un-hard-coded database user credentials fixing #25

master
BodgeMaster 2021-09-02 09:02:22 +02:00
parent 8748d17753
commit 57d5859e04
11 changed files with 16 additions and 12 deletions

View File

@ -15,7 +15,7 @@
$random_salt = generate_salt($permitted_chars);
$password_hash_method = "sha256";
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$query = "SELECT id, name, authentication_algorithm FROM users;";
if (isset($_GET['action'])) {

4
config/instance.conf Normal file
View File

@ -0,0 +1,4 @@
domain_name=threadr.lostcave.ddnss.de
threadr_dir=/threadr
db_username=webstuff
db_password=Schei// auf Pa$$w0rter!

View File

@ -1,2 +0,0 @@
domain_name=threadr.lostcave.ddnss.de
threadr_home=/threadr

View File

@ -1,5 +1,7 @@
{
"DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/names.conf"],
"CONTENT_DIR":["exec","sed --quiet \"/threadr_home=/s/.*=//p\" config/names.conf"],
"DOMAIN_NAME":["exec","sed --quiet \"/domain_name=/s/.*=//p\" config/instance.conf"],
"CONTENT_DIR":["exec","sed --quiet \"/threadr_dir=/s/.*=//p\" config/instance.conf"],
"DB_PASSWORD":["exec","sed --quiet \"/db_password=/s/.*=//p\" config/instance.conf"],
"DB_USERNAME":["exec","sed --quiet \"/db_username=/s/.*=//p\" config/instance.conf"],
"ABOUT_PAGE":["file","config/about.template"]
}

View File

@ -1,5 +1,5 @@
<?php
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$statement = $pdo->prepare("SELECT * FROM posts WHERE board_id=:bid ORDER BY post_time asc");
$statement->execute(array("bid"=>$id));
foreach($statement->fetchAll() as $ROW) {

View File

@ -28,7 +28,7 @@ $id=$_GET['id'];
<div class="item-1">
<h1><center>
<?php
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$error = false;
$error_message = "";
if (!$error) {

View File

@ -22,7 +22,7 @@ $navbar="boards";
<div class="item-2">
<ul class="list">
<?php
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$error = false;
$error_message = "";
if (!$error) {

View File

@ -2,7 +2,7 @@
session_start();
%PLEAZE_NO_CACHE%
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
$result = $statement->execute(array('username' => $_POST['username']));
if ($statement->rowCount() > 0) {

View File

@ -5,7 +5,7 @@ session_start();
%NO_CHEAP_SESSION_STEALING%
%REQUIRE_LOGIN%
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$error = false;
$error_message = "";
if (!$error) {

View File

@ -25,7 +25,7 @@
$password_salt = generate_salt($permitted_chars);
$password_hash_method = "sha256";
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
//$statement = $pdo->prepare('');
$navbar = "verify-email";
?>

View File

@ -5,7 +5,7 @@ session_start();
%NO_CHEAP_SESSION_STEALING%
%REQUIRE_LOGIN%
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$pdo = new PDO('mysql:host=localhost;dbname=web', '%DB_USERNAME%', '%DB_PASSWORD%');
$error = false;
$error_message = "";
if (!$error) {