diff --git a/CHANGELOG.md b/CHANGELOG.md index 21f10d9..ef8579a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,18 +2,37 @@ All notable changes to this project will be documented in this file. -## v1.0.0 – First Release +## New in v1.2.0 -### New in v1.0.0 - -The project is ready for use but is still evolving. Work is ongoing to fix bugs and address security issues. +Changes since 1.1.0 ### Added + +`/root` +1 - themes folder + +`/public` +1 - cookies for users, +2 - tables for cookies added +3 - JS folder +4 - popout for cookies +5 - collecting data for analytics + +`/admin` +1 - added 2 new windows: theme and analytics +2 - build algo to change theme in db ..... ### Changed + +`/public` +1 - structure of /public fixes + +`/admin` +1 - chagne name of setting window,function to password +2 - error function ..... ### Fixed diff --git a/HOW_TO_RUN.md b/HOW_TO_RUN.md index d7890b3..b212b59 100644 --- a/HOW_TO_RUN.md +++ b/HOW_TO_RUN.md @@ -8,9 +8,9 @@ CorelyPHP is a ready-to-deploy blogging platform designed for efficient web deve Before you begin, ensure you have the following installed: -- PHP (>= 8.0) -- MySQL (or another compatible database) -- XAMPP +- PHP (>= 8.2) (8.0+ also should be fine but not tested) +- MySQL (or another compatible database) +- XAMPP / MAMP - Git ## Installation @@ -25,9 +25,9 @@ Before you begin, ensure you have the following installed: 2. Set up the database: - Open phpMyAdmin in your browser (`http://localhost/phpmyadmin`). - - Import the SQL files located in the `sql` folder: - - Create a new database by importing `database_structure.sql` - - Add the `database_data.sql` + - Import the SQL files located in the `SQL` folder: + - Create a new database by importing `blog_DB_structure.sql` + - Add the `blog_DB_data.sql` 3. Start the development server using XAMPP: diff --git a/README.md b/README.md index c56016c..326400b 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ All files are divided into the following sections: - **`articles_photos/`** - Holds photos for articles - **`docs/`** – Holds documentation - **`public/`** – Contains user-facing files +- **`themes/`** – Contains themes for client front-end This structured approach helps prevent backend modifications while rebuilding the frontend. The only challenge is the integration of PHP functions that generate HTML dynamically, but this can be adjusted when refining queries and templates. @@ -43,6 +44,6 @@ For more details on the project, check out the following files: - 🌍 **[CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)** – Community guidelines - 🙌 **[SUPPORT.md](SUPPORT.md)** – Support for community -## **Current Version: v1.1.0** +## **Current Version: v1.2.0** The versioning system ensures clarity on stable releases. Minor patches may not require immediate updates, but always check the **CHANGELOG.md** for details on new features and fixes. diff --git a/SECURITY.md b/SECURITY.md index 543d314..5a9d80f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,8 +2,6 @@ ‼️ Security suggestions should be treated as invalid, not as vulnerabilities. -## Security Policy - * **Latest Releases:** The newest release, currently version v1.1.0, is the only version receiving active security updates. We strongly recommend using the latest version whenever possible. * **Review Changelog for Updates:** For minor updates or changes, please refer to the changelog to understand what has been updated or fixed. @@ -26,6 +24,7 @@ | v0.1.0-beta | :negative_squared_cross_mark: | | v1.0.0 | :negative_squared_cross_mark: | | v1.1.0 | :white_check_mark: | +| v1.2.0 | :white_check_mark: | ## Reporting a Vulnerability diff --git a/admin/algo/dashboard.alg.php b/admin/algo/dashboard.alg.php index 07af2ca..b098086 100644 --- a/admin/algo/dashboard.alg.php +++ b/admin/algo/dashboard.alg.php @@ -7,9 +7,9 @@ exit(); } -function dashboard_data(): string { +function dashboard_data(): void { - return' + echo'
Welcome on admin panel for your blog!
diff --git a/admin/algo/new_theme.alg.php b/admin/algo/new_theme.alg.php new file mode 100644 index 0000000..abb55d4 --- /dev/null +++ b/admin/algo/new_theme.alg.php @@ -0,0 +1,6 @@ +connect_errno!=0) { - $_SESSION['message'] = 'connection to db fail'; + $_SESSION['message'] = 'Connection to db fail.'; #echo 'Error: '.$conn->connect_error; - header('Location: ../panel.php?window=settings'); + header('Location: ../panel.php?window=password'); exit(); }else{ @@ -48,44 +48,46 @@ $stmt = $conn->prepare($sql); if (!$stmt) { - die("Error during prepearing statement: " . $conn->error); + $_SESSION['message'] = 'Error during prepearing statement:' . $conn->error . '.'; + header('Location: ../panel.php?window=password'); } $stmt->bind_param("si", $password_hash, $ID); if ($stmt->execute()) { $_SESSION['message'] = 'Password changed successfully.'; - header('Location: ../panel.php?window=settings'); - echo $_SERVER['message']; + header('Location: ../panel.php?window=password'); } else { $_SESSION['message'] = 'Error: something went wrong during updating password.
'; //$stmt->error; - echo $_SERVER['message']; + header('Location: ../panel.php?window=password'); } $stmt->close(); $conn->close(); } else { - $_SESSION['message'] = 'Old password is wrong'; - header('Location: ../panel.php?window=settings'); + $_SESSION['message'] = 'Old password is wrong.'; + header('Location: ../panel.php?window=password'); } } else { - $_SESSION['message'] = 'more rows found than needed'; - header('Location: ../panel.php?window=settings'); + $_SESSION['message'] = 'More rows found than needed.'; + header('Location: ../panel.php?window=password'); } } $conn->close(); + $_SESSION['message'] = 'Error fetching data.'; + header('Location: ../panel.php?window=password'); exit(); } } else { - $_SESSION['message'] = 'new password different than one written again '; - header('Location: ../panel.php?window=settings'); + $_SESSION['message'] = 'New password different than one written again.'; + header('Location: ../panel.php?window=password'); exit(); } } else { - $_SESSION['message'] = 'POST table doesnt have all data'; - header('Location: panel.php?window=settings'); + $_SESSION['message'] = 'POST table doesnt have all data.'; + header('Location: panel.php?window=password'); exit(); } \ No newline at end of file diff --git a/admin/algo/service_status.alg.php b/admin/algo/service_status.alg.php index 258aa59..a921b70 100644 --- a/admin/algo/service_status.alg.php +++ b/admin/algo/service_status.alg.php @@ -17,7 +17,7 @@ $conn = @new mysqli($host, $db_user, $db_password, $db_name); if ($conn->connect_errno!=0) { - $_SESSION['message'] = 'connection do db fail'; + $_SESSION['message'] = 'Connection do db fail.'; header('Location: ../panel.php?window=service-break'); exit(); } @@ -33,15 +33,19 @@ if ($stmt->execute()) { if ($stmt->affected_rows > 0) { $_SESSION['message'] = 'Service status value changed successfully.'; + header('Location: ../panel.php?window=service-break'); } else { $_SESSION['message'] = 'Error during updating: row ID error.'; + header('Location: ../panel.php?window=service-break'); } } else { $_SESSION['message'] = 'Something went wrong during updating status.'; + header('Location: ../panel.php?window=service-break'); } $stmt->close(); } else { $_SESSION['message'] = 'Failed to prepare the SQL statement.'; + header('Location: ../panel.php?window=service-break'); } } else { diff --git a/admin/algo/theme.alg.php b/admin/algo/theme.alg.php new file mode 100644 index 0000000..ccdbc3a --- /dev/null +++ b/admin/algo/theme.alg.php @@ -0,0 +1,64 @@ +connect_errno) { + $_SESSION['message'] = 'Connection failed: '.$conn->connect_error; + header('Location: ../panel.php?window=themes'); + exit(); + } + + $query = "UPDATE `settings` SET `value` = ? WHERE `name` = 'active_theme'"; + + $stmt = $conn->prepare($query); + if (!$stmt) { + $_SESSION['message'] = 'Error prep query: '.$conn->error; + header('Location: ../panel.php?window=themes'); + exit(); + } + + $stmt->bind_param("s", $newTheme); + if (!$stmt->execute()) { + $_SESSION['message'] = 'Error during query: '.$stmt->error; + header('Location: ../panel.php?window=themes'); + exit(); + } + + $stmt->close(); + $conn->close(); +} + +include dirname(__DIR__, 2) . '/themes/handlers/index.php'; + +if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['theme'])) { + $newTheme = $_POST['theme']; + + if (in_array($newTheme, getAvailableThemes())) { + + updateUserTheme($newTheme); + + $_SESSION['message'] = 'Theme changed to: '.htmlspecialchars($newTheme); + header('Location: ../panel.php?window=themes'); + exit(); + } else { + $_SESSION['message'] = 'Invalid theme!'; + header('Location: ../panel.php?window=themes'); + exit(); + } +} diff --git a/admin/panel.connect.php b/admin/panel.connect.php index 8171e0b..c2727bb 100644 --- a/admin/panel.connect.php +++ b/admin/panel.connect.php @@ -2,7 +2,7 @@ $host = "localhost"; $db_user = "root"; - $db_password =""; + $db_password ="root"; $db_name = "blog"; diff --git a/admin/panel.login.php b/admin/panel.login.php index a5f0ecc..0a04506 100644 --- a/admin/panel.login.php +++ b/admin/panel.login.php @@ -59,6 +59,20 @@ if(isset($_SESSION['loginError'])) echo $_SESSION['loginError']; ?>
+
+

'; + + include_once "./v_auth/version.php"; + + echo '

'; + if (version_compare(PHP_VERSION, PHP_VERSION_REQ, '<')) { + echo('The required PHP version is ' . PHP_VERSION_REQ . ' or higher. The installed version is: ' . PHP_VERSION . '

'); + echo('Version: ' . PHP_VERSION_ADVICE); + } + echo '

'; + ?> +
diff --git a/admin/panel.php b/admin/panel.php index 5329b92..ad0fa90 100644 --- a/admin/panel.php +++ b/admin/panel.php @@ -20,6 +20,7 @@ //additional files require_once 'panel.connect.php'; include 'window_functions.php'; +include './v_auth/version.php'; ?> @@ -77,13 +78,14 @@