working on 2.0

diff --git a/ChangeLog b/ChangeLog
index be0dc837c8dfbd1503910f4630f4f94d33414657..005146b3cfb61d86b3d4054e10c11d71a46527ea 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ version 2.1 alpha - Guardian of Fire - (tba)
        * cleanups
        * edit area for a bookmark 
        * documentation and sql setup cleanup
+       * new design with bulma.css (https://bulma.io/)
+       * added SEO information to "prevent" crawling and a robots.txt file
+       * new option to restrict access via http basic auth.
+       * very simple user authentication based on http basic auth.
+               Needs improvement in further releases
 
 version 2.0alpha - Bright Crucible - (2017-01-05)
 

diff --git a/webroot/config.default.php b/webroot/config.default.php
index 2328ca8bc234c1825379ffaaf8aedb3b2e7bccd4..ea7486fefe04c9b217d91dd72ca14a72dcc2e710 100644 (file)
--- a/webroot/config.default.php
+++ b/webroot/config.default.php
@@ -3,7 +3,7 @@
  * Insipid
  * Personal web-bookmark-system
  *
- * Copyright 2016-2017 Johannes Keßler
+ * Copyright 2016-2018 Johannes Keßler
  *
  * Development starting from 2011: Johannes Keßler
  * https://www.bananas-playground.net/projekt/insipid/
@@ -37,6 +37,10 @@ define('DB_PREFIX','insipid'); # a _ is added automatically as seperation
 define('FRONTEND_USERNAME','luke');
 define('FRONTEND_PASSWORD','father');
 
+# complete restricted access not only the private links or the edit functions
+# username and password see above
+define("USE_PAGE_AUTH",false);
+
 # settings for importing from e-mail
 # SSL/TLS only
 # imap

diff --git a/webroot/index.php b/webroot/index.php
index b289320481b3243b6cc787e01fc22be7068df4d3..4246537de4057261161cdbae3af086b8a3668415 100644 (file)
--- a/webroot/index.php
+++ b/webroot/index.php
@@ -71,6 +71,13 @@ $View = 'home.php';
 # the default script
 $ViewScript = 'home.inc.php';
 
+# if the USE_PAGE_AUTH option is set
+if(defined("USE_PAGE_AUTH") && USE_PAGE_AUTH === true) {
+    # very simple security check.
+    # can/should be extended in the future.
+    Summoner::simpleAuth();
+}
+
 ## DB connection
 mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); # throw exeptions
 $DB = new mysqli(DB_HOST, DB_USERNAME,DB_PASSWORD, DB_NAME);

diff --git a/webroot/lib/summoner.class.php b/webroot/lib/summoner.class.php
index 1d4a9f44bb4206e4b60f17810d75a04825e89ad2..2a13c9ef30e3322e8e32a9275eb0c00b2a0b96e7 100644 (file)
--- a/webroot/lib/summoner.class.php
+++ b/webroot/lib/summoner.class.php
@@ -3,7 +3,7 @@
  * Insipid
  * Personal web-bookmark-system
  *
- * Copyright 2016-2017 Johannes Keßler
+ * Copyright 2016-2018 Johannes Keßler
  *
  * Development starting from 2011: Johannes Keßler
  * https://www.bananas-playground.net/projekt/insipid/

diff --git a/webroot/view/home.inc.php b/webroot/view/home.inc.php
index 7df431a000ab1af99544a2a1d119fe2dbb94e014..adf749fcec7fce1313b63c2db939a6d89c0b1efb 100644 (file)
--- a/webroot/view/home.inc.php
+++ b/webroot/view/home.inc.php
@@ -115,6 +115,10 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['submitsearch
 if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone']) && $honeypotCheck === false) {
     $fData = $_POST['data'];
 
+    # very simple security check.
+    # can/should be extended in the future.
+    Summoner::simpleAuth();
+
     $formData['private'] = 2;
     if(isset($fData['private'])) {
         $formData['private'] = 1;
@@ -126,12 +130,10 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone'])
     $formData['image'] = trim($fData['image']);
     $formData['category'] = trim($fData['category']);
     $formData['tag'] = trim($fData['tag']);
-    $username = trim($fData['username']);
-    $password = trim($fData['password']);
 
     $isUrl = Summoner::validate($formData['url'],'url');
 
-    if($isUrl === true && !empty($formData['title']) && $username === FRONTEND_USERNAME && $password === FRONTEND_PASSWORD) {
+    if($isUrl === true && !empty($formData['title'])) {
         $hash = md5($formData['url']);
 
         # categories and tag stuff
@@ -195,7 +197,7 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone'])
         }
     }
     else {
-        $submitFeedback['message'] = 'Please provide a valid URL, title, username and password.';
+        $submitFeedback['message'] = 'Please provide a valid URL and title.';
         $submitFeedback['status'] = 'error';
         $showAddForm = true;
     }

diff --git a/webroot/view/home.php b/webroot/view/home.php
index 1ced7ca5fe45ae729b56c0fa0a594b5cb3ad1513..23a90f235a979f336d43fa8a47efb0d8cd0ab3ea 100644 (file)
--- a/webroot/view/home.php
+++ b/webroot/view/home.php
@@ -176,21 +176,6 @@
                </div>
         </div>
 
-        <div class="columns">
-               <div class="column is-half">
-                       <label class="label">Username</label>
-                       <div class="control">
-                               <input class="input" type="text" name="data[username]" />
-                       </div>
-               </div>
-               <div class="column is-half">
-                       <label class="label">Password</label>
-                       <div class="control">
-                               <input class="input" type="password" name="data[password]" />
-                       </div>
-               </div>
-        </div>
-
         <div class="columns">
                <div class="column is-half">
                        <label class="checkbox is-pulled-right">