From 4d0deabb161801eded085145d7b9a4e417ce81a9 Mon Sep 17 00:00:00 2001
From: posweg <posweg@protonmail.com>
Date: Thu, 21 May 2020 15:57:59 +0000
Subject: [PATCH] Universal header and config link

---
 404.php            |  3 ++-
 config.php         | 16 ++++++++++++++++
 include/header.php | 40 ++++++++++++++++++++++++++++++++++++++++
 index.php          | 35 +----------------------------------
 user.php           | 28 +++++++++++++++++++---------
 5 files changed, 78 insertions(+), 44 deletions(-)
 create mode 100644 config.php
 create mode 100644 include/header.php

diff --git a/404.php b/404.php
index 2f60934..0c5be3c 100644
--- a/404.php
+++ b/404.php
@@ -1 +1,2 @@
-ERROR 404: Page not found
+<?php include("include/header.php") ?>
+<p>ERROR 404: Page not found</p>
diff --git a/config.php b/config.php
new file mode 100644
index 0000000..23d4024
--- /dev/null
+++ b/config.php
@@ -0,0 +1,16 @@
+<?php
+session_start();
+
+if($_SESSION["login"] === true){
+	echo($_SESSION["uid"] . " - ");
+	echo("<a href='/logout'>logout</a>");
+	echo(" - <a href='/config'>config</a>'");
+}
+else{
+	header("Location: /login"); die();
+}
+?>
+
+<html>
+<h1>Config</h1>
+</html>
diff --git a/include/header.php b/include/header.php
new file mode 100644
index 0000000..b1228f3
--- /dev/null
+++ b/include/header.php
@@ -0,0 +1,40 @@
+<?php
+session_start();
+
+$db = new SQLite3('ask.db');
+
+$users_table = $db->query("CREATE TABLE IF NOT EXISTS users(
+	id INTEGER PRIMARY KEY,
+	username TEXT,
+	shadow TEXT,
+	name TEXT,
+	bio TEXT
+	)");
+
+$db->exec("CREATE TABLE IF NOT EXISTS questions(
+	id INTEGER PRIMARY KEY,
+	user INTEGER,
+	by INTEGER,
+	question TEXT,
+	date INTEGER,
+	answered INTEGER
+	);");
+
+if(!$db->querySingle("SELECT EXISTS(SELECT * FROM users where id = 0);")){
+	echo "NOTICE: anonymous user created.";	
+	$db->exec("INSERT INTO users(id, username, name) VALUES('0','anonymous','Anonymous');");
+}
+
+if($_SESSION["login"] === true){
+	echo("<a href='/'>LibreCat</a>");
+	echo(" | ");
+	$user = $db->query("SELECT * FROM users WHERE id = ".$_SESSION["uid"].";")->fetchArray(SQLITE3_ASSOC);
+	echo("<a href='/user/" . $user["username"] . "'>". $user["username"] . "</a>");
+	echo(" | ");
+	echo("<a href='/logout'>logout</a>");
+}
+else{
+	echo("<a href='/login'>Login</a>");
+	//header("Location: /login.php"); die();
+}
+?>
diff --git a/index.php b/index.php
index 65b000f..fe6e1a2 100644
--- a/index.php
+++ b/index.php
@@ -1,38 +1,5 @@
 <?php
-session_start();
-
-$db = new SQLite3('ask.db');
-
-$users_table = $db->query("CREATE TABLE IF NOT EXISTS users(
-	id INTEGER PRIMARY KEY,
-	username TEXT,
-	shadow TEXT,
-	name TEXT,
-	bio TEXT
-	)");
-
-$db->exec("CREATE TABLE IF NOT EXISTS questions(
-	id INTEGER PRIMARY KEY,
-	user INTEGER,
-	by INTEGER,
-	question TEXT,
-	date INTEGER,
-	answered INTEGER
-	);");
-
-if(!$db->querySingle("SELECT EXISTS(SELECT * FROM users where id = 0);")){
-	echo "NOTICE: anonymous user created.";	
-	$db->exec("INSERT INTO users(id, username, name) VALUES('0','anonymous','Anonymous');");
-}
-
-if($_SESSION["login"] === true){
-	echo($_SESSION["uid"] . " - ");
-	echo("<a href='/logout'>logout</a>");
-}
-else{
-	echo("<a href='/login'>Login</a>");
-	//header("Location: /login.php"); die();
-}
+include("include/header.php");
 ?>
 
 <html>
diff --git a/user.php b/user.php
index 69d7273..36db50c 100644
--- a/user.php
+++ b/user.php
@@ -1,12 +1,20 @@
 <?php 
+session_start();
+
 $db = new SQLite3('ask.db');
 
-$user = $db->query("SELECT * FROM users WHERE username = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
-if(!$user || !$user["id"]){
+$p_user = $db->query("SELECT * FROM users WHERE username = '" . $_GET["q"] . "';")->fetchArray(SQLITE3_ASSOC);
+if(!$p_user || !$p_user["id"]){
 	include("404.php");
 	die();
 }
 
+if(isset($_SESSION["uid"])){
+	if($_SESSION["uid"] == $p_user["id"]){
+		$is_current_user = true;
+	}
+}
+
 if($validUser){
 	header("Location: /"); die();
 }
@@ -16,7 +24,7 @@ if(isset($_POST["post-submit"])){
 	if($_POST["post-text"] == "") $errorMsg = "The question can't be blank.";
 	else if(strlen($_POST["post-text"]) > 400) $errorMsg = "The question can't bee longer than 400 characters";
 	else{
-		$u = $user["id"];
+		$u = $p_user["id"];
 		$by = 0;
 		$question = htmlspecialchars($_POST["post-text"]);
 
@@ -29,11 +37,13 @@ if(isset($_POST["post-submit"])){
 
 <html>
 <head>
-	<title><?= $user["username"] ?> | LibreCat</title>
+	<title><?= $p_user["username"] ?> | LibreCat</title>
 </head>
-<body>
-	<h2><?= $user["username"] ?></h2>
-	<p><?= $user["bio"] ?></p>
+<body> 
+	<?php include("include/header.php"); ?>
+	<h2><?= $p_user["username"] ?></h2>
+	<p><?= $p_user["bio"] ?></p>
+	<?php if($is_current_user) echo("<a href='/config'>config</a>"); ?>
 
 	<form name="input" action="" method="post">
 		<p>Ask me anything</p>
@@ -45,7 +55,7 @@ if(isset($_POST["post-submit"])){
 
 	<?php
 		$u_prep = $db->prepare("SELECT * FROM users WHERE id = :id");
-		$qs = $db->query("SELECT * FROM questions WHERE user = '" . $user["id"] . "' LIMIT 0, 10;");
+		$qs = $db->query("SELECT * FROM questions WHERE user = '" . $p_user["id"] . "' LIMIT 0, 10;");
 
 		$time = new DateTime("@0");
 		while($current = $qs->fetchArray(SQLITE3_ASSOC)){
@@ -53,7 +63,7 @@ if(isset($_POST["post-submit"])){
 			$u_prep->bindValue(":id", $current["by"], SQLITE3_INTEGER);
 			$q_user = $u_prep->execute()->fetchArray(SQLITE3_ASSOC);
 
-			echo("<h3>". $q_user["name"] ."</h3>");
+			echo("<h3>". $current["id"] ." - " . $q_user["name"] ."</h3>");
 
 			// Time
 			$time->setTimestamp($current["date"]);