un-hard-coded database user credentials fixing #25

2021-09-02 09:02:22 +02:00 · 2021-09-02 09:02:22 +02:00 · 57d5859e04
parent 8748d17753
commit 57d5859e04
11 changed files with 16 additions and 12 deletions
--- a/admin.php
+++ b/admin.php
@ -15,7 +15,7 @@
  $random_salt = generate_salt($permitted_chars);
  $password_hash_method = "sha256";
-  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
  $query = "SELECT id, name, authentication_algorithm FROM users;";
  if (isset($_GET['action'])) {
--- a/config/instance.conf
+++ b/config/instance.conf
@ -0,0 +1,4 @@
 domain_name=threadr.lostcave.ddnss.de
 threadr_dir=/threadr
 db_username=webstuff
 db_password=Schei// auf Pa$$w0rter!
--- a/config/names.conf
+++ b/config/names.conf
@ -1,2 +0,0 @@
 domain_name=threadr.lostcave.ddnss.de
 threadr_home=/threadr
--- a/macros/pass3_install-config.json
+++ b/macros/pass3_install-config.json
@ -1,5 +1,7 @@
 {
-  "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/names.conf"],
+  "DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/instance.conf"],
-  "CONTENT_DIR":["exec","sed --quiet \"/threadr_home=/s/.*=//p\" config/names.conf"],
+  "CONTENT_DIR":["exec","sed --quiet \"/threadr_dir=/s/.*=//p\" config/instance.conf"],
  "DB_PASSWORD":["exec","sed --quiet \"/db_password=/s/.*=//p\" config/instance.conf"],
  "DB_USERNAME":["exec","sed --quiet \"/db_username=/s/.*=//p\" config/instance.conf"],
  "ABOUT_PAGE":["file","config/about.template"]
 }
--- a/threadr/board/board.php
+++ b/threadr/board/board.php
@ -1,5 +1,5 @@
 <?php
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $statement = $pdo->prepare("SELECT * FROM posts WHERE board_id=:bid ORDER BY post_time asc");
 $statement->execute(array("bid"=>$id));
 foreach($statement->fetchAll() as $ROW) {
--- a/threadr/board/index.php
+++ b/threadr/board/index.php
@ -28,7 +28,7 @@ $id=$_GET['id'];
      <div class="item-1">
        <h1><center>
          <?php
-          $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+          $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
          $error = false;
          $error_message = "";
          if (!$error) {
--- a/threadr/boards/index.php
+++ b/threadr/boards/index.php
@ -22,7 +22,7 @@ $navbar="boards";
        <div class="item-2">
          <ul class="list">
            <?php 
-              $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+              $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
              $error = false;
              $error_message = "";
              if (!$error) {
--- a/threadr/login/redirect.php
+++ b/threadr/login/redirect.php
@ -2,7 +2,7 @@
 session_start();
 %PLEAZE_NO_CACHE%
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
 $result = $statement->execute(array('username' => $_POST['username']));
 if ($statement->rowCount() > 0) {
--- a/threadr/profile/index.php
+++ b/threadr/profile/index.php
@ -5,7 +5,7 @@ session_start();
 %NO_CHEAP_SESSION_STEALING%
 %REQUIRE_LOGIN%
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $error = false;
 $error_message = "";
 if (!$error) {
--- a/threadr/signup/verify-email/index.php
+++ b/threadr/signup/verify-email/index.php
@ -25,7 +25,7 @@
  $password_salt = generate_salt($permitted_chars);
  $password_hash_method = "sha256";
-  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  $pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
  //$statement = $pdo->prepare('');
 $navbar = "verify-email";
 ?>
--- a/threadr/userhome/index.php
+++ b/threadr/userhome/index.php
@ -5,7 +5,7 @@ session_start();
 %NO_CHEAP_SESSION_STEALING%
 %REQUIRE_LOGIN%
-$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
 $error = false;
 $error_message = "";
 if (!$error) {
		`@ -1,2 +0,0 @@`
			`domain_name=threadr.lostcave.ddnss.de`
			`threadr_home=/threadr`