + $('.wishlist-share').removeClass('disabled'); $('.wishlist-delete button').removeClass('disabled'); } else { $('.wishlist-view').addClass('disabled'); + $('.wishlist-share').addClass('disabled'); $('.wishlist-delete button').addClass('disabled'); } }); diff --git a/includes/pages/install.php b/includes/pages/install.php index 7e8fc831..88084b70 100644 --- a/includes/pages/install.php +++ b/includes/pages/install.php @@ -122,7 +122,7 @@ switch ($step) { $database->query('CREATE TABLE `products` ( `id` int NOT NULL PRIMARY KEY AUTO_INCREMENT, `wishlist` int NOT NULL, - `url` VARCHAR(255) NOT NULL, + `hash` VARCHAR(255) NOT NULL INDEX, FOREIGN KEY (`wishlist`) REFERENCES `wishlists` (`id`) ON DELETE CASCADE diff --git a/includes/pages/update.php b/includes/pages/update.php index 9a2f46c7..2c7761ec 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -31,8 +31,9 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) { $database->query('ALTER TABLE `users` ADD INDEX(`password`);'); $database->query('ALTER TABLE `wishlists` - ADD `url` VARCHAR(128) NOT NULL AFTER `name` + ADD `hash` VARCHAR(128) NOT NULL AFTER `name` ;'); + $database->query('ALTER TABLE `wishlists` ADD INDEX(`hash`);'); $database->query('INSERT INTO `options` (`key`, `value`) VALUES ("version", "' . VERSION . '");'); diff --git a/includes/pages/wishlist-create.php b/includes/pages/wishlist-create.php index 5ae05b98..ee163869 100644 --- a/includes/pages/wishlist-create.php +++ b/includes/pages/wishlist-create.php @@ -12,8 +12,15 @@ $page = new page(__FILE__, 'Create a wishlist'); if (isset($_POST['name'])) { $database->query('INSERT INTO `wishlists` - (`user`, `name`) VALUES - (' . $_SESSION['user']['id'] . ', "' . $_POST['name'] . '") + ( + `user`, + `name`, + `hash` + ) VALUES ( + ' . $_SESSION['user']['id'] . ', + "' . $_POST['name'] . '", + "' . time() . $_SESSION['user']['id'] . $_POST['name'] . '" + ) ;'); header('Location: /?page=wishlist-product-add'); diff --git a/includes/pages/wishlist-view.php b/includes/pages/wishlist-view.php index 9d48ec02..f6b4a85c 100644 --- a/includes/pages/wishlist-view.php +++ b/includes/pages/wishlist-view.php @@ -20,8 +20,10 @@ $products = array(); */ if (isset($_GET['wishlist'])) { $user = new User(); - $wishlist = $_GET['wishlist']; - $products = $user->getProducts($wishlist); + $wishlist = $database->query('SELECT * FROM `wishlists` + WHERE `id` = "' . $_GET['wishlist'] . '"') + ->fetch(); + $products = $user->getProducts($_GET['wishlist']); } /** @@ -59,10 +61,10 @@ if (isset($_POST['wishlist_delete_id'])) {

Options

Wishlist related options.

- +
diff --git a/includes/pages/wishlist.php b/includes/pages/wishlist.php new file mode 100644 index 00000000..9c6703c1 --- /dev/null +++ b/includes/pages/wishlist.php @@ -0,0 +1,128 @@ + + */ + +use wishthis\{Page, User}; +use Embed\Embed; + +$page = new page(__FILE__, 'Wishlist'); +$page->header(); +$page->navigation(); + +$user = new User(); + +$wishlist = $database->query('SELECT * FROM `wishlists` + WHERE `hash` = "' . $_GET['wishlist'] . '"') + ->fetch(); + +$products = $user->getProducts($wishlist['id']); +?> + +
+
+

title ?>

+ +
+

+
+ + +
+ + + get($product['url']); + ?> +
+
+ + image) { ?> +
+ +
+ + +
+ title) { ?> +
+ url) { ?> + title ?> + + title ?> + +
+ + + keywords) { ?> +
+ keywords ?> +
+ + + description) { ?> +
+ description ?> +
+ +
+
+ publishedTime) { ?> + + publishedTime ?> + + + favicon) { ?> + providerName) { ?> + <?= $info->providerName ?> + + + + +
+ +
+
+ + +
+ + +
+ +
+
+ Empty +
+

The selected wishlist seems to be empty.

+ Add a product +
+
+ +
+ +
+
+ No wishlist selected +
+

Select a wishlist to see it's products.

+
+
+ + +
+
+ +footer(); +?> diff --git a/index.php b/index.php index 03123817..90d412a5 100644 --- a/index.php +++ b/index.php @@ -79,6 +79,13 @@ if ($options) { } } +/** + * Wishlist + */ +if (!isset($_GET['page']) && isset($_GET['wishlist'])) { + $page = 'wishlist'; +} + /** * Page */ From 5de69128fbece5d49893648d5855905a21576d01 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 12:52:21 +0100 Subject: [PATCH 17/21] Replace isAdministrator with power --- includes/pages/register.php | 4 ++-- includes/pages/update.php | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/pages/register.php b/includes/pages/register.php index 15d1667f..4429322f 100644 --- a/includes/pages/register.php +++ b/includes/pages/register.php @@ -20,8 +20,8 @@ if (isset($_POST['email'], $_POST['password'])) { ;'); } else { $database->query('INSERT INTO `users` - (`email`, `password`, `isAdministrator`) VALUES - ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '", ' . true . ') + (`email`, `password`, `power`) VALUES + ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '", 100) ;'); } diff --git a/includes/pages/update.php b/includes/pages/update.php index 2c7761ec..4f63a532 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -21,11 +21,11 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) { /** Current version is below 0.2.0 */ if (-1 === version_compare($options->version, '0.2.0')) { $database->query('ALTER TABLE `users` - ADD `last_login` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP AFTER `password`, - ADD `isAdministrator` BOOLEAN NOT NULL AFTER `last_login` + ADD `last_login` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP AFTER `password`, + ADD `power` BOOLEAN NOT NULL DEFAULT 0 AFTER `last_login` ;'); $database->query('UPDATE `users` - SET `isAdministrator` = ' . true . ' + SET `power` = 100 WHERE `id` = ' . $user->id . ';'); $database->query('ALTER TABLE `users` ADD INDEX(`password`);'); From 521ba07b08f178794a74720b884ab20c36cf9f7c Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 13:22:38 +0100 Subject: [PATCH 18/21] Refactor --- includes/pages/update.php | 2 -- includes/pages/wishlist-product-add.php | 1 - includes/pages/wishlist-view.php | 1 - includes/pages/wishlist.php | 2 -- index.php | 6 +++++- 5 files changed, 5 insertions(+), 7 deletions(-) diff --git a/includes/pages/update.php b/includes/pages/update.php index 4f63a532..6a9969d9 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -12,8 +12,6 @@ $page = new page(__FILE__, 'Update'); $page->header(); $page->navigation(); -$user = new User(); - /** * Update */ diff --git a/includes/pages/wishlist-product-add.php b/includes/pages/wishlist-product-add.php index 7274fee6..ffb626b4 100644 --- a/includes/pages/wishlist-product-add.php +++ b/includes/pages/wishlist-product-add.php @@ -18,7 +18,6 @@ if (isset($_POST['url'], $_POST['wishlist'])) { $page = new page(__FILE__, 'Add a product'); $page->header(); $page->navigation(); -$user = new User(); ?>
diff --git a/includes/pages/wishlist-view.php b/includes/pages/wishlist-view.php index f6b4a85c..e1f83269 100644 --- a/includes/pages/wishlist-view.php +++ b/includes/pages/wishlist-view.php @@ -19,7 +19,6 @@ $products = array(); * Get wishlist products */ if (isset($_GET['wishlist'])) { - $user = new User(); $wishlist = $database->query('SELECT * FROM `wishlists` WHERE `id` = "' . $_GET['wishlist'] . '"') ->fetch(); diff --git a/includes/pages/wishlist.php b/includes/pages/wishlist.php index 9c6703c1..7fe9f525 100644 --- a/includes/pages/wishlist.php +++ b/includes/pages/wishlist.php @@ -13,8 +13,6 @@ $page = new page(__FILE__, 'Wishlist'); $page->header(); $page->navigation(); -$user = new User(); - $wishlist = $database->query('SELECT * FROM `wishlists` WHERE `hash` = "' . $_GET['wishlist'] . '"') ->fetch(); diff --git a/index.php b/index.php index 90d412a5..5665d9dc 100644 --- a/index.php +++ b/index.php @@ -53,6 +53,11 @@ if ( */ session_start(); +/** + * User + */ +$user = new wishthis\User(); + /** * API */ @@ -75,7 +80,6 @@ define('VERSION', '0.2.0'); if ($options) { if (-1 === version_compare($options->version, VERSION)) { $options->updateAvailable = true; - $page = 'update'; } } From fe43855ac3fc9b6a0d7969710e6fa381ac30abb7 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 13:23:37 +0100 Subject: [PATCH 19/21] Add power --- includes/assets/js/update.js | 32 ---------------------- includes/classes/page.php | 14 ++++++++-- includes/classes/user.php | 13 +++++++++ includes/pages/power.php | 32 ++++++++++++++++++++++ includes/pages/register.php | 8 +++--- includes/pages/update.php | 52 +++++++++++++----------------------- 6 files changed, 79 insertions(+), 72 deletions(-) delete mode 100644 includes/assets/js/update.js create mode 100644 includes/pages/power.php diff --git a/includes/assets/js/update.js b/includes/assets/js/update.js deleted file mode 100644 index 440968b6..00000000 --- a/includes/assets/js/update.js +++ /dev/null @@ -1,32 +0,0 @@ -$(function() { - const urlParams = new URLSearchParams(window.location.search); - - var retryIn = urlParams.has('interval') ? urlParams.get('interval') : 5; - var value = 0; - var total = retryIn * 1000; - - if (!$('.ui.progress').length) { - return; - } - - $('#retryIn').html(retryIn); - - setTimeout(function step() { - $('.ui.progress').progress({ - total: total, - value: value - }); - - if (value >= total) { - setTimeout(function() { - urlParams.set('interval', parseInt(retryIn) + 5); - - window.location.href = window.location.origin + '/?' + urlParams.toString(); - }, 1000); - } else { - value += 100; - - setTimeout(step, 100); - } - }, 100) -}); diff --git a/includes/classes/page.php b/includes/classes/page.php index 24d24234..8f9d34f7 100644 --- a/includes/classes/page.php +++ b/includes/classes/page.php @@ -18,13 +18,15 @@ class Page * @param string $filepath The filepath (__FILE__) of the page. * @param string $title The HTML title of the page. */ - public function __construct(string $filepath, public string $title = 'wishthis') + public function __construct(string $filepath, public string $title = 'wishthis', public int $power = 0) { $this->name = pathinfo($filepath, PATHINFO_FILENAME); /** * Session */ + global $user; + $disableRedirect = array( 'home', 'login', @@ -35,6 +37,14 @@ class Page header('Location: /?page=login'); die(); } + + /** + * Power + */ + if ($user->power < $this->power) { + header('Location: /?page=power&required=' . $this->power); + die(); + } } public function header(): void @@ -162,7 +172,7 @@ class Page
- updateAvailable && $user && $user->isLoggedIn()) { ?> + updateAvailable && $user && 100 === $user->power) { ?> Update diff --git a/includes/classes/user.php b/includes/classes/user.php index fefdc2c6..567d1758 100644 --- a/includes/classes/user.php +++ b/includes/classes/user.php @@ -13,6 +13,7 @@ namespace wishthis; class User { public int $id; + public int $power = 0; public function __construct(int $id = -1) { @@ -23,6 +24,18 @@ class User } else { $this->id = $id; } + + if (!isset($this->id)) { + return; + } + + global $database; + + $user = $database->query('SELECT * FROM `users` + WHERE `id` = ' . $this->id . ';') + ->fetch(); + + $this->power = $user['power']; } /** diff --git a/includes/pages/power.php b/includes/pages/power.php new file mode 100644 index 00000000..847f37d1 --- /dev/null +++ b/includes/pages/power.php @@ -0,0 +1,32 @@ + + */ + +use wishthis\Page; + +$page = new page(__FILE__, 'Insufficient power'); +$page->header(); +$page->navigation(); +?> + +
+
+

title ?>

+ +
+

Restricted access

+

+ You do not have enough power to view this page. + You need to see this page, but only have power ?>. +

+
+
+
+ +footer(); +?> diff --git a/includes/pages/register.php b/includes/pages/register.php index 4429322f..d9e7dd05 100644 --- a/includes/pages/register.php +++ b/includes/pages/register.php @@ -15,13 +15,13 @@ if (isset($_POST['email'], $_POST['password'])) { if (0 === count($users)) { $database->query('INSERT INTO `users` - (`email`, `password`) VALUES - ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '") + (`email`, `password`, `power`) VALUES + ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '", 100) ;'); } else { $database->query('INSERT INTO `users` - (`email`, `password`, `power`) VALUES - ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '", 100) + (`email`, `password`) VALUES + ("' . $_POST['email'] . '", "' . sha1($_POST['password']) . '") ;'); } diff --git a/includes/pages/update.php b/includes/pages/update.php index 6a9969d9..26869ad9 100644 --- a/includes/pages/update.php +++ b/includes/pages/update.php @@ -8,7 +8,7 @@ use wishthis\{Page, User}; -$page = new page(__FILE__, 'Update'); +$page = new page(__FILE__, 'Update', 100); $page->header(); $page->navigation(); @@ -48,42 +48,26 @@ if ('POST' === $_SERVER['REQUEST_METHOD']) {

title ?>

- isLoggedIn()) { ?> -
-

New version detected

-

Thank you for updating to v!

-

There have been some changes in the database, please run the updater.

-
- -
-
- Use at own risk -
-

Be sure to make backups before proceeding.

+
+

New version detected

+

Thank you for updating to v!

+

There have been some changes in the database, please run the updater.

+
+ +
+
+ Use at own risk
-
- - - -
- -
-

Maintenance

-

- The administrator of this site is currently running an update. - This usually just takes a couple of seconds. -

-

- Trying again in 5 seconds... -

-
-
+

Be sure to make backups before proceeding.

- +
+ +
+
From c6b6bba6c58158ad549a5efcca187c921bd011a0 Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 13:23:49 +0100 Subject: [PATCH 20/21] Refactor --- includes/classes/page.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/classes/page.php b/includes/classes/page.php index 8f9d34f7..a83f424e 100644 --- a/includes/classes/page.php +++ b/includes/classes/page.php @@ -10,7 +10,7 @@ use wishthis\User; class Page { - private string $language = 'en'; + public string $language = 'en'; /** * __construct From dbec05da6aa9485e9c675bdfdfa4486395d21bbc Mon Sep 17 00:00:00 2001 From: Jay Trees Date: Tue, 18 Jan 2022 13:43:12 +0100 Subject: [PATCH 21/21] Refactor --- includes/classes/page.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/classes/page.php b/includes/classes/page.php index a83f424e..9d19360e 100644 --- a/includes/classes/page.php +++ b/includes/classes/page.php @@ -205,7 +205,9 @@ class Page
- + + +