From 24516c6d29fe03eb7440850be074495cc524e5dc Mon Sep 17 00:00:00 2001
From: xf0r3m <jakubstasinski@protonmail.com>
Date: Mon, 22 Jul 2024 14:42:47 +0200
Subject: [PATCH 1/1] Synchronizacja public -> priv

---
 README.md       |   5 ++
 db_conf.php     |  20 +++++
 index.php       | 192 ++++++++++++++++++++++++++++++++++++++++++++++++
 install.sql     |  27 +++++++
 library.php     |  67 +++++++++++++++++
 login.php       |  50 +++++++++++++
 logout.php      |   6 ++
 newcategory.php |   8 ++
 passwd.php      |  10 +++
 style.css       |  39 ++++++++++
 10 files changed, 424 insertions(+)
 create mode 100644 README.md
 create mode 100644 db_conf.php
 create mode 100644 index.php
 create mode 100644 install.sql
 create mode 100644 library.php
 create mode 100644 login.php
 create mode 100644 logout.php
 create mode 100644 newcategory.php
 create mode 100644 passwd.php
 create mode 100644 style.css

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d21b721
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+# SC - SiteCatalogue
+
+2.0
+
+Wymagania: LAMP Stack + jakieś dobre hasło do bazy.
diff --git a/db_conf.php b/db_conf.php
new file mode 100644
index 0000000..0955910
--- /dev/null
+++ b/db_conf.php
@@ -0,0 +1,20 @@
+<?php
+  $db = 'sc';
+  $db_user = 'sc';
+  $db_passwd = '';
+  $db_host = 'localhost';
+
+  $connection = mysqli_connect($db_host, $db_user, $db_passwd, $db);
+
+  if ( ! $connection ) {
+    echo "<script>console.log('Połaczenie nie powiodło się');
+          console.log(\"Nr błędu: " . mysqli_connect_errno() . "\");
+          console.log(\"Błąd: " . mysqli_connect_error() . "\");</script>";
+    exit;
+  } else {
+    if ( ! isset($_SERVER["SHELL"]) ) {
+      echo "<script>console.log('Połączenie powiodło się!');</script>";
+    }
+  }
+
+?>
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..2f68564
--- /dev/null
+++ b/index.php
@@ -0,0 +1,192 @@
+<?php
+  include('library.php');
+  include('db_conf.php');
+?>
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Site Catalogue - morketsmerke.org</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
+    <link href="style.css" type="text/css" rel="stylesheet">
+  </head>
+  <body>
+    <nav class="navbar navbar-expand-lg navbar-light bg-light">
+  <div class="container-fluid">
+    <a class="navbar-brand" href="index.php">sc</a>
+    <div class="collapse navbar-collapse" id="navbarSupportedContent">
+      <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+        <li class="nav-item">
+          <?php
+            if ( session_status() != 2 ) { session_start(); }
+            if ( ! empty($_SESSION['username']) ) {
+              echo "<a class=\"nav-link\" href=\"?a=logout\">Wyloguj się</a>";
+            } else {
+              echo "<a class=\"nav-link\" href=\"?a=login\">Zaloguj się</a>";
+            }
+          ?>
+        </li>
+      </ul>
+    </div>
+  </div>
+</nav>
+    <div id="main" class="container-lg">
+      <?php
+        if ( ! empty($_GET['a']) ) {
+          if ( $_GET['a'] == 'login' ) { include('login.php'); }
+          if ( $_GET['a'] == 'logout' ) { include('logout.php'); }
+        } else {
+      ?>
+      <div id="categories" class="container-sm">
+        <div class="card">
+          <div class="card-header">
+            Kategorie: 
+          </div>
+          <ul class="list-group list-group-flush">
+            <?php
+              # Usunięcie kategorii, a wraz znią przypisanych do niej site-ów
+              if ( isset($_POST['cateid']) ) {
+                $tableName = "sites";
+                $whereValue = "cateId = " . mysqli_real_escape_string($connection, $_POST['cateid']) . ";";
+                $result = dbDel($connection, $tableName, $whereValue);
+                
+                $tableName = "categories";
+                $whereValue = "id = " . mysqli_real_escape_string($connection, $_POST['cateid']) . ";";
+                $result = dbDel($connection, $tableName, $whereValue); 
+              }
+              # Dodanie kategorii
+              if ( isset($_POST['newcategory']) ) {
+                $tableName = "categories";
+                $columnScheme = "name";
+                $setValues = "'" . mysqli_real_escape_string($connection, $_POST['newcategory']) . "'";
+                $result = dbAdd($connection, $tableName, $columnScheme, $setValues);
+              }
+
+              # Wyświetlenie kategorii
+              $tableName = "categories";
+              $columnScheme = "id, name";
+              $whereValue = "1=1;";
+              $result = dbQuery($connection, $tableName, $columnScheme, $whereValue);
+              if ( ! is_null($result) ) {
+                while ( $row = mysqli_fetch_row($result) ) {
+                  if ( session_status() != 2 ) { session_start(); }
+                  if ( ! empty($_SESSION['username']) ) {
+                  echo "<li class=\"list-group-item\">
+                  <form class=\"delForms\" action=\"index.php\" method=\"post\">
+                  <input type=\"hidden\" name=\"cateid\" value=\"" . $row[0] . "\">
+                  <button type=\"submit\" class=\"btn btn-danger deleteButton\" title=\"Usuń\">&times;</button>
+                  </form>
+                  <a href=\"?cate=" . $row[0] . "\">" . $row[1] . "</a></li>";
+                  } else {
+                    echo "<li class=\"list-group-item\">
+                    <a href=\"?cate=" . $row[0] . "\">" . $row[1] . "</a></li>";
+                  }
+                }
+              } 
+              if ( session_status() != 2 ) { session_start(); }
+              if ( ! empty($_SESSION['username']) ) {
+            ?>
+                <li class="list-group-item">
+                  <form class="row g-2" action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+                    <div class="col-auto">
+                      <input type="text" class="form-control" name="newcategory" placeholder="Nowa kategoria">
+                    </div>
+                    <div class="col-auto">
+                      <button type="submit" class="btn btn-primary">Dodaj</button>
+                    </div>
+                  </form>   
+                </li>
+            <?php
+              }
+            ?>
+          </ul>
+        </div>
+        <!-- <h1>Categories</h1> -->
+      </div>
+      <div id="catalogue" class="container-md">
+        <div class="card">
+          <div class="card-header">
+            <?php
+              if ( ! isset($_GET['cate']) ) { $cate = 1; }
+              else { $cate = $_GET['cate']; }
+                $tableName = "categories";
+                $columnScheme = "name";
+                $whereValue = "id = " . $cate . ";";
+                $result = dbQuery($connection, $tableName, $columnScheme, $whereValue);
+                if ( ! is_null($result) ) {
+                  $categoryName = getFieldValue($result);
+                  echo $categoryName . ": ";
+                } 
+            ?>
+          </div>
+          <ul class="list-group list-group-flush">
+            <?php
+              #Usunięcie strony
+              if ( isset($_POST['siteId']) ) {
+                $tableName = "sites";
+                $whereValue = "id = " . mysqli_real_escape_string($connection, $_POST['siteId']) . ";";
+                $result = dbDel($connection, $tableName, $whereValue);
+              }
+
+              #Dodanie strony
+              if ( isset($_POST['siteName']) ) {
+                $tableName = "sites";
+                $columnScheme = "cateId, name, href";
+                $setValues = mysqli_real_escape_string($connection, $_POST['siteCategoryId']) . ",'" . mysqli_real_escape_string($connection, $_POST['siteName']) . "','" . mysqli_real_escape_string($connection, $_POST['siteHref']) . "'";
+                $result = dbAdd($connection, $tableName, $columnScheme, $setValues);
+              }
+
+              #Wyświetlenie stron
+              $tableName = "sites";
+              $columnScheme = "id, name, href";
+              $whereValue = "cateId = " . $cate . ";";
+              $result = dbQuery($connection, $tableName, $columnScheme, $whereValue);
+              if ( ! is_null($result) ) {
+                while( $row = mysqli_fetch_row($result) ) {
+                  if ( session_status() != 2 ) { session_start(); }
+                  if ( ! empty($_SESSION['username']) ) {
+                  echo "<li class=\"list-group-item\">
+                  <form class=\"delForms\" action=\"" . $_SERVER['REQUEST_URI'] . "\" method=\"post\">
+                  <input type=\"hidden\" name=\"siteId\" value=\"" . $row[0] . "\">
+                  <button type=\"submit\" class=\"btn btn-danger deleteButton\" title=\"Usuń\">&times;</button>
+                  </form>
+                  <a href=\"" . $row[2] . "\">". $row[1] . "</a></li>";
+                  } else {
+                    echo "<li class=\"list-group-item\">
+                    <a href=\"" . $row[2] . "\">" . $row[1] . "</a></li>";
+                  }
+                }
+              }
+              if ( session_status() != 2 ) { session_start(); }
+              if ( ! empty($_SESSION['username']) ) {
+            ?>
+                <li class="list-group-item">
+                 <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
+                  <input type="hidden" name="siteCategoryId" value="<?php echo $cate ?>">
+                  <div class="mb-2 inputs">
+                    <label for="siteName" class="form-label">Nazwa/opis strony:</label>
+                    <input type="text" class="form-control" name="siteName">
+                  </div>
+                  <div class="mb-3 inputs">
+                    <label for="siteHref" class="form-label">Adres strony</label>
+                    <input type="text" class="form-control" name="siteHref">
+                  </div>
+                  <button type="submit" class="btn btn-primary buttons">Zapisz</button>
+                 </form>
+                </li>
+            <?php
+              }
+            ?>
+
+          </ul>
+        </div>
+      </div>
+      <?php
+        }
+      ?>
+    </div>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
+  </body>
+</html>
+
diff --git a/install.sql b/install.sql
new file mode 100644
index 0000000..fd424be
--- /dev/null
+++ b/install.sql
@@ -0,0 +1,27 @@
+CREATE USER 'sc'@'localhost' IDENTIFIED BY '';
+CREATE DATABASE sc;
+GRANT ALL ON sc.* TO 'sc'@'localhost';
+
+USE sc;
+
+CREATE TABLE users (
+  id int AUTO_INCREMENT PRIMARY KEY,
+  username varchar(30),
+  hash text
+);
+
+CREATE TABLE categories (
+  id int AUTO_INCREMENT PRIMARY KEY,
+  name text
+);
+
+CREATE TABLE sites (
+  id int AUTO_INCREMENT PRIMARY KEY,
+  cateId int,
+  name text,
+  href text,
+  FOREIGN KEY (cateId) REFERENCES categories(id)
+);
+
+INSERT INTO users (username, hash) VALUES ('', "");
+INSERT INTO categories (name) VALUES ("Bez kategorii");
diff --git a/library.php b/library.php
new file mode 100644
index 0000000..893266a
--- /dev/null
+++ b/library.php
@@ -0,0 +1,67 @@
+<?php
+
+function mysqliResult($connection, $result) {
+  if ( ($result === true) || (mysqli_num_rows($result) > 0) ) {
+    if ( ! isset($_SERVER["SHELL"]) ) {
+      echo "<script>console.log('Zapytanie powiodło się.')</script>";
+    }
+    return true;
+  } else {
+    echo "<script>console.log('Zapytanie nie powiodło się: " . mysqli_error($connection) . "');</script>";
+    return false;
+  }
+}
+
+function dbQuery($connection, $tableName, $columnScheme, $whereValue, $debug=0) {
+  $query = "SELECT " . $columnScheme . " FROM " . $tableName . " WHERE " . $whereValue;
+  if ( $debug == 1 ) { var_dump($query); }
+  $result = mysqli_query($connection, $query);
+ 
+  if ( mysqliResult($connection, $result) ) {
+    return $result;
+  } else {
+    echo "<script>console.log('Pobranie danych z bazy jest niemożliwe');</script>";
+  }
+
+}
+
+function getFieldValue($result) {
+  $row = mysqli_fetch_row($result);
+  return $row[0];
+}
+
+function dbUpdate($connection, $tableName, $setValue, $whereValue) {
+  $query = "UPDATE " . $tableName . " SET " . $setValue . " WHERE " . $whereValue;
+  $result = mysqli_query($connection, $query);
+ 
+  if ( mysqliResult($connection, $result) ) {
+    return $result;
+  } else {
+    echo "<script>console.log('Zmiana danych w bazie jest niemożliwa');</script>";
+  }
+
+}
+
+function dbAdd($connection, $tableName, $columnScheme, $setValues) {
+  $query = "INSERT INTO " . $tableName . " (" . $columnScheme . ") VALUES (" . $setValues . ");";
+  $result = mysqli_query($connection, $query);
+
+  if ( mysqliResult($connection, $result) ) {
+    return $result;
+  } else {
+    echo "<script>console.log('Dodanie danych do bazy jest niemożliwa');</script>";
+  }
+}
+
+function dbDel($connection, $tableName, $whereValue) {
+  $query = "DELETE FROM " . $tableName . " WHERE " . $whereValue;
+  $result = mysqli_query($connection, $query);
+
+  if ( mysqliResult($connection, $result) ) {
+    return $result;
+  } else {
+    echo "<script>console.log('Usunięcie danych z bazy jest niemożliwa');</script>";
+  }
+}
+
+?>
diff --git a/login.php b/login.php
new file mode 100644
index 0000000..c791d00
--- /dev/null
+++ b/login.php
@@ -0,0 +1,50 @@
+<?php
+
+  if ( ! empty($_POST) ) {
+    $tableName = "users";
+    $columnScheme = "hash";
+    $whereValue = "username = '" . mysqli_real_escape_string($connection, $_POST['user']) . "';";
+    $result = dbQuery($connection, $tableName, $columnScheme, $whereValue);
+    if ( ! is_null($result) ) {
+      $passHash = getFieldValue($result);
+    }
+    if ( isset($passHash) ) {
+      if ( password_verify($_POST['pass'], $passHash) ) {
+          session_start();
+          $_SESSION['username'] = $_POST['user'];
+          header("Location: index.php");
+      } else {
+        header("Location: index.php?a=login&result=1");
+      }
+    } else {
+      header("Location: index.php?a=login&result=1");
+    }
+  } else {
+?>
+    <?php
+      if ( isset($_GET['result']) ) {
+      ?>
+        <div class="alert alert-danger" role="alert">
+          Niepoprawna nazwa użytkownika lub hasło.
+        </div>
+      <?php
+      }
+    ?>
+    <div id="loginForm" class="card">
+      <div class="card-header">Logowanie: </div>
+      <form action="?a=login" method="post">
+        <div class="mb-2 inputs">
+          <label for="inputUsername" class="form-label">Nazwa użytkownika: </label>
+          <input type="text" class="form-control" name="user">
+        </div>
+        <div class="mb-3 inputs">
+          <label for="inputPassword" class="form-label">Hasło: </label>
+          <input type="password" class="form-control" name="pass">
+        </div>
+        <button type="submit" class="btn btn-primary buttons">Zaloguj się</button>
+      </form>
+    </div>
+<?php 
+  }
+
+?>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..172eb7c
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,6 @@
+<?php
+  if ( session_status() != 2 ) { session_start(); }
+  unset($_SESSION["username"]);
+  session_destroy();
+  header("Location: index.php");
+?>
diff --git a/newcategory.php b/newcategory.php
new file mode 100644
index 0000000..fb24706
--- /dev/null
+++ b/newcategory.php
@@ -0,0 +1,8 @@
+<?php
+  if ( isset($_POST['newcategory']) ) {
+    $tableName = "categories";
+    $columnScheme = "name";
+    $setValues = "'" . mysqli_real_escape_string($connection, $_POST['newcategory']) . "'";
+    $result = dbAdd($connection, $tableName, $columnScheme, $setValues);
+  }
+?>
diff --git a/passwd.php b/passwd.php
new file mode 100644
index 0000000..855e8a5
--- /dev/null
+++ b/passwd.php
@@ -0,0 +1,10 @@
+
+<form action="passwd.php" method="post">
+	Password: <input type="password" name="pass" />
+	<input type="submit" value="Get pass hash" />
+</form>
+<?php
+  if (isset($_POST["pass"])) {
+    echo "<h2>" . password_hash($_POST["pass"], PASSWORD_DEFAULT) . "</h2>";
+  }
+?>
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..daa7f3f
--- /dev/null
+++ b/style.css
@@ -0,0 +1,39 @@
+#categories {
+  width: 30%;
+  float: left;
+}
+
+#catalogue {
+  width: 68%;
+  float: left;
+}
+
+#main {
+  margin-top: 1%;
+}
+
+#loginForm {
+  width: 50%;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.inputs {
+  padding-left: 5px;
+  padding-right: 5px;
+  padding-top: 5px;
+}
+
+.buttons {
+  margin-left: 5px;
+  margin-bottom: 5px;
+}
+
+.deleteButton {
+  margin-left: 5px;
+  margin-right: 15px;
+}
+
+.delForms {
+  display: inline;
+}
-- 
2.39.5