M activate.php +3 -8
@@ 13,15 13,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
if (!$selected) {
$errors[] = "Can't find user";
} else {
- if ($GLOBALS['App']->getUser()->setRole($id, 2)) {
- $subject = "piclog - Welcome!";
- $message = "Hello $selected[name]! Your account has been activated. You can now post messages on " . URL . ".\n\nTalk to you soon!";
- $GLOBALS['App']->getEmail()->send($selected['email'], $subject, $message);
- }
+ $App->getUser()->setRole($id, 2);
}
}
-$users = $GLOBALS['App']->getUser()->getAllInactive();
+$users = $App->getUser()->getAllInactive();
?>
<?php include 'includes/header.php'; ?>
@@ 33,8 29,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
<table>
<?php foreach ($users as $user): ?>
<tr>
- <td><?= $user['name'] ?></td>
- <td><?= $user['cover'] ?></td>
+ <td><?=site_link($user['name'])?></td>
<td>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<?php include 'includes/csrf.php' ?>
M activity.php +4 -1
@@ 8,10 8,13 @@ require 'includes/app.php';
<main>
<h1>Activity</h1>
+ <p><a href="feed.php">Subscribe via RSS</a></p>
+
<ul>
<?php foreach ($pages as $page): ?>
<li>
- <?=site_link($page['name'])?> <?=timeAgo($page['updated_at'])?> ago <?=site_link($page['name'], $page['slug'])?>
+ <time><?= to_date($page['updated_at']) ?></time>
+ <?= site_link($page['name']) ?> - <?= site_link($page['name'], $page['slug']) ?>
</li>
<?php endforeach; ?>
</ul>
M admin.php +2 -2
@@ 9,8 9,8 @@ is_admin($User) or redirect("login.php")
<h1>Admin</h1>
<ul>
- <li><a href="activate.php">Activate new users</a></li>
- <li><a href="role.php">Manage user roles</a>
+ <li><a href="activate.php">Activate new users</a></li>
+ <li><a href="users.php">Manage users</a>
</ul>
<?php include 'includes/footer.php'; ?>
M classes/Page.php +1 -0
@@ 26,6 26,7 @@ class Page
slug, content, updated_at, user_id, name
FROM pages
LEFT JOIN users on pages.user_id = users.id
+ WHERE users.role > 1
ORDER BY updated_at desc
LIMIT 100";
return $this->db->runSQL($sql)->fetchAll();
M classes/User.php +7 -1
@@ 58,7 58,7 @@ class User
unset($user['password']);
try {
- $sql = "INSERT INTO users(name, email, hash, role, cover) VALUES (:name, :email, :hash, :role, :cover)";
+ $sql = "INSERT INTO users(name, email, hash, role) VALUES (:name, :email, :hash, :role)";
$this->db->runSQL($sql, $user);
$id = (int)$this->db->lastInsertId();
$this->db->commit();
@@ 133,4 133,10 @@ class User
throw $e;
}
}
+
+ public function deleteUser($username)
+ {
+ $sql = "DELETE FROM users WHERE name = ? AND role != 3;";
+ $this->db->runSQL($sql, [$username]);
+ }
}
M config.sample.php +2 -2
@@ 13,5 13,5 @@ define('SMTP_PASSWORD', 'password');
define('FROM_EMAIL', 'foo@bar.com');
# other
-define('URL', 'https://localhost/piclog');
-define('PER_PAGE', 20);
No newline at end of file
+define('URL', 'https://localhost/lipuli');
+define('KEY', 'kama pona!');
No newline at end of file
M feed.php +18 -8
@@ 1,23 1,33 @@
<?php
require 'includes/app.php';
-$u = get_param("u");
-$site_user = $App->getUser()->getFromUsername($u) or page_not_found();
+$name = "lipu.li";
+$description = "Updates";
+$link = URL;
+
+if ($u = get_param("u")) {
+ $site_user = $App->getUser()->getFromUsername($u) or page_not_found();
+ $name = $site_user['name'];
+ $description = $name . "'s updates";
+ $link = site_url($name);
+ $pages = $App->getPage()->getChangelog($u);
+} else {
+ $pages = $App->getPage()->getActivity();
+}
header('Content-Type: application/xml');
-$pages = $App->getPage()->getChangelog($u);
?>
<rss version="2.0">
<channel>
- <title><?= $site_user['name'] ?></title>
- <description><?= $site_user['name'] ?>'s wiki</description>
- <link><?= site_url($site_user['name']) ?></link>
+ <title><?= $name ?></title>
+ <description><?= $description ?></description>
+ <link><?= $link ?></link>
<?php foreach ($pages as $page): ?>
<item>
<title><?= $page['slug'] ?></title>
<pubDate><?= date(DATE_RSS, strtotime($page['updated_at'])) ?></pubDate>
- <guid><?= htmlspecialchars(site_url($site_user['name'], $page['slug'])) ?></guid>
- <link><?= htmlspecialchars(site_url($site_user['name'], $page['slug'])) ?></link>
+ <guid><?= htmlspecialchars(site_url($page['name'], $page['slug'])) ?></guid>
+ <link><?= htmlspecialchars(site_url($page['name'], $page['slug'])) ?></link>
</item>
<?php endforeach; ?>
</channel>
M includes/app.php +2 -7
@@ 14,14 14,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
$App->getSession()->verifyCSRF($_POST['csrf']) or page_not_found();
}
-function is_visitor($user)
-{
- return $user && $user['role'] === 1;
-}
-
function is_member($user)
{
- return $user && $user['role'] > 1;
+ return $user && $user['role'] >= 1;
}
function is_admin($user)
@@ 89,7 84,7 @@ function timeAgo($dateString)
} elseif ($interval->i > 0) {
$output = $interval->i . 'm';
} else {
- $output = 's';
+ $output = $interval->s . 's';
}
return $output;
M +1 -1
@@ 3,7 3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>nini</title>
<title>lipu.li</title>
<link rel="stylesheet" href="style.css">
<link type="application/atom+xml" rel="alternate" href="feed.php">
</head>
M includes/index.php +18 -20
@@ 1,28 1,26 @@
<?php include 'includes/header.php'; ?>
-<h1>lipu li</h1>
+<main>
+ <h1>lipu li</h1>
+
+ <p>Little wiki engine for big thinking!</p>
-<?php if (is_visitor($GLOBALS['User'])): ?>
- <p class="is-visitor">You account is pending activation. You will be notified by email when activated.</p>
-<?php endif ?>
-
-<p>Little wiki engine for big thinking!</p>
+ <form action="login.php" method="post">
+ <?php include 'includes/csrf.php' ?>
+ <label for="form-name">Email:</label>
+ <input type="email" name="email" value="" class="form-control"/>
-<form action="login.php" method="post">
- <?php include 'includes/csrf.php' ?>
- <label for="form-name">Email:</label>
- <input type="email" name="email" value="" class="form-control"/>
+ <label for="form-password">Password:</label>
+ <input type="password" name="password" class="form-control" required/>
- <label for="form-password">Password:</label>
- <input type="password" name="password" class="form-control" required/>
+ <p><input type="submit" value="Login"/> <a href="password-lost.php">Password lost?</a></p>
+ </form>
- <p><input type="submit" value="Login"/> <a href="password-lost.php">Password lost?</a></p>
-</form>
-
-<p>
- <a href="register.php" class="link">Register</a><br>
- <a href="manual.php" class="link">Manual</a><br>
- <a href="activity.php" class="link">Explore</a>
-</p>
+ <p>
+ <a href="register.php" class="link">Register</a><br>
+ <a href="manual.php" class="link">Manual</a><br>
+ <a href="activity.php" class="link">Explore</a>
+ </p>
+</main>
<?php include 'includes/footer.php'; ?>
M includes/page.php +6 -7
@@ 19,13 19,12 @@
<?php endif; ?>
<?php if (count($related)): ?>
- <aside>
- <nav>
- <?php foreach ($related as $r): ?>
- <?= site_link($site_user['name'], $r['slug']) ?>
- <?php endforeach; ?>
- </nav>
- </aside>
+ <nav>
+ <span>backlinks: </span>
+ <?php foreach ($related as $r): ?>
+ <?= site_link($site_user['name'], $r['slug']) ?>
+ <?php endforeach; ?>
+ </nav>
<?php endif; ?>
<?php if ($page && $is_admin): ?>
M +3 -0
@@ 5,6 5,9 @@
<a href="settings.php">Settings</a>
<a href="manual.php">Manual</a>
<a href="activity.php">Explore</a>
<?php if (is_admin($User)): ?>
<a href="admin.php">Admin</a>
<?php endif; ?>
<a href="logout.php">Logout</a>
</nav>
</footer>
M +1 -1
@@ 3,7 3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?=$p??'home'?> - <?=$site_user['name']?></title>
<title><?=$site_user['name']?> :: <?=$p??'home'?></title>
<link rel="stylesheet" href="style.css">
<link type="application/xml" rel="alternate" href="feed.php?u=<?=$site_user['name']?>">
<style>
M page_delete.php +2 -2
@@ 23,9 23,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
<p>Are you sure you want to delete "<?= htmlspecialchars($form['slug']) ?>"?</p>
- <form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post" class="editor">
+ <form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post">
<?php include 'includes/csrf.php' ?>
- <p><input type="submit" value="Confirm"/></p>
+ <input type="submit" value="Confirm"/>
</form>
</main>
M password-lost.php +11 -8
@@ 26,17 26,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
}
?>
<?php include 'includes/header.php'; ?>
-<h1>Password lost</h1>
-<?php form_errors($errors) ?>
+<main>
+ <h1>Password lost</h1>
+
+ <?php form_errors($errors) ?>
-<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
- <?php include 'includes/csrf.php' ?>
+ <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
+ <?php include 'includes/csrf.php' ?>
- <label for="email">Email:</label>
- <input type="email" id="email" name="email" class="form-control" required/>
+ <label for="email">Email:</label>
+ <input type="email" id="email" name="email" class="form-control" required/>
- <input type="submit" value="Submit"/>
-</form>
+ <input type="submit" value="Submit"/>
+ </form>
+</main>
<?php include 'includes/footer.php'; ?>
M register.php +27 -26
@@ 5,20 5,19 @@ require 'includes/app.php';
$form = [
'name' => '',
'email' => '',
- 'cover' => '',
+ 'key' => '',
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$form['name'] = $_POST['name'];
$form['email'] = $_POST['email'];
- $form['cover'] = trim($_POST['cover']);
+ $form['key'] = $_POST['key'];
$password = $_POST['password'];
Validate::isName($form['name']) or $errors[] = "Name must be 2-20 letters using [A-z0-9\_]";
Validate::isEmail($form['email']) or $errors[] = "Email format not recognized";
Validate::isPassword($password) or $errors[] = "Password must be 6 or more characters";
- Validate::isAcceptableHTML($form['cover']) or $errors [] = "About has a forbidden HTML tag";
- !empty($form['cover']) or $errors[] = "Tell us a few words about you";
+ $form['key'] === KEY or $errors[] = "Invalid key";
if ($password != $_POST['repeat']) {
$errors[] = "Passwords don't match";
@@ 28,7 27,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
$id = $App->getUser()->create([
"name" => $form['name'],
"email" => $form['email'],
- "cover" => $form['cover'],
"password" => $password,
], $errors);
if ($id !== false) {
@@ 42,32 40,35 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
<?php include 'includes/header.php'; ?>
-<h1>Register</h1>
+<main>
+ <h1>Register</h1>
-<?php form_errors($errors ?? '') ?>
+ <?php form_errors($errors ?? '') ?>
-<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
- <?php include 'includes/csrf.php' ?>
- <label for="name">Name:</label>
- <input type="text" id="name" name="name" autocomplete="off" value="<?= $form['name'] ?>" class="form-control"
- required/>
-
- <label for="email">Email:</label>
- <input type="email" id="email" name="email" autocomplete="off" value="<?= $form['email'] ?>" class="form-control"
- required/>
+ <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
+ <?php include 'includes/csrf.php' ?>
+ <label for="name">Name:</label>
+ <input type="text" id="name" name="name" autocomplete="off" value="<?= $form['name'] ?>" class="form-control"
+ required/>
- <label for="password">Password:</label>
- <input type="password" id="password" name="password" class="form-control" required/>
+ <label for="email">Email (used to reset password):</label>
+ <input type="email" id="email" name="email" autocomplete="off" value="<?= $form['email'] ?>"
+ class="form-control"
+ required/>
- <label for="repeat">Repeat:</label>
- <input type="password" id="repeat" name="repeat" class="form-control" required/>
+ <label for="password">Password:</label>
+ <input type="password" id="password" name="password" class="form-control" required/>
- <label for="cover">About:</label>
- <textarea name="cover" id="cover" class="form-control" required"><?= $form['cover'] ?></textarea>
+ <label for="repeat">Repeat:</label>
+ <input type="password" id="repeat" name="repeat" class="form-control" required/>
- <p>By clicking the following button you agree to the <a href="tos.php">Terms of Service</a> and certify that you are
- an adult.</p>
- <input type="submit" value="Register"/>
-</form>
+ <label for="name">Key:</label>
+ <input type="text" id="key" name="key" autocomplete="off" value="<?= $form['key'] ?>" class="form-control"
+ required/>
+
+ <p>By clicking the following button you agree to the <a target="_blank" href="tos.php">terms of Service</a>.</p>
+ <input type="submit" value="Register"/>
+ </form>
+</main>
<?php include 'includes/footer.php'; ?>
M schema.sql +0 -1
@@ 4,7 4,6 @@ create table users
name varchar(20) not null unique,
email varchar(254) not null unique,
role int not null default 1,
- cover text not null check (cover <> ''),
hash text not null,
home text not null default '',
style text not null default ''
M style.css +8 -19
@@ 1,10 1,10 @@
-body {
+body{
+ font-family: sans-serif;
+ margin: 40px auto;
+ padding: 0px 10px;
max-width: 650px;
- margin: 10px auto;
- font-family: Verdana;
line-height: 1.5;
- padding: 10px;
- background-color: floralwhite;
+ background-color: whitesmoke;
}
textarea {
@@ 21,31 21,20 @@ form > *:not(label, [type=submit]) {
pre {
background-color: gainsboro;
- padding: 10px;
+ padding: 1em;
}
nav > * {
margin-right: 10px;
}
-aside {
- border: 1px dashed;
- padding: 1em;
+main > nav {
margin-top: 1em;
}
-main > nav {
- padding: 1em;
- background-color: thistle;
- margin-top: 1em
-}
-
-main {
- margin-bottom: 1em;
-}
-
footer {
padding-top: 1em;
+ margin-top: 1em;
border-top: 1px solid;
}
M tos.php +4 -3
@@ 3,17 3,18 @@ require 'includes/app.php';
?>
<?php include 'includes/header.php'; ?>
+
<h1>Terms of service</h1>
-<p>In order to use piclog, you must agree to the following rules. A user not respecting these rules will have their account removed and will be banned from the service. The general rule is to be nice, friendly and respectful to anyone and their status.
+<p>In order to use this service, you must agree to the following rules. A user not respecting these rules will have their account removed and will be banned from the service. The general rule is to be respectful to anyone.
-<p><b>Racist, bigoted or otherwise hate speech</b> is not permitted. Status Cafe is an inclusive place that will not tolerate anyone promoting hateful ideas and language.</p>
+<p><b>Racist, bigoted or otherwise hate speech</b> is not permitted. This place will not tolerate anyone promoting hateful ideas and language.</p>
<p><b>Illegal activities</b> such as promoting malware, phishing or publishing something that promotes content that infringes copyright, patent or trademark you do not own is not permitted.</p>
<p><b>Pornographic content</b> is not allowed.</p>
-<p><b>Spamming</b>, including unsolicited advertising isn't allowed. While it's perfectly fine to talk about your projects and link them, using Status Cafe only as a way to drive traffic to an external site isn't allowed.</p>
+<p><b>Spamming</b>, including unsolicited advertising isn't allowed. While it's perfectly fine to talk about your projects and link them, using this service only as a way to drive traffic to an external site isn't allowed.</p>
<p><b>Harassing</b>, bullying, picking on a user isn't permitted.</p>
A => user_delete.php +31 -0
@@ 0,0 1,31 @@
+<?php
+require 'includes/app.php';
+
+is_admin($User) or page_not_found();
+
+$u = get_param('u');
+$user = $App->getUser()->getFromUsername($u) or page_not_found();
+
+$errors = [];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ $App->getUser()->deleteUser($user['name']);
+ redirect("users.php");
+}
+
+?>
+
+<?php include 'includes/header.php'; ?>
+
+<h1>Delete user</h1>
+
+<?php form_errors($errors) ?>
+
+<p>Are you sure you want to delete <?=$user['name']?>?</p>
+
+<form action="<?= $_SERVER['REQUEST_URI'] ?>" method="post">
+ <?php include 'includes/csrf.php' ?>
+ <input type="submit" value="Confirm"/>
+</form>
+
+<?php include 'includes/footer.php'; ?>
M role.php => users.php +22 -18
@@ 1,7 1,7 @@
<?php
require 'includes/app.php';
-is_admin($User) or redirect("login.php");
+is_admin($User) or page_not_found();
$errors = [];
@@ 29,23 29,27 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST
<table>
<?php foreach ($users as $user): ?>
- <tr>
- <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
- <?php include 'includes/csrf.php' ?>
- <td><?= $user['name'] ?></td>
- <td>
- <select name="role">
- <option value="0" <?= ($user['role'] === 0) ? "selected" : "" ?>>suspended</option>
- <option value="1" <?= ($user['role'] === 1) ? "selected" : "" ?>>visitor</option>
- <option value="2" <?= ($user['role'] === 2) ? "selected" : "" ?>>member</option>
- <option value="3" <?= ($user['role'] === 3) ? "selected" : "" ?>>admin</option>
- </select>
- <input type="hidden" name="id" value="<?= $user['id'] ?>"/>
- <input type="submit" value="save"/>
-
- </td>
- </form>
- </tr>
+ <?php if ($User['id'] !== $user['id']): ?>
+ <tr>
+ <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
+ <?php include 'includes/csrf.php' ?>
+ <td><?= site_link($user['name']) ?></td>
+ <td>
+ <select name="role">
+ <option value="0" <?= ($user['role'] === 0) ? "selected" : "" ?>>suspended</option>
+ <option value="1" <?= ($user['role'] === 1) ? "selected" : "" ?>>unreviewed</option>
+ <option value="2" <?= ($user['role'] === 2) ? "selected" : "" ?>>reviewed</option>
+ <option value="3" <?= ($user['role'] === 3) ? "selected" : "" ?>>admin</option>
+ </select>
+ <input type="hidden" name="id" value="<?= $user['id'] ?>"/>
+ <input type="submit" value="save"/>
+ </td>
+ <td>
+ <a href="user_delete.php?u=<?= $user['name'] ?>">Delete</a>
+ </td>
+ </form>
+ </tr>
+ <?php endif; ?>
<?php endforeach; ?>
</table>