Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-06-05 09:53:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed password reset bug

Browse source 
Added logs for password resets
Added checks to sanity
This commit is contained in:
Michał Gdula 2022-11-09 12:13:38 +00:00
parent 2d7d359cde
commit 60f0877a5c
10 changed files with 153 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

142
account.php
View file

@ -3,11 +3,14 @@
use App\Account;
use App\Diff;
use App\Make;
$user_info = new Account();
$diff = new Diff();
$make_stuff = new Make();
$profile_info = $user_info->get_user_info($conn, $_SESSION['id']);
$join_date = new DateTime($profile_info['created_at']);
?>
<!DOCTYPE html>
@ -29,63 +32,94 @@
}
if ($user_info->is_loggedin($conn)) {
?>
<div class="defaultDecoration defaultSpacing defaultFonts">
<h2>Profile</h2>
<div class="pfp-upload">
<h3>Profile Picture</h3>
?>
<div class="profile-root defaultDecoration defaultSpacing defaultFonts">
<?php
if (is_file("usr/images/pfp/".$profile_info['pfp_path'])) {
echo "<img alt='profile picture' src='usr/images/pfp/".$profile_info['pfp_path']."'>";
echo "<img src='usr/images/pfp/".$profile_info['pfp_path']."'>";
$pfp_colour = $make_stuff->get_image_colour("usr/images/pfp/".$profile_info['pfp_path']);
if (empty($pfp_colour)) $pfp_colour = "var(--bg-3)";
?>
<style>
.profile-root {
background-image: linear-gradient(120deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
}
@media (max-width: 669px) {
.profile-root {
background-image: linear-gradient(200deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
}
}
</style>
<?php
} else {
echo "<img alt='profile picture' src='assets/no_image.png'>";
echo "<img src='assets/no_image.png'>";
}
?>
<form id="pfpForm" method="POST" enctype="multipart/form-data">
<input id="image" class="btn btn-neutral" type="file" placeholder="select image UwU">
<button id="pfpSubmit" class="btn btn-good btn-icon" type="submit"><img class="svg" src="assets/icons/upload.svg"></button>
</form>
<h2>
<?php
echo $_SESSION['username'];
if ($user_info->is_admin($conn, $_SESSION['id'])) echo "<span style='color: var(--accent); font-size: 16px; margin-left: 0.5rem;'>Admin</span>";
?>
</h2>
<div class="profile-info">
<p id="joinDate">Member since: <?php echo $join_date->format('d/m/Y T'); ?></p>
<script>
$("#pfpForm").submit(function(event) {
event.preventDefault();
// Check if image avalible
var file = $("#image").val();
var updateDate = new Date('<?php echo $join_date->format('m/d/Y T'); ?>');
var format = {year: 'numeric', month: 'short', day: 'numeric'};
updateDate = updateDate.toLocaleDateString('en-GB', format);
if (file == "") {
sniffleAdd('Gwha!', 'Pls provide image', 'var(--warning)', 'assets/icons/file-search.svg');
return;
}
// Make form
var formData = new FormData();
// Get image
var image_data = $("#image").prop("files")[0];
formData.append("image", image_data);
// Submit data
var submit = $("#pfpSubmit").val();
formData.append("pfp_submit", submit);
// Upload the information
$.ajax({
url: 'app/account/account.php',
type: 'post',
data: formData,
contentType: false,
processData: false,
success: function(response) {
$("#newSniff").html(response);
}
});
// Empty values
$("#image").val("");
$("#submit").val("");
});
$("#joinDate").html("Member since: "+updateDate);
</script>
</div>
<br>
<a href="profile.php?user=<?php echo $_SESSION['id']; ?>" class="btn btn-neutral">Go to profile</a>
</div>
<div class="defaultDecoration defaultSpacing defaultFonts">
<h2>Profile</h2>
<h3>Profile Picture</h3>
<form id="pfpForm" method="POST" enctype="multipart/form-data">
<input id="image" class="btn btn-neutral" type="file" placeholder="select image UwU">
<button id="pfpSubmit" class="btn btn-good btn-icon" type="submit"><img class="svg" src="assets/icons/upload.svg"></button>
</form>
<script>
$("#pfpForm").submit(function(event) {
event.preventDefault();
// Check if image avalible
var file = $("#image").val();
if (file == "") {
sniffleAdd('Gwha!', 'Pls provide image', 'var(--warning)', 'assets/icons/file-search.svg');
return;
}
// Make form
var formData = new FormData();
// Get image
var image_data = $("#image").prop("files")[0];
formData.append("image", image_data);
// Submit data
var submit = $("#pfpSubmit").val();
formData.append("pfp_submit", submit);
// Upload the information
$.ajax({
url: 'app/account/account.php',
type: 'post',
data: formData,
contentType: false,
processData: false,
success: function(response) {
$("#newSniff").html(response);
}
});
// Empty values
$("#image").val("");
$("#submit").val("");
});
</script>
</div>
<div class="warningDecoration defaultSpacing defaultFonts">
@ -517,9 +551,19 @@
$("#sanityCheck").html(response);
thisButton.innerHTML = "Run check";
document.getElementById('sanityCheck').style.cssText = "transform: scale(1);opacity: 1;";
},
error: function(error) {
$("#sanityCheck").html(`<p class='alert alert-bad'>\
<span class='badge badge-critical'>Critical</span> \
An error occured when proccessing your request, sowwy :c\
<br>\
Response: ${error.status} - ${error.statusText}\
</p>`);
thisButton.innerHTML = "Run check";
document.getElementById('sanityCheck').style.cssText = "transform: scale(1);opacity: 1;";
}
});
}, 1000);
}, 621);
}
</script>
</div>

7
app/account/account.php
View file

@ -499,16 +499,21 @@ if (isset($_POST['password_reset_submit'])) {
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
if ($user_id == $_SESSION["id"]) {
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset their password')");
// Check if password reset was done by user
session_destroy();
?>
<script>
sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--success)', 'assets/icons/check.svg');
setTimeout(function(){window.location.href = "account/login.php";}, 2000);
setTimeout(function(){window.location.href = "account.php";}, 2000);
</script>
<?php
} else {
// An admin has changed the password
$user_reset_info = $user_info->get_user_info($conn, $user_id);
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset ".$user_reset_info['username']." password')");
?>
<script>
sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--success)', 'assets/icons/check.svg');

2
app/gallery.json
View file

@ -1,5 +1,5 @@
{
"license": "MIT",
"version": "22.11.08",
"version": "22.11.09",
"branch": "main"
}

20
app/sanity/check/_json.php
View file

@ -1,11 +1,21 @@
<?php
if (defined('ROOT') && $_SESSION['id'] == 1) {
if (!is_file(__DIR__."/../../../usr/conf/msg.json")) {
$results[] = array(
'type'=>'warning',
'message'=>'msg.json is missing',
'fix'=>'auto'
);
$manifest = json_decode(file_get_contents(__DIR__."/../../../usr/conf/conf.json"), true);
if (isset($manifest['welcome_msg'])) {
$results[] = array(
'type'=>'warning',
'message'=>'Welcome message is currently stored in conf.json. Please move it to msg.json',
'fix'=>'auto'
);
} else {
$results[] = array(
'type'=>'warning',
'message'=>'msg.json is missing',
'fix'=>'auto'
);
}
}
if (!is_file(__DIR__."/../../../usr/conf/conf.json")) {

6
app/sanity/sanity.php
View file

@ -31,7 +31,7 @@ if (isset($_POST['fix'])) {
echo "<p><span style='color: var(--accent);'>[INFO]</span> Autofix complete in $autofix_time ms</p>";
}
if (isset($_POST['check'])) {
elseif (isset($_POST['check'])) {
if (empty($_SESSION['id'])) {
echo "<p><span style='color: var(--warning);'>[ERROR]</span> You are not logged in</p>";
exit();
@ -80,4 +80,8 @@ if (isset($_POST['check'])) {
</button>";
}
}
}
else {
echo "<p class='alert alert-warning'><span class='badge badge-warning'>Warning</span> Bruh, what do you want?</p>";
}

32
css/main.css
View file

@ -240,10 +240,10 @@ nav .btn {
border-radius: 3px;
position: relative;
overflow: hidden;
transition: transform 0.15s cubic-bezier(0.19, 1, 0.22, 1);
transition: transform 0.4s cubic-bezier(0.25, 1.23, 0, 1.22);
}
.gallery-item:hover {
transform: scale(1.1) rotate(5deg);
transform: scale(1.15) rotate(5deg);
box-shadow: 6px 6px 2px rgba(21, 21, 21, 0.4);
z-index: 9;
}
@ -328,17 +328,17 @@ nav .btn {
|-------------------------------------------------------------
*/
.fullscreen-image {
width: 101vw;
height: 101vh;
width: 100vw;
height: 100vh;
position: fixed;
top: 50%;
left: 50%;
transform: translateX(-50%) translateY(-50%);
transform: translateX(-50%) translateY(-50%) scale(0.9);
background-color: rgba(21, 21, 21, 0.7333333333);
-webkit-backdrop-filter: blur(20px);
backdrop-filter: blur(20px);
z-index: 999;
transition: opacity 0.5s cubic-bezier(0.075, 0.82, 0.165, 1);
transition: opacity 0.3s cubic-bezier(0.075, 0.82, 0.165, 1), transform 0.5s cubic-bezier(0.25, 1.23, 0, 1.22);
display: none;
opacity: 0;
}
@ -728,27 +728,14 @@ nav .btn {
| ACCOUNT
|-------------------------------------------------------------
*/
.pfp-upload {
display: flex;
flex-direction: column;
}
.pfp-upload form {
#pfpForm {
display: flex;
flex-direction: row;
gap: 0.5rem;
}
.pfp-upload form > * {
#pfpForm > * {
margin: 0;
}
.pfp-upload > img {
margin: 0 auto 1rem;
width: 12rem;
height: 12rem;
-o-object-fit: cover;
object-fit: cover;
border-radius: 3px;
background-color: #121212;
}
.tabs {
display: flex;
@ -770,6 +757,7 @@ nav .btn {
.logs {
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;
display: flex;
@ -819,6 +807,7 @@ nav .btn {
.bans {
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;
display: flex;
@ -875,6 +864,7 @@ nav .btn {
.user-settings {
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;
display: flex;

47
css/scss/_body.scss
View file

@ -65,10 +65,10 @@
position: relative;
overflow: hidden;
transition: transform 0.15s cubic-bezier(.19, 1, .22, 1);
transition: transform 0.4s cubic-bezier(.25,1.23,0,1.22);
&:hover {
transform: scale(1.1) rotate(5deg);
transform: scale(1.15) rotate(5deg);
box-shadow: $shadow;
z-index: 9;
@ -176,19 +176,19 @@
|-------------------------------------------------------------
*/
.fullscreen-image {
width: 101vw; height: 101vh;
width: 100vw; height: 100vh;
position: fixed;
top: 50%;
left: 50%;
transform: translateX(-50%) translateY(-50%);
transform: translateX(-50%) translateY(-50%) scale(0.9);
background-color: $bg-alt;
backdrop-filter: blur(20px);
z-index: 999;
transition: opacity 0.5s cubic-bezier(0.075, 0.82, 0.165, 1);
transition: opacity 0.3s cubic-bezier(0.075, 0.82, 0.165, 1), transform 0.5s cubic-bezier(.25,1.23,0,1.22);;
display: none; // Automatically hidden, revealed on fullscreen
opacity: 0; // expose
@ -715,36 +715,14 @@
| ACCOUNT
|-------------------------------------------------------------
*/
.pfp-upload {
#pfpForm {
display: flex;
flex-direction: column;
flex-direction: row;
gap: 0.5rem;
form {
display: flex;
flex-direction: row;
gap: 0.5rem;
> * {
margin: 0;
}
> * {
margin: 0;
}
& > img {
margin: 0 auto 1rem;
width: 12rem;
height: 12rem;
object-fit: cover;
@if calc($rad - 0.5rem) > 0 {
border-radius: calc($rad - 0.5rem);
} @else {
border-radius: 3px;
}
background-color: $black;
}
}
.tabs {
@ -766,7 +744,8 @@
.logs {
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;
@ -827,6 +806,7 @@
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;
@ -893,6 +873,7 @@
width: 100%;
height: 0;
margin-bottom: 0;
padding: 0;
overflow-y: hidden;

2
image.php
View file

@ -86,6 +86,7 @@
document.querySelector(".fullscreen-image > img").src = "<?php echo $image_path;?>";
setTimeout(function(){
document.querySelector(".fullscreen-image").style.opacity = 1;
document.querySelector(".fullscreen-image").style.transform = "translateX(-50%) translateY(-50%) scale(1)";
}, 1);
}
@ -96,6 +97,7 @@
document.querySelector(".fullscreen-image").style.opacity = 0;
setTimeout(function(){
document.querySelector(".fullscreen-image").style.display = "none";
document.querySelector(".fullscreen-image").style.transform = "translateX(-50%) translateY(-50%) scale(0.9)";
}, 500);
}
</script>

8
password-reset.php
View file

@ -26,8 +26,8 @@
<p>After reset, you will be kicked out to login again</p>
<br>
<form id="passwordForm" method="POST" enctype="multipart/form-data">
<input id="currentPassword" class="btn btn-neutral" placeholder="Current password!!!!" type='password' disabled>
<br>
<!--<input id="currentPassword" class="btn btn-neutral" placeholder="Current password!!!!" type='password'>
<br>-->
<input id="newPassword" class="btn btn-neutral" type="password" name="new_password" placeholder="New Password">
<input id="confirmPassword" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Confirm Password">
<br>
@ -40,13 +40,13 @@
<script>
$("#passwordForm").submit(function(event) {
event.preventDefault();
var current_password = $("#currentPassword").val();
//var current_password = $("#currentPassword").val();
var new_password = $("#newPassword").val();
var confirm_password = $("#confirmPassword").val();
var submit = $("#passwordSubmit").val();
$("#newSniff").load("app/account/account.php", {
current_password: current_password,
//current_password: current_password,
new_password: new_password,
confirm_password: confirm_password,
password_reset_submit: submit

4
profile.php
View file

@ -40,11 +40,11 @@
?>
<style>
.profile-root {
background-image: linear-gradient(to right, <?php echo $pfp_colour; ?>, var(--bg-3), var(--bg-3)) !important;
background-image: linear-gradient(120deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
}
@media (max-width: 669px) {
.profile-root {
background-image: linear-gradient(to bottom, <?php echo $pfp_colour; ?>, var(--bg-3)) !important;
background-image: linear-gradient(200deg, <?php echo $pfp_colour; ?>, var(--bg-3) 80%) !important;
}
}
</style>