Merge pull request #27 from torbengb/develop

toolpool 0.1.0.prototype

Author: torbengb

.gitignore

@@ -1,2 +1,5 @@
+common/config.php
+todo.txt
+.idea/
 
-config/config.php
+common/dbconfig.php

.htaccess

@@ -1,8 +1,8 @@
 DirectoryIndex index.php
 
-#     ErrorDocument 403 error.php
-#     ErrorDocument 404 error.php
-#     ## ErrorDocument 500 error.php
+#     ErrorDocument 403 /common/error.php
+#     ErrorDocument 404 /common/error.php
+#     ## ErrorDocument 500 /common/error.php
 #     
 #     php_flag display_startup_errors on
 #     php_flag display_errors on
@@ -33,4 +33,4 @@ DirectoryIndex index.php
 #          Deny from all
 #          Satisfy All
 #     </Files>
-#     ## end
+#     ## end

LICENSE

@@ -1,7 +1,18 @@
 The MIT License (MIT)
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,4 +1,4 @@
-# This is a prototype!!
+# README
 
 This prototype of `Tool Pool` aims to provide a proof of concept for a community of people wanting to share their tools for DIY home-improvement projects.
 

common.php

@@ -0,0 +1,75 @@
+<?php
+session_start();
+$_SESSION['debug'] =
+    0; // set to 1 for extra debug output; 0 for nothing.
+//if ($_SESSION['debug']==1) echo __LINE__ . " in " . __FILE__ ."<br>";
+if ($_SESSION['debug']==1) echo "Debug is ON: line ".__LINE__ . " in " . __FILE__ ."<br>";
+if (empty($_SESSION['csrf'])) {
+  if (function_exists('random_bytes')) {
+    $_SESSION['csrf'] = bin2hex(random_bytes(32));
+  } elseif (function_exists('mcrypt_create_iv')) {
+    $_SESSION['csrf'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
+  } else {
+    $_SESSION['csrf'] = bin2hex(openssl_random_pseudo_bytes(32));
+  }
+}
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// connect to the database:
+require "dbconfig.php";
+$dsn        = "mysql:host=$host;dbname=$dbname";
+$options    = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
+$connection = new PDO($dsn, $username, $password, $options);
+$sql        = "USE " . $dbname;
+$connection->exec($sql);
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// common functions:
+function escape($html)
+{
+  return htmlspecialchars($html, ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8");
+}
+
+function showMessage($line = 0, $file = "not specified", $message = "")
+{
+  // usage: showMessage( __LINE__ , __FILE__ , "optional hint message" )
+  //    or: showMessage( __LINE__ , __FILE__ )
+  echo "An error occurred at line " . $line . " in file " . $file . "!" . ($message ? "<br>Additional information:<br>" . $message : "<br>No additional details were provided. Sorry about that.");
+}
+
+$statement = $connection->prepare("
+        SELECT id, username FROM users
+        WHERE ( deleted = '0000-00-00 00:00:00' OR deleted IS NULL )
+        ORDER BY username
+        ");
+$statement->execute();
+$users = $statement->fetchAll();
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// user management
+if (isset($_POST["login"])) {
+  //if ($_SESSION['debug']) echo __LINE__ . " in " . __FILE__ . "<br>";
+  if (!hash_equals($_SESSION['csrf'], $_POST['csrf']))
+    if ($_SESSION['debug']==1) {
+      echo __LINE__ . " in " . __FILE__ . "<br>";
+      //die();
+    }
+  $currentuserid = $_POST["user"];
+  $statement     = $connection->prepare("
+        SELECT id, username
+        FROM users
+        WHERE id = :id
+        AND ( deleted = '0000-00-00 00:00:00' OR deleted IS NULL )
+        ");
+  $statement->bindValue(':id', $currentuserid);
+  $statement->execute();
+  $result                      = $statement->fetch(PDO::FETCH_ASSOC);
+  $_SESSION["currentuserid"]   = $result['id'];
+  $_SESSION["currentusername"] = $result['username'];
+  unset($_POST["login"]);
+}
+if (isset($_POST["logout"])) {
+  //if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
+  // remove all session variables
+  session_unset();
+  // destroy the session
+  session_destroy();
+}
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

common/common.php

@@ -0,0 +1,18 @@
+<?php require "/common/footer.php"; ?>
+
+<?php 
+  $code = $_SERVER['REDIRECT_STATUS'];
+  $codes = array(
+    403 => 'Forbidden',
+    404 => 'Not Found',
+    500 => 'Internal Server Error'
+  );
+  $source_url = 'http'.((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+  if (array_key_exists($code, $codes) && is_numeric($code)) {
+    die("Error $code: {$codes[$code]}");
+  } else {
+    die('Unknown error');
+  }
+?>
+
+<?php require "/common/footer.php"; ?>

common/error.php

@@ -0,0 +1,41 @@
+</div> <!-- end body -->
+<div class="footer">
+    <div class="navbar">
+    <span class="topics">
+      || <a href="/index.php"><strong>Home</strong></a>
+      || <a href="/tools/list.php"><strong>Tools</strong></a>
+      || <a href="/users/list.php"><strong>Members</strong></a>
+      || <a href="/loans/list.php"><strong>Loans</strong></a>
+      || <a href="/taxonomy/list.php"><strong>Taxonomy</strong></a>
+      ||
+    </span>
+    </div>
+    <div class="meta">
+    <span>
+      || <strong alt="* opens in new page" title="* opens in new page"><a href="https://github.com/torbengb/toolpool#README" target="_new">About</a></strong>
+      || <strong alt="* opens in new page" title="* opens in new page"><a href="https://github.com/torbengb/toolpool" target="_new">Github</a></strong>
+      || <strong alt="* opens in new page" title="* opens in new page"><a href="https://github.com/torbengb/toolpool/issues?q=is%3Aopen+is%3Aissue+label%3Abug" target="_new">Known bugs</a></strong>
+      || <strong alt="* opens in new page" title="* opens in new page"><a href="https://github.com/torbengb/toolpool/issues/new" target="_new">Report a bug</a></strong>
+      ||
+    </span>
+    </div>
+</div>
+<form method="post" action="/">
+    <input type="hidden" name="csrf" value="<?php echo escape($_SESSION['csrf']); ?>">
+    <input type="hidden" name="id" value="<?php echo escape($user['id']); ?>">
+    <label class="label" for="user"><span class="labeltext">select user:</span>
+        <select class="input" name="user" id="user">
+          <?php foreach ($users as $row) : ?>
+              <option
+                      name="user"
+                      id="user"
+                      value="<?php echo escape($row['id']); ?>"
+                  <?php echo(escape($row["id"]) == escape($_SESSION["currentuserid"]) ? "selected='selected'" : NULL) ?>
+              ><?php echo escape($row['username']); ?></option>
+          <?php endforeach; ?>
+        </select>
+    </label>
+    <button class="button submit" type="submit" name="login" value="login">Switch!</button>
+</form>
+</body>
+</html>

common/footer.php

@@ -0,0 +1,32 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="x-ua-compatible" content="ie=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title>TOOL||POOL</title>
+
+    <link rel="stylesheet" href="/common/style.css">
+</head>
+
+<body>
+<div class="header">
+    <h1 class="sitename">TOOL||POOL on <?php echo $_SERVER['HTTP_HOST']; ?></h1>
+    <div class="navbar">
+        <div class="topics">
+            || <a href="/index.php"><strong>Home</strong></a>
+            || <a href="/tools/list.php"><strong>Tools</strong></a>
+            || <a href="/profile"><strong>My account</strong></a>
+            || <span style="float:right"><?php
+            if (isset($_SESSION['currentusername'])) {
+              echo '<a href="/profile/">Hello <b>' . escape($_SESSION['currentusername']) . '</b>!</a>';
+            } else {
+              echo '<a href="/profile/">Login</a> or <a href="/users/new.php">register!</a>';
+            }
+            ?></span>
+        </div>
+    </div>
+</div>
+<div class="mainbody">

common/header.php

@@ -0,0 +1,69 @@
+<?php
+require "common.php";
+
+function runsqlfile($file) {
+  //echo __LINE__ . "<br>";
+  $sql = file_get_contents($file);
+  $connection->exec($sql);
+  //echo __LINE__ . "<br>";
+  return;
+}
+
+/**
+ * @param PDO $connection
+ */
+function arst(PDO $connection, str $file): void
+{
+  echo __LINE__ . "<br>";
+  $sql = file_get_contents($file);
+  $connection->exec($sql);
+  echo __LINE__ . "<br>";
+}
+
+try {
+// first create database:
+  /* INSTALLER CANNOT CREATE DATABASE on DreamHost!! (and neither can a local SQL client!)
+   * The database MUST exist before the installer is run!
+   * The installer can do everything after that.
+  $sql = "CREATE DATABASE IF NOT EXISTS " . $dbname;
+  $connection->exec($sql);
+   */
+  echo __LINE__ . "<br>";
+// then open database:
+  $sql = "USE " . $dbname;
+  $connection->exec($sql);
+  echo __LINE__ . "<br>";
+  // and then create tables:
+  $sql = file_get_contents("../database/countries.sql");
+  $connection->exec($sql);
+  echo __LINE__ . "<br>";
+  $sql = file_get_contents("../database/regions.sql");
+  $connection->exec($sql);
+  $sql = file_get_contents("../database/users.sql");
+  $connection->exec($sql);
+  $sql = file_get_contents("../database/taxonomy.sql");
+  $connection->exec($sql);
+  $sql = file_get_contents("../database/tools.sql");
+  $connection->exec($sql);
+  $sql = file_get_contents("../database/loans.sql");
+  $connection->exec($sql);
+  echo __LINE__ . "Successfully created tables and inserted base data.<br>";
+
+// now load test data unless it's in production:
+  switch ($dbname) {
+    case "toolpool":
+      // do nothing in production!
+      break;
+    case "toolpool_dev":
+    case "toolpool_test":
+//      runsqlfile("../database/testdata.sql");
+      echo "Successfully inserted test data.<br>";
+      break;
+    default:
+      die('Cannot insert test data into unknown environment!<br>');
+  }
+
+  echo "Now <a href='../index.php'>go to the homepage</a>.";
+} catch(PDOException $error) {
+    echo /* $sql . "<br>" . */ $error->getMessage() . " Try visiting <a href='../index.php'>the homepage</a>.";
+}