diff --git a/Source/assets/html/TOS.twig b/Source/assets/html/TOS.twig index cbec40c..55f8029 100644 --- a/Source/assets/html/TOS.twig +++ b/Source/assets/html/TOS.twig @@ -1,4 +1,4 @@ -{% extends "base.twig" %} +{% extends app.fronthtml~"/base.twig" %} {% block content %}

Terms of service

@@ -20,7 +20,7 @@

The registered user in all moment can close their account but all data hosted in CodeShare will remain hosted.
JKA Network is reserved the right to ban the access to account of any user who engage vandalism

+ href="{{path('doc')}}#vandalism">vandalism

Cookie policiy

In CodeShare are used two differents cookies, one for session system and other for cookies' consent. You can block CodeShare cookies but you cannot log in because we cannot check if login was right. diff --git a/Source/assets/html/code.twig b/Source/assets/html/code.twig index dea9019..919019b 100644 --- a/Source/assets/html/code.twig +++ b/Source/assets/html/code.twig @@ -25,7 +25,7 @@ Delete source {% endif %}#} {% if page.otherV %} -

View version's history
+
View version's history
{% endif %} {#
Se necesita tener JavaScript habilitado para poder ver los comentarios de la web.
#}

Other implementations

@@ -36,12 +36,12 @@ - - - + {# + + #}
- Link + {{i.lLang}}
Lang: {{ i.lLang }}
Version: {{ i.version }}
{{ i.code }}
diff --git a/Source/assets/html/error.twig b/Source/assets/html/error.twig index 247c8ec..64b5c62 100644 --- a/Source/assets/html/error.twig +++ b/Source/assets/html/error.twig @@ -1,4 +1,4 @@ -{% extends "base.twig" %} +{% extends app.fronthtml~"/base.twig" %} {% block content %}

{{ error.number }} - {{ error.text }} diff --git a/Source/assets/html/loginregister.twig b/Source/assets/html/loginregister.twig index fa9bf0f..130c5f6 100644 --- a/Source/assets/html/loginregister.twig +++ b/Source/assets/html/loginregister.twig @@ -1,4 +1,4 @@ -{% extends "base.twig" %} +{% extends app.fronthtml~"/base.twig" %} {% block content %}
@@ -11,7 +11,7 @@ {% if page.state == 1 %}

Bad credentials

{% elseif page.state == 2 %} -

Email already exits

+

Error during sign-up, check your data

{% endif %}
@@ -32,8 +32,7 @@

- +
@@ -74,16 +73,14 @@
- +
- +
@@ -128,7 +125,7 @@ document.getElementById("emailre").onchange = checkEmail; document.getElementById("emailre-re").onchange = checkEmail; - {% if page.page == "register" or page.state == 2 %} + {% if page.page == "sign-up" or page.state == 2 %} nowRegister(); {% endif %} diff --git a/Source/assets/html/nav.twig b/Source/assets/html/nav.twig index 5cbef69..85e8252 100644 --- a/Source/assets/html/nav.twig +++ b/Source/assets/html/nav.twig @@ -34,17 +34,17 @@ {% if user.nick is defined %}
  • - {{ user.nick }} + {{ user.nick }}
  • - Log out + Log out
    • {% else %}
  • - Log in + Log in
  • - Register + Register
    • {% endif %} diff --git a/Source/assets/html/otherVersion.twig b/Source/assets/html/otherVersion.twig index c2cc626..f8607cb 100644 --- a/Source/assets/html/otherVersion.twig +++ b/Source/assets/html/otherVersion.twig @@ -1,4 +1,4 @@ -{% extends "base.twig" %} +{% extends app.fronthtml~"/base.twig" %} {% block content %} - {% include "firstCodes.twig" %} + {% include app.fronthtml~"/firstCodes.twig" %} {% endblock %} \ No newline at end of file diff --git a/Source/assets/html/user.twig b/Source/assets/html/user.twig index 3910424..4390ba4 100644 --- a/Source/assets/html/user.twig +++ b/Source/assets/html/user.twig @@ -1,4 +1,4 @@ -{% extends "base.twig" %} +{% extends app.fronthtml~"/base.twig" %} {% block content %}

    {{ user.nick }}

    diff --git a/Source/src/DB.php b/Source/src/DB.php index 3da18e4..74a97a9 100644 --- a/Source/src/DB.php +++ b/Source/src/DB.php @@ -132,7 +132,8 @@ class DB */ public function loadDiff($id, $lang) { - $query = "SELECT Lang,Code,Version FROM Sources NATURAL JOIN Codes WHERE IDC=$id AND Lang<>'$lang' AND Version = (SELECT MAX(Version) FROM Sources NATURAL JOIN Codes WHERE IDC=$id AND Lang<>'$lang')"; + $lang=dbw_escape_string($this->conn,$lang); + $query = "SELECT Lang,Code,Version FROM Sources WHERE IDC=$id AND Lang<>'$lang' AND Version = (SELECT MAX(Version) FROM Sources WHERE IDC=$id AND Lang='$lang')"; $code = dbw_query($this->conn, $query); return $code; } @@ -459,7 +460,7 @@ class DB */ public function updatePass($idu, $pass) { - $query = "UPDATE Users SET password='" . hash('sha256', $pass) . "' WHERE IDU='$idu'"; + $query = "UPDATE Users SET pass='" . hash('sha256', $pass) . "' WHERE IDU='$idu'"; dbw_query($this->conn, $query); } } \ No newline at end of file diff --git a/Source/src/app.php b/Source/src/app.php index 177e37c..577bffd 100644 --- a/Source/src/app.php +++ b/Source/src/app.php @@ -35,17 +35,29 @@ $string = file_get_contents(__DIR__."/../data/supported.json"); $app["supported"] = json_decode($string, true); $app['db']=null; -try { - $app['db'] = new DB(); -}catch (Exception $ex){ - exit(); +function connectDB(){ + global $app; + try { + $app['db'] = new DB(); + }catch (Exception $ex){ + $app->abort('503','ERROR en la Base de Datos'); + + } } +/* Security */ +$app['security.role_hierarchy'] = array( + 'ROLE_DELETE' => array('ROLE_COMMON'), + 'ROLE_COMMON' => array('ROLE_USER'), +); +/* End Security */ + $app->boot(); /* Basics */ $app->get('/', function (Request $request) use($app) { - + connectDB(); + $user = getUser($app); $query = $app['db']->loadLast(); $last = lastToArray($app["db"],$query,$app['supported']); @@ -55,32 +67,42 @@ $app->get('/', function (Request $request) use($app) { "last" => $last, "supported" => $app["supported"], "page" => "home", - "grouped" => groupByCategory($app["supported"])) + "grouped" => groupByCategory($app["supported"])), + 'user' => $user )); })->bind('home'); $app->get('/doc', function (Request $request) use($app){ + connectDB(); + $user = getUser($app); $page = array( "title" => "Documentation", "description" => "All documentation about how to upload code in CodeShare", - "page" => "doc" + "page" => "doc", ); - return $app['twig']->render($app['fronthtml'].'/doc.twig', array("page" => $page)); + return $app['twig']->render($app['fronthtml'].'/doc.twig', array("page" => $page, "user" => $user)); })->bind('doc'); $app->get('/about', function (Request $request) use($app){ + connectDB(); + $user = getUser($app); $page = array( "title" => "About CodeShare", "description" => "Developed by JKA Network's Team", "page" => "about", ); - return $app['twig']->render($app['fronthtml'].'/about.twig', array("page" => $page)); + return $app['twig']->render($app['fronthtml'].'/about.twig', array("page" => $page,'user'=>$user)); })->bind('about'); /* Codes */ -$app->get('/code/{idc}/{lang}/{version}', function (Request $request, $idc, $lang, $version) use($app){ +$app->get('/code/{lang}-{idc}-{version}', function (Request $request, $lang, $idc, $version) use($app){ + connectDB(); + $user = getUser($app); $array = $app['db']->loadAll($idc,$lang,$version); + if(!$array){ + $app->abort('404'); + } $page = array( "page" => 'code', "title" => "$array[Name] by $array[nick]", @@ -104,5 +126,186 @@ $app->get('/code/{idc}/{lang}/{version}', function (Request $request, $idc, $lan "code" => $code, "otherImplementation" => $otherImplementation, "supported" => $app['supported'], + "user" => $user )); -})->bind('code'); \ No newline at end of file +})->bind('code'); + +$app->get('/code/{lang}-{idc}', function(Request $request, $lang, $idc) use($app){ + connectDB(); + $user = getUser($app); + + $array = $app['db']->loadOtherVersion($idc,$lang); + $other = otherVersionToArray($app['db'],$array,$app['supported']); + $name = $other[0]['name']; + + $page = array( + "title" => "Other versions of $name", + "description" => "All differents version of $name uploaded in CodeShare", + "last" => $other, + "page" => "" + ); + return $app['twig']->render($app['fronthtml'].'/otherVersion.twig', array( + "page" => $page, "user" => $user + )); +})->bind('codeVer'); + +/* User */ +$app->get('/tos',function(Request $request) use($app){ + connectDB(); + $user = getUser($app); + $page = array( + "title" => "Terms of service", + "description" => "Terms of services and privacy policies", + "page" => "" + ); + + return $app['twig']->render($app['fronthtml'].'/TOS.twig', array("page" => $page, "user" => $user)); +})->bind('tos'); + +$app->get('/login', function(Request $request) use ($app){ + connectDB(); + $user = getUser($app); + if($user != null){ + return $app->redirect($app["url_generator"]->generate('home')); + } + if ($request->getMethod() == 'GET'){ + return loginRegister('login'); + } + else{ + $state = checkInfo($request); + return loginOrRegister($state,$request); + } + +})->bind('login')->method('GET|POST'); + +$app->get('/signup', function(Request $request) use ($app){ + connectDB(); + $user = getUser($app); + if($user != null){ + return $app->redirect($app["url_generator"]->generate('home')); + } + + if ($request->getMethod() == 'GET'){ + return loginRegister('sign-up'); + }else{ + $state = checkInfo($request); + return loginOrRegister($state,$request); + } + +})->bind('register')->method('GET|POST'); + +function loginRegister($default,$state=0){ + global $app; + + $page = array( + "title" => ucfirst($default), + "description" => "Start now in CodeShare", + "page" => "$default", + "state" => $state, //0=no logged, 1 login fail, 2 register fail, 3 all correct (render home) + ); + return $app['twig']->render($app['fronthtml']."/loginregister.twig", array("page" => $page)); +} + +function loginOrRegister($state,$request){ + global $app; + + switch ($state){ + case 3: + return loginRegister('login',1); + case 1: + if(checklogin($request->get('email'),$request->get('pwd'))){ + return $app->redirect($app["url_generator"]->generate('home')); + }else{ + return loginRegister("login",1); + } + case 2: + if(register($request->get('emailre'),$request->get('emailre-re'), + $request->get('pwdre'), $request->get('pwdre-re'),$request->get('nick'))){ + return $app->redirect($app["url_generator"]->generate('home')); + }else{ + return loginRegister("sing-up",2); + } + } +} + +$app->get('logout',function(Request $request) use ($app){ + logout(); + return $app->redirect($app['url_generator']->generate('home')); +})->bind('logout'); + +$app->get('/user', function(Request $request) use ($app){ + connectDB(); + $user = getUser($app); + if($user == null) + $app->abort('403'); + + $status = 0; + if($request->getMethod() == 'POST'){ + $passact = $request->get("passact"); + $newpass = $request->get("newpass"); + $newpassre = $request->get("newpass-re"); + if($app['db']->checkPass($user['email'],$passact) && $newpass == $newpassre){ + $status=1; + $app['db']->updatePass($user['IDU'],$newpass); + }else + $status=2; + $app['db']->close(); + } + $page = array( + "page" => "user", + "title" => "$user[nick]", + "description" => "NOT RELEVANT", + "status" => $status + ); + return $app['twig']->render($app['fronthtml']."/user.twig",array("page"=>$page,"user"=>$user)); + +})->bind('user')->method('GET|POST'); + +/* Error Codes */ +function HTTPError($code){ + switch($code){ + case 401: + $text = "Unauthorized user"; + break; + case 403: + $text = "Forbidden page"; + break; + case 404: + $text = "Page not found"; + break; + case 503: + $text = "Database unavailable"; + break; + case 500: + $text = "Internal server error"; + break; + default: + $text = "Please, return to home page"; + $code = "Internal error"; + break; + } + return array("text"=>$text,"number"=>$code); +} + +$app->error(function (\Exception $e,$request, $code) use ($app) { + $user = null; + try{ + $user = getUser($app); + }catch(Throwable $ex){ + //Nothing + } + if ($app['debug']) { + return; + }else{ + + $error = HTTPError($code); + return $app['twig']->render($app['fronthtml'].'/error.twig', Array( + 'page' => array("title"=>$code), + 'error' => $error, + 'user' => $user, + )); + + } +}); + + diff --git a/Source/src/dbToTable.php b/Source/src/dbToTable.php index 8b7aa7d..563265d 100644 --- a/Source/src/dbToTable.php +++ b/Source/src/dbToTable.php @@ -64,6 +64,6 @@ function otherImplementationToArray($db,&$query,$supported){ return $other; } -function otherVersionToArray($db,&$query,&$supported){ +function otherVersionToArray($db,$query,$supported){ return lastToArray($db,$query,$supported); } \ No newline at end of file diff --git a/Source/src/users.php b/Source/src/users.php index e8e0e1d..24169d8 100644 --- a/Source/src/users.php +++ b/Source/src/users.php @@ -6,6 +6,17 @@ * Time: 19:06 */ +function checkInfo($request){ + $email = $request->get('email'); + $emailre = $request->get('emailre'); + if ($email != null) + return 1; + else if ($emailre != null) + return 2; + else + return 3; +} + /** * Check if login is correct * @@ -37,8 +48,10 @@ function checklogin($email,$pass){ * @param $nick new user's nickname * @return bool true if email never exists before, else false */ -function register($email,$pass,$nick){ +function register($email,$emailre,$pass,$passre,$nick){ $db = new DB(); + if($emailre != $email || $pass != $passre) + return false; $bool = $db->register($email,$pass,$nick); if($bool) { $db->close(); @@ -61,7 +74,7 @@ function getUser($app){ $user=null; if(isset($_SESSION['sessionID'])){ if($app['db']->checkCookie($_SESSION['sessionID'],$_SESSION['token'])){ - $user = $db->loadProfile($_SESSION['sessionID']); + $user = $app['db']->loadProfile($_SESSION['sessionID']); } } return $user;