Initial commit

fwber-code · Oct 29, 2019 · b4bc262 · b4bc262
1 parent 879da85
commit b4bc262
Show file tree

Hide file tree

Showing 30,649 changed files with 184,452 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+/.idea/*
+backup.bat
+BingSiteAuth.xml
+
+_secrets.php
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,64 @@
+
+IndexIgnore *
+
+RewriteEngine On
+
+# Unless directory, remove trailing slash
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^([^/]+)/$ $1 [R=301,L]
+
+
+
+
+#DefaultType application/x-httpd-php
+#DirectoryIndex index.php index.html
+
+# Redirect external .php requests to extensionless url
+#RewriteCond %{THE_REQUEST} ^(.+)\.php([#?][^\ ]*)?\ HTTP/
+#RewriteRule ^(.+)\.php$ $1 [R=301,L]
+
+# Resolve .php file for extensionless php urls
+#RewriteRule ^([^/.]+)$ $1.php [L]
+RewriteCond %{SCRIPT_FILENAME} !-d
+RewriteRule ^([^.]+)$ $1.php [NC,L]
+
+
+# Removes .php
+RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
+RewriteRule ^ %1 [R=301,L]
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_FILENAME}.php -f
+RewriteRule ^(.*?)/?$ $1.php [NC,L]
+
+
+#Remove Trailing Slash
+#This snippet will redirect paths ending in slashes to their non-slash-terminated counterparts (except for actual directories),
+#e.g. http://www.example.com/blog/ to http://www.example.com/blog. This is important for SEO, since it’s recommended to have a canonical URL for every page.
+#RewriteCond %{REQUEST_FILENAME} !-d
+#RewriteCond %{REQUEST_URI} (.+)/$
+#RewriteRule ^ %1 [R=301,L]
+
+#Alias “Clean” URLs
+#This snippet lets you use “clean” URLs -- those without a PHP extension, e.g. example.com/users instead of example.com/users.php.
+#RewriteEngine On
+#RewriteCond %{SCRIPT_FILENAME} !-d
+#RewriteRule ^([^.]+)$ $1.php [NC,L]
+
+#This example has an index.fcgi file in some directory, and any requests within that directory that fail to resolve a filename/directory
+#will be sent to the index.fcgi script. It’s good if you want baz.foo/some/cool/path to be handled by baz.foo/index.fcgi
+#(which also supports requests to baz.foo) while maintaining baz.foo/css/style.css and the like.
+#Get access to the original path from the PATH_INFO environment variable, as exposed to your scripting environment.
+#RewriteEngine On
+#RewriteRule ^$ index.fcgi/ [QSA,L]
+#RewriteCond %{REQUEST_FILENAME} !-f
+#RewriteCond %{REQUEST_FILENAME} !-d
+#RewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]
+
+
+#I want the url www.mysite.com/username to pass username as variable if is not a
+#directory or file to index.php in myProfile directory where it is access as $user = $_GET['u'];
+#RewriteBase /
+#Options All -Indexes
+#RewriteCond %{REQUEST_FILENAME} !-f
+#RewriteCond %{REQUEST_FILENAME} !-d
+#RewriteRule ^(.*)$ /u/index.php?u=$1 [L,QSA]
diff --git a/_changeEmail.php b/_changeEmail.php
@@ -0,0 +1,83 @@
+<?php
+
+    session_start();
+
+	require_once("_init.php");
+
+    if($_SERVER["REQUEST_METHOD"] != "POST"){header('Location: '.getSiteURL());exit();}
+
+    require_once("_profileVars.php");
+    require_once("_secrets.php");
+    require_once("_globals.php");
+
+    //first make sure we are a legit user.
+    if(deleteCookiesIfInvalid()==false){header('Location: '.getSiteURL());exit();}//full auth for actions
+
+    goHomeIfCookieNotSet();
+
+    $db = mysqli_connect($dburl,$dbuser,$dbpass);
+    if(!$db)exit(mysqli_connect_error());
+
+    //make sure we've got an action.
+    if(!isset($_POST['newEmail'])||empty($_POST['newEmail']))exit('newEmail'); else $newEmail= mysqli_escape_string($db,$_POST['newEmail']);
+    if(!isset($_POST['verifyEmail'])||empty($_POST['verifyEmail']))exit('verifyEmail'); else $verifyEmail= mysqli_escape_string($db,$_POST['verifyEmail']);
+
+    if($newEmail!=$verifyEmail)exit("emails don't match");
+
+    $email = mysqli_escape_string($db,$_SESSION["email"]);
+
+    //make sure email isn't in use
+    $dbquerystring = sprintf("SELECT id FROM ".$dbname.".users WHERE email='%s'",$newEmail);
+    $dbquery = mysqli_query($db,$dbquerystring);
+    $dbresults = mysqli_fetch_array($dbquery);
+
+    if($dbresults)exit("Error");
+
+    //get my userid
+    $dbquerystring = sprintf("SELECT id, verifyHash FROM ".$dbname.".users WHERE email='%s'",$email);
+    $dbquery = mysqli_query($db,$dbquerystring);
+    $dbresults = mysqli_fetch_array($dbquery);
+
+    $userid = $dbresults['id'];
+    $verifyHash = $dbresults['verifyHash'];
+
+    //set new email address
+    //set verify to 0
+    $dbquerystring =
+    sprintf("UPDATE ".$dbname.".users SET email = '%s', verified = '0' WHERE email='%s'",
+    $newEmail,
+    $email
+    );
+    if(!mysqli_query($db,$dbquerystring))exit("didn't work");
+
+    //done
+    mysqli_close($db);
+
+    sendNewEmailAddressVerificationEmail($newEmail,$verifyHash);
+
+    setcookie("email","",time()-1000,'/',".".getSiteDomain());
+    setcookie("token","",time()-1000,'/',".".getSiteDomain());
+
+    session_destroy();
+
+?>
+<!doctype html>
+<html lang="en">
+<head>
+    <title><?php require_once("_names.php"); echo getSiteName(); ?> - Change Email<?php require_once("_init.php");echo getTitleTagline();?></title>
+	<?php include("head.php");?>
+</head>
+<body class="d-flex flex-column h-100">
+	<?php include("h.php");?>
+
+	<div id="mainbody" align="center"> 
+		<br>
+        <br>
+        <br>
+		<div style="font-size:14px;">
+		Please check your email at <?php echo $email; ?> to verify your account.
+		</div>
+	</div>
+    <?php include("f.php");?>
+</body>
+</html>
diff --git a/_changePassword.php b/_changePassword.php
@@ -0,0 +1,86 @@
+<?php
+
+    session_start();
+
+    require_once("_init.php");
+
+    if($_SERVER["REQUEST_METHOD"] != "POST"){header('Location: '.getSiteURL());exit();}
+
+    require_once("_profileVars.php");
+    require_once("_secrets.php");
+    require_once("_globals.php");
+
+    if(deleteCookiesIfInvalid()==false){header('Location: '.getSiteURL());return;}//full auth for actions
+
+    goHomeIfCookieNotSet();
+
+    $db = mysqli_connect($dburl,$dbuser,$dbpass);
+    if(!$db)exit(mysqli_connect_error());
+
+    if(!isset($_POST['oldPass'])||empty($_POST['oldPass']))exit('oldPass'); else $oldPass= mysqli_escape_string($db,$_POST['oldPass']);
+    if(!isset($_POST['newPass'])||empty($_POST['newPass']))exit('newPass'); else $newPass= mysqli_escape_string($db,$_POST['newPass']);
+    if(!isset($_POST['verifyPass'])||empty($_POST['verifyPass']))exit('verifyPass'); else $verifyPass= mysqli_escape_string($db,$_POST['verifyPass']);
+
+    if($newPass!=$verifyPass)exit("Passwords don't match");
+
+    //authenticate old pass
+    $email = mysqli_escape_string($db,$_SESSION["email"]);
+
+    $dbquerystring = sprintf("SELECT passwordHash, dateJoined, dateLastSignedIn FROM ".$dbname.".users WHERE email='%s'",$email);
+    $dbquery = mysqli_query($db,$dbquerystring);
+    $dbresults = mysqli_fetch_array($dbquery);
+    mysqli_free_result($dbquery);
+
+    $message = "";
+
+    if(
+        $dbresults==null
+        ||$dbresults['passwordHash']==null
+        ||getSaltedPassword($oldPass,$dbresults['dateJoined'])!=$dbresults['passwordHash']
+    )
+    {
+        $message = "Old password was wrong.";
+    }
+
+    if($message=="")
+    {
+        $dateJoined = $dbresults['dateJoined'];
+
+        //set new pass hash in database
+        $dbquerystring =
+        sprintf("UPDATE ".$dbname.".users SET passwordHash = '%s' WHERE email='%s'",
+        getSaltedPassword($newPass,$dateJoined),
+        $email
+        );
+        if(!mysqli_query($db,$dbquerystring))exit("didn't work");
+
+        //delete cookies
+        setcookie("email","",time()-1000,'/',".".getSiteDomain());
+        setcookie("token","",time()-1000,'/',".".getSiteDomain());
+
+        session_destroy();
+
+        mysqli_close($db);
+
+        $message = "Password changed. Please sign in using your new password.";
+    }
+?>
+<!doctype html>
+<html lang="en">
+<head>
+    <title><?php require_once("_names.php"); echo getSiteName(); ?> - Change Password<?php require_once("_names.php"); echo getTitleTagline(); ?></title>
+	<?php include("head.php");?>
+</head>
+<body class="d-flex flex-column h-100">
+	<?php include("h.php");?>
+	<div id="mainbody" align="center"> 
+		<br><br><br>
+
+		<div style="font-size:14px;">
+			<?php echo $message; ?>
+		</div>
+	</div>
+    <?php include("f.php");?>
+</body>
+</html>
+
diff --git a/_contact.php b/_contact.php
@@ -0,0 +1,50 @@
+<?php
+
+    session_start();
+
+    require_once("_init.php");
+
+    if($_SERVER["REQUEST_METHOD"] != "POST"){header('Location: '.getSiteURL());exit();}
+
+    require_once("_profileVars.php");
+    require_once("_secrets.php");
+    require_once("_globals.php");
+
+    $db = mysqli_connect($dburl,$dbuser,$dbpass);
+    if(!$db)exit(mysqli_connect_error());
+
+    //make sure we've got an action.
+    $message = "";
+    $subject = "";
+    $emailAddress = "";
+
+    if(!isset($_POST['message'])||empty($_POST['message']))exit('message'); else $message= mysqli_escape_string($db,convert_line_breaks($_POST['message']));
+    if(!isset($_POST['subject'])||empty($_POST['subject']))exit('subject'); else $subject= mysqli_escape_string($db,$_POST['subject']);
+
+    if(isset($_POST['emailAddress'])&&!empty($_POST['emailAddress']))
+    $emailAddress= mysqli_escape_string($db,$_POST['emailAddress']);
+
+    if($message!="")
+    {
+        sendContactEmail($subject,$message,$emailAddress);
+    }
+
+    mysqli_close($db);
+
+?>
+<!doctype html>
+<html lang="en">
+<head>
+    <title><?php require_once("_names.php"); echo getSiteName(); ?> - Contact Us<?php require_once("_names.php"); echo getTitleTagline(); ?></title>
+	<?php include("head.php");?>
+</head>
+<body class="d-flex flex-column h-100">
+	<?php include("h.php");?>
+	<div align="center" style="font-size:16px;">
+        Thank you for contacting us, we will get back to you.
+	</div>
+    <meta http-equiv="refresh" content="3;url=/"/>
+    <?php include("f.php");?>
+</body>
+</html>
+