initial commit

master
Joe 2 years ago
commit a7e9ff3576
Signed by: joe
GPG Key ID: 8595A3F8F2CE1B74
  1. 5
      .gitattributes
  2. 18
      README.md
  3. 35
      about.php
  4. 110
      blog/admin/add-post.php
  5. 105
      blog/admin/add-user.php
  6. 134
      blog/admin/edit-post.php
  7. 147
      blog/admin/edit-user.php
  8. 87
      blog/admin/index.php
  9. 54
      blog/admin/login.php
  10. 9
      blog/admin/logout.php
  11. 10
      blog/admin/menu.php
  12. 160
      blog/admin/upload-photo.php
  13. 94
      blog/admin/users.php
  14. 213
      blog/classes/class.password.php
  15. 72
      blog/classes/class.user.php
  16. 35
      blog/includes/config.php
  17. 15
      blog/includes/slug.php
  18. 34
      blog/index.php
  19. 63
      blog/style/main.css
  20. 500
      blog/style/normalize.css
  21. 67
      blog/viewpost.php
  22. 19
      contact.php
  23. BIN
      favicon.ico
  24. 1
      font/.gitattributes
  25. BIN
      font/quicksand-regular.woff2
  26. BIN
      font/quicksand-variable.woff2
  27. BIN
      font/quicksand.woff2
  28. BIN
      font/tamzen6x12r.woff2
  29. 1
      img/core/.gitattributes
  30. BIN
      img/core/blueberry_logo-opt.png
  31. BIN
      img/core/blueberry_logo-opt.webp
  32. BIN
      img/core/cc_by_sa-opt.png
  33. BIN
      img/core/cc_by_sa-opt.webp
  34. BIN
      img/core/me-opt.png
  35. BIN
      img/core/me-opt.webp
  36. BIN
      img/core/privacy-opt.png
  37. BIN
      img/core/privacy-opt.webp
  38. BIN
      img/core/up_arrow-opt.png
  39. BIN
      img/core/up_arrow-opt.webp
  40. 0
      img/gallery/dummy
  41. 37
      index.php
  42. 17
      js/backtotop.js
  43. 7
      js/bootstrap.bundle.min.js
  44. 7
      js/bootstrap.min.css
  45. 10
      js/longlinks.js
  46. 40
      js/modalview.js
  47. 19
      js/navtoggle.js
  48. 1
      js/tinymce/jquery.tinymce.min.js
  49. 3
      js/tinymce/langs/readme.md
  50. 504
      js/tinymce/license.txt
  51. 1
      js/tinymce/plugins/advlist/plugin.min.js
  52. 1
      js/tinymce/plugins/anchor/plugin.min.js
  53. 1
      js/tinymce/plugins/autolink/plugin.min.js
  54. 1
      js/tinymce/plugins/autoresize/plugin.min.js
  55. 1
      js/tinymce/plugins/autosave/plugin.min.js
  56. 1
      js/tinymce/plugins/bbcode/plugin.min.js
  57. 1
      js/tinymce/plugins/charmap/plugin.min.js
  58. 1
      js/tinymce/plugins/code/plugin.min.js
  59. 138
      js/tinymce/plugins/codesample/css/prism.css
  60. 1
      js/tinymce/plugins/codesample/plugin.min.js
  61. 1
      js/tinymce/plugins/colorpicker/plugin.min.js
  62. 1
      js/tinymce/plugins/contextmenu/plugin.min.js
  63. 1
      js/tinymce/plugins/directionality/plugin.min.js
  64. BIN
      js/tinymce/plugins/emoticons/img/smiley-cool.gif
  65. BIN
      js/tinymce/plugins/emoticons/img/smiley-cry.gif
  66. BIN
      js/tinymce/plugins/emoticons/img/smiley-embarassed.gif
  67. BIN
      js/tinymce/plugins/emoticons/img/smiley-foot-in-mouth.gif
  68. BIN
      js/tinymce/plugins/emoticons/img/smiley-frown.gif
  69. BIN
      js/tinymce/plugins/emoticons/img/smiley-innocent.gif
  70. BIN
      js/tinymce/plugins/emoticons/img/smiley-kiss.gif
  71. BIN
      js/tinymce/plugins/emoticons/img/smiley-laughing.gif
  72. BIN
      js/tinymce/plugins/emoticons/img/smiley-money-mouth.gif
  73. BIN
      js/tinymce/plugins/emoticons/img/smiley-sealed.gif
  74. BIN
      js/tinymce/plugins/emoticons/img/smiley-smile.gif
  75. BIN
      js/tinymce/plugins/emoticons/img/smiley-surprised.gif
  76. BIN
      js/tinymce/plugins/emoticons/img/smiley-tongue-out.gif
  77. BIN
      js/tinymce/plugins/emoticons/img/smiley-undecided.gif
  78. BIN
      js/tinymce/plugins/emoticons/img/smiley-wink.gif
  79. BIN
      js/tinymce/plugins/emoticons/img/smiley-yell.gif
  80. 1
      js/tinymce/plugins/emoticons/plugin.min.js
  81. 1
      js/tinymce/plugins/fullpage/plugin.min.js
  82. 1
      js/tinymce/plugins/fullscreen/plugin.min.js
  83. 1
      js/tinymce/plugins/help/img/.gitattributes
  84. BIN
      js/tinymce/plugins/help/img/logo.png
  85. 1
      js/tinymce/plugins/help/plugin.min.js
  86. 1
      js/tinymce/plugins/hr/plugin.min.js
  87. 1
      js/tinymce/plugins/image/plugin.min.js
  88. 1
      js/tinymce/plugins/imagetools/plugin.min.js
  89. 1
      js/tinymce/plugins/importcss/plugin.min.js
  90. 1
      js/tinymce/plugins/insertdatetime/plugin.min.js
  91. 1
      js/tinymce/plugins/legacyoutput/plugin.min.js
  92. 1
      js/tinymce/plugins/link/plugin.min.js
  93. 1
      js/tinymce/plugins/lists/plugin.min.js
  94. 1
      js/tinymce/plugins/media/plugin.min.js
  95. 1
      js/tinymce/plugins/nonbreaking/plugin.min.js
  96. 1
      js/tinymce/plugins/noneditable/plugin.min.js
  97. 1
      js/tinymce/plugins/pagebreak/plugin.min.js
  98. 1
      js/tinymce/plugins/paste/plugin.min.js
  99. 1
      js/tinymce/plugins/preview/plugin.min.js
  100. 1
      js/tinymce/plugins/print/plugin.min.js
  101. Some files were not shown because too many files have changed in this diff Show More

5
.gitattributes vendored

@ -0,0 +1,5 @@
*.webp filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.woff2 filter=lfs diff=lfs merge=lfs -text
*.woff filter=lfs diff=lfs merge=lfs -text
*.jpeg filter=lfs diff=lfs merge=lfs -text

@ -0,0 +1,18 @@
# thisisjoes.site repo
[![SSL Rating](https://thisisjoes.site/sslbadge?domain=thisisjoes.site)](https://www.ssllabs.com/ssltest/analyze.html?d=thisisjoes.site "Qualys SSL Labs Report")
[![Mozilla HTTP Observatory Grade](https://img.shields.io/mozilla-observatory/grade/thisisjoes.site?label=Observatory&style=plastic)](https://observatory.mozilla.org/analyze/thisisjoes.site "Mozilla Observatory Grade")
[![Security Headers](https://img.shields.io/security-headers?label=Security%20Headers&style=plastic&url=https%3A%2F%2Fthisisjoes.site)](https://securityheaders.com/?q=thisisjoes.site&hide=on&followRedirects=on "Security Headers Report")
[![Uptime Robot ratio (30 days)](https://img.shields.io/uptimerobot/ratio/m782556525-bfb64d4d3c2ed139596565c1?style=plastic)](https://stats.uptimerobot.com/92vLMCnEL/782556525 "Uptime Robot Ratio")
The source repository for the public site at https://thisisjoes.site
## Acknowledgments
Thanks to
- [David Carr](https://daveismyname.blog/) for his helpful PHP guides.
- [Chen Fengyuan](https://github.com/fengyuanchen) for his fantastic [Viewer.js](https://github.com/fengyuanchen/viewerjs) image viewer.
- Eleonor Wang for her visually pleasing icons.
- Everyone behind the [PHP](https://www.php.net/docs.php) and [Nginx](http://nginx.org/en/docs/) docs for their useful and thorough documentation.
- Many, many people on [Stack Overflow](https://stackoverflow.com/).

@ -0,0 +1,35 @@
<!DOCTYPE html>
<html lang=en-US>
<?php $pageName = $_SERVER['SCRIPT_NAME'];
require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/title.php');
require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/head.php'); ?>
<body<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/fromPhotos.php'); ?>>
<div class="wrapper">
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/header.php'); ?>
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/nav.php'); ?>
<div class="content" id="content" role="main">
<div class="row">
<div class="column">
<h1>About Me</h1>
<picture>
<source srcset="/img/core/me-opt.webp" type="image/webp">
<source srcset="/img/core/me-opt.png" type="image/png">
<img id="me" src="/img/core/me-opt.png" alt="A pixellated, 8-color image of my face." title="Me. Why the low res and weird colors? Well 1. It looks cool. 2. I'm a bit uncomfortable putting my face on the internet." height="128" width="128">
</picture>
<p>My name is Joe.</p>
<p>I am an intermediate photographer and novice web developer. Can you tell?</p>
<p>I tend to procrastinate and work in sporadic, passionate sprints, which I'm sure you can tell from my git history.</p>
<p>I have a non-24-hour sleep cycle, which might partially explain the previous fact.</p>
</div>
<div class="column">
<h1>About This Site</h1>
<p>I created this site in order to teach myself web development and share some of my creations.</p>
<p>All the code for this site and the content on it is my own except where otherwise credited.</p>
<p>All content on this site is licensed under a <a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a> unless otherwise noted.
You can see a summary of the license terms by visiting the preceeding link, or view the <a href="https://creativecommons.org/licenses/by-sa/4.0/legalcode">full text.</a></p>
<p>The back to top icon was made by Eleonor Wang and is licensed by <a href="http://creativecommons.org/licenses/by/3.0/" title="Creative Commons BY 3.0">CC 3.0 BY</a>.</p>
</div>
</div>
</div>
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/footer.php'); ?>
</div>

@ -0,0 +1,110 @@
<?php //include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Add Post</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
<script src="/js/tinymce/tinymce.min.js"></script>
<script>
tinymce.init({
selector: "textarea",
plugins: [
"advlist autolink lists link image charmap print preview anchor",
"searchreplace visualblocks code fullscreen",
"insertdatetime media table contextmenu paste"
],
toolbar: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
});
</script>
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<p><a href="./">Blog Admin Index</a></p>
<h2>Add Post</h2>
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
$_POST = array_map( 'stripslashes', $_POST );
//collect form data
extract($_POST);
//very basic validation
if($postTitle ==''){
$error[] = 'Please enter the title.';
}
if($postDesc ==''){
$error[] = 'Please enter the description.';
}
if($postCont ==''){
$error[] = 'Please enter the content.';
}
if(!isset($error)){
try {
$postSlug = slug($postTitle);
//insert into database
$stmt = $db->prepare('INSERT INTO blog_posts (postTitle,postSlug,postDesc,postCont,postDate) VALUES (:postTitle, :postSlug, :postDesc, :postCont, :postDate)') ;
$stmt->execute(array(
':postTitle' => $postTitle,
':postSlug' => $postSlug,
':postDesc' => $postDesc,
':postCont' => $postCont,
':postDate' => date('Y-m-d H:i:s')
));
//redirect to index page
header('Location: index.php?action=added');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="error">'.$error.'</p>';
}
}
?>
<form action='' method='post'>
<p><label>Title</label><br />
<input type='text' name='postTitle' value='<?php if(isset($error)){ echo $_POST['postTitle'];}?>'></p>
<p><label>Description</label><br />
<textarea name='postDesc' cols='60' rows='10'><?php if(isset($error)){ echo $_POST['postDesc'];}?></textarea></p>
<p><label>Content</label><br />
<textarea name='postCont' cols='60' rows='10'><?php if(isset($error)){ echo $_POST['postCont'];}?></textarea></p>
<p><input type='submit' name='submit' value='Submit'></p>
</form>
</div>

@ -0,0 +1,105 @@
<?php //include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Add User</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<p><a href="users.php">User Admin Index</a></p>
<h2>Add User</h2>
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($username ==''){
$error[] = 'Please enter the username.';
}
if($password ==''){
$error[] = 'Please enter the password.';
}
if($passwordConfirm ==''){
$error[] = 'Please confirm the password.';
}
if($password != $passwordConfirm){
$error[] = 'Passwords do not match.';
}
if($email ==''){
$error[] = 'Please enter the email address.';
}
if(!isset($error)){
$hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
try {
//insert into database
$stmt = $db->prepare('INSERT INTO blog_members (username,password,email) VALUES (:username, :password, :email)') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email
));
//redirect to index page
header('Location: users.php?action=added');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="error">'.$error.'</p>';
}
}
?>
<form action='' method='post'>
<p><label>Username</label><br />
<input type='text' name='username' value='<?php if(isset($error)){ echo $_POST['username'];}?>'></p>
<p><label>Password</label><br />
<input type='password' name='password' value='<?php if(isset($error)){ echo $_POST['password'];}?>'></p>
<p><label>Confirm Password</label><br />
<input type='password' name='passwordConfirm' value='<?php if(isset($error)){ echo $_POST['passwordConfirm'];}?>'></p>
<p><label>Email</label><br />
<input type='text' name='email' value='<?php if(isset($error)){ echo $_POST['email'];}?>'></p>
<p><input type='submit' name='submit' value='Add User'></p>
</form>
</div>

@ -0,0 +1,134 @@
<?php //include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Edit Post</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
<script src="/js/tinymce/tinymce.min.js"></script>
<script>
tinymce.init({
selector: "textarea",
plugins: [
"advlist autolink lists link image charmap print preview anchor",
"searchreplace visualblocks code fullscreen",
"insertdatetime media table contextmenu paste"
],
toolbar: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
});
</script>
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<p><a href="./">Blog Admin Index</a></p>
<h2>Edit Post</h2>
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
$_POST = array_map( 'stripslashes', $_POST );
//collect form data
extract($_POST);
//very basic validation
if($postID ==''){
$error[] = 'This post is missing a valid id!.';
}
if($postTitle ==''){
$error[] = 'Please enter the title.';
}
if($postDesc ==''){
$error[] = 'Please enter the description.';
}
if($postCont ==''){
$error[] = 'Please enter the content.';
}
if(!isset($error)){
try {
$postSlug = slug($postTitle);
//insert into database
$stmt = $db->prepare('UPDATE blog_posts SET postTitle = :postTitle, postSlug = :postSlug, postDesc = :postDesc, postCont = :postCont WHERE postID = :postID') ;
$stmt->execute(array(
':postTitle' => $postTitle,
':postSlug' => $postSlug,
':postDesc' => $postDesc,
':postCont' => $postCont,
':postID' => $postID
));
//redirect to index page
header('Location: index.php?action=updated');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo $error.'<br />';
}
}
try {
$stmt = $db->prepare('SELECT postID, postTitle, postDesc, postCont FROM blog_posts WHERE postID = :postID') ;
$stmt->execute(array(':postID' => $_GET['id']));
$row = $stmt->fetch();
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
<form action='' method='post'>
<input type='hidden' name='postID' value='<?php echo $row['postID'];?>'>
<p><label>Title</label><br />
<input type='text' name='postTitle' value='<?php echo $row['postTitle'];?>'></p>
<p><label>Description</label><br />
<textarea name='postDesc' cols='60' rows='10'><?php echo $row['postDesc'];?></textarea></p>
<p><label>Content</label><br />
<textarea name='postCont' cols='60' rows='10'><?php echo $row['postCont'];?></textarea></p>
<p><input type='submit' name='submit' value='Update'></p>
</form>
</div>
</body>
</html>

@ -0,0 +1,147 @@
<?php //include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Edit User</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<p><a href="users.php">User Admin Index</a></p>
<h2>Edit User</h2>
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($username ==''){
$error[] = 'Please enter the username.';
}
if( strlen($password) > 0){
if($password ==''){
$error[] = 'Please enter the password.';
}
if($passwordConfirm ==''){
$error[] = 'Please confirm the password.';
}
if($password != $passwordConfirm){
$error[] = 'Passwords do not match.';
}
}
if($email ==''){
$error[] = 'Please enter the email address.';
}
if(!isset($error)){
try {
if(isset($password)){
$hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
//update into database
$stmt = $db->prepare('UPDATE blog_members SET username = :username, password = :password, email = :email WHERE memberID = :memberID') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':memberID' => $memberID
));
} else {
//update database
$stmt = $db->prepare('UPDATE blog_members SET username = :username, email = :email WHERE memberID = :memberID') ;
$stmt->execute(array(
':username' => $username,
':email' => $email,
':memberID' => $memberID
));
}
//redirect to index page
header('Location: users.php?action=updated');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo $error.'<br />';
}
}
try {
$stmt = $db->prepare('SELECT memberID, username, email FROM blog_members WHERE memberID = :memberID') ;
$stmt->execute(array(':memberID' => $_GET['id']));
$row = $stmt->fetch();
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
<form action='' method='post'>
<input type='hidden' name='memberID' value='<?php echo $row['memberID'];?>'>
<p><label>Username</label><br />
<input type='text' name='username' value='<?php echo $row['username'];?>'></p>
<p><label>Password (only to change)</label><br />
<input type='password' name='password' value=''></p>
<p><label>Confirm Password</label><br />
<input type='password' name='passwordConfirm' value=''></p>
<p><label>Email</label><br />
<input type='text' name='email' value='<?php echo $row['email'];?>'></p>
<p><input type='submit' name='submit' value='Update User'></p>
</form>
</div>
</body>
</html>

@ -0,0 +1,87 @@
<?php
//include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
//show message from add / edit page
if(isset($_GET['delpost'])){
$stmt = $db->prepare('DELETE FROM blog_posts WHERE postID = :postID') ;
$stmt->execute(array(':postID' => $_GET['delpost']));
header('Location: index.php?action=deleted');
exit;
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
<script language="JavaScript" type="text/javascript">
function delpost(id, title)
{
if (confirm("Are you sure you want to delete '" + title + "'"))
{
window.location.href = 'index.php?delpost=' + id;
}
}
</script>
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<?php
//show message from add / edit page
if(isset($_GET['action'])){
echo '<h3>Post '.$_GET['action'].'.</h3>';
}
?>
<table>
<tr>
<th>Title</th>
<th>Date</th>
<th>Action</th>
</tr>
<?php
try {
$stmt = $db->query('SELECT postID, postTitle, postDate FROM blog_posts ORDER BY postID DESC');
while($row = $stmt->fetch()){
echo '<tr>';
echo '<td>'.$row['postTitle'].'</td>';
echo '<td>'.date('jS M Y', strtotime($row['postDate'])).'</td>';
?>
<td>
<a href="edit-post.php?id=<?php echo $row['postID'];?>">Edit</a> |
<a href="javascript:delpost('<?php echo $row['postID'];?>','<?php echo $row['postTitle'];?>')">Delete</a>
</td>
<?php
echo '</tr>';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
</table>
<p><a href='add-post.php'>Add Post</a></p>
</div>
</body>
</html>

@ -0,0 +1,54 @@
<?php
//include config
require_once('../includes/config.php');
include('menu.php');
//check if already logged in
if( $user->is_logged_in() ){ header('Location: index.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin Login</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
</head>
<body>
<div id="login">
<?php
//process login form if submitted
if(isset($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($user->login($username,$password)){
//logged in return to index page
header('Location: index.php');
exit;
} else {
$message = '<p class="error">Wrong username or password</p>';
}
}//end if submit
if(isset($message)){ echo $message; }
?>
<form action="" method="post">
<p><label>Username</label><input type="text" name="username" value="" /></p>
<p><label>Password</label><input type="password" name="password" value="" /></p>
<p><label></label><input type="submit" name="submit" value="Login" /></p>
</form>
</div>
</body>
</html>

@ -0,0 +1,9 @@
<?php
//include config
require_once('../includes/config.php');
//log user out
$user->logout();
header('Location: index.php');
?>

@ -0,0 +1,10 @@
<h1>Blog</h1>
<ul id='adminmenu'>
<li><a href='index.php'>Blog</a></li>
<li><a href='upload-photo.php'>Photos</a></li>
<li><a href='users.php'>Users</a></li>
<li><a href="../" target="_blank">View Website</a></li>
<li><a href='logout.php'>Logout</a></li>
</ul>
<div class='clear'></div>
<hr />

@ -0,0 +1,160 @@
<?php //include config
require_once($_SERVER['DOCUMENT_ROOT'] .'/blog/includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Upload Photos</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<p><a href="./">Blog Admin Index</a></p>
<h2>Upload Photos</h2>
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
$_POST = array_map( 'stripslashes', $_POST );
//collect form data
extract($_POST);
//very basic validation
if($imageName == ''){
$newImageName = 'image';
} else {
$newImageName = mb_strtolower(mb_ereg_replace(' ', '-', $imageName));
}
if($imageTitle ==''){
$error[] = 'Please enter the title.';
}
if($imageDesc ==''){
$error[] = 'Please enter the description.';
}
if($imageCat ==''){
$error[] = 'Please enter the category.';
}
//if($imageCont ==''){
// $error[] = 'Please choose a file.';
//}
$imageCont = $_FILES['imageCont'];
print_r($imageCont);
$imageName = $imageCont['name'];
$imageType = $imageCont['type'];
$imageTemp = $imageCont['tmp_name'];
$imageError = $imageCont['error'];
$imageSize = $imageCont['size'];
$imagePub = 0;
$extTemp = explode('.', $imageName);
$imageExt = end($extTemp);
$allowedExt = array('jpg', 'jpeg', 'png', 'webp');
if (!in_array($imageExt, $allowedExt)) {
$error[] = 'Files of type' . $imageExt . 'are not allowed. Please choose a jpg, jpeg, png, or webp file.';
}
if ($imageError === 0) {
if ($imageSize > 50000000) {
$error[] = 'Files larger than 50MB are not allowed. Please choose a smaller file.';
} else {
$newImageName = $newImageName .'-'. uniqid('', false) . '.' . $imageExt;
$imageDest = $_SERVER['DOCUMENT_ROOT'] .'/img/gallery/' . $newImageName;
}
} else {
$error[] = 'Sorry, an unexpected error has been encountered: ' . $imageError;
}
if(!isset($error)){
try {
//insert into database
$stmt = $db->prepare('INSERT INTO blog_photos (imageName,origImageName,imageTitle,imageDesc,imageCat,imageTags,imagePub,imageType,imageSize) VALUES (:imageName, :origImageName, :imageTitle, :imageDesc, :imageCat, :imageTags, :imagePub, :imageType, :imageSize)') ;
$stmt->execute(array(
':imageName' => $newImageName,
':origImageName' => $imageName,
':imageTitle' => $imageTitle,
':imageDesc' => $imageDesc,
':imageCat' => $imageCat,
':imageTags' => $imageTags,
':imagePub' => $imagePub,
':imageType' => $imageType,
':imageSize' => $imageSize
));
move_uploaded_file($imageTemp, $imageDest);
//redirect to index page
header('Location: upload-photo.php?action=uploaded');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '<p class="error">'.$error.'</p>';
}
}
//show message from add / edit page
if(isset($_GET['action'])){
echo '<h3>Image '.$_GET['action'].'.</h3>';
}
?>
<form action='' method='post' enctype="multipart/form-data">
<p><label>Name</label><br />
<input type='text' name='imageName' value='<?php if(isset($error)){ echo $_POST['imageName'];}?>'></p>
<p><label>Title</label><br />
<input type='text' name='imageTitle' value='<?php if(isset($error)){ echo $_POST['imageTitle'];}?>'></p>
<p><label>Description</label><br />
<textarea name='imageDesc' cols='60' rows='10'><?php if(isset($error)){ echo $_POST['imageDesc'];}?></textarea></p>
<p><label>Category</label><br />
<input type='text' name='imageCat' value='<?php if(isset($error)){ echo $_POST['imageCat'];}?>'></p>
<p><label>Tags</label><br />
<input type='text' name='imageTags' value='<?php if(isset($error)){ echo $_POST['imageTags'];}?>'></p>
<p><label>Publish?</label><br />
<input type='checkbox' name='imagePub' value='1'></p>
<p><label>Image</label><br />
<input type='file' name='imageCont' value='<?php if(isset($error)){ echo $_POST['imageCont'];}?>'></p>
<p><input type='submit' name='submit' value='Submit'></p>
</form>
</div>

@ -0,0 +1,94 @@
<?php
//include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
//show message from add / edit page
if(isset($_GET['deluser'])){
//if user id is 1 ignore
if($_GET['deluser'] !='1'){
$stmt = $db->prepare('DELETE FROM blog_members WHERE memberID = :memberID') ;
$stmt->execute(array(':memberID' => $_GET['deluser']));
header('Location: users.php?action=deleted');
exit;
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Admin - Users</title>
<link rel="stylesheet" href="../style/normalize.css">
<link rel="stylesheet" href="../style/main.css">
<script language="JavaScript" type="text/javascript">
function deluser(id, title)
{
if (confirm("Are you sure you want to delete '" + title + "'"))
{
window.location.href = 'users.php?deluser=' + id;
}
}
</script>
</head>
<body>
<div id="wrapper">
<?php include('menu.php');?>
<?php
//show message from add / edit page
if(isset($_GET['action'])){
echo '<h3>User '.$_GET['action'].'.</h3>';
}
?>
<table>
<tr>
<th>Username</th>
<th>Email</th>
<th>Action</th>
</tr>
<?php
try {
$stmt = $db->query('SELECT memberID, username, email FROM blog_members ORDER BY username');
while($row = $stmt->fetch()){
echo '<tr>';
echo '<td>'.$row['username'].'</td>';
echo '<td>'.$row['email'].'</td>';
?>
<td>
<a href="edit-user.php?id=<?php echo $row['memberID'];?>">Edit</a>
<?php if($row['memberID'] != 1){?>
| <a href="javascript:deluser('<?php echo $row['memberID'];?>','<?php echo $row['username'];?>')">Delete</a>
<?php } ?>
</td>
<?php
echo '</tr>';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
</table>
<p><a href='add-user.php'>Add User</a></p>
</div>
</body>
</html>

@ -0,0 +1,213 @@
<?php
if (!defined('PASSWORD_DEFAULT')) {
define('PASSWORD_BCRYPT', 1);
define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
}
Class Password {
public function __construct() {}
/**
* Hash the password using the specified algorithm
*
* @param string $password The password to hash
* @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
* @param array $options The options for the algorithm to use
*
* @return string|false The hashed password, or false on error.
*/
function password_hash($password, $algo, array $options = array()) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
return null;
}
if (!is_string($password)) {
trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
return null;
}
if (!is_int($algo)) {
trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
return null;
}
switch ($algo) {
case PASSWORD_BCRYPT :
// Note that this is a C constant, but not exposed to PHP, so we don't define it here.
$cost = 10;
if (isset($options['cost'])) {
$cost = $options['cost'];
if ($cost < 4 || $cost > 31) {
trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
return null;
}
}
// The length of salt to generate
$raw_salt_len = 16;
// The length required in the final serialization
$required_salt_len = 22;
$hash_format = sprintf("$2y$%02d$", $cost);
break;
default :
trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
return null;
}
if (isset($options['salt'])) {
switch (gettype($options['salt'])) {
case 'NULL' :
case 'boolean' :
case 'integer' :
case 'double' :
case 'string' :
$salt = (string)$options['salt'];
break;
case 'object' :
if (method_exists($options['salt'], '__tostring')) {
$salt = (string)$options['salt'];
break;
}
case 'array' :
case 'resource' :
default :
trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
return null;
}
if (strlen($salt) < $required_salt_len) {
trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING);
return null;
} elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
$salt = str_replace('+', '.', base64_encode($salt));
}
} else {
$buffer = '';
$buffer_valid = false;
if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
$buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
if ($buffer) {
$buffer_valid = true;
}
}
if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
$buffer = openssl_random_pseudo_bytes($raw_salt_len);
if ($buffer) {
$buffer_valid = true;
}
}
if (!$buffer_valid && is_readable('/dev/urandom')) {
$f = fopen('/dev/urandom', 'r');
$read = strlen($buffer);
while ($read < $raw_salt_len) {
$buffer .= fread($f, $raw_salt_len - $read);
$read = strlen($buffer);
}
fclose($f);
if ($read >= $raw_salt_len) {
$buffer_valid = true;
}
}
if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
$bl = strlen($buffer);
for ($i = 0; $i < $raw_salt_len; $i++) {
if ($i < $bl) {
$buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
} else {
$buffer .= chr(mt_rand(0, 255));
}
}
}
$salt = str_replace('+', '.', base64_encode($buffer));
}
$salt = substr($salt, 0, $required_salt_len);
$hash = $hash_format . $salt;
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) <= 13) {
return false;
}
return $ret;
}
/**
* Get information about the password hash. Returns an array of the information
* that was used to generate the password hash.
*
* array(
* 'algo' => 1,
* 'algoName' => 'bcrypt',
* 'options' => array(
* 'cost' => 10,
* ),
* )
*
* @param string $hash The password hash to extract info from
*
* @return array The array of information about the hash.
*/
function password_get_info($hash) {
$return = array('algo' => 0, 'algoName' => 'unknown', 'options' => array(), );
if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
$return['algo'] = PASSWORD_BCRYPT;
$return['algoName'] = 'bcrypt';
list($cost) = sscanf($hash, "$2y$%d$");
$return['options']['cost'] = $cost;
}
return $return;
}
/**
* Determine if the password hash needs to be rehashed according to the options provided
*
* If the answer is true, after validating the password using password_verify, rehash it.
*
* @param string $hash The hash to test
* @param int $algo The algorithm used for new password hashes
* @param array $options The options array passed to password_hash
*
* @return boolean True if the password needs to be rehashed.
*/
function password_needs_rehash($hash, $algo, array $options = array()) {
$info = password_get_info($hash);
if ($info['algo'] != $algo) {
return true;
}
switch ($algo) {
case PASSWORD_BCRYPT :
$cost = isset($options['cost']) ? $options['cost'] : 10;
if ($cost != $info['options']['cost']) {
return true;
}
break;
}
return false;
}
/**
* Verify a password against a hash using a timing attack resistant approach
*
* @param string $password The password to verify
* @param string $hash The hash to verify against
*
* @return boolean If the password matches the hash
*/
public function password_verify($password, $hash) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
return false;
}
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
return false;
}
$status = 0;
for ($i = 0; $i < strlen($ret); $i++) {
$status |= (ord($ret[$i]) ^ ord($hash[$i]));
}
return $status === 0;
}
}

@ -0,0 +1,72 @@
<?php
include('class.password.php');
class User extends Password{
private $db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
public function create_hash($value)
{
return $hash = crypt($value, '$2a$12.substr(str_replace('+','.' base64_encode(sha1(microtime(true), true))), 0, 22)');
}
private function verify_hash($password,$hash)
{
return $hash == crypt($password, $hash);
}
private function get_user_hash($username){
try {
///echo '<div class="hash">';
///echo $this->create_hash('zimn1É204▬0WElrh#320');
///echo '</div>';
$stmt = $this->_db->prepare('SELECT memberID, username, password FROM blog_members WHERE username = :username');
$stmt->execute(array('username' => $username));
return $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="error">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$user = $this->get_user_hash($username);
if($this->password_verify($password,$user['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['memberID'] = $user['memberID'];
$_SESSION['username'] = $user['username'];
return true;
}
}
public function logout(){
session_destroy();
}
}
?>

@ -0,0 +1,35 @@
<?php
ob_start();
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Database credentials
require_once($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/credentials.php');
$db = new PDO("mysql:host=".DBHOST.";port=3306;charset=utf8;dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Set timezone
date_default_timezone_set('America/Chicago');
// Load classes when needed
function __autoload($class) {
$class = strtolower($class);
$classpath = $_SERVER['DOCUMENT_ROOT'] .'/blog/classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
$classpath = $_SERVER['DOCUMENT_ROOT'] .'/blog/classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
}
$user = new User($db);
include('slug.php');

@ -0,0 +1,15 @@
<?php
function slug($string){
try{
$string = preg_replace('/\s/u', '-', $string);
$string = mb_strtolower($string);
$string = preg_replace('/[^\p{L}0-9-]/u', '', $string);
$string = rawurlencode($string);
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
return $string;
} ?>

@ -0,0 +1,34 @@
<!DOCTYPE html>
<html lang=en-US>
<?php $pageName = '/blog.dum';
require_once('includes/config.php');
require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/title.php');
require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/head.php');?>
<body<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/fromPhotos.php'); ?>>
<div class="wrapper">
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/header.php'); ?>
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/nav.php'); ?>
<div class="content" id="content" role="main">
<?php
try {
$stmt = $db->query('SELECT postID, postTitle, postSlug, postDesc, postDate FROM blog_posts ORDER BY postID DESC');
while($row = $stmt->fetch()){
echo '<div class="post-preview">';
echo '<h1><a href="'.$row['postSlug'].'">'.$row['postTitle'].'</a></h1>';
echo '<p class="post-date">Posted on '.date('jS M Y H:i:s', strtotime($row['postDate'])).'</p>';
echo '<svg height="10" width="100%">';
echo '<line x1="0" y1="0" x2="960" y2="0" />';
echo '</svg>';
echo '<div class="post-description">'.$row['postDesc'].'</div>';
echo '<p><a href="'.$row['postSlug'].'">Read More</a></p>';
echo '</div>';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
</div>
<?php require($_SERVER['DOCUMENT_ROOT'] .'/sedulcni/footer.php'); ?>
</div>

@ -0,0 +1,63 @@
#wrapper {
margin:auto;
width:900px;
}
#login {
border: 1px solid #AEAEAE;
margin: 100px auto 0;
padding: 0;
width: 300px;
}
#adminmenu {
padding-left: 0;
}
#adminmenu li {
float: left;
list-style: none;
margin-right: 20px;
}
.clear {
clear: both;
}
.error {
padding: 0.75em;
margin: 0.75em;
border: 1px solid #990000;
max-width: 400px;
color: #990000;
background-color: #FDF0EB;
-moz-border-radius: 0.5em;
-webkit-border-radius: 0.5em;
}
p,li {
color: #555555;
font-size: 16px;
line-height: 1.5em;
}
a {
color: #EF1F2F;
text-decoration: none;
}
form input {
border: 1px solid #999999;
border-bottom-color: #cccccc;
border-right-color: #cccccc;
padding: 5px;
font-family: Arial, Helvetica, sans-serif;
font-size: 1.0em;
margin: 2px;
}
table {width:98%; text-align:left; border:1px solid #DDDDDD; font-size:12px; color:#000;background:#fff; margin-bottom:10px;}
table th {background-color:#E5E5E5; border:1px solid #BBBBBB; padding:3px 6px; font-weight:normal; color:#000;}
table tr td {border:1px solid #DDDDDD; padding:5px 6px;}
table tr.alt td {background-color:#E2E2E2;}
table tr:hover {background-color:#F0F0F0; color:#000;}

@ -0,0 +1,500 @@
/*! normalize.css 2012-07-07T09:50 UTC - http://github.com/necolas/normalize.css */
/* ==========================================================================
HTML5 display definitions
========================================================================== */
/*
* Corrects `block` display not defined in IE6/7/8/9 & FF3.
*/
article,
aside,
details,
figcaption,
figure,
footer,
header,
hgroup,
nav,
section,
summary {
display: block;
}
/*
* Corrects `inline-block` display not defined in IE6/7/8/9 & FF3.
*/
audio,
canvas,
video {
display: inline-block;
*display: inline;
*zoom: 1;
}