From: Banana <banana@optimus.de>
Date: Sun, 30 Sep 2018 08:48:57 +0000 (+0200)
Subject: working on 2.0
X-Git-Tag: 2.1-alpha-2019-0-29~26
X-Git-Url: http://91.132.146.200/gitweb/?a=commitdiff_plain;h=6def18fbb3f7e9b7e5c315cc5edc212f069fc795;p=insipid.git

working on 2.0
---

diff --git a/ChangeLog b/ChangeLog
index be0dc83..005146b 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@ version 2.1 alpha - Guardian of Fire - (tba)
 	* cleanups
 	* edit area for a bookmark 
 	* documentation and sql setup cleanup
+	* new design with bulma.css (https://bulma.io/)
+	* added SEO information to "prevent" crawling and a robots.txt file
+	* new option to restrict access via http basic auth.
+	* very simple user authentication based on http basic auth.
+		Needs improvement in further releases
 
 version 2.0alpha - Bright Crucible - (2017-01-05)
 
diff --git a/webroot/config.default.php b/webroot/config.default.php
index 2328ca8..ea7486f 100644
--- a/webroot/config.default.php
+++ b/webroot/config.default.php
@@ -3,7 +3,7 @@
  * Insipid
  * Personal web-bookmark-system
  *
- * Copyright 2016-2017 Johannes Keßler
+ * Copyright 2016-2018 Johannes Keßler
  *
  * Development starting from 2011: Johannes Keßler
  * https://www.bananas-playground.net/projekt/insipid/
@@ -37,6 +37,10 @@ define('DB_PREFIX','insipid'); # a _ is added automatically as seperation
 define('FRONTEND_USERNAME','luke');
 define('FRONTEND_PASSWORD','father');
 
+# complete restricted access not only the private links or the edit functions
+# username and password see above
+define("USE_PAGE_AUTH",false);
+
 # settings for importing from e-mail
 # SSL/TLS only
 # imap
diff --git a/webroot/index.php b/webroot/index.php
index b289320..4246537 100644
--- a/webroot/index.php
+++ b/webroot/index.php
@@ -71,6 +71,13 @@ $View = 'home.php';
 # the default script
 $ViewScript = 'home.inc.php';
 
+# if the USE_PAGE_AUTH option is set
+if(defined("USE_PAGE_AUTH") && USE_PAGE_AUTH === true) {
+    # very simple security check.
+    # can/should be extended in the future.
+    Summoner::simpleAuth();
+}
+
 ## DB connection
 mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); # throw exeptions
 $DB = new mysqli(DB_HOST, DB_USERNAME,DB_PASSWORD, DB_NAME);
diff --git a/webroot/lib/summoner.class.php b/webroot/lib/summoner.class.php
index 1d4a9f4..2a13c9e 100644
--- a/webroot/lib/summoner.class.php
+++ b/webroot/lib/summoner.class.php
@@ -3,7 +3,7 @@
  * Insipid
  * Personal web-bookmark-system
  *
- * Copyright 2016-2017 Johannes Keßler
+ * Copyright 2016-2018 Johannes Keßler
  *
  * Development starting from 2011: Johannes Keßler
  * https://www.bananas-playground.net/projekt/insipid/
diff --git a/webroot/view/home.inc.php b/webroot/view/home.inc.php
index 7df431a..adf749f 100644
--- a/webroot/view/home.inc.php
+++ b/webroot/view/home.inc.php
@@ -115,6 +115,10 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['submitsearch
 if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone']) && $honeypotCheck === false) {
     $fData = $_POST['data'];
 
+    # very simple security check.
+    # can/should be extended in the future.
+    Summoner::simpleAuth();
+
     $formData['private'] = 2;
     if(isset($fData['private'])) {
         $formData['private'] = 1;
@@ -126,12 +130,10 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone'])
     $formData['image'] = trim($fData['image']);
     $formData['category'] = trim($fData['category']);
     $formData['tag'] = trim($fData['tag']);
-    $username = trim($fData['username']);
-    $password = trim($fData['password']);
 
     $isUrl = Summoner::validate($formData['url'],'url');
 
-    if($isUrl === true && !empty($formData['title']) && $username === FRONTEND_USERNAME && $password === FRONTEND_PASSWORD) {
+    if($isUrl === true && !empty($formData['title'])) {
         $hash = md5($formData['url']);
 
         # categories and tag stuff
@@ -195,7 +197,7 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone'])
         }
     }
     else {
-        $submitFeedback['message'] = 'Please provide a valid URL, title, username and password.';
+        $submitFeedback['message'] = 'Please provide a valid URL and title.';
         $submitFeedback['status'] = 'error';
         $showAddForm = true;
     }
diff --git a/webroot/view/home.php b/webroot/view/home.php
index 1ced7ca..23a90f2 100644
--- a/webroot/view/home.php
+++ b/webroot/view/home.php
@@ -176,21 +176,6 @@
         	</div>
         </div>
 
-        <div class="columns">
-        	<div class="column is-half">
-        		<label class="label">Username</label>
-        		<div class="control">
-    				<input class="input" type="text" name="data[username]" />
-    			</div>
-        	</div>
-        	<div class="column is-half">
-        		<label class="label">Password</label>
-        		<div class="control">
-    				<input class="input" type="password" name="data[password]" />
-    			</div>
-        	</div>
-        </div>
-
         <div class="columns">
         	<div class="column is-half">
         		<label class="checkbox is-pulled-right">