jeff/timeline
1
0
Fork 0
mirror of https://github.com/sorenpeter/timeline.git synced 2025-12-15 10:57:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #58 from sorenpeter/55-can-post-when-not-logged-in

Browse source 
fix(session): replace old auth method with libs/session.php
This commit is contained in:
sørenpeter 2025-01-25 11:10:39 +01:00 committed by GitHub
commit 0c91c9434e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 77 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/session.php
View file

@ -16,14 +16,16 @@ if (isset($_POST['submit_pass']) && $_POST['pass']) {
$passwordInForm = $_POST['pass'];
if ($passwordInForm == $passwordInConfig) {
$_SESSION['password'] = $passwordInForm;
# TODO: Remove this legacy auth method completely
# $_SESSION['password'] = $passwordInForm;
saveLogin();
} elseif ($isCodeValid = verifyTOTP(
$config['totp_secret'],
$passwordInForm,
intval($config['totp_digits'])
)) {
$_SESSION['password'] = 'valid_totp';
# TODO: Remove this legacy auth method completely
# $_SESSION['password'] = 'valid_totp';
saveLogin();
} else {
$error = 'Incorrect Password';

7
partials/header.php
View file

@ -1,7 +1,7 @@
<?php
require_once 'libs/session.php';
$profile = getTwtsFromTwtxtString($config['public_txt_url']);
?>
<!doctype html>
<html>
@ -9,7 +9,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="icon" type="image/x-icon" href="<?= $baseURL ?>/media/logo.png">
<?php if( isset($_SESSION['password'])) { ?>
<?php if (hasValidSession()) { ?>
<script src="<?= $baseURL ?>/libs/tiny-mde.min.js"></script>
<link rel="stylesheet" type="text/css" href="<?= $baseURL ?>/libs/tiny-mde.css" />
<?php } ?>
@ -43,8 +43,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
<ul class="secondary">
<?php //if ($validSession) { // TODO: Make login secure ?>
<?php if( isset($_SESSION['password'])) { /*
if($_SESSION['password']=="$password") {*/ // Hacky login ?>
<?php if (hasValidSession()) { // Hacky login ?>
<li><a href="<?= $baseURL ?>/refresh?url=<?= $url ?>"><i class="fa fa-refresh"></i><span>Refresh</span></a></li>
<li><a href="<?= $baseURL ?>"><i class="fa fa-comments-o"></i><span>Timeline</span></a></li>
<?php if (!empty($config['public_webmentions'])) { ?>

33
partials/listSelect.php
View file

@ -4,27 +4,24 @@
<select name="list" onchange="this.form.submit()">
<option value="twtxt.txt" selected>twtxt.txt (Main)</option>
<?php
require_once 'libs/session.php';
// TODO: fix it so if List -> Selected for both public and private lists
if (isset($_SESSION['password'])) {
if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login
// Private lists
echo "<option disabled>Private Lists:</option>";
foreach (glob("private/twtxt-*.txt") as $filename) {
if ($filename == $_GET['lists']) $attr = "selected";
else $attr = "";
$listName = $filename;
$listName = str_replace("private/twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
if (hasValidSession()) {
// Private lists
echo "<option disabled>Private Lists:</option>";
foreach (glob("private/twtxt-*.txt") as $filename) {
if ($filename == $_GET['lists']) $attr = "selected";
else $attr = "";
$listName = $filename;
$listName = str_replace("private/twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
}
foreach (glob("twtxt-*.txt") as $filename) {

37
partials/lists.php
View file

@ -4,32 +4,31 @@
<select name="list" onchange="this.form.submit()">
<option value="twtxt.txt" selected>twtxt.txt (Main)</option>
<?php
require_once 'libs/session.php';
// TODO: fix it so if List -> Selected for both public and private lists
if (isset($_SESSION['password'])) {
if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login
if (hasValidSession()) {
// Private lists
echo "<option disabled>Private Lists:</option>";
foreach (glob("private/twtxt-*.txt") as $filename) {
if ($filename == $_GET['list']) { $attr = "selected"; }
else { $attr = ""; }
// Private lists
echo "<option disabled>Private Lists:</option>";
foreach (glob("private/twtxt-*.txt") as $filename) {
if ($filename == $_GET['list']) $attr = "selected";
else $attr = "";
$listName = $filename;
$listName = str_replace("private/twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
$listName = $filename;
$listName = str_replace("private/twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
}
foreach (glob("twtxt-*.txt") as $filename) {
if ($filename == $_GET['list']) $attr = "selected";
else $attr = "";
if ($filename == $_GET['list']) { $attr = "selected"; }
else { $attr = ""; }
$listName = $filename;
$listName = str_replace("twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);

3
partials/timeline.php
View file

@ -39,7 +39,8 @@
}
*/
if (isset($_SESSION['password'])) {
require_once 'libs/session.php';
if (hasValidSession()) {
echo ' | <a href="' . $baseURL . '/new?hash=' . $twt->hash . '">Reply</a>';
}

17
views/__profile.php
View file

@ -1,18 +1,16 @@
<?php
require_once("partials/base.php");
require_once "partials/base.php";
$title = "Profile for"." - ".$title;
$title = "Profile for - $title";
include('partials/header.php');
include 'partials/header.php';
?>
<!-- PHP: PROFILE CARD -->
<?php
//$twtsURL = $config['public_txt_url'];
//$profile = getTwtsFromTwtxtString($twtsURL);
/* from base.php */
# Show twts only for URL in query request, else show user timeline
@ -35,7 +33,7 @@ else { // Show timeline for the URL
$twtsURL = $config['public_txt_url'];
// $twtsURL = "https://lyse.isobeef.org/twtxt.txt";
// $profile = getTwtsFromTwtxtString($twtsURL);
header("Location: ".$baseURL."/profile?url=".$twtsURL);
header("Location: $baseURL/profile?url=$twtsURL");
/*
if (filter_var($twtsURL, FILTER_VALIDATE_URL) === FALSE) {
@ -94,9 +92,12 @@ krsort($twts, SORT_NUMERIC);
<!-- PHP: NEW POST BOX -->
<?php
if( isset($_SESSION['password'])) {
require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
} ?>
}
?>
<!-- PHP: TIMELINE --><?php include 'partials/timeline.php'?>

6
views/conv.php
View file

@ -26,10 +26,12 @@ include_once 'partials/header.php';
<?php
require_once 'libs/session.php';
if (isset($_SESSION['password'])) {
if (hasValidSession()) {
$textareaValue = "(#$id) ";
include 'views/new_twt.php';
} ?>
}
?>
<!-- PHP: GET FOOTER --><?php include_once 'partials/footer.php';?>

14
views/following.php
View file

@ -1,12 +1,12 @@
<?php
require_once("partials/base.php");
require_once 'partials/base.php';
$title = "Following - " . $title;
$title = "Following - $title";
include 'partials/header.php';
require_once 'libs/session.php';
// TODO: Include profile-card, but only tagcloud for user, not all feeds in cache
?>
<center>
@ -18,7 +18,7 @@ include 'partials/header.php';
<!-- <th></th> -->
<th>Nick</th>
<th>URL</th>
<?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?>
<?php if (hasValidSession()) { ?>
<th>Time ago</th>
<?php } ?>
</tr>
@ -29,13 +29,13 @@ include 'partials/header.php';
<td><a href="<?= $baseURL ?>/profile?url=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td>
<!-- <td><a href="/?twt=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td> -->
<td><?= $currentFollower[1] ?>
<!-- <?php //if ($validSession) {
<!-- <?php //if ($validSession) {
?> -->
<!-- <a href="?remove_url=<?= $currentFollower[1] ?>">Remove</a> -->
<!-- <?php // }
<!-- <?php // }
?> -->
</td>
<?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?>
<?php if (hasValidSession()) { ?>
<td>
<?php
// Test first if URL is a valid feed:

12
views/login.php
View file

@ -1,14 +1,14 @@
<?php
require_once "partials/base.php";
require_once 'partials/base.php';
$title = "Login - $title";
// $password comes from libs/session.php
if (isset($_SESSION['password'])) {
if ($_SESSION['password'] == $passwordInConfig) {
header("Location: .");
die();
}
require_once 'libs/session.php';
if (hasValidSession()) {
header("Location: .");
die();
} else {
include 'partials/header.php';
?>

6
views/profile.php
View file

@ -17,9 +17,11 @@ include_once 'partials/header.php';
include_once 'partials/profile_card.php';
if( isset($_SESSION['password'])) {
require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
}
}
//include_once 'partials/search.php';

8
views/replies.php
View file

@ -19,9 +19,11 @@ include_once 'partials/header.php';
include_once 'partials/profile_card.php';
if( isset($_SESSION['password'])) {
require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
}
}
//include_once 'partials/search.php';
@ -31,7 +33,7 @@ include_once 'partials/footer.php';
/*
// Old replies //
// Old replies //
<?php
require_once("partials/base.php");