From 19a3704acbf9801c0b1491a84828496ef46bc840 Mon Sep 17 00:00:00 2001
From: Cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 23 Jan 2021 11:24:05 -0700
Subject: Form cleanup and better password hashing

---
 create_topic.php         | 69 +++++++++++++++++++++++++++++++++++-----
 header.php               |  4 +--
 includes/signout_inc.php |  1 +
 includes/topic_inc.php   | 47 ---------------------------
 register.php             | 82 +++++++++++++++++++++++++++---------------------
 reply.php                | 30 ------------------
 signin.php               | 68 ++++++++++++++++++++++++---------------
 topic.php                | 36 +++++++++++++--------
 8 files changed, 176 insertions(+), 161 deletions(-)
 delete mode 100644 includes/topic_inc.php
 delete mode 100644 reply.php

diff --git a/create_topic.php b/create_topic.php
index 2953646..278d0fa 100644
--- a/create_topic.php
+++ b/create_topic.php
@@ -9,12 +9,11 @@ if (!isset($_SESSION['signed_in'])) {
 } 
 ?>
 
-<form action="includes/topic_inc.php" method="post">
+<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
 	<label for="topic_subject">Subject: </label><br>
 	<input type="text" name="topic_subject"><br>
 	<label for="topic_cat">Category: </label><br>
-	<select name="topic_cat">';
-		<?php
+	<?php
 		include_once 'includes/db_inc.php';
 
 		$sql = "SELECT cat_id, cat_name, cat_description FROM categories";
@@ -28,11 +27,14 @@ if (!isset($_SESSION['signed_in'])) {
 			die('There are currently no categories to post to.');
 		} 
 
+		echo '<select name="topic_cat">';
+
 		while ($row = mysqli_fetch_assoc($result)) {
 			echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
 		}
-		?>
-	</select><br>
+
+		echo '</select><br>';
+	?>
 	<label for="post_content">Write your post: </label><br>
 	<textarea name="post_content"></textarea><br>
 	<input type="submit" name="submit">
@@ -40,5 +42,58 @@ if (!isset($_SESSION['signed_in'])) {
 </section>
 
 <?php
-include 'footer.php';
-?>
\ No newline at end of file
+include_once 'includes/db_inc.php';
+
+function create_topic($dbc, $topic_subject, $topic_cat, $topic_author) {
+	$sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES(?, NOW(), ?, ?);";
+	$stmt = mysqli_stmt_init($dbc);
+
+	if (!mysqli_stmt_prepare($stmt, $sql)) {
+		die('Could not create topic due to internal error: ' . mysqli_error($dbc));
+	}
+
+	mysqli_stmt_bind_param($stmt, "sii", $topic_subject, $topic_cat, $topic_author);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
+}
+
+function create_post($dbc, $post_content, $post_topic, $post_author) {
+	$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(?, NOW(), ?, ?);";
+	$stmt = mysqli_stmt_init($dbc);
+
+	if (!mysqli_stmt_prepare($stmt, $sql)) {
+		die('Could not create topic due to internal error: ' . mysqli_error($dbc));
+	}
+
+	mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_topic, $post_author);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
+}
+
+function validate($data)  {
+	$data = trim($data);
+	$data = stripslashes($data);
+	$data = htmlspecialchars($data);
+	return $data;
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	$post_content = validate($_POST['post_content']);
+	$topic_subject = validate($_POST['topic_subject']);
+	$topic_cat = validate($_POST['topic_cat']);
+	$user_id = validate($_SESSION['user_id']);
+
+	create_topic($dbc, $topic_subject, $topic_cat, $user_id);
+	$topic_id = mysqli_insert_id($dbc);
+	create_post($dbc, $post_content, $topic_id, $user_id);
+
+	if (!$post_result) {
+		echo 'An error occurred creating your post: ' . mysqli_error($dbc);
+	}
+
+	header("Location: topic.php?id=" . $topic_id);
+}
+
+?>
+
+<?php include_once 'footer.php';?>
\ No newline at end of file
diff --git a/header.php b/header.php
index 935f063..9d57fba 100644
--- a/header.php
+++ b/header.php
@@ -5,13 +5,13 @@ session_start();
 <!DOCTYPE html>
 <html>
 <head>
-	<title>cflip.net forum Beta</title>
+	<title>cflip.net forum</title>
 	<link rel="stylesheet" href="styles/style.css">
 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
 <body>
 <div id="wrapper">
-	<h1 id="title">cflip.net forum</h1>
+	<h1 id="title">cflip.net forum<sub style="font-size: small;">beta</sub></h1>
 	<nav>
 		<a href="index.php">Home</a>
 		<a href="create_topic.php">Create a topic</a>
diff --git a/includes/signout_inc.php b/includes/signout_inc.php
index c86447a..7859c4f 100644
--- a/includes/signout_inc.php
+++ b/includes/signout_inc.php
@@ -1,5 +1,6 @@
 <?php
 
 session_start();
+session_unset();
 session_destroy();
 header("Location: ../index.php");
\ No newline at end of file
diff --git a/includes/topic_inc.php b/includes/topic_inc.php
deleted file mode 100644
index c16a4e0..0000000
--- a/includes/topic_inc.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<?php
-
-include_once 'db_inc.php';
-
-session_start();
-
-$sql = "BEGIN WORK;";
-$result = mysqli_query($dbc, $sql);
-
-if (!$result) {
-	echo 'An error occurred creating your topic. Try again later';
-} 
-
-$sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES(
-'" . mysqli_real_escape_string($dbc, $_POST['topic_subject']) . "', 
-NOW(), 
-" . mysqli_real_escape_string($dbc, $_POST['topic_cat']) . ", 
-" . $_SESSION['user_id'] .")";
-
-$result = mysqli_query($dbc, $sql);
-
-if (!$result) {
-	echo 'An error occured while creating your post. Please try again later.' . mysql_error();
-	$sql = "ROLLBACK;";
-	mysqli_query($dbc, $sql);
-} else {
-	$topic_id = mysqli_insert_id($dbc);
-
-	$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(
-	'" . mysqli_real_escape_string($dbc, $_POST['post_content']) . "',
-	NOW(),
-	" . $topic_id . ",
-	" . $_SESSION['user_id'] . ")";
-
-	$result = mysqli_query($dbc, $sql);
-
-	if (!$result) {
-		echo 'An error occured while creating your post. Please try again later.' . mysqli_error($dbc);
-		$sql = "ROLLBACK;";
-		mysqli_query($dbc, $sql);
-	} else {
-		$sql = "COMMIT;";
-		$result = mysqli_query($dbc, $sql);
-	}
-}
-
-header("Location: ../topic.php?id=" . $topic_id);
\ No newline at end of file
diff --git a/register.php b/register.php
index f0cb3f5..d167c2e 100644
--- a/register.php
+++ b/register.php
@@ -1,12 +1,7 @@
-<?php
-
-include_once 'header.php';
-include_once 'includes/db_inc.php';
+<?php include_once 'header.php';?>
 
-echo '<section><h2>Register an account</h2>';
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-	echo '
+<section>
+	<h2>Register an account</h2>
 	<form action="register.php" method="post">
 		<label for="user_name">Username: </label><br>
 		<input type="text" name="user_name"><br>
@@ -16,27 +11,40 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 		<input type="password" name="user_pass_check"><br>
 		<input type="submit" name="submit">
 	</form>
-	';
-} else {
+
+<?php
+include_once 'includes/db_inc.php';
+
+function validate($data)  {
+	$data = trim($data);
+	$data = stripslashes($data);
+	$data = htmlspecialchars($data);
+	return $data;
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 	$errors = array();
 
-	if (isset($_POST['user_name'])) {
-		if (!ctype_alnum($_POST['user_name'])) {
-			$errors[] = 'Invalid username. Only letters and numbers are supported.';
-		}
-		if (strlen($_POST['user_name']) > 30) {
-			$errors[] = 'Username must be 30 characters or less.';
-		}
+	$user_name = "";
+	$user_pass = "";
+
+	if (empty($_POST['user_name'])) {
+		$errors[] = "You must provide a username.";
 	} else {
-		$errors[] = 'Please provide a username.';
+		$user_name = validate($_POST['user_name']);
+		if (strlen($user_name) > 30) {
+			$errors[] = "Your username must be 30 characters or less.";
+		}
 	}
 
-	if (isset($_POST['user_pass'])) {
-		if ($_POST['user_pass'] != $_POST['user_pass_check']) {
-			$errors[] = 'The two passwords do not match.';
-		}
+	if (empty($_POST['user_pass'])) {
+		$errors[] = "You must provide a password.";
 	} else {
-		$errors[] = 'Please provide a password.';
+		$user_pass = validate($_POST['user_pass']);
+		$pass_check = validate($_POST['user_pass_check']);
+		if ($user_pass !== $pass_check) {
+			$errors[] = "The two passwords do not match.";
+		}
 	}
 
 	if (!empty($errors)) {
@@ -46,22 +54,24 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "INSERT INTO users(user_name, user_pass, user_date)
-				VALUES('" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "',
-						'" . sha1($_POST['user_pass']) . "',
-						NOW())
-				";
+		$sql = "INSERT INTO users(user_name, user_pass, user_date) VALUES(?, ?, NOW());";
+		$stmt = mysqli_stmt_init($dbc);
 
-		$result = mysqli_query($dbc, $sql);
-		if (!$result) {
-			echo 'Failed to register account due to internal error.';
-			echo mysqli_error($dbc);
-		} else {
-			echo 'Account successfully created!';
+		if (!mysqli_stmt_prepare($stmt, $sql)) {
+			die('Could not create account due to internal error: ' . mysqli_error($dbc));
 		}
+
+		$pass_hash = password_hash($user_pass, PASSWORD_DEFAULT);
+
+		mysqli_stmt_bind_param($stmt, "ss", $user_name, $pass_hash);
+		mysqli_stmt_execute($stmt);
+		mysqli_stmt_close($stmt);
+
+		echo 'Account successfully registered! You can now <a href="signin.php">sign in</a>';
 	}
 }
+?>
 
-echo '</section>';
+</section>
 
-include_once 'footer.php';
+<?php include_once 'footer.php';?>
\ No newline at end of file
diff --git a/reply.php b/reply.php
deleted file mode 100644
index 051aaa4..0000000
--- a/reply.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-
-include 'header.php';
-include_once 'connect.php';
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-	echo 'This file cannot be called directly.';
-} else {
-	if (!isset($_SESSION['signed_in'])) {
-		echo 'You must be signed in to reply to a topic.';
-	} else {
-		$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(
-		'" . mysqli_real_escape_string($dbc, $_POST['reply_content']) . "',
-		NOW(),
-		" . mysqli_real_escape_string($dbc, $_GET['reply_to']) . ",
-		" . $_SESSION['user_id'] . ")";
-
-		$result = mysqli_query($dbc, $sql);
-
-		if (!$result) {
-			echo 'An error occurred trying to reply to the post.' . mysqli_error($dbc);
-		} else {
-			echo 'Your reply has been saved, check out <a href="topic.php?id=' . $_GET['reply_to'] . '">the topic</a>.';
-		}
-	}
-}
-
-include 'footer.php';
-
-?>
\ No newline at end of file
diff --git a/signin.php b/signin.php
index 287eeda..4355afe 100644
--- a/signin.php
+++ b/signin.php
@@ -1,29 +1,39 @@
-<?php
-
-include_once 'includes/db_inc.php';
-include_once 'header.php';
+<?php include_once 'header.php';?>
 
-echo '<section><h2>Sign in</h2>';
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-	echo '
-	<form action="" method="post">
+<section>
+	<h2>Sign in</h2>
+	<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
 		<label for="user_name">Username: </label><br>
 		<input type="text" name="user_name"><br>
 		<label for="user_pass">Password: </label><br>
 		<input type="password" name="user_pass"><br>
 		<input type="submit" name="submit">
 	</form>
-	';
-} else {
-	$errors = array();
 
-	if (!isset($_POST['user_name'])) {
+<?php
+
+include_once 'includes/db_inc.php';
+
+function validate($data)  {
+	$data = trim($data);
+	$data = stripslashes($data);
+	$data = htmlspecialchars($data);
+	return $data;
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	$errors = array();
+	
+	if (empty($_POST['user_name'])) {
 		$errors[] = 'Please provide a username.';
+	} else {
+		$user_name = validate($_POST['user_name']);
 	}
 
-	if (!isset($_POST['user_pass'])) {
+	if (empty($_POST['user_pass'])) {
 		$errors[] = 'Please provide a password.';
+	} else {
+		$user_pass = $_POST['user_pass'];
 	}
 
 	if (!empty($errors)) {
@@ -33,28 +43,34 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "SELECT user_id, user_name FROM users WHERE user_name = '" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) ."'";
+		$pass_hash = password_hash($user_pass, PASSWORD_DEFAULT);
+
+		$sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';";
 		$result = mysqli_query($dbc, $sql);
 
 		if (!$result) {
-			echo 'An error occurred while signing in.';
-			echo mysqli_error($dbc);
+			echo 'An error occurred while signing in: ' . mysqli_error($dbc);
 		} else {
 			if (mysqli_num_rows($result) == 0) {
-				echo 'There is no user with that username/password combination! Please try again';
+				echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
 			} else {
-				$_SESSION['signed_in'] = true;
-
 				while ($row = mysqli_fetch_assoc($result)) {
-					$_SESSION['user_id'] = $row['user_id'];
-					$_SESSION['user_name'] = $row['user_name'];
-				}
+					if (!password_verify($user_pass, $row['user_pass'])) {
+						echo 'Password does not match!';
+					} else {
+						$_SESSION['signed_in'] = true;
+						$_SESSION['user_id'] = $row['user_id'];
+						$_SESSION['user_name'] = $row['user_name'];
 
-				echo 'You are now signed in as ' . $_SESSION['user_name'];
+						header("Location: index.php");
+					}
+				}
 			}
 		}
 	}
 }
+?>
+
+</section>
 
-echo '</section>';
-include_once 'footer.php';
\ No newline at end of file
+<?php include_once 'footer.php';?>
\ No newline at end of file
diff --git a/topic.php b/topic.php
index 216211f..751370b 100644
--- a/topic.php
+++ b/topic.php
@@ -1,6 +1,6 @@
-<?php
+<?php include_once 'header.php'; ?>
 
-include_once 'header.php';
+<?php
 include_once 'includes/db_inc.php';
 
 $sql = "SELECT topic_id, topic_subject, topic_date, user_id, user_name FROM topics LEFT JOIN users ON topic_author = user_id WHERE topic_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
@@ -40,18 +40,28 @@ if (mysqli_num_rows($result) == 0) {
 		echo '<td class="left">' . $row['post_content'] . '</td></tr>';
 	}
 	echo '</table>';
-
-	echo '
-<section>
-<form action="includes/reply_inc.php?reply_to=' . $topic_id . '" method="post">
-	<h2>Reply to this thread</h2>
-	<textarea name="reply_content"></textarea>
-	<br>
-	<input type="submit" name="submit">
-</form>
-</section>';
 }
 
 mysqli_free_result($result);
 
-include 'footer.php';
\ No newline at end of file
+if (isset($_SESSION['signed_in'])) {
+	echo '
+	<section>
+		<form action="includes/reply_inc.php?reply_to=' . $topic_id .'>" method="post">
+			<h2>Reply to this thread</h2>
+			<textarea name="reply_content"></textarea>
+			<br>
+			<input type="submit" name="submit">
+		</form>
+	</section>
+	';
+} else {
+	echo '
+	<section>
+		<a href="signin.php">Sign in</a> to reply to this thread</a>
+	</section>
+	';
+}
+
+include_once 'footer.php';
+?>
\ No newline at end of file
-- 
cgit v1.2.3