🎉 v1.0.5 Update

v1.0.5 Update
arizon-dev · Apr 17, 2022 · 9a2b549 · 9a2b549
2 parents eab9ac0 + 950c459
commit 9a2b549
Show file tree

Hide file tree

Showing 20 changed files with 415 additions and 87 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+*.env linguist-language=ENV
+./* linguist-documentation
diff --git a/.gitignore b/.gitignore
@@ -1,10 +1,7 @@
-# Composer
-/vendor/
-composer.json
+# Project Files
+.gitattributes
+#snyk.sarif
 
-# Project based
+# QuickBlaze Security
 /Modules/Database.env
 /Modules/InstallationStatus.json
-
-# Github
-snyk.sarif
diff --git a/.htaccess b/.htaccess
@@ -1,7 +1,16 @@
+# URL handling
 RewriteEngine on
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^.* /index.php [L,QSA]
+RewriteRule ^.* index.php [L,QSA]
 
+# Error handling
 ErrorDocument 404 /404
+ErrorDocument 403 /403
 ErrorDocument 500 /500
+
+# File security
+<FilesMatch "\.(json|sarif|md|gitignore|version|LICENSE|htaccess|env)$">
+Order allow,deny
+Deny from all
+</FilesMatch>
diff --git a/.version b/.version
@@ -1 +1 @@
-{"VERSION":"1.0.4"}
+{ "BRANCH": "dev", "VERSION":"1.0.5-dev" } 
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Axton
+Copyright (c) 2022 axtonprice.com
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.
diff --git a/Modules/.htaccess b/Modules/.htaccess
@@ -0,0 +1 @@
+deny from all
diff --git a/Modules/Database_example.env b/Modules/Database_example.env
@@ -1,7 +1,6 @@
-
 {
     "HOSTNAME": "",
     "USERNAME": "",
     "PASSWORD": "",
     "DATABASE": ""
-}
+}
diff --git a/Modules/Functions.php b/Modules/Functions.php
@@ -20,7 +20,7 @@ function processData($data)
 function ifTextBoxDisabled()
 {
     sanitizeXSS(); // Sanitize Script
-    if ($_GET["submitted"]) {
+    if (isset($_GET["submitted"])) {
         echo "disabled";
     }
 }
@@ -57,12 +57,13 @@ function determineSubmissionFooter()
 }
 function determineSystemVersion()
 {
-    $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/main/.version", true), true);
     if (!file_exists("./.version")) {
-        file_put_contents("./.version", json_encode(array("version" => $latestVersion["VERSION"])));
         touch("./.version");
+        $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/main/.version", true), true);
+        file_put_contents("./.version", json_encode(array("BRANCH" => $latestVersion["BRANCH"], "VERSION" => $latestVersion["VERSION"])));
     }
     $thisVersion = json_decode(file_get_contents("./.version", true), true);
+    $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/" . $thisVersion["BRANCH"] . "/.version", true), true);
     if ($thisVersion["VERSION"] != $latestVersion["VERSION"]) {
         return '<x style="color:red">v' . $thisVersion["VERSION"] . ' (Outdated!)</x>';
     } else {
@@ -99,16 +100,18 @@ function decryptData($encryption_key) // getRecord("encrypted_contents", $dataKe
 function setupDatabase()
 {
     sanitizeXSS(); // Sanitize Script
+    error_reporting(0); // disable error reporting
     if (!file_exists("./Modules/InstallationStatus.json")) {
         touch("./Modules/InstallationStatus.json");
-        file_put_contents("./Modules/InstallationStatus.json", json_encode(array("INSTALLED" => "true")));
+        file_put_contents("./Modules/InstallationStatus.json", json_encode(array("INSTALLED" => "false")));
     }
     $json = json_decode(file_get_contents("./Modules/InstallationStatus.json", true), true);
-    if ($json["INSTALLED"] == "false") {
+    if ($json["INSTALLED"] == "false" || $json["INSTALLED"] == "") {
         $json = json_decode(file_get_contents("./Modules/Database.env", true), true);
-        $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]);
-        if ($mysqli->connect_errno) {
-            return $mysqli->connect_errno;
+        try { // attempt database connection
+            $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]);
+        } catch (mysqli_sql_exception $e) {
+            die(file_get_contents("./Public/Error/DatabaseCredentials.html")); // throw error page if invalid credentials
         }
         $tableCreateSQL = "CREATE TABLE IF NOT EXISTS `quickblaze_records` (`record_id` int(11) NOT NULL,`encrypted_contents` longtext NOT NULL,`encryption_token` varchar(128) NOT NULL,`source_ip` varchar(100) NOT NULL, `record_date` timestamp(5) NOT NULL DEFAULT current_timestamp(5)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
         $addPrimaryKeySQL = "ALTER TABLE `quickblaze_records` ADD PRIMARY KEY (`record_id`);";
@@ -130,6 +133,18 @@ function setupDatabase()
 
         $mysqli->close();
     }
+    error_reporting(E_ALL); // enable error reporting
+}
+function checkDatabase()
+{
+    if (!file_exists("./Modules/Database.env")) {
+        die(file_get_contents("./Public/Error/DatabaseConfig.html"));
+    } else {
+        $json = json_decode(file_get_contents("./Modules/Database.env", true), true);
+        if ($json["DATABASE"] == "" || $json["HOSTNAME"] == "") {
+            die(file_get_contents("./Public/Error/DatabaseConfig.html"));
+        }
+    }
 }
 
 function insertRecord($encrypted_contents, $encryption_token)

diff --git a/Public/Error/403.html b/Public/Error/403.html
@@ -0,0 +1,127 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <meta name="description"
+        content="An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.">
+    <title>QuickBlaze</title>
+
+    <!-- Custom styles -->
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"
+        integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
+        integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
+        crossorigin="anonymous"></script>
+</head>
+
+<style>
+    @import url("https://fonts.googleapis.com/css?family=Lato");
+
+    * {
+        position: relative;
+        margin: 0;
+        padding: 0;
+        box-sizing: border-box;
+        font-family: "Lato", sans-serif;
+    }
+
+    body {
+        height: 100vh;
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        align-items: center;
+    }
+
+    h1 {
+        margin: 40px 0 20px;
+    }
+
+    .lock {
+        border-radius: 5px;
+        width: 55px;
+        height: 45px;
+        background-color: #333;
+        animation: dip 1s;
+        animation-delay: 1.5s;
+    }
+
+    .lock::before,
+    .lock::after {
+        content: "";
+        position: absolute;
+        border-left: 5px solid #333;
+        height: 20px;
+        width: 15px;
+        left: calc(50% - 12.5px);
+    }
+
+    .lock::before {
+        top: -30px;
+        border: 5px solid #333;
+        border-bottom-color: transparent;
+        border-radius: 15px 15px 0 0;
+        height: 30px;
+        animation: lock 2s, spin 2s;
+    }
+
+    .lock::after {
+        top: -10px;
+        border-right: 5px solid transparent;
+        animation: spin 2s;
+    }
+
+    @keyframes lock {
+        0% {
+            top: -45px;
+        }
+
+        65% {
+            top: -45px;
+        }
+
+        100% {
+            top: -30px;
+        }
+    }
+
+    @keyframes spin {
+        0% {
+            transform: scaleX(-1);
+            left: calc(50% - 30px);
+        }
+
+        65% {
+            transform: scaleX(1);
+            left: calc(50% - 12.5px);
+        }
+    }
+
+    @keyframes dip {
+        0% {
+            transform: translateY(0px);
+        }
+
+        50% {
+            transform: translateY(10px);
+        }
+
+        100% {
+            transform: translateY(0px);
+        }
+    }
+</style>
+
+
+<body>
+    <div class="lock"></div>
+    <div class="message">
+        <h1>Access to this page is restricted</h1>
+        <p style="text-align: center">Please check with the site admin if you believe this is a mistake.</p>
+    </div>
+</body>
+
+</html>
diff --git a/Public/Error/404.html b/Public/Error/404.html
@@ -27,10 +27,26 @@ <h5 class="text-muted">This page does not exist. It was most likely removed!</h5
 
         <p class="mt-5 mb-3 text-muted">
             <a href="https://github.com/axtonprice/quickblaze-encrypt" class="text-muted no-decoration">GitHub</a> •
-            <a href="https://discord.gg/dP3MuBATGc" class="text-muted no-decoration">Discord</a> •
+            <a href="https://discord.gg/dP3MuBATGc" class="text-muted no-decoration">Discord</a>
         </p>
     </main>
 
+    <!-- Dark Mode Widget -->
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/lib/darkmode-js.min.js"></script>
+    <script>
+        function addDarkmodeWidget() {
+            const options = {
+                time: '0.3s', // default: '0.3s'
+                saveInCookies: true, // default: true,
+                label: '🌓', // default: ''
+            }
+
+            const darkmode = new Darkmode(options);
+            darkmode.showWidget();
+        }
+        window.addEventListener('load', addDarkmodeWidget);
+    </script>
+
 </body>
 
 </html>
diff --git a/Public/Error/500.html b/Public/Error/500.html
@@ -27,10 +27,26 @@ <h5 class="text-muted">An internal server error occurred. Please try again later
 
         <p class="mt-5 mb-3 text-muted">
             <a href="https://github.com/axtonprice/quickblaze-encrypt" class="text-muted no-decoration">GitHub</a> •
-            <a href="https://discord.gg/dP3MuBATGc" class="text-muted no-decoration">Discord</a> •
+            <a href="https://discord.gg/dP3MuBATGc" class="text-muted no-decoration">Discord</a>
         </p>
     </main>
 
+    <!-- Dark Mode Widget -->
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/lib/darkmode-js.min.js"></script>
+    <script>
+        function addDarkmodeWidget() {
+            const options = {
+                time: '0.3s', // default: '0.3s'
+                saveInCookies: true, // default: true,
+                label: '🌓', // default: ''
+            }
+
+            const darkmode = new Darkmode(options);
+            darkmode.showWidget();
+        }
+        window.addEventListener('load', addDarkmodeWidget);
+    </script>
+
 </body>
 
 </html>
diff --git a/Public/Error/DatabaseConfig.html b/Public/Error/DatabaseConfig.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/x-icon" href="./Public/assets/img/favicon.png">
+    <meta name="description"
+        content="An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.">
+    <title>QuickBlaze</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="./Public/assets/css/bootstrap.min.css" rel="stylesheet">
+
+    <!-- Custom styles -->
+    <link href="./Public/assets/css/style.css" rel="stylesheet">
+</head>
+
+<body class="text-center">
+
+    <main class="form-submit">
+        <h1>Database Error</h1>
+        <br>
+        <h5 class="text-muted">You have not configured the database correctly! <br><br><a style="text-decoration:none" href="https://github.com/axtonprice-dev/quickblaze-encrypt/#installation" target="_blank">Please refer to the GitHub repository.</a></h5>
+
+        <p class="mt-5 mb-3 text-muted">
+            <a href="https://github.com/axtonprice/quickblaze-encrypt" class="text-muted no-decoration">GitHub</a> •
+            <a href="https://discord.gg/dP3MuBATGc" class="text-muted no-decoration">Discord</a>
+        </p>
+    </main>
+
+    <!-- Dark Mode Widget -->
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/lib/darkmode-js.min.js"></script>
+    <script>
+        function addDarkmodeWidget() {
+            const options = {
+                time: '0.3s', // default: '0.3s'
+                saveInCookies: true, // default: true,
+                label: '🌓', // default: ''
+            }
+
+            const darkmode = new Darkmode(options);
+            darkmode.showWidget();
+        }
+        window.addEventListener('load', addDarkmodeWidget);
+    </script>
+
+</body>
+
+</html>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		*.env linguist-language=ENV
		./* linguist-documentation
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"VERSION":"1.0.4"}
		{ "BRANCH": "dev", "VERSION":"1.0.5-dev" }