Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-06-24 10:46:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implementing Sanity checks into the website

Browse source
This commit is contained in:
Michał Gdula 2022-09-28 14:36:45 +00:00
parent 0e23bfffb6
commit b5a5ca6468
5 changed files with 331 additions and 206 deletions
Download patch file Download diff file Expand all files Collapse all files

89
app/app.php
View file

@ -266,3 +266,92 @@ class Diff {
return $string ? implode(', ', $string) . ' ago' : 'just now';
}
}
class Sanity {
function check_json() {
$results = array();
if (!is_file(__DIR__."/settings/manifest.json")) {
$results[] = "Critical: manifest.json is missing";
} else {
$manifest = json_decode(file_get_contents(__DIR__."/settings/manifest.json"), true);
if (!isset($manifest['user_name']) || empty($manifest['user_name']) || $manifest['user_name'] == "[your name]") {
$results[] = "Warning: manifest.json is missing yor name";
}
if ($manifest['upload']['rename_on_upload'] == true ) {
if (!isset($manifest['upload']['rename_to']) || empty($manifest['upload']['rename_to'])) {
$results[] = "Critical: manifest.json is missing what you're renaming your files to";
} else {
$rename_to = $manifest['upload']['rename_to'];
$rename_rate = 0;
if (str_contains($rename_to, '{{autoinc}}')) $rename_rate = 5;
if (str_contains($rename_to, '{{time}}')) $rename_rate = 5;
if (str_contains($rename_to, '{{date}}')) $rename_rate += 2;
if (str_contains($rename_to, '{{filename}}')) $rename_rate += 2;
if (str_contains($rename_to, '{{username}}') || str_contains($rename_to, '{{userid}}')) $rename_rate += 1;
if ($rename_rate == 0 || $rename_rate < 2) {
$results[] = "Critical: You will encounter errors when uploading images due to filenames, update your manifest.json";
} elseif ($rename_rate < 5 && $rename_rate > 2) {
$results[] = "Warning: You may encounter errors when uploading images due to filenames, concider update your manifest.json";
}
}
}
if ($manifest['is_testing']) {
$results[] = "Warning: You are currently in testing mode, errors will be displayed to the user";
}
}
return $results;
}
function check_files() {
$results = array();
if (!is_dir("images")) {
$results[] = "Critical: You need to setup an images folder, follow the guide on the GitHub repo";
}
if (!is_dir("images/pfp")) {
$results[] = "Critical: You need to setup an pfp folder, follow the guide on the GitHub repo";
}
if (!is_dir("images/previews")) {
$results[] = "Critical: You need to setup an previews folder, follow the guide on the GitHub repo";
}
if (!is_dir("images/thumbnails")) {
$results[] = "Critical: You need to setup an thumbnails folder, follow the guide on the GitHub repo";
}
return $results;
}
function check_version() {
$results = array();
if (PHP_VERSION_ID < 50102) {
$results[] = "Critical: Your current version of PHP is ".PHP_VERSION.". The reccomended version is 8.1.2";
}
return $results;
}
function get_results() {
$results = array();
foreach ($this->check_json() as $result) {
$results[] = $result;
}
foreach ($this->check_files() as $result) {
$results[] = $result;
}
foreach ($this->check_version() as $result) {
$results[] = $result;
}
return $results;
}
}

360
app/image/image.php
View file

@ -23,62 +23,62 @@ $user_ip = $user_info->get_ip();
|-------------------------------------------------------------
*/
if (isset($_POST['submit_delete'])) {
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// Delete from table
$sql = "DELETE FROM images WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "i", $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// Delete from table
$sql = "DELETE FROM images WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "i", $_POST['id']);
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// See if image is in the directory
if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/".$image_array['imagename']);
}
// Delete thumbnail if exitsts
if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);
}
// Delete preview if exitsts
if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);
}
// TP user to the homepage with a success message
mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image ".$_POST['id']."')");
$_SESSION['del'] = $_POST['id'];
?>
<script>
window.location.replace("index.php");
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// See if image is in the directory
if (is_file(dirname(__DIR__)."/images/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/".$image_array['imagename']);
}
// Delete thumbnail if exitsts
if (is_file(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/thumbnails/".$image_array['imagename']);
}
// Delete preview if exitsts
if (is_file(dirname(__DIR__)."/images/previews/".$image_array['imagename'])) {
unlink(dirname(__DIR__)."/images/previews/".$image_array['imagename']);
}
// TP user to the homepage with a success message
mysqli_query($conn, "INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Deleted image " . $_POST['id'] . "')");
$_SESSION['del'] = $_POST['id'];
?>
<script>
window.location.replace("index.php");
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie', 'The image failed to delete off of the servers, contact Fluffy about his terrible programming', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
@ -96,53 +96,53 @@ if (isset($_POST['submit_delete'])) {
|-------------------------------------------------------------
*/
if (isset($_POST['submit_description'])) {
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE images SET alt=? WHERE id=?";
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE images SET alt=? WHERE id=?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_alt, $param_id);
// Setting parameters
$param_alt = $_POST['input'];
$param_id = $_POST['id'];
// Setting parameters
$param_alt = $_POST['input'];
$param_id = $_POST['id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Description has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to edit this image.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
@ -154,56 +154,56 @@ if (isset($_POST['submit_description'])) {
|-------------------------------------------------------------
*/
if (isset($_POST['submit_tags'])) {
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// Clean input
$tags_string = $make_stuff->tags(trim($_POST['input']));
// Get all image info
$image_array = $image_info->get_image_info($conn, $_POST['id']);
// If user owns image or has the ID of 1
if ($image_info->image_privilage($image_array['author']) || $user_info->is_admin($conn, $_SESSION['id'])) {
// Clean input
$tags_string = $make_stuff->tags(trim($_POST['input']));
// getting ready forSQL asky asky
$sql = "UPDATE images SET tags=? WHERE id=?";
// getting ready forSQL asky asky
$sql = "UPDATE images SET tags=? WHERE id=?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_tags, $param_id);
// Setting parameters
$param_tags = $tags_string;
$param_id = $_POST['id'];
// Setting parameters
$param_tags = $tags_string;
$param_id = $_POST['id'];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'Tags have been modified successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Error :c', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Denied', 'It seems that you do not have the right permitions to modify tags here.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
@ -215,42 +215,42 @@ if (isset($_POST['submit_tags'])) {
|-------------------------------------------------------------
*/
if (isset($_POST['submit_author'])) {
// If user has the ID of 1
if ($user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE images SET author=? WHERE id=?";
// If user has the ID of 1
if ($user_info->is_admin($conn, $_SESSION['id'])) {
// getting ready forSQL asky asky
$sql = "UPDATE images SET author=? WHERE id=?";
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);
// Checking if databse is doing ok
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_author, $param_id);
// Setting parameters
$param_author = $_POST['input'];
$param_id = $_POST["id"];
// Setting parameters
$param_author = $_POST['input'];
$param_id = $_POST["id"];
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
} else {
?>
<script>
sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
?>
<script>
sniffleAdd('Success!!!', 'The Author has been updated successfully! You may need to refresh the page to see the new information.', 'var(--success)', 'assets/icons/check.svg');
flyoutClose();
</script>
<?php
} else {
?>
<script>
sniffleAdd('Oopsie....', 'An error occured on the servers', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
} else {
?>
<script>
sniffleAdd('Denied', 'Sussy wussy.', 'var(--warning)', 'assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}

2
app/settings/manifest.json
View file

@ -24,7 +24,7 @@
"Eat hotchip and lie"
],
"license":"GPL 3.0",
"version": "22.09.26",
"version": "22.09.28",
"user_name": "[your name]",
"is_testing": true,
"upload": {