Fixing security issues

account.php

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Account</title>
+  <link rel="stylesheet" href="css/master.css">
+  <link href="https://fonts.googleapis.com/css2?family=Rubik" rel="stylesheet">
+  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lexend+Deca:wght@600&amp;display=swap">
+  <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&amp;display=swap">
+</head>
+<body>
+  <?php include("ui/header.php"); ?>
+
+  <div class="account-root">
+    <h2>Account settings</h2>
+    <?php
+    if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
+      echo "<p>Oh hi ".$_SESSION["username"].".</p>";
+      echo "<a class='btn alert-default space-top' href='https://superdupersecteteuploadtest.fluffybean.gay/logout.php'><img class='svg' src='assets/icons/user-circle.svg'>Logout</a>";
+    } else {
+      echo "<p class='space-bottom-large'>You must be logged in to change your account settings!</p>";
+      echo "<a class='btn alert-high space-top-large' href='https://superdupersecteteuploadtest.fluffybean.gay/signup.php'>Sign up!</a>";
+    }
+    ?>
+  </div>
+
+  <?php include("ui/footer.php"); ?>
+</body>
+</html>

edit.php

@@ -10,7 +10,39 @@
   <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Fira+Code:wght@500&amp;display=swap">
 </head>
 <body>
-  <?php include("ui/header.php"); ?>
+  <?php
+  include("ui/header.php");
+  include("ui/conn.php");
+
+  if (isset($_POST['id'])) {
+    // Getting all image info from table
+    $get_image = "SELECT * FROM swag_table WHERE id = ".$_POST['id'];
+    $image_results = mysqli_query($conn, $get_image);
+    $image = mysqli_fetch_assoc($image_results);
+
+    // Checking if user has edit rights
+    if (isset($_SESSION['id']) && $image['author'] == $_SESSION['id'] || $_SESSION['id'] == 1) {
+      if (isset($_POST['alt'])) {
+        $sql = $conn->prepare("UPDATE swag_table SET alt=? WHERE id=?");
+        $sql->bind_param("si", $alt, $id);
+
+        $alt = $_POST['alt'];
+        $id = $_POST['id'];
+
+        if ($sql->execute()) {
+          header("Location:https://superdupersecteteuploadtest.fluffybean.gay/image.php?id=".$_POST['id']."&update=success");
+        } else {
+          $error = "Something fuckywucky";
+        }
+      } else {
+        $error = "No description/alt, pls give";
+      }
+    } else {
+      $error = "You do not have edit rights";
+    }
+  }
+
+  ?>
 
   <div class="edit-root">
     <h2>Modify Information</h2>
@@ -21,43 +53,12 @@
     </form>
 
     <?php
-    if ($_GET["r"] == "success") {
+    if (isset($error)) {
-      // Info updated
+      echo "<p class='alert alert-low space-top'>".$error."</p>";
-      echo "<p class='alert alert-high space-top'>Information updated!</p>";
-    } elseif ($_GET["r"] == "fail") {
-      // Upload failed
-      echo "<p class='alert alert-low space-top'>Something fuckywucky</p>";
-    } elseif ($_GET["r"] == "noinfo") {
-      // No info was present
-      echo "<p class='alert alert-default space-top'>No description/alt, pls give</p>";
     }
     ?>
   </div>
 
-  <?php
-  include("ui/conn.php");
-
-  if (isset($_POST['id'])) {
-    if (empty($_POST['alt'])) {
-      header("Location:edit.php?r=noinfo");
-
-    } else {
-      $sql = $conn->prepare("UPDATE swag_table SET alt=? WHERE id=?");
-      $sql->bind_param("si", $alt, $id);
-
-      $alt = $_POST['alt'];
-      $id = $_POST['id'];
-
-      if ($sql->execute()) {
-        //header("Location:edit.php?r=success");
-        header("Location:https://superdupersecteteuploadtest.fluffybean.gay/image.php?id=".$_POST['id']."&update=success");
-      } else {
-        header("Location:edit.php?r=fail");
-      }
-    }
-  }
-  ?>
-
   <?php include("ui/footer.php"); ?>
 </body>
 </html>

image.php

@@ -20,13 +20,18 @@
     echo "<p class='alert alert-high space-bottom-large'>Information updated</p>";
   }
 
-
-  // Get image ID
   // Getting all image info from table
   $get_image = "SELECT * FROM swag_table WHERE id = ".$_GET['id'];
   $image_results = mysqli_query($conn, $get_image);
   $image = mysqli_fetch_assoc($image_results);
 
+  // Get all user details
+  if (isset($image['author'])) {
+    $get_user = "SELECT * FROM users WHERE id = ".$image['author'];
+    $user_results = mysqli_query($conn, $get_user);
+    $user = mysqli_fetch_assoc($user_results);
+  }
+
   // Check if ID of image in URL
   if (!isset($_GET['id'])) {
     // No ID toast
@@ -71,6 +76,13 @@
   <div class="image-detail flex-down">
     <h2>Details</h2>
     <?php
+    // Image ID
+    if (isset($image['author'])) {
+      echo "<p>Author: ".$user['username']."</p>";
+    } else {
+      echo "<p>Author: No author</p>";
+    }
+
     // Image ID
     echo "<p>ID: ".$image['id']."</p>";
 
@@ -89,10 +101,10 @@
     ?>
   </div>
 
-  <div class="danger-zone flex-down">
+  <?php
-    <h2>Danger zone</h2>
+  if (isset($_SESSION['id']) && $image['author'] == $_SESSION['id'] || $_SESSION['id'] == 1) {
-    <!-- DELETE BUTTON -->
+    echo "<div class='danger-zone flex-down'>";
-    <?php
+    echo "<h2>Danger zone</h2>";
     // Image hover details
     echo "<form class='detail' method='POST' enctype='multipart/form-data'>";
     echo "<button class='btn alert-low' type='submit' name='delete' value='".$image['id']."'><img class='svg' src='assets/icons/trash.svg'>Delete image</button>";
@@ -115,11 +127,14 @@
         echo "<p class='alert alert-fail' id='deleted'>Error: Coult not delete image</p>";
       }
     }
-    ?>
 
-    <!-- EDIT BUTTON -->
+    echo "<a class='btn alert-low space-top' href='https://superdupersecteteuploadtest.fluffybean.gay/edit.php?id=".$image['id']."'><img class='svg' src='assets/icons/edit.svg'>Modify image content</a>";
-    <?php echo "<a class='btn alert-low space-top' href='https://superdupersecteteuploadtest.fluffybean.gay/edit.php?id=".$image['id']."'><img class='svg' src='assets/icons/edit.svg'>Modify image content</a>"; ?>
+    echo "</div>";
-  </div>
+  } else {
+
+  }
+
+  ?>
 
   <?php include("ui/footer.php"); ?>
 </body>

index.php

@@ -26,13 +26,17 @@
 
   <div class="info-text center">
     <?php
+    // Welcome depending on if user is logged in or not
     if (isset($_SESSION["username"])) {
       echo "<h1>Welcome ".$_SESSION['username']."!</h1>";
     } else {
       echo "<h1>Welcome!</h1>";
     }
+
+    // Random welcome message
+    $welcome_message = array("*internal screaming*", "Sussy Wussy", "What is this world?", "Don't forget to drink water!", "Bruh", "PHP is pain", "This is so poorly programmed");
+    echo "<p>".$welcome_message[array_rand($welcome_message, 1)]."</p>";
     ?>
-    <p>*internal screaming*</p>
   </div>
 
   <div class="gallery-root flex-left">

login.php

@@ -98,7 +98,7 @@
     <form class="flex-down between" method="POST" action="login.php" enctype="multipart/form-data">
       <input class="btn alert-default space-bottom" type="text" name="username" placeholder="Username">
       <input class="btn alert-default space-bottom-large" type="password" name="password" placeholder="Password">
-      <button class="btn alert-default" type="submit" name="login"><img class="svg" src="assets/icons/user-circle.svg">Login</button>
+      <button class="btn alert-high" type="submit" name="login"><img class="svg" src="assets/icons/user-circle.svg">Login</button>
     </form>
     <?php
     if (isset($error)) {

logout.php

@@ -0,0 +1,14 @@
+<?php
+// Initialize the session
+session_start();
+
+// Unset all of the session variables
+$_SESSION = array();
+
+// Destroy the session.
+session_destroy();
+
+// Redirect to login page
+header("location: https://superdupersecteteuploadtest.fluffybean.gay");
+exit;
+?>

signup.php

@@ -79,6 +79,15 @@
       }
     }
 
+    // Check for invite code
+    if (isset($_POST['invite_code'])) {
+      if ($_POST['invite_code'] != "23R2pz33yDrb3Ry9") {
+        $error = "Seems that you don't have the right invite code, whatever shall you do";
+      }
+    } else {
+      $error = "Enter Invite Code ;3";
+    }
+
     // Checking for errors
     if (empty($error)) {
       $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
@@ -109,6 +118,7 @@
       <input class="btn alert-default space-bottom-large" type="text" name="username" placeholder="Username">
       <input class="btn alert-default space-bottom" type="password" name="password" placeholder="Password">
       <input class="btn alert-default space-bottom-large" type="password" name="confirm_password" placeholder="Re-enter Password">
+      <input class="btn alert-default space-bottom-large" type="text" name="invite_code" placeholder="Invite Code">
       <button class="btn alert-high" type="submit" name="signup">Sign Up</button>
       <?php
       if (isset($error)) {

ui/header.php

@@ -7,10 +7,10 @@
   <div class="nav-links flex-left">
     <a class="btn alert-default" href="https://superdupersecteteuploadtest.fluffybean.gay"><img class="svg" src="assets/icons/house.svg">Home</a>
     <hr>
-    <a class="btn alert-default" href="https://superdupersecteteuploadtest.fluffybean.gay/upload.php"><img class="svg" src="assets/icons/upload.svg">Upload</a>
-    <hr>
     <?php
     if (isset($_SESSION["username"])) {
+      echo "<a class='btn alert-default' href='https://superdupersecteteuploadtest.fluffybean.gay/upload.php'><img class='svg' src='assets/icons/upload.svg'>Upload</a>";
+      echo "<hr>";
       echo "<a class='btn alert-default' href='https://superdupersecteteuploadtest.fluffybean.gay/account.php'><img class='svg' src='assets/icons/user-circle.svg'>".$_SESSION["username"]."</a>";
     } else {
       echo "<a class='btn alert-default' href='https://superdupersecteteuploadtest.fluffybean.gay/signup.php'><img class='svg' src='assets/icons/user-circle-plus.svg'>Sign Up</a>";

upload.php

@@ -14,55 +14,62 @@
   include("ui/header.php");
   include_once("ui/conn.php");
 
-  if (isset($_POST['upload'])) {
+  if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
-    // Get image name
+    if (isset($_POST['upload'])) {
-    $image_name = $_FILES['image']['name'];
+      // Get image name
+      $image_name = $_FILES['image']['name'];
 
-    // Get alt text
+      // Get alt text
-    if (empty($_POST['alt'])) {
+      if (empty($_POST['alt'])) {
-      $get_alt_text = "No description provided";
+        $get_alt_text = "No description provided";
-    } else {
-      $get_alt_text = $_POST['alt'];
-    }
-
-    // If image present, continue
-    if (!empty($image_name)) {
-      // Set file path for image upload
-      $image_basename = basename($image_name);
-      $image_path = "images/".$image_basename;
-
-      // Prepare sql for destruction and filtering the sus
-      $sql = $conn->prepare("INSERT INTO swag_table (imagename, alt) VALUES (?, ?)");
-      $sql->bind_param("ss", $image_name, $get_alt_text);
-
-      // Uploading image to Table
-      $sql->execute();
-
-      // Checking if image uploaded
-      if (move_uploaded_file($_FILES['image']['tmp_name'], $image_path)) {
-        // Make thumbnail
-        $image_thumbnail = new Imagick($image_path);
-        // Get image format
-        $image_format = $image_thumbnail->getImageFormat();
-        // If image is gif
-        if ($image_format == 'GIF') {
-          $image_thumbnail = $image_thumbnail->coalesceImages();
-        }
-        // Resize image
-        $image_thumbnail->resizeImage(300,null,null,1,null);
-        // Save image
-        $image_thumbnail->writeImage("images/thumbnails/".$image_basename);
-
-        $success = "Your Image uploaded successfully!";
       } else {
-        // Could not move images to folder
+        $get_alt_text = $_POST['alt'];
-        $error = "F, Upload failed";
+      }
+
+      // If image present, continue
+      if (!empty($image_name)) {
+        // Set file path for image upload
+        $image_basename = basename($image_name);
+        $image_path = "images/".$image_basename;
+
+        // Prepare sql for destruction and filtering the sus
+        $sql = $conn->prepare("INSERT INTO swag_table (imagename, alt, author) VALUES (?, ?, ?)");
+        $sql->bind_param("sss", $image_name, $get_alt_text, $user_id);
+
+        $user_id = $_SESSION["id"];
+
+        // Uploading image to Table
+        $sql->execute();
+
+        // Checking if image uploaded
+        if (move_uploaded_file($_FILES['image']['tmp_name'], $image_path)) {
+          // Make thumbnail
+          $image_thumbnail = new Imagick($image_path);
+          // Get image format
+          $image_format = $image_thumbnail->getImageFormat();
+          // If image is gif
+          if ($image_format == 'GIF') {
+            $image_thumbnail = $image_thumbnail->coalesceImages();
+          }
+          // Resize image
+          $image_thumbnail->resizeImage(300,null,null,1,null);
+          // Save image
+          $image_thumbnail->writeImage("images/thumbnails/".$image_basename);
+
+          $success = "Your Image uploaded successfully!";
+        } else {
+          // Could not move images to folder
+          $error = "F, Upload failed";
+        }
+      } else {
+        // No image present
+        $error = "No file lol";
       }
-    } else {
-      // No image present
-      $error = "No file lol";
     }
+  } else {
+    $error = "You must be logged in to upload images";
   }
+
   ?>
 
   <div class="upload-root">