From 57d5859e04c5964ddccbe46e8c0d7aaea698581f Mon Sep 17 00:00:00 2001 From: BodgeMaster <> Date: Thu, 2 Sep 2021 09:02:22 +0200 Subject: [PATCH] un-hard-coded database user credentials fixing #25 --- admin.php | 2 +- config/instance.conf | 4 ++++ config/names.conf | 2 -- macros/pass3_install-config.json | 6 ++++-- threadr/board/board.php | 2 +- threadr/board/index.php | 2 +- threadr/boards/index.php | 2 +- threadr/login/redirect.php | 2 +- threadr/profile/index.php | 2 +- threadr/signup/verify-email/index.php | 2 +- threadr/userhome/index.php | 2 +- 11 files changed, 16 insertions(+), 12 deletions(-) create mode 100644 config/instance.conf delete mode 100644 config/names.conf diff --git a/admin.php b/admin.php index 6ac705a..adc1f72 100644 --- a/admin.php +++ b/admin.php @@ -15,7 +15,7 @@ $random_salt = generate_salt($permitted_chars); $password_hash_method = "sha256"; - $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!'); + $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%'); $query = "SELECT id, name, authentication_algorithm FROM users;"; if (isset($_GET['action'])) { diff --git a/config/instance.conf b/config/instance.conf new file mode 100644 index 0000000..812ebd5 --- /dev/null +++ b/config/instance.conf @@ -0,0 +1,4 @@ +domain_name=threadr.lostcave.ddnss.de +threadr_dir=/threadr +db_username=webstuff +db_password=Schei// auf Pa$$w0rter! diff --git a/config/names.conf b/config/names.conf deleted file mode 100644 index cbdde76..0000000 --- a/config/names.conf +++ /dev/null @@ -1,2 +0,0 @@ -domain_name=threadr.lostcave.ddnss.de -threadr_home=/threadr diff --git a/macros/pass3_install-config.json b/macros/pass3_install-config.json index 36c8b97..792e05f 100644 --- a/macros/pass3_install-config.json +++ b/macros/pass3_install-config.json @@ -1,5 +1,7 @@ { - "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/names.conf"], - "CONTENT_DIR":["exec","sed --quiet \"/threadr_home=/s/.*=//p\" config/names.conf"], + "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/instance.conf"], + "CONTENT_DIR":["exec","sed --quiet \"/threadr_dir=/s/.*=//p\" config/instance.conf"], + "DB_PASSWORD":["exec","sed --quiet \"/db_password=/s/.*=//p\" config/instance.conf"], + "DB_USERNAME":["exec","sed --quiet \"/db_username=/s/.*=//p\" config/instance.conf"], "ABOUT_PAGE":["file","config/about.template"] } diff --git a/threadr/board/board.php b/threadr/board/board.php index 1b1d82f..50eb25b 100644 --- a/threadr/board/board.php +++ b/threadr/board/board.php @@ -1,5 +1,5 @@ prepare("SELECT * FROM posts WHERE board_id=:bid ORDER BY post_time asc"); $statement->execute(array("bid"=>$id)); foreach($statement->fetchAll() as $ROW) { diff --git a/threadr/board/index.php b/threadr/board/index.php index 912eec0..5bdbd33 100644 --- a/threadr/board/index.php +++ b/threadr/board/index.php @@ -28,7 +28,7 @@ $id=$_GET['id'];