*/ $settings = new stdClass(); // the site's name $settings->sitename = "Pepperminty Wiki"; // the url from which to fetch updates. Defaults to the master (development) branch If there is sufficient demand, a separate stable branch will be created. //currently not implemented (yet). // MAKE SURE THAT THIS POINTS TO A HTTPS URL, OTHERWISE SOMEONE COULD INJECT A VIRUS INTO YOUR WIKI $settings->updateurl = "https://raw.githubusercontent.com/sbrl/pepperminty-wiki/master/index.php"; // the secret key used to perform 'dangerous' actions, like updating the wiki, and deleting pages. It is strongly advised that you change this! // note that (semi)automatic updating of your wiki has not been added yet. $settings->sitesecret = "ed420502615bac9037f8f12abd4c9f02"; // whether people can edit the site $settings->editing = true; // the maximum number of characters allowed in a single page $settings->maxpagesize = 135000; //135,000 characters, or 50 pages // whether users who aren't logged in are allowed to edit $settings->anonedits = false; // the name of the page that will act as the home page for the wiki. This page will be served if the user didn't specify a page. $settings->defaultpage = "Main Page"; // the default action. This action will be performed if no other action is specified. $settings->defaultaction = "view"; // usernames and passwords - passwords should be hashed with sha256 $settings->users = [ "admin" => "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", //password "user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese ]; // array of usernames that are administrators. // administrators can delete and move pages, though this functionality hasn't been added yet. $settings->admins = [ "admin" ]; // The string that is prepended before an admin's name on the nav bar. defaults to a diamond shape (◆). $settings->admindisplaychar = "◆"; // contact details for the site administrator. Since user can only be added by editing this file, people will need a contact address to use to ask for an account. Displayed at the bottom of the page, and will be appropriatly obfusticated to deter spammers. $settings->admindetails = [ "name" => "Administrator", "email" => "admin@localhost" ]; // array of links and display text to display at the top of the site $settings->navlinks = [ [ "Home", "index.php" ], [ "Login", "index.php?action=login" ], " | ", "search", " | ", [ "Read", "index.php?page={page}" ], [ "Edit", "index.php?action=edit&page={page}" ], [ "Printable", "index.php?action=view&printable=yes&page={page}" ], " | ", [ $settings->admindisplaychar . "Delete", "index.php?action=delete&page={page}" ], [ $settings->admindisplaychar . "Move", "index.php?action=move&page={page}" ], " | ", [ "All Pages", "index.php?action=list" ], " | ", [ "Credits", "index.php?action=credits" ], [ "Help", "index.php?action=help" ] ]; // string of css to include // may be a url - urls will be referenced via a tag $settings->css = "body { font-family: sans-serif; color: #333333; background: #f3f3f3; } label { display: inline-block; min-width: 10rem; } textarea[name=content] { display: block; width: 100%; height: 35rem; } /*input[name=page] { width: 16rem; }*/ nav { position: absolute; top: 5px; right: 5px; } th { text-align: left; } .sitename { text-align: center; font-size: 2.5rem; color: #222222; } .footerdivider { margin-top: 4rem; }"; // the favicon // default: peppermint from https://openclipart.org/detail/19571/peppermint-candy-by-bluefrog23 $settings->favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAB3VBMVEXhERHbKCjeVVXjb2/kR0fhKirdHBziDg6qAADaHh7qLy/pdXXUNzfMAADYPj7ZPDzUNzfbHx/fERHpamrqMTHgExPdHx/bLCzhLS3fVFTjT0/ibm7kRkbiLi7aKirdISHeFBTqNDTpeHjgERHYJCTVODjYQkLaPj6/AADVOTnpbW3cIyPdFRXcJCThMjLiTU3ibW3fVVXaKyvcERH4ODj+8fH/////fHz+Fxf4KSn0UFD/CAj/AAD/Xl7/wMD/EhL//v70xMT/+Pj/iYn/HBz/g4P/IyP/Kyv/7Oz0QUH/9PT/+vr/ior/Dg7/vr7/aGj/QED/bGz/AQH/ERH/Jib/R0f/goL/0dH/qan/YWH/7e3/Cwv4R0f/MTH/enr/vLz/u7v/cHD/oKD/n5//aWn+9/f/k5P/0tL/trb/QUH/cXH/dHT/wsL/DQ3/p6f/DAz/1dX/XV3/kpL/i4v/Vlb/2Nj/9/f/pKT+7Oz/V1f/iIj/jIz/r6//Zmb/lZX/j4//T0//Dw/4MzP/GBj/+fn/o6P/TEz/xMT/b2//Tk7/OTn/HR3/hIT/ODj/Y2P/CQn/ZGT/6Oj0UlL/Gxv//f3/Bwf/YmL/6+v0w8P/Cgr/tbX0QkL+9fX4Pz/qNzd0dFHLAAAAAXRSTlMAQObYZgAAAAFiS0dEAIgFHUgAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfeCxINNSdmw510AAAA5ElEQVQYGQXBzSuDAQCA8eexKXOwmSZepa1JiPJxsJOrCwcnuchBjg4O/gr7D9zk4uAgJzvuMgcTpYxaUZvSm5mUj7TX7ycAqvoLIJBwStVbP0Hom1Z/ejoxrbaR1Jz6nWinbKWttGRgMSSjanPktRY6mB9WtRNTn7Ilh7LxnNpKq2/x5LnBitfz+hx0qxUaxhZ6vwqq9bx6f2XXvuUl9SVQS38NR7cvln3v15tZ9bQpuWDtZN3Lgh5DWJex3Y+z1KrVhw21+CiM74WZo83DiXq0dVBDYNJkFEU7WrwDAZhRtQrwDzwKQbT6GboLAAAAAElFTkSuQmCC"; // the prefix that should be used in the names of the session variables. // defaults to an all lower case version of the site name with all non alphanumeric characters removed // remember that changing this will log everyone out since the session varibles' name will have changed // normally you wouldn't have to change this - this setting is left over from when we used a cookie to store login details $settings->sessionprefix = preg_replace("/[^0-9a-z]/i", "", strtolower($settings->sitename)); /* Actions: view - view a page page - page name printable=[yes/no] - make output printable edit - open editor for page page - page name save - save edits to page page - page name list - list pages category - the category to list [optional] [unimplemented] login - login to the site logout - logout checklogin - check login credentials and set cookie hash - hash a string with sha256 string - string to hash help - get help update - update the wiki do - set to `true` to actually update the wiki secret - set to the value of the site's secret credits - view the credits delete - delete a page page - page name delete=yes - actually do the deletion (otherwise we display a prompt) */ /////////////////////////////////////////////////////////////////////////////////////////////// /////////////// Do not edit below this line unless you know what you are doing! /////////////// /////////////////////////////////////////////////////////////////////////////////////////////// $version = "0.5"; session_start(); ///////// Login System ///////// //clear expired sessions if(isset($_SESSION["$settings->sessionprefix-expiretime"]) and $_SESSION["$settings->sessionprefix-expiretime"] < time()) { //clear the session variables $_SESSION = []; session_destroy(); } if(!isset($_SESSION[$settings->sessionprefix . "-user"]) and !isset($_SESSION[$settings->sessionprefix . "-pass"])) { //the user is not logged in $isloggedin = false; } else { $user = $_SESSION[$settings->sessionprefix . "-user"]; $pass = $_SESSION[$settings->sessionprefix . "-pass"]; if($settings->users[$user] == $pass) { //the user is logged in $isloggedin = true; } else { //the user's login details are invalid (what is going on here?) //unset the session variables, treat them as an anonymous user, and get out of here $isloggedin = false; unset($user); unset($pass); //clear the session data $_SESSION = []; //delete al lthe variables session_destroy(); //destroy the session } } //check to see if the currently logged in user is an admin $isadmin = false; if($isloggedin) { foreach($settings->admins as $admin_username) { if($admin_username == $user) { $isadmin = true; break; } } } /////// Login System End /////// /////////////////////////////////////////////////////////////////////////////////////////// //////////////////////////// Security and Consistency Measures //////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////// if(!file_exists("./pageindex.json")) { $existingpages = glob("*.md"); $pageindex = new stdClass(); foreach($existingpages as $pagefilename) { $newentry = new stdClass(); $newentry->filename = utf8_encode($pagefilename); $newentry->size = filesize($pagefilename); $newentry->lastmodified = filemtime($pagefilename); $newentry->lasteditor = utf8_encode("unknown"); $pagekey = utf8_encode(substr($pagefilename, 0, -3)); $pageindex->$pagekey = $newentry; } file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); unset($existingpages); } else { $pageindex = json_decode(file_get_contents("./pageindex.json")); } /* * @summary makes a path safe * * @details paths may only contain alphanumeric characters, spaces, underscores, and dashes */ function makepathsafe($string) { return preg_replace("/[^0-9a-zA-Z\_\-\ ]/i", "", $string); } /* * @summary Hides an email address from bots by adding random html entities. * * @returns The mangled email address. */ function hide_email($str) { $hidden_email = ""; for($i = 0; $i < strlen($str); $i++) { if($str[$i] == "@") { $hidden_email .= "&#" . ord("@") . ";"; continue; } if(rand(0, 1) == 0) $hidden_email .= $str[$i]; else $hidden_email .= "&#" . ord($str[$i]) . ";"; } return $hidden_email; } //Work around an Opera + Syntastic bug where there is no margin at the left hand side if there isn't a query string when accessing a .php file if(!isset($_GET["action"]) and !isset($_GET["page"])) { http_response_code(302); header("location: index.php?action=$settings->defaultaction&page=$defaultpage"); exit(); } //make sure that the action is set if(!isset($_GET["action"])) $_GET["action"] = "view"; if(!isset($_GET["page"]) or strlen($_GET["page"]) === 0) $_GET["page"] = $settings->defaultpage; //redirect the user to the safe version of the path if they entered an unsafe character if(makepathsafe($_GET["page"]) !== $_GET["page"]) { http_response_code(301); header("location: index.php?action=" . rawurlencode($_GET["action"]) . "&page=" . makepathsafe($_GET["page"])); header("x-requested-page: " . $_GET["page"]); header("x-actual-page: " . makepathsafe($_GET["page"])); exit(); } $page = $_GET["page"]; /////////////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////// HTML fragments ////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////////////// function renderpage($title, $content, $minimal = false) { global $settings, $page, $user, $isloggedin, $isadmin, $start_time, $pageindex; $html = " $title "; if(preg_match("/^[^\/]*\/\/|^\//", $settings->css)) { $html .= "\n\t\t\n"; } else { $html .= "\n\t\t\n"; } $html .= "\n"; ////////// if($minimal) { $html .= "$content

From $settings->sitename, which is managed by " . $settings->admindetails["name"] . ".

Timed at " . date("l jS \of F Y \a\\t h:ia T") . ".

Powered by Pepperminty Wiki

"; } else { $html .= "

$settings->sitename

$content
\n"; foreach($pageindex as $pagename => $pagedetails) { $html .= "\t\t"; } ////////// $gentime = microtime(true) - $start_time; $html .= "\n\t "; return $html; } //////////////////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////// Slimdown ///////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// %slimdown% // //////////////////////////////////////////////////////////////////////////////////////////// /** * Slimdown - A very basic regex-based Markdown parser. Supports the * following elements (and can be extended via Slimdown::add_rule()): * * - Headers * - Links * - Bold * - Emphasis * - Deletions * - Quotes * - Inline code * - Blockquotes * - Ordered/unordered lists * - Horizontal rules * * Author: Johnny Broadway * Website: https://gist.github.com/jbroadway/2836900 * License: MIT */ /** * Modified by Starbeamrainbowlabs (starbeamrainbowlabs) * * Changed bold to use single asterisks * Changed italics to use single underscores * Added one to add the heading levels (no

tags allowed) * Added wiki style internal link parsing * Added wiki style internal link parsing with display text */ class Slimdown { public static $rules = array ( '/\r\n/' => "\n", // new line normalisation '/(#+)(.*)/' => 'self::header', // headers '/(\*)(.*?)\1/' => '\2', // bold '/(_)(.*?)\1/' => '\2', // emphasis '/\[\[([a-zA-Z0-9\_\- ]+)\|([a-zA-Z0-9\_\- ]+)\]\]/' => '\2', //internal links with display text '/\[\[([a-zA-Z0-9\_\- ]+)\]\]/' => '\1', //internal links '/\[([^\[]+)\]\(([^\)]+)\)/' => '\1', // links '/\~\~(.*?)\~\~/' => '\1', // del '/\:\"(.*?)\"\:/' => '\1', // quote '/`(.*?)`/' => '\1', // inline code '/\n\s*(\*|-)(.*)/' => 'self::ul_list', // ul lists '/\n[0-9]+\.(.*)/' => 'self::ol_list', // ol lists '/\n(>|\>)(.*)/' => 'self::blockquote', // blockquotes '/\n-{3,}/' => "\n
", // horizontal rule '/\n([^\n]+)\n\n/' => 'self::para', // add paragraphs '/<\/ul>\s?