Fixed major issues

Author: breadtf

LICENSE.zip

@@ -3,5 +3,7 @@
 return array(
     'sitename' => 'PHPSocial',
     'theme' => 'light.css', // Themes are stored in the /css directory, remeber to include the extension when changing the theme
-    'adminEnabled' => true // TODO: This is broken, does not affect anything.
+    'adminEnabled' => true,
+    // Use [sitename] as a placeholder for the website name, it will be automaticly replaced.
+    'registerPrompts' => array("Join in on the fun of [sitename],", "Join in on the conversation,", "Talk to your friends on [sitename],")
 );

config.php

@@ -19,11 +19,22 @@ body{
     color: black;
     font-weight: bold;
 }
+a{
+    color: blue;
+}
 .post-textarea{
     width: 50%;
     height: 200px;
     resize: none;
-    background-color: 5d5e68;
+    background-color: #5d5e68;
+    color: white;
+}
+textarea:focus{
+    outline: none;
+}
+textarea{
+    resize: none;
+    background-color: #5d5e68;
     color: white;
 }
 .header{

css/dark.css

@@ -1,5 +1,8 @@
 body{
-    margin: auto;
+    position: absolute;
+    left: 50%;
+    top: 50%;
+    transform: translateX(-50%) translateY(-50%);
     width: 20%;
     padding: 20px;
     text-align: center;

css/login.css

@@ -34,7 +34,7 @@
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     if (isset($_POST['content'])) {
-        $content = $_POST['content'];
+        $content = strip_tags($_POST['content'], "<a><p><b><i><blink><marquee><br>"); // Strip tags as soon as we can to prevent XSS, 
 
         // Generate a unique post ID
         $postId = uniqid();
@@ -136,6 +136,7 @@
         <div class="createpost">
             <form method="POST" action="">
                 <textarea name="content" placeholder="Enter your message here..." required class="post-textarea"></textarea><br><br>
+                <p>Allowed tags: &ltb>, &ltp>, &lta>, &lti></p>
                 <input type="submit" value="Create Post">
             </form>
         </div>

dashboard.php

@@ -53,6 +53,16 @@
             <a href="login.php">Login</a> <a href="register.php">Register</a>
         </div>
         <h2><?php echo $configs["sitename"] ?></h2>
+        <div class="registerBanner">
+            <?php
+            $sitename = $configs["sitename"];
+            
+            $msg = $configs["registerPrompts"];
+            $rand = rand(0, count($msg) - 1);
+            echo str_replace("[sitename]", $sitename, $msg[$rand]);
+            ?>
+            <a href="register.php">Register now!</a>
+        </div>
     </div>
     <div class="wrapper">
 	<!-- Bad solution, but I'm way too tired to fix it, should realy do checks before we actually try to use $messages. -->

index.php

@@ -0,0 +1,5 @@
+<?php
+// Logout user
+session_destroy();
+header('Location: index.php');
+exit;

logout.php

@@ -36,6 +36,12 @@
         echo "Username already exists. Please choose a different username.";
         exit;
     }
+    
+    // Check if the username contains a space
+    if (str_contains($username, ' ')) {
+        echo "Usernames cannot contain spaces.";
+        exit;
+    }
 
     // Add new user to the user data
     $users[$username] = [

register.php

@@ -7,9 +7,11 @@
 </head>
 <?php
 // Check if setup has already run
-$userFile = json_decode(file_get_contents('db/login.json'), true);
+$userFile = json_decode(file_get_contents('../db/login.json'), true);
 
 $userFile[] = $userFile;
+// echo $userFile[0]";
+
 if ($userFile[0] != ""){
     header("Location: ../index.php");
 }