mirror/blessing-skin-server
2
0
Fork 1
mirror of https://github.com/bs-community/blessing-skin-server.git synced 2024-12-15 06:09:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

add automaticlly creating tables and remove some shit

Browse Source
This commit is contained in:
printempw 2016-01-09 23:26:14 +08:00
parent f521781ac5
commit 51443b0a0a
9 changed files with 107 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
admin/index.php Normal file
View File

@ -0,0 +1,10 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Console - Blessing Skin Server 0.1</title>
</head>
<body>
<h2>Console</h2>
</body>
</html>

52
admin/install.php Normal file
View File

@ -0,0 +1,52 @@
<?php
if (!file_exists("./install.lock")) {
require "../config.php";
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD);
echo "<h2>Blessing Skin Server Install</h2>";
if (!$con) {
die ("Can not connect to mysql, check if database info correct in config.php. ".mysql_error());
} else {
echo "Succesfully connected to mysql server.<br /><br />";
}
if(!mysql_select_db(DB_NAME, $con)){
die("Can not select database, please check if database '".DB_NAME."' really exists.");
}
echo "Selected database: ".DB_NAME."<br /><br />";
echo "Start creating tables... <br /><br />";
$query = "CREATE TABLE IF NOT EXISTS `users` (
`uid` int(11) NOT NULL AUTO_INCREMENT,
`admin` tinyint(1) NOT NULL DEFAULT '0',
`username` varchar(20) NOT NULL,
`password` varchar(32) NOT NULL,
`ip` varchar(32) NOT NULL,
PRIMARY KEY (`uid`),
UNIQUE KEY `uid` (`uid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=15;";
if(!mysql_query($query)) {
die("Creating tables failed. ".mysql_error());
}
/**
* username: admin
* password: 123456
*/
mysql_query("INSERT INTO `users` (`uid`, `admin`, `username`, `password`, `ip`) VALUES(1, 1, 'admin', 'e10adc3949ba59abbe56e057f20f883e', '')");
echo "Successfully installed. <a href='../index.php'>Index</a>";
$lock = fopen("./install.lock", w) or die("Unable to write 'install.lock'.");
fwrite($lock, time());
fclose($lock);
} else {
echo "It seems that you have already installed. <a href='../index.php'>Index</a><br /><br />";
echo "May you should delete the file 'install.lock' in /admin to unlock installing.";
}
?>

6
assets/js/login_utils.js
View File

@ -2,10 +2,10 @@
$(document).ready(function(){
if (docCookies.hasItem("uname") && docCookies.hasItem("token") && $("#login-reg").html() == 'Register') {
checkToken(docCookies.getItem("token"),function(json) {
if (json.success == 1) {
if (json.success == 1) {
showMsg("alert-success", json.msg);
window.location = "./user.php";
} else {
} else {
showMsg("alert-danger", json.msg);
}
});
@ -37,10 +37,12 @@ function changeForm(code){
$("#confirm-passwd").show();
$(".login-group").html('<button id="register" type="button" class="btn btn-default">Register</button>');
window.history.pushState(null, null, "./index.php?action=register");
document.title = "Register - Blessing Skin Server 0.1";
} else {
$(".login-title").html('Login');
$("#confirm-passwd").hide();
$(".login-group").html('<div class="checkbox-wrapper"><input id="keep" type="checkbox" class="checkbox"><label for="keep" class="checkbox-label"></label><span> Remember me</span></div><button id="login" type="button" class="btn btn-default">Log in</button>');
window.history.pushState(null, null, "./index.php?action=login");
document.title = "Login - Blessing Skin Server 0.1";
}
}

15
check.php
View File

@ -1,23 +1,24 @@
<?php
header('Access-Control-Allow-Origin*');
session_start();
session_start();
$action = $_GET['action'];
require "./connect.php";
global $arr;
if ($action == "login") {
// SQL injection protection will be done in connect.php
$uname = $_POST['uname'];
$uname = $_POST['uname'];
$passwd = md5(stripslashes(trim($_POST['passwd']))); // Use md5 to encrypt password
$arr = checkPasswd($uname, $passwd);
//$arr['msg'] = $uname;
} elseif ($action == "token") {
$uname = $_COOKIE['uname'];
$uname = $_COOKIE['uname'];
$token = $_POST['token'];
$arr = checkToken($uname, $token);
} elseif ($action == "register") {
$uname = $_POST['uname'];
$uname = $_POST['uname'];
$passwd = md5(stripslashes(trim($_POST['passwd'])));
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
@ -25,10 +26,10 @@ if ($action == "login") {
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$arr = register($uname, $passwd, $ip);
}
echo json_encode($arr);
?>
?>

8
config.php
View File

@ -1,16 +1,16 @@
<?php
/* Blessing Skin Server 数据库的名称 */
define('DB_NAME', '');
define('DB_NAME', 'skin');
/* MySQL 数据库用户名 */
define('DB_USER', '');
define('DB_USER', 'root');
/* MySQL 数据库密码 */
define('DB_PASSWD', '');
define('DB_PASSWD', 'root');
/* MySQL 主机 */
define('DB_HOST', 'localhost');
/* 盐,用于 token 验证,自行修改 */
define('SALT', '9tvsh55d*s');
?>
?>

40
connect.php
View File

@ -3,29 +3,29 @@ require "./config.php";
$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$con) {
die ("Can not connect to mysql, check if database info correct.".mysql_error());
die ("Can not connect to mysql, check if database info correct in config.php. ".mysql_error());
}
mysql_select_db(DB_NAME, $con);
function getToken($uname) {
global $con;
// Simple SQL injection protection
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = mysql_real_escape_string($uname);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$row = mysql_fetch_array($query);
return md5($row['uname'].$row['passwd'].SALT);
mysql_close($con);
}
function checkToken($uname, $token) {
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = mysql_real_escape_string($uname);
if ($token != getToken($uname)){
$arr['success'] = 0;
$arr['msg'] = "Invalid Token: ".$token;
} else {
$arr['success'] = 1;
$arr['success'] = 1;
$arr['msg'] = 'Valid Token.';
}
return $arr;
@ -33,21 +33,21 @@ function checkToken($uname, $token) {
function checkPasswd($uname, $rawPasswd) {
global $con;
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = mysql_escape_string($uname);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$row = mysql_fetch_array($query);
if (!$row['password']) {
$arr['success'] = 0;
$arr['success'] = 0;
$arr['msg'] = "Non-existent user.";
} else {
if ($row['password'] == $rawPasswd) {
$arr['success'] = 1;
$arr['msg'] = 'Logging in succeed!';
$arr['success'] = 1;
$arr['msg'] = 'Logging in succeed!';
$arr['token'] = getToken();
} else {
$arr['success'] = 0;
$arr['success'] = 0;
$arr['msg'] = "Incorrect usename or password.";
}
}
@ -57,26 +57,26 @@ function checkPasswd($uname, $rawPasswd) {
function register($uname, $passwd, $ip) {
global $con;
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = strtolower(stripslashes(trim($_POST['uname'])));
$uname = mysql_real_escape_string($uname);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$query = mysql_query("SELECT * FROM users where username='$uname'", $con);
$row = mysql_fetch_array($query);
if (!$row['password']) {
$ipQuery = mysql_query("SELECT * FROM users where ip='$ip'", $con);
$ipRow = mysql_fetch_array($ipQuery);
if(!$ipRow['username']) {
mysql_query("INSERT INTO users (username, password, ip) VALUES ('$uname', '$passwd', '$ip')", $con);
$arr['success'] = 1;
$arr['success'] = 1;
$arr['msg'] = "Registered successfully.";
} else {
$arr['success'] = 0;
$arr['success'] = 0;
$arr['msg'] = "It seems that you have already register a account with this IP address.";
}
} else {
$arr['success'] = 0;
$arr['success'] = 0;
$arr['msg'] = "User already existed.";
}
return $arr;

9
index.php
View File

@ -1,7 +1,10 @@
<?php
require "./connect.php";
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Blessing Skin Server 0.1</title>
<title>Index - Blessing Skin Server 0.1</title>
<link rel="stylesheet" href="./libs/bootstrap/bootstrap.min.css">
<link rel="stylesheet" href="./assets/css/style.css">
</head>
@ -67,7 +70,7 @@
<script type="text/javascript" src="./libs/jquery/jquery-1.9.1.min.js"></script>
<script type="text/javascript" src="./libs/cookie.js"></script>
<script type="text/javascript" src="./assets/js/login_utils.js"></script>
<?php
<?php
if ($_GET["action"] == "register") {
echo "<script>changeForm(1);</script>";
}
@ -75,4 +78,4 @@ if ($_GET["msg"]) {
echo "<script>showMsg('alert-warning','".$_GET['msg']."');</script>";
}?>
<script type="text/javascript" src="./assets/js/ajax.js"></script>
</html>
</html>

43
sql/users.sql
View File

@ -1,43 +0,0 @@
-- phpMyAdmin SQL Dump
--
-- 主机: localhost
-- 生成日期: 2016-01-03 14:15:15
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
--
-- 数据库: `skin`
--
-- --------------------------------------------------------
--
-- 表的结构 `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`uid` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(20) NOT NULL,
`password` varchar(32) NOT NULL,
`ip` varchar(32) NOT NULL,
PRIMARY KEY (`uid`),
UNIQUE KEY `uid` (`uid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=15 ;
--
-- 转存表中的数据 `users`
--
INSERT INTO `users` (`uid`, `username`, `password`, `ip`) VALUES
(1, 'admin', 'd29920ef0f3867b6b8fde12b9f2051db', '');
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

6
user.php
View File

@ -1,11 +1,11 @@
<?php
<?php
if (!$_COOKIE["token"] && !$_COOKIE["uname"]) {
echo "<script>window.location = './index.php?msg=Illegal access. Please login.';</script>";
}?>
<!DOCTYPE HTML>
<html>
<head>
<title>Blessing Skin Server 0.1</title>
<title>Upload - Blessing Skin Server 0.1</title>
<link rel="stylesheet" href="./libs/bootstrap/bootstrap.min.css">
<link rel="stylesheet" href="./assets/css/style.css">
</head>
@ -70,4 +70,4 @@ if (file_exists($capeFile)) {
}
echo "<script>MSP.changeCape(dcape);</script>";
?>
</html>
</html>