Compare commits

..

3 Commits

16 changed files with 61 additions and 38 deletions

View File

@ -54,6 +54,8 @@ This section has moved. Look in the files or their documentation below.
This folder contains all the files that are parts of ThreadR directly
### [[DIR] config](./config)
A place to store the configuation for a specific ThreadR instance (contains official instance config for now, will be moved elsewhere eventually)
### [[DIR] macros](./macros)
files for variable_grabbler.py
### [admin.php](./admin.php)
This is the file that is shown on the internal admin page. It will contain a list of users, forums, threads, etc.
At the moment, it is just a convenient way to access the other internal administration tools.
@ -93,18 +95,3 @@ An alternative option to providing a string in the config is to add arrays defin
Read the source code for further information.
NOTICE: This file (or rather a more up-to-date version of it) will be moved to a new repository containing the deployment system.
### [variable_grabbler.pass0.json](./variable_grabbler.pass0.json), [variable_grabbler.pass1.json](./variable_grabbler.pass1.json), [variable_grabbler.pass2.json](./variable_grabbler.pass2.json)
These are the the config files for variable_grabbler.py.
A short description of what the variables do and where they should go:
* `%NAVBAR%` (in HTML part of PHP file) → the Navbar, also includes an automatic logout-function if the user is in a place where they should never be logged in (triggered by absence of the $login variable)
* `%SET_LOGIN_VARIABLE%` (in PHP code) → sets the $login variable in PHP by detecting if the user has a valid logged in session
* `%NO_CHEAP_LOGIN_STEALING%` (in PHP code, before any non-header data is sent to client) → prevents the most primitive cookie stealing attempts, nothing advanced though
* `%BANNER_COOKIES%` (in HTML part of PHP file) → the cookie banner that every web page has
* `%PLEAZE_NO_CACHE%` (in PHP code, before any non-header data is sent to client) → requests the browser to not cache this page
* `%FORCE_LOGOUT%` (in PHP code) → logout immediately (obviously less common than the other variables...)
* `%CONTENT_DIR%` (anywhere in code) → the path to the ThreadR directory (without domain name)
* `%STYLESHEET%` (in HTML) → adds the tag linking the stylesheet
* `%REQUIRE_LOGIN%` (in PHP code, before any non-header data is sent to client) → sends users to the login page if they are not logged in
### [navbar.template](./navbar.template), [banner_cookies.template](./banner_cookies.template)
file templates for variables from the code variable replacement system

View File

@ -1,5 +1,16 @@
# Files
### [about.template](./about.template)
The customizable part of the content page, will eventually be replaced with a markdown file
### [names.conf](./names.conf)
Information about the installation location of ThreadR
- domain name
- ThreadR directory on that domain
Format: <config option>=<value>
This format is strictly enforced because the mechanism to load the config is very primitive. Dont add additional whitespace for fancy formatting. Things *will* break. You have been warned.
How it is integrated: exec section of variable grabbler `/<config option>=/s/.*=//p" config/names.conf`
### [README.md](./README.md)
this file

2
config/names.conf Normal file
View File

@ -0,0 +1,2 @@
domain_name=threadr.lostcave.ddnss.de
threadr_home=/threadr

View File

@ -8,10 +8,12 @@ if [ -n "`shopt globstar | grep off`" ]; then shopt -s globstar; fi
#remove READMEs
rm ./threadr/**/README.md
#run the code variable replacement
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass0.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass1.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ variable_grabbler.pass2.json/'`" | bash -
#run the macro handler
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ macros/pass0*.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ macros/pass1*.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ macros/pass2*.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ macros/pass3*.json/'`" | bash -
echo -n "`find -name "*.php" -or -name "*.html" -or -name "*.css" -or -name "*.svg" | sed 's/^/python variable_grabbler.py /;s/$/ macros/pass4*.json/'`" | bash -
echo "==============================================================================
Done."

15
macros/README.md Normal file
View File

@ -0,0 +1,15 @@
# Files
### [variable_grabbler.pass0.json](./variable_grabbler.pass0.json), [variable_grabbler.pass1.json](./variable_grabbler.pass1.json), [variable_grabbler.pass2.json](./variable_grabbler.pass2.json)
These are the the config files for ../variable_grabbler.py.
A short description of what the variables do and where they should go:
* `%NAVBAR%` (in HTML part of PHP file) → the Navbar, also includes an automatic logout-function if the user is in a place where they should never be logged in (triggered by absence of the $login variable)
* `%SET_LOGIN_VARIABLE%` (in PHP code) → sets the $login variable in PHP by detecting if the user has a valid logged in session
* `%NO_CHEAP_LOGIN_STEALING%` (in PHP code, before any non-header data is sent to client) → prevents the most primitive cookie stealing attempts, nothing advanced though
* `%BANNER_COOKIES%` (in HTML part of PHP file) → the cookie banner that every web page has
* `%PLEAZE_NO_CACHE%` (in PHP code, before any non-header data is sent to client) → requests the browser to not cache this page
* `%FORCE_LOGOUT%` (in PHP code) → logout immediately (obviously less common than the other variables...)
* `%CONTENT_DIR%` (anywhere in code) → the path to the ThreadR directory (without domain name)
* `%STYLESHEET%` (in HTML) → adds the tag linking the stylesheet
* `%REQUIRE_LOGIN%` (in PHP code, before any non-header data is sent to client) → sends users to the login page if they are not logged in
### [README.md](./README.md)
this file

View File

@ -0,0 +1,4 @@
{
"NAVBAR":["file","macros/templates/navbar.template"],
"BANNER_COOKIES":["file","macros/templates/banner_cookies.template"]
}

5
macros/pass1_misc.json Normal file
View File

@ -0,0 +1,5 @@
{
"STYLESHEET":"<link rel=\"stylesheet\" type=\"text\/css\" href=\"%CONTENT_DIR%\/style.css\">",
"PLEAZE_NO_CACHE":"header('Cache-Control: no-cache, no-store, must-revalidate');header('Pragma: no-cache');header('Expires: 0');",
"COLOR_BEIGE":"#fef6e4", "COLOR_ORANGE":"#f3d2c1", "COLOR_BLUE":"#001858", "COLOR_PINK":"#f582ae", "COLOR_CYAN":"#8bd3dd"
}

View File

@ -1,8 +1,6 @@
{
"CONTENT_DIR":"/threadr",
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://threadr.lostcave.ddnss.de/threadr/login/\\?error=session\"); die();}}",
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%%CONTENT_DIR%\/login\/\\?error=session\"); die(); }",
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/\\?error=session\"); die();}}",
"SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }",
"PLEAZE_NO_CACHE":"header('Cache-Control: no-cache, no-store, must-revalidate');header('Pragma: no-cache');header('Expires: 0');",
"FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();",
"COLOR_BEIGE":"#fef6e4", "COLOR_ORANGE":"#f3d2c1", "COLOR_BLUE":"#001858", "COLOR_PINK":"#f582ae", "COLOR_CYAN":"#8bd3dd"
"FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();"
}

View File

@ -0,0 +1,4 @@
{
"DOMAIN_NAME":["exec","sed --quiet "/domain_name=/s/.*=//p" config/names.conf"],
"CONTENT_DIR":["exec","sed --quiet "/threadr_home=/s/.*=//p" config/names.conf"]
}

View File

@ -0,0 +1,3 @@
{
"ABOUT_PAGE":["file","config/templates/about.template"]
}

View File

@ -0,0 +1,5 @@
# Files
### [navbar.template](./navbar.template)
contains the navbar, depends on a variable in PHP to determine which field on the navbar should be highlighted
### [banner_cookies.template](./banner_cookies.template)
contains the cookie banner

View File

@ -3,11 +3,7 @@ session_start();
%PLEAZE_NO_CACHE%
$navbar = "login";
if (isset($_SESSION['user_id'])){
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
%FORCE_LOGOUT%
}
?>
<!DOCTYPE html>

View File

@ -1,5 +0,0 @@
{
"NAVBAR":["file","navbar.template"],
"BANNER_COOKIES":["file","banner_cookies.template"],
"ABOUT_PAGE":["file","config/about.template"]
}

View File

@ -1,4 +0,0 @@
{
"STYLESHEET":"<link rel=\"stylesheet\" type=\"text\/css\" href=\"%CONTENT_DIR%\/style.css\">",
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/threadr.lostcave.ddnss.de%CONTENT_DIR%\/login\/\\?error=session\"); die(); }"
}