root
/
threadr.lostcave.ddnss.de
3
1
Fork 2
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Compare commits

base: root:c2c501531a91970836882678121b1480b2bf1c7a
Branches Tags
root:jocadbz
root:master
root:legacy
..
compare: root:c10f3770c75c5f553572af845d4c2eb7bfab08b9
Branches Tags
root:jocadbz
root:master
root:legacy

5 Commits
c2c501531a ... c10f3770c7

Author SHA1 Message Date
BodgeMaster c10f3770c7 clarified documentation 2021-09-08 10:18:50 +02:00
BodgeMaster 0629830c0b fix %DOMAIN_NAME%%CONTENT_DIR% 2021-09-08 10:15:50 +02:00
BodgeMaster 2284f43919 found another hardcoded reference 2021-09-08 10:13:52 +02:00
BodgeMaster e08b8ae91e yea me stoopid 2021-09-08 10:12:08 +02:00
BodgeMaster 446f828f53 ugly line fiy? 2021-09-08 10:11:39 +02:00
6 changed files with 14 additions and 12 deletions
Show Stats Expand all files Collapse all files

4
config/README.md
View File

@ -4,12 +4,14 @@ The customizable part of the content page, HTML code for now, will eventually be
### [instance.conf](./instance.conf) ### [instance.conf](./instance.conf)
configuration for a specific instance configuration for a specific instance
- domain_name=<public facing domain name of the instance> - domain_name=<public facing domain name of the instance>
- threadr_dir=<directory on the webhost> - threadr_dir=<directory on the webhost\*>
- db_username=<mysql user> - db_username=<mysql user>
- db_password=<mysql password> - db_password=<mysql password>
- db_database=<name of the database> - db_database=<name of the database>
- db_svr_host=<mysql server address> - db_svr_host=<mysql server address>
\* leading and trailing slashes not included
I know some of these option names are silly but they all have the same length. -BodgeMaster I know some of these option names are silly but they all have the same length. -BodgeMaster
The format is strictly `<option>=<value>` because the mechanism used to load the config values is very simple. Dont add additional whitespace for fancy formatting. Things *will* break. You have been warned. The format is strictly `<option>=<value>` because the mechanism used to load the config values is very simple. Dont add additional whitespace for fancy formatting. Things *will* break. You have been warned.

2
config/instance.conf
View File

@ -1,5 +1,5 @@
domain_name=threadr.lostcave.ddnss.de domain_name=threadr.lostcave.ddnss.de
threadr_dir=/ threadr_dir=
db_username=webstuff db_username=webstuff
db_password=Schei// auf Pa$$w0rter! db_password=Schei// auf Pa$$w0rter!
db_database=web db_database=web

4
macros/pass2_session.json
View File

@ -1,6 +1,6 @@
{ {
"REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%%CONTENT_DIR%\/login\/\\?error=session\"); die(); }", "REQUIRE_LOGIN":"if (!$login) { header(\"Location: https:\/\/%DOMAIN_NAME%/%CONTENT_DIR%\/login\/\\?error=session\"); die(); }",
"NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/\\?error=session\"); die();}}", "NO_CHEAP_SESSION_STEALING":"if (isset($_SESSION['user_id'])) {if ($_SESSION['user_ip']!=$_SERVER['REMOTE_ADDR'] || $_SESSION['user_http_user_agent']!=$_SERVER['HTTP_USER_AGENT']){ $_SESSION = array(); if (ini_get(\"session.use_cookies\")){ $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params[\"path\"], $params[\"domain\"], $params[\"secure\"], $params[\"httponly\"]); } session_destroy(); header(\"Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/\\?error=session\"); die();}}",
"SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }", "SET_LOGIN_VARIABLE":"if (isset($_SESSION['user_id'])) { $login = true; } else { $login = false; }",
"FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();" "FORCE_LOGOUT":"$_SESSION = array(); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);} session_destroy();"
} }

8
macros/templates/navbar.template
View File

@ -11,15 +11,15 @@ if (!isset($login)){
echo "<a class=\"icon "; echo "<a class=\"icon ";
if ($login){ if ($login){
if ($navbar == "home"){ if ($navbar == "home"){
echo "active\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/threadr/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\""; echo "active\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
} else { } else {
echo "\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/threadr/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\""; echo "\" href=\"%CONTENT_DIR%/userhome/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"My Feed\" title=\"My Feed\"";
} }
} else { } else {
if ($navbar == "home"){ if ($navbar == "home"){
echo "active\" href=\"%CONTENT_DIR%/\"><img src=\"/threadr/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\""; echo "active\" href=\"%CONTENT_DIR%/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
} else { } else {
echo "\" href=\"%CONTENT_DIR%/\"><img src=\"/threadr/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\""; echo "\" href=\"%CONTENT_DIR%/\"><img src=\"/%CONTENT_DIR%/img/ThreadR_Home.svg\" alt=\"Home\" title=\"Home\"";
} }
} }
echo "/></a>"; echo "/></a>";

6
src/login/redirect.php
View File

@ -15,15 +15,15 @@ if ($statement->rowCount() > 0) {
// IP and user agent string are used to prevent cheap session stealing // IP and user agent string are used to prevent cheap session stealing
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/userhome/"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/userhome/");
} else { } else {
//password inorrect //password inorrect
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
die(); die();
} }
} else { } else {
//wrong user name //wrong user name
header("Location: https://%DOMAIN_NAME%%CONTENT_DIR%/login/?error=credentials"); header("Location: https://%DOMAIN_NAME%/%CONTENT_DIR%/login/?error=credentials");
die(); die();
} }
?> ?>

2
variable_grabbler.py
View File

@ -15,7 +15,7 @@ exit_codes = {
"error while processing": 2 "error while processing": 2
} }
stderr("--------------------------------------------------------------------------------\nVariable Grabbler - version 5.0\n--------------------------------------------------------------------------------") stderr("\nVariable Grabbler - version 5.0\n--------------------------------------------------------------------------------")
################################################################################ ################################################################################
# Chnages in this version: # Chnages in this version:
# - complete rewrite in Python 3 # - complete rewrite in Python 3