jeff/timeline
1
0
Fork 0
mirror of https://github.com/sorenpeter/timeline.git synced 2025-12-16 03:17:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #58 from sorenpeter/55-can-post-when-not-logged-in

Browse source 
fix(session): replace old auth method with libs/session.php
This commit is contained in:
sørenpeter 2025-01-25 11:10:39 +01:00 committed by GitHub
commit 0c91c9434e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 77 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libs/session.php
View file

@ -16,14 +16,16 @@ if (isset($_POST['submit_pass']) && $_POST['pass']) {
$passwordInForm = $_POST['pass']; $passwordInForm = $_POST['pass'];
if ($passwordInForm == $passwordInConfig) { if ($passwordInForm == $passwordInConfig) {
$_SESSION['password'] = $passwordInForm; # TODO: Remove this legacy auth method completely
# $_SESSION['password'] = $passwordInForm;
saveLogin(); saveLogin();
} elseif ($isCodeValid = verifyTOTP( } elseif ($isCodeValid = verifyTOTP(
$config['totp_secret'], $config['totp_secret'],
$passwordInForm, $passwordInForm,
intval($config['totp_digits']) intval($config['totp_digits'])
)) { )) {
$_SESSION['password'] = 'valid_totp'; # TODO: Remove this legacy auth method completely
# $_SESSION['password'] = 'valid_totp';
saveLogin(); saveLogin();
} else { } else {
$error = 'Incorrect Password'; $error = 'Incorrect Password';

7
partials/header.php
View file

@ -1,7 +1,7 @@
<?php <?php
require_once 'libs/session.php';
$profile = getTwtsFromTwtxtString($config['public_txt_url']); $profile = getTwtsFromTwtxtString($config['public_txt_url']);
?> ?>
<!doctype html> <!doctype html>
<html> <html>
@ -9,7 +9,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="icon" type="image/x-icon" href="<?= $baseURL ?>/media/logo.png"> <link rel="icon" type="image/x-icon" href="<?= $baseURL ?>/media/logo.png">
<?php if( isset($_SESSION['password'])) { ?> <?php if (hasValidSession()) { ?>
<script src="<?= $baseURL ?>/libs/tiny-mde.min.js"></script> <script src="<?= $baseURL ?>/libs/tiny-mde.min.js"></script>
<link rel="stylesheet" type="text/css" href="<?= $baseURL ?>/libs/tiny-mde.css" /> <link rel="stylesheet" type="text/css" href="<?= $baseURL ?>/libs/tiny-mde.css" />
<?php } ?> <?php } ?>
@ -43,8 +43,7 @@ $profile = getTwtsFromTwtxtString($config['public_txt_url']);
<ul class="secondary"> <ul class="secondary">
<?php //if ($validSession) { // TODO: Make login secure ?> <?php //if ($validSession) { // TODO: Make login secure ?>
<?php if( isset($_SESSION['password'])) { /* <?php if (hasValidSession()) { // Hacky login ?>
if($_SESSION['password']=="$password") {*/ // Hacky login ?>
<li><a href="<?= $baseURL ?>/refresh?url=<?= $url ?>"><i class="fa fa-refresh"></i><span>Refresh</span></a></li> <li><a href="<?= $baseURL ?>/refresh?url=<?= $url ?>"><i class="fa fa-refresh"></i><span>Refresh</span></a></li>
<li><a href="<?= $baseURL ?>"><i class="fa fa-comments-o"></i><span>Timeline</span></a></li> <li><a href="<?= $baseURL ?>"><i class="fa fa-comments-o"></i><span>Timeline</span></a></li>
<?php if (!empty($config['public_webmentions'])) { ?> <?php if (!empty($config['public_webmentions'])) { ?>

33
partials/listSelect.php
View file

@ -4,27 +4,24 @@
<select name="list" onchange="this.form.submit()"> <select name="list" onchange="this.form.submit()">
<option value="twtxt.txt" selected>twtxt.txt (Main)</option> <option value="twtxt.txt" selected>twtxt.txt (Main)</option>
<?php <?php
require_once 'libs/session.php';
// TODO: fix it so if List -> Selected for both public and private lists // TODO: fix it so if List -> Selected for both public and private lists
if (isset($_SESSION['password'])) { if (hasValidSession()) {
if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login // Private lists
echo "<option disabled>Private Lists:</option>";
// Private lists foreach (glob("private/twtxt-*.txt") as $filename) {
echo "<option disabled>Private Lists:</option>"; if ($filename == $_GET['lists']) $attr = "selected";
foreach (glob("private/twtxt-*.txt") as $filename) { else $attr = "";
if ($filename == $_GET['lists']) $attr = "selected"; $listName = $filename;
else $attr = ""; $listName = str_replace("private/twtxt-", "", $listName);
$listName = $filename; $listName = str_replace("_", " ", $listName);
$listName = str_replace("private/twtxt-", "", $listName); $listName = str_replace(".txt", "", $listName);
$listName = str_replace("_", " ", $listName); echo "<option value='{$filename}' {$attr}>$listName</option>";
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
} }
// Public Lists
echo "<option disabled>Public Lists:</option>";
} }
foreach (glob("twtxt-*.txt") as $filename) { foreach (glob("twtxt-*.txt") as $filename) {

37
partials/lists.php
View file

@ -4,32 +4,31 @@
<select name="list" onchange="this.form.submit()"> <select name="list" onchange="this.form.submit()">
<option value="twtxt.txt" selected>twtxt.txt (Main)</option> <option value="twtxt.txt" selected>twtxt.txt (Main)</option>
<?php <?php
require_once 'libs/session.php';
// TODO: fix it so if List -> Selected for both public and private lists // TODO: fix it so if List -> Selected for both public and private lists
if (isset($_SESSION['password'])) { if (hasValidSession()) {
if ($_SESSION['password'] == "$passwordInConfig") { // Hacky login // Private lists
echo "<option disabled>Private Lists:</option>";
foreach (glob("private/twtxt-*.txt") as $filename) {
if ($filename == $_GET['list']) { $attr = "selected"; }
else { $attr = ""; }
// Private lists $listName = $filename;
echo "<option disabled>Private Lists:</option>"; $listName = str_replace("private/twtxt-", "", $listName);
foreach (glob("private/twtxt-*.txt") as $filename) { $listName = str_replace("_", " ", $listName);
if ($filename == $_GET['list']) $attr = "selected"; $listName = str_replace(".txt", "", $listName);
else $attr = ""; echo "<option value='{$filename}' {$attr}>$listName</option>";
$listName = $filename;
$listName = str_replace("private/twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName);
$listName = str_replace(".txt", "", $listName);
echo "<option value='{$filename}' {$attr}>$listName</option>";
}
// Public Lists
echo "<option disabled>Public Lists:</option>";
} }
// Public Lists
echo "<option disabled>Public Lists:</option>";
} }
foreach (glob("twtxt-*.txt") as $filename) { foreach (glob("twtxt-*.txt") as $filename) {
if ($filename == $_GET['list']) $attr = "selected"; if ($filename == $_GET['list']) { $attr = "selected"; }
else $attr = ""; else { $attr = ""; }
$listName = $filename; $listName = $filename;
$listName = str_replace("twtxt-", "", $listName); $listName = str_replace("twtxt-", "", $listName);
$listName = str_replace("_", " ", $listName); $listName = str_replace("_", " ", $listName);

3
partials/timeline.php
View file

@ -39,7 +39,8 @@
} }
*/ */
if (isset($_SESSION['password'])) { require_once 'libs/session.php';
if (hasValidSession()) {
echo ' | <a href="' . $baseURL . '/new?hash=' . $twt->hash . '">Reply</a>'; echo ' | <a href="' . $baseURL . '/new?hash=' . $twt->hash . '">Reply</a>';
} }

17
views/__profile.php
View file

@ -1,18 +1,16 @@
<?php <?php
require_once("partials/base.php"); require_once "partials/base.php";
$title = "Profile for"." - ".$title; $title = "Profile for - $title";
include('partials/header.php'); include 'partials/header.php';
?> ?>
<!-- PHP: PROFILE CARD --> <!-- PHP: PROFILE CARD -->
<?php <?php
//$twtsURL = $config['public_txt_url']; //$twtsURL = $config['public_txt_url'];
//$profile = getTwtsFromTwtxtString($twtsURL); //$profile = getTwtsFromTwtxtString($twtsURL);
/* from base.php */ /* from base.php */
# Show twts only for URL in query request, else show user timeline # Show twts only for URL in query request, else show user timeline
@ -35,7 +33,7 @@ else { // Show timeline for the URL
$twtsURL = $config['public_txt_url']; $twtsURL = $config['public_txt_url'];
// $twtsURL = "https://lyse.isobeef.org/twtxt.txt"; // $twtsURL = "https://lyse.isobeef.org/twtxt.txt";
// $profile = getTwtsFromTwtxtString($twtsURL); // $profile = getTwtsFromTwtxtString($twtsURL);
header("Location: ".$baseURL."/profile?url=".$twtsURL); header("Location: $baseURL/profile?url=$twtsURL");
/* /*
if (filter_var($twtsURL, FILTER_VALIDATE_URL) === FALSE) { if (filter_var($twtsURL, FILTER_VALIDATE_URL) === FALSE) {
@ -94,9 +92,12 @@ krsort($twts, SORT_NUMERIC);
<!-- PHP: NEW POST BOX --> <!-- PHP: NEW POST BOX -->
<?php <?php
if( isset($_SESSION['password'])) { require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
} ?> }
?>
<!-- PHP: TIMELINE --><?php include 'partials/timeline.php'?> <!-- PHP: TIMELINE --><?php include 'partials/timeline.php'?>

6
views/conv.php
View file

@ -26,10 +26,12 @@ include_once 'partials/header.php';
<?php <?php
require_once 'libs/session.php';
if (isset($_SESSION['password'])) { if (hasValidSession()) {
$textareaValue = "(#$id) "; $textareaValue = "(#$id) ";
include 'views/new_twt.php'; include 'views/new_twt.php';
} ?> }
?>
<!-- PHP: GET FOOTER --><?php include_once 'partials/footer.php';?> <!-- PHP: GET FOOTER --><?php include_once 'partials/footer.php';?>

14
views/following.php
View file

@ -1,12 +1,12 @@
<?php <?php
require_once("partials/base.php"); require_once 'partials/base.php';
$title = "Following - " . $title; $title = "Following - $title";
include 'partials/header.php'; include 'partials/header.php';
require_once 'libs/session.php';
// TODO: Include profile-card, but only tagcloud for user, not all feeds in cache // TODO: Include profile-card, but only tagcloud for user, not all feeds in cache
?> ?>
<center> <center>
@ -18,7 +18,7 @@ include 'partials/header.php';
<!-- <th></th> --> <!-- <th></th> -->
<th>Nick</th> <th>Nick</th>
<th>URL</th> <th>URL</th>
<?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?> <?php if (hasValidSession()) { ?>
<th>Time ago</th> <th>Time ago</th>
<?php } ?> <?php } ?>
</tr> </tr>
@ -29,13 +29,13 @@ include 'partials/header.php';
<td><a href="<?= $baseURL ?>/profile?url=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td> <td><a href="<?= $baseURL ?>/profile?url=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td>
<!-- <td><a href="/?twt=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td> --> <!-- <td><a href="/?twt=<?= $currentFollower[1] ?>"><?= $currentFollower[0] ?></a></td> -->
<td><?= $currentFollower[1] ?> <td><?= $currentFollower[1] ?>
<!-- <?php //if ($validSession) { <!-- <?php //if ($validSession) {
?> --> ?> -->
<!-- <a href="?remove_url=<?= $currentFollower[1] ?>">Remove</a> --> <!-- <a href="?remove_url=<?= $currentFollower[1] ?>">Remove</a> -->
<!-- <?php // } <!-- <?php // }
?> --> ?> -->
</td> </td>
<?php if (isset($_SESSION['password']) && $_SESSION['password'] == "$passwordInConfig") { ?> <?php if (hasValidSession()) { ?>
<td> <td>
<?php <?php
// Test first if URL is a valid feed: // Test first if URL is a valid feed:

12
views/login.php
View file

@ -1,14 +1,14 @@
<?php <?php
require_once "partials/base.php"; require_once 'partials/base.php';
$title = "Login - $title"; $title = "Login - $title";
// $password comes from libs/session.php // $password comes from libs/session.php
if (isset($_SESSION['password'])) { require_once 'libs/session.php';
if ($_SESSION['password'] == $passwordInConfig) {
header("Location: ."); if (hasValidSession()) {
die(); header("Location: .");
} die();
} else { } else {
include 'partials/header.php'; include 'partials/header.php';
?> ?>

6
views/profile.php
View file

@ -17,9 +17,11 @@ include_once 'partials/header.php';
include_once 'partials/profile_card.php'; include_once 'partials/profile_card.php';
if( isset($_SESSION['password'])) { require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
} }
//include_once 'partials/search.php'; //include_once 'partials/search.php';

8
views/replies.php
View file

@ -19,9 +19,11 @@ include_once 'partials/header.php';
include_once 'partials/profile_card.php'; include_once 'partials/profile_card.php';
if( isset($_SESSION['password'])) { require_once 'libs/session.php';
if (hasValidSession()) {
include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial include 'views/new_twt.php'; // TODO: Split up new_twt into a view and a partial
} }
//include_once 'partials/search.php'; //include_once 'partials/search.php';
@ -31,7 +33,7 @@ include_once 'partials/footer.php';
/* /*
// Old replies // // Old replies //
<?php <?php
require_once("partials/base.php"); require_once("partials/base.php");