diff --git a/README.md b/README.md index d3073b6..2268bb5 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,10 @@ If you prefer, you can clone this repository or use the "Download Zip" button to 3. Open both files for editing 4. Copy your settings over the new settings (making sure that you don't delete any new settings - it will be obvious if you do this if you have error reporting enabled) +### Breaking Changes +From time to time breaking changes will be made. By this I mean additions and / or deletions to the settings that can be found at the top of your wiki's `index.php`. They will be listed here so you can manually update your settings if required. + + * (no breaking changes have been made yet) ### Building Pepperminty Wiki uses a simple PHP based build script. If you want to run this script yourself (for whatever reason), follow these instructions: diff --git a/core.php b/core.php index 1a508f9..3247a5f 100644 --- a/core.php +++ b/core.php @@ -6,6 +6,7 @@ $start_time = time(true); /////////////////////////////////////////////////////////////////////////////////////////////// /////////////// Do not edit below this line unless you know what you are doing! /////////////// /////////////////////////////////////////////////////////////////////////////////////////////// +$version = "0.4-dev"; session_start(); ///////// Login System ///////// //clear expired sessions @@ -648,7 +649,13 @@ switch($_GET["action"]) ---
- "; + - One + - Two + - Three + +

Administrator Actions

+

By default, the delete and move actions are shown on the nav bar. These can be used by administrators to delete or move pages.

+

The other thing admininistrators can do is update the wiki (provided they know the site's secret). This page can be found here: Update $sitename.

"; exit(renderpage($title, $content)); break; @@ -757,6 +764,67 @@ switch($_GET["action"]) exit(renderpage($title, $content)); break; + /* + * _ _ + * _ _ _ __ __| |__ _| |_ ___ + * | || | '_ \/ _` / _` | _/ -_) + * \_,_| .__/\__,_\__,_|\__\___| + * |_| %update% + */ + case "update": + if(!$isadmin) + { + http_response_code(401); + exit(renderpage("Update - Error", "

You must be an administrator to do that.

")); + } + + if(!isset($_GET["do"]) or $_GET["do"] !== "true") + { + exit(renderpage("Update $sitename", "

This page allows you to update $sitename.

+

Currently, $sitename is using $version of Pepperminty Wiki.

+

This script will automatically download and install the latest version of Pepperminty Wiki from the url of your choice (see settings), regardless of whether an update is acutally needed (version checking isn't implemented yet).

+

To update $sitename, fill out the form below and click click the update button.

+
+ + + + + +
")); + } + + if(!isset($_GET["secret"]) or $_GET["secret"] !== $sitesecret) + { + exit(renderpage("Update $sitename - Error", "

You forgot to enter $sitename's secret code or entered it incorrectly. $sitename's secret can be found in the settings portion of index.php.

")); + } + + $settings_separator = "/////////////// Do not edit below this line unless you know what you are doing! ///////////////"; + + $log = "Beginning update...\n"; + + $log .= "I am " . __FILE__ . ".\n"; + $oldcode = file_get_contents(__FILE__); + $log .= "Fetching new code..."; + $newcode = file_get_contents($updateurl); + $log .= "done.\n"; + + $log .= "Rewriting " . __FILE__ . "..."; + $settings = substr($oldcode, 0, strpos($oldcode, $settings_separator)); + $code = substr($newcode, strpos($newcode, $settings_separator)); + $result = $settings . $code; + $log .= "done.\n"; + + $log .= "Saving..."; + file_put_contents(__FILE__, $result); + $log .= "done.\n"; + + $log .= "Update complete. I am now running on the latest version of $sitename."; + $log .= "The version number that I have updated to can be found on the credits or help ages." + + exit(renderpage("Update - Success", "")); + + break; + /* * _ _ * | |__ __ _ ___| |__ diff --git a/index.php b/index.php index 5467db9..9cde90a 100755 --- a/index.php +++ b/index.php @@ -15,49 +15,50 @@ $start_time = time(true); * #1 - Incorrect closing tag - nibreh */ -//the site's name +// the site's name $sitename = "Pepperminty Wiki"; -//the url from which to fetch updates. Defaults to the master (development) branch If there is sufficient demand, a separate stable branch will be created. +// the url from which to fetch updates. Defaults to the master (development) branch If there is sufficient demand, a separate stable branch will be created. //currently not implemented (yet). +// MAKE SURE THAT THIS POINTS TO A HTTP URL, OTHERWISE SOMEONE COULD INJECT A VIRUS INTO YOUR WIKI $updateurl = "https://raw.githubusercontent.com/sbrl/pepperminty-wiki/master/index.php"; -//the secret key used to perform 'dangerous' actions, like updating the wiki, and deleting pages. It is strongly advised that you change this! -//note that neither of these features have been added yet. +// the secret key used to perform 'dangerous' actions, like updating the wiki, and deleting pages. It is strongly advised that you change this! +// note that (semi)automatic updating of your wiki has not been added yet. $sitesecret = "ed420502615bac9037f8f12abd4c9f02"; -//whether people can edit the site +// whether people can edit the site $editing = true; -//the maximum number of characters allowed in a single page +// the maximum number of characters allowed in a single page $maxpagesize = 135000; //135,000 characters, or 50 pages -//whether users who aren't logged in are allowed to edit +// whether users who aren't logged in are allowed to edit $anonedits = false; -//the name of the page that will act as the home page for the wiki. This page will be served if the user didn't specify a page. +// the name of the page that will act as the home page for the wiki. This page will be served if the user didn't specify a page. $defaultpage = "Main Page"; -//usernames and passwords - passwords should be hashed with sha256 +// usernames and passwords - passwords should be hashed with sha256 $users = [ "admin" => "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", //password "user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese ]; -//array of usernames that are administrators. -//administrators can delete and move pages, though this functionality hasn't been added yet. +// array of usernames that are administrators. +// administrators can delete and move pages, though this functionality hasn't been added yet. $admins = [ "admin" ]; -//The string that is prepended before an admin's name on the nav bar. defaults to a diamond shape (◆). +// The string that is prepended before an admin's name on the nav bar. defaults to a diamond shape (◆). $admindisplaychar = "◆"; -//contact details for the site administrator. Since user can only be added by editing this file, people will need a contact address to use to ask for an account. Displayed at the bottom of the page, and will be appropriatly obfusticateed to deter spammers. +// contact details for the site administrator. Since user can only be added by editing this file, people will need a contact address to use to ask for an account. Displayed at the bottom of the page, and will be appropriatly obfusticated to deter spammers. $admindetails = [ "name" => "Administrator", "email" => "admin@localhost" ]; -//array of links and display text to display at the top of the site +// array of links and display text to display at the top of the site $navlinks = [ [ "Home", "index.php" ], [ "Login", "index.php?action=login" ], @@ -77,8 +78,8 @@ $navlinks = [ [ "Help", "index.php?action=help" ] ]; -//string of css to include -//may be a url - urls will be referenced via a tag +// string of css to include +// may be a url - urls will be referenced via a tag $css = "body { font-family: sans-serif; color: #333333; background: #f3f3f3; } label { display: inline-block; min-width: 10rem; } textarea[name=content] { display: block; width: 100%; height: 35rem; } @@ -87,14 +88,14 @@ nav { position: absolute; top: 5px; right: 5px; } th { text-align: left; } .sitename { text-align: center; font-size: 2.5rem; color: #222222; } .footerdivider { margin-top: 4rem; }"; -//the favicon -//default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 +// the favicon +// default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 $favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAB3VBMVEXhERHbKCjeVVXjb2/kR0fhKirdHBziDg6qAADaHh7qLy/pdXXUNzfMAADYPj7ZPDzUNzfbHx/fERHpamrqMTHgExPdHx/bLCzhLS3fVFTjT0/ibm7kRkbiLi7aKirdISHeFBTqNDTpeHjgERHYJCTVODjYQkLaPj6/AADVOTnpbW3cIyPdFRXcJCThMjLiTU3ibW3fVVXaKyvcERH4ODj+8fH/////fHz+Fxf4KSn0UFD/CAj/AAD/Xl7/wMD/EhL//v70xMT/+Pj/iYn/HBz/g4P/IyP/Kyv/7Oz0QUH/9PT/+vr/ior/Dg7/vr7/aGj/QED/bGz/AQH/ERH/Jib/R0f/goL/0dH/qan/YWH/7e3/Cwv4R0f/MTH/enr/vLz/u7v/cHD/oKD/n5//aWn+9/f/k5P/0tL/trb/QUH/cXH/dHT/wsL/DQ3/p6f/DAz/1dX/XV3/kpL/i4v/Vlb/2Nj/9/f/pKT+7Oz/V1f/iIj/jIz/r6//Zmb/lZX/j4//T0//Dw/4MzP/GBj/+fn/o6P/TEz/xMT/b2//Tk7/OTn/HR3/hIT/ODj/Y2P/CQn/ZGT/6Oj0UlL/Gxv//f3/Bwf/YmL/6+v0w8P/Cgr/tbX0QkL+9fX4Pz/qNzd0dFHLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfeCxINNSdmw510AAAA5ElEQVQYGQXBzSuDAQCA8eexKXOwmSZepa1JiPJxsJOrCwcnuchBjg4O/gr7D9zk4uAgJzvuMgcTpYxaUZvSm5mUj7TX7ycAqvoLIJBwStVbP0Hom1Z/ejoxrbaR1Jz6nWinbKWttGRgMSSjanPktRY6mB9WtRNTn7Ilh7LxnNpKq2/x5LnBitfz+hx0qxUaxhZ6vwqq9bx6f2XXvuUl9SVQS38NR7cvln3v15tZ9bQpuWDtZN3Lgh5DWJex3Y+z1KrVhw21+CiM74WZo83DiXq0dVBDYNJkFEU7WrwDAZhRtQrwDzwKQbT6GboLAAAAAElFTkSuQmCC"; -//the prefix that should be used in the names of the session variables. -//defaults to an all lower case version of the site name with all non alphanumeric characters removed -//remember that changing this will log everyone out since the session varibles' name will have changed -//normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details +// the prefix that should be used in the names of the session variables. +// defaults to an all lower case version of the site name with all non alphanumeric characters removed +// remember that changing this will log everyone out since the session varibles' name will have changed +// normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details $sessionprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); /* @@ -107,13 +108,16 @@ Actions: save - save edits to page page - page name list - list pages - category - the category to list [optional] + category - the category to list [optional] [unimplemented] login - login to the site logout - logout checklogin - check login credentials and set cookie hash - hash a string with sha256 string - string to hash help - get help + update - update the wiki + do - set to `true` to actually update the wiki + secret - set to the value of the site's secret credits - view the credits delete - delete a page page - page name @@ -124,6 +128,7 @@ Actions: /////////////////////////////////////////////////////////////////////////////////////////////// /////////////// Do not edit below this line unless you know what you are doing! /////////////// /////////////////////////////////////////////////////////////////////////////////////////////// +$version = "0.4-dev"; session_start(); ///////// Login System ///////// //clear expired sessions @@ -766,7 +771,13 @@ switch($_GET["action"]) ---
- "; + - One + - Two + - Three
  • One
  • Two
  • Three
+ +

Administrator Actions

+

By default, the delete and move actions are shown on the nav bar. These can be used by administrators to delete or move pages.

+

The other thing admininistrators can do is update the wiki (provided they know the site's secret). This page can be found here: Update $sitename.

"; exit(renderpage($title, $content)); break; @@ -875,6 +886,61 @@ switch($_GET["action"]) exit(renderpage($title, $content)); break; + /* + * _ _ + * _ _ _ __ __| |__ _| |_ ___ + * | || | '_ \/ _` / _` | _/ -_) + * \_,_| .__/\__,_\__,_|\__\___| + * |_| %update% + */ + case "update": + if(!$isadmin) + { + http_response_code(401); + exit(renderpage("Update - Error", "

You must be an administrator to do that.

")); + } + + if(!isset($_GET["do"]) or $_GET["do"] !== "true") + { + exit(renderpage("Update $sitename", "

This page allows you to update $sitename.

+

Currently, $sitename is using $version of Pepperminty Wiki.

+

This script will automatically download and install the latest version of Pepperminty Wiki from the url of your choice (see settings), regardless of whether an update is acutally needed (version checking isn't implemented yet).

+

To update $sitename, fill out the form below and click click the update button.

+
+ + + + + +
")); + } + + if(!isset($_GET["secret"]) or $_GET["secret"] !== $sitesecret) + { + exit(renderpage("Update $sitename - Error", "

You forgot to enter $sitename's secret code or entered it incorrectly. $sitename's secret can be found in the settings portion of index.php.

")); + } + + $settings_separator = "/////////////// Do not edit below this line unless you know what you are doing! ///////////////"; + + $log = "Beginning update...\n"; + + $log .= "I am " . __FILE__ . ".\n"; + $oldcode = file_get_contents(__FILE__); + $log .= "Fetching new code..."; + $newcode = file_get_contents($updateurl); + $log .= "done.\n"; + + $log .= "Rewriting " . __FILE__ . "..."; + $settings = substr($oldcode, 0, strpos($oldcode, $settings_separator)); + $code = substr($newcode, strpos($newcode, $settings_separator)); + $result = $settings . $code; + $log .= "done.\n"; + header("content-type: text/php"); + echo("$log\n\n"); + exit($result); + + break; + /* * _ _ * | |__ __ _ ___| |__ diff --git a/settings.fragment.php b/settings.fragment.php index 83f5063..5ecf39d 100644 --- a/settings.fragment.php +++ b/settings.fragment.php @@ -12,49 +12,50 @@ * #1 - Incorrect closing tag - nibreh */ -//the site's name +// the site's name $sitename = "Pepperminty Wiki"; -//the url from which to fetch updates. Defaults to the master (development) branch If there is sufficient demand, a separate stable branch will be created. +// the url from which to fetch updates. Defaults to the master (development) branch If there is sufficient demand, a separate stable branch will be created. //currently not implemented (yet). +// MAKE SURE THAT THIS POINTS TO A HTTP URL, OTHERWISE SOMEONE COULD INJECT A VIRUS INTO YOUR WIKI $updateurl = "https://raw.githubusercontent.com/sbrl/pepperminty-wiki/master/index.php"; -//the secret key used to perform 'dangerous' actions, like updating the wiki, and deleting pages. It is strongly advised that you change this! -//note that neither of these features have been added yet. +// the secret key used to perform 'dangerous' actions, like updating the wiki, and deleting pages. It is strongly advised that you change this! +// note that (semi)automatic updating of your wiki has not been added yet. $sitesecret = "ed420502615bac9037f8f12abd4c9f02"; -//whether people can edit the site +// whether people can edit the site $editing = true; -//the maximum number of characters allowed in a single page +// the maximum number of characters allowed in a single page $maxpagesize = 135000; //135,000 characters, or 50 pages -//whether users who aren't logged in are allowed to edit +// whether users who aren't logged in are allowed to edit $anonedits = false; -//the name of the page that will act as the home page for the wiki. This page will be served if the user didn't specify a page. +// the name of the page that will act as the home page for the wiki. This page will be served if the user didn't specify a page. $defaultpage = "Main Page"; -//usernames and passwords - passwords should be hashed with sha256 +// usernames and passwords - passwords should be hashed with sha256 $users = [ "admin" => "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", //password "user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese ]; -//array of usernames that are administrators. -//administrators can delete and move pages, though this functionality hasn't been added yet. +// array of usernames that are administrators. +// administrators can delete and move pages, though this functionality hasn't been added yet. $admins = [ "admin" ]; -//The string that is prepended before an admin's name on the nav bar. defaults to a diamond shape (◆). +// The string that is prepended before an admin's name on the nav bar. defaults to a diamond shape (◆). $admindisplaychar = "◆"; -//contact details for the site administrator. Since user can only be added by editing this file, people will need a contact address to use to ask for an account. Displayed at the bottom of the page, and will be appropriatly obfusticateed to deter spammers. +// contact details for the site administrator. Since user can only be added by editing this file, people will need a contact address to use to ask for an account. Displayed at the bottom of the page, and will be appropriatly obfusticated to deter spammers. $admindetails = [ "name" => "Administrator", "email" => "admin@localhost" ]; -//array of links and display text to display at the top of the site +// array of links and display text to display at the top of the site $navlinks = [ [ "Home", "index.php" ], [ "Login", "index.php?action=login" ], @@ -74,8 +75,8 @@ $navlinks = [ [ "Help", "index.php?action=help" ] ]; -//string of css to include -//may be a url - urls will be referenced via a tag +// string of css to include +// may be a url - urls will be referenced via a tag $css = "body { font-family: sans-serif; color: #333333; background: #f3f3f3; } label { display: inline-block; min-width: 10rem; } textarea[name=content] { display: block; width: 100%; height: 35rem; } @@ -84,14 +85,14 @@ nav { position: absolute; top: 5px; right: 5px; } th { text-align: left; } .sitename { text-align: center; font-size: 2.5rem; color: #222222; } .footerdivider { margin-top: 4rem; }"; -//the favicon -//default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 +// the favicon +// default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 $favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAB3VBMVEXhERHbKCjeVVXjb2/kR0fhKirdHBziDg6qAADaHh7qLy/pdXXUNzfMAADYPj7ZPDzUNzfbHx/fERHpamrqMTHgExPdHx/bLCzhLS3fVFTjT0/ibm7kRkbiLi7aKirdISHeFBTqNDTpeHjgERHYJCTVODjYQkLaPj6/AADVOTnpbW3cIyPdFRXcJCThMjLiTU3ibW3fVVXaKyvcERH4ODj+8fH/////fHz+Fxf4KSn0UFD/CAj/AAD/Xl7/wMD/EhL//v70xMT/+Pj/iYn/HBz/g4P/IyP/Kyv/7Oz0QUH/9PT/+vr/ior/Dg7/vr7/aGj/QED/bGz/AQH/ERH/Jib/R0f/goL/0dH/qan/YWH/7e3/Cwv4R0f/MTH/enr/vLz/u7v/cHD/oKD/n5//aWn+9/f/k5P/0tL/trb/QUH/cXH/dHT/wsL/DQ3/p6f/DAz/1dX/XV3/kpL/i4v/Vlb/2Nj/9/f/pKT+7Oz/V1f/iIj/jIz/r6//Zmb/lZX/j4//T0//Dw/4MzP/GBj/+fn/o6P/TEz/xMT/b2//Tk7/OTn/HR3/hIT/ODj/Y2P/CQn/ZGT/6Oj0UlL/Gxv//f3/Bwf/YmL/6+v0w8P/Cgr/tbX0QkL+9fX4Pz/qNzd0dFHLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfeCxINNSdmw510AAAA5ElEQVQYGQXBzSuDAQCA8eexKXOwmSZepa1JiPJxsJOrCwcnuchBjg4O/gr7D9zk4uAgJzvuMgcTpYxaUZvSm5mUj7TX7ycAqvoLIJBwStVbP0Hom1Z/ejoxrbaR1Jz6nWinbKWttGRgMSSjanPktRY6mB9WtRNTn7Ilh7LxnNpKq2/x5LnBitfz+hx0qxUaxhZ6vwqq9bx6f2XXvuUl9SVQS38NR7cvln3v15tZ9bQpuWDtZN3Lgh5DWJex3Y+z1KrVhw21+CiM74WZo83DiXq0dVBDYNJkFEU7WrwDAZhRtQrwDzwKQbT6GboLAAAAAElFTkSuQmCC"; -//the prefix that should be used in the names of the session variables. -//defaults to an all lower case version of the site name with all non alphanumeric characters removed -//remember that changing this will log everyone out since the session varibles' name will have changed -//normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details +// the prefix that should be used in the names of the session variables. +// defaults to an all lower case version of the site name with all non alphanumeric characters removed +// remember that changing this will log everyone out since the session varibles' name will have changed +// normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details $sessionprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($sitename)); /* @@ -104,13 +105,16 @@ Actions: save - save edits to page page - page name list - list pages - category - the category to list [optional] + category - the category to list [optional] [unimplemented] login - login to the site logout - logout checklogin - check login credentials and set cookie hash - hash a string with sha256 string - string to hash help - get help + update - update the wiki + do - set to `true` to actually update the wiki + secret - set to the value of the site's secret credits - view the credits delete - delete a page page - page name