Settings
+Welcome back, =htmlspecialchars($_SESSION['name'], ENT_QUOTES)?>!
+diff --git a/README.md b/README.md index 0c0d1f3..f539ce0 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,27 @@ # hacker news clone +![](https://img.photouploads.com/file/PhotoUploads-com/SRE3.png) + a bad hacker news clone made in php +this was created on garbage free hosting so it probably works anywhere you can get php 7.3 and some new version of mysql + +(yes it breaks after php 8.0 i dont care to figure out why) + # setup -wip \ No newline at end of file +1. copy the files over to your server +2. modify `config.php` to use your database login, base url, and email +3. import `database.sql` into your database +4. go to whatever your base url is set as +5. profit i think idk + +# why you shouldn't use this + +- the account system is from some tutorial +- there's probably some vulnerability that allows code execution +- comments SUCK!!! they look so awful +- it uses mysqli instead of something more secure like pdo +- i think you can post without an account and i forgot to fix that +- the logout button is always visible even when you log out +- the navbar buttons are inconsistent \ No newline at end of file diff --git a/account/activate.php b/account/activate.php new file mode 100755 index 0000000..07fb665 --- /dev/null +++ b/account/activate.php @@ -0,0 +1,31 @@ +prepare('SELECT * FROM accounts WHERE email = ? AND activation_code = ?')) { + $stmt->bind_param('ss', $_GET['email'], $_GET['code']); + $stmt->execute(); + // Store the result so we can check if the account exists in the database. + $stmt->store_result(); + if ($stmt->num_rows > 0) { + // Account exists with the requested email and code. + if ($stmt = $con->prepare('UPDATE accounts SET activation_code = ? WHERE email = ? AND activation_code = ?')) { + // Set the new activation code to 'activated', this is how we can check if the user has activated their account. + $newcode = 'activated'; + $stmt->bind_param('sss', $newcode, $_GET['email'], $_GET['code']); + $stmt->execute(); + echo 'Your account is now activated! You can now login!'; + } + } else { + echo 'The account is already activated or doesn\'t exist!'; + } + } +} +?> \ No newline at end of file diff --git a/account/authenticate.php b/account/authenticate.php new file mode 100755 index 0000000..d12e2b2 --- /dev/null +++ b/account/authenticate.php @@ -0,0 +1,52 @@ +prepare('SELECT id, password FROM accounts WHERE username = ?')) { + // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s" + $stmt->bind_param('s', $_POST['username']); + $stmt->execute(); + // Store the result so we can check if the account exists in the database. + $stmt->store_result(); + + + if ($stmt->num_rows > 0) { + $stmt->bind_result($id, $password); + $stmt->fetch(); + // Account exists, now we verify the password. + // Note: remember to use password_hash in your registration file to store the hashed passwords. + if (password_verify($_POST['password'], $password)) { + // Verification success! User has logged-in! + // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server. + session_regenerate_id(); + $_SESSION['loggedin'] = TRUE; + $_SESSION['name'] = $_POST['username']; + $_SESSION['id'] = $id; + header('Location: home.php'); + } else { + // Incorrect password + echo 'Incorrect username and/or password!'; + } +} else { + // Incorrect username + echo 'Incorrect username and/or password!'; +} + + + $stmt->close(); +} +?> \ No newline at end of file diff --git a/account/home.php b/account/home.php new file mode 100755 index 0000000..04e7a08 --- /dev/null +++ b/account/home.php @@ -0,0 +1,37 @@ + + + + +
+ +Welcome back, =htmlspecialchars($_SESSION['name'], ENT_QUOTES)?>!
+Your account details are below:
+Username: | +=htmlspecialchars($_SESSION['name'], ENT_QUOTES)?> | +
Password: | +=htmlspecialchars($password, ENT_QUOTES)?> | +
Email: | +=htmlspecialchars($email, ENT_QUOTES)?> | +
Please click the following link to activate your account "'. $_POST['username'] . '": ' . $activate_link . '
'; + mail($_POST['email'], $subject, $message, $headers); + echo 'Please check your email to activate your account!'; +} else { + // Something is wrong with the SQL statement, so you must check to make sure your accounts table exists with all three fields. + echo 'Could not prepare statement!'; +} + } + $stmt->close(); +} else { + // Something is wrong with the SQL statement, so you must check to make sure your accounts table exists with all 3 fields. + echo 'Could not prepare statement!'; +} +$con->close(); +?> \ No newline at end of file diff --git a/account/style.css b/account/style.css new file mode 100755 index 0000000..ece0878 --- /dev/null +++ b/account/style.css @@ -0,0 +1,189 @@ +* { + box-sizing: border-box; + font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif; + font-size: 16px; +} +body { + background-color: #435165; +} +.login { + width: 400px; + background-color: #ffffff; + box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3); + margin: 100px auto; +} +.login h1 { + text-align: center; + color: #5b6574; + font-size: 24px; + padding: 20px 0 20px 0; + border-bottom: 1px solid #dee0e4; +} +.login form { + display: flex; + flex-wrap: wrap; + justify-content: center; + padding-top: 20px; +} +.login form label { + display: flex; + justify-content: center; + align-items: center; + width: 50px; + height: 50px; + background-color: #3274d6; + color: #ffffff; +} +.login form input[type="password"], .login form input[type="text"] { + width: 310px; + height: 50px; + border: 1px solid #dee0e4; + margin-bottom: 20px; + padding: 0 15px; +} +.login form input[type="submit"] { + width: 100%; + padding: 15px; + margin-top: 20px; + background-color: #3274d6; + border: 0; + cursor: pointer; + font-weight: bold; + color: #ffffff; + transition: background-color 0.2s; +} +.login form input[type="submit"]:hover { + background-color: #2868c7; + transition: background-color 0.2s; +} + + +.navtop { + background-color: #2f3947; + height: 60px; + width: 100%; + border: 0; +} +.navtop div { + display: flex; + margin: 0 auto; + width: 1000px; + height: 100%; +} +.navtop div h1, .navtop div a { + display: inline-flex; + align-items: center; +} +.navtop div h1 { + flex: 1; + font-size: 24px; + padding: 0; + margin: 0; + color: #eaebed; + font-weight: normal; +} +.navtop div a { + padding: 0 20px; + text-decoration: none; + color: #c1c4c8; + font-weight: bold; +} +.navtop div a i { + padding: 2px 8px 0 0; +} +.navtop div a:hover { + color: #eaebed; +} +body.loggedin { + background-color: #f3f4f7; +} +.content { + width: 1000px; + margin: 0 auto; +} +.content h2 { + margin: 0; + padding: 25px 0; + font-size: 22px; + border-bottom: 1px solid #e0e0e3; + color: #4a536e; +} +.content > p, .content > div { + box-shadow: 0 0 5px 0 rgba(0, 0, 0, 0.1); + margin: 25px 0; + padding: 25px; + background-color: #fff; +} +.content > p table td, .content > div table td { + padding: 5px; +} +.content > p table td:first-child, .content > div table td:first-child { + font-weight: bold; + color: #4a536e; + padding-right: 15px; +} +.content > div p { + padding: 5px; + margin: 0 0 10px 0; +} + + +* { + box-sizing: border-box; + font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif; + font-size: 16px; +} +body { + background-color: #435165; + margin: 0; +} +.register { + width: 400px; + background-color: #ffffff; + box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3); + margin: 100px auto; +} +.register h1 { + text-align: center; + color: #5b6574; + font-size: 24px; + padding: 20px 0 20px 0; + border-bottom: 1px solid #dee0e4; +} +.register form { + display: flex; + flex-wrap: wrap; + justify-content: center; + padding-top: 20px; +} +.register form label { + display: flex; + justify-content: center; + align-items: center; + width: 50px; + height: 50px; + background-color: #3274d6; + color: #ffffff; +} +.register form input[type="password"], .register form input[type="text"], .register form input[type="email"] { + width: 310px; + height: 50px; + border: 1px solid #dee0e4; + margin-bottom: 20px; + padding: 0 15px; +} +.register form input[type="submit"] { + width: 100%; + padding: 15px; + margin-top: 20px; + background-color: #3274d6; + border: 0; + cursor: pointer; + font-weight: bold; + color: #ffffff; + transition: background-color 0.2s; +} +.register form input[type="submit"]:hover { + background-color: #2868c7; + transition: background-color 0.2s; +} \ No newline at end of file diff --git a/account/updatebio.php b/account/updatebio.php new file mode 100755 index 0000000..41856fd --- /dev/null +++ b/account/updatebio.php @@ -0,0 +1,29 @@ +connect_error) { + die("Connection failed: " . $conn->connect_error); +} +// $sql = "INSERT INTO accounts (bio) +// VALUES ('". substr($_POST['bio'],0,150). "')"; + +$sql = "UPDATE accounts +SET bio = '".substr($_POST['bio'],0,150)."' +WHERE username = '".htmlspecialchars($_SESSION['name'], ENT_QUOTES)."';"; + +if ($conn->query($sql) === TRUE) { + header('Location: profile.php'); +} else { + echo "Error: " . $sql . "Username: | +=htmlspecialchars($_GET['user']);?> | +
Bio: | +=$userbio; ?> | +
".htmlspecialchars($rows['title'])." comments | Posted by: ".htmlspecialchars($rows['poster'])." |
".htmlspecialchars($rows['username'])." |