Basic fixes, code cleanup, backports

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: ['Nephiaust']

.github/workflows/psalm.yml

@@ -0,0 +1,35 @@
+name: Psalm Static analysis
+
+on: [push, pull_request]
+
+jobs:
+  psalm:
+    name: Psalm
+    permissions:
+      actions: read
+      checks: read
+      contents: read
+      deployments: none
+      id-token: none
+      issues: write
+      discussions: read
+      packages: read
+      pages: none
+      pull-requests: write
+      repository-projects: read
+      security-events: write
+      statuses: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Psalm
+        uses: docker://ghcr.io/psalm/psalm-github-actions:5.7.7
+        with:
+          security_analysis: true
+          report_file: results.sarif
+      - name: Upload Security Analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif

.gitignore

@@ -1 +1,44 @@
 .idea
+/uploads/*
+
+# General Apple files
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Apple Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# VS Code files for those working on multiple tools
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "githubPullRequests.ignoredPullRequestBranches": [
+        "master"
+    ]
+}

LICENSE

@@ -0,0 +1 @@
+//TODO

README.md

@@ -1,40 +1,52 @@
 # Simple-PHP-Blog
-Simple blog system for personal development using procedural PHP and MYSQL.
+Simple blog system for personal development using procedural PHP and MySQLi. It allows you to create, edit, delete posts to get you started on your journey.  If you are building your own from scratch this will give the head start that you need.
 
 For educational purposes only.
 
-# Setup
+**__Security is not guaranteed with this system, best efforts have been made to make it secure__**
 
-Update the `connect.php` file with your database credentials.  
-Import the `database.sql` file.  
+Setup
+===
 
-If installed on a sub-folder, edit the `config.php` and replace the empty constant with the folder's name.  
-
-The pagination results per page can be set on the `config.php` file.  
+1. Create a MySQL database on your MySQL server, take note of the details (username, password, database name, server name)
+2. Import the `database.sql` file into the new database you created
+3. Edit the `config.php` file
+   1. Edit the MySQL details to match your SQL server login details (e.g. server name, username, password, database)
+   2. Edit the `SITE_ROOT` if you are putting it in a folder/sub-directory (e.g. www.example.com/myblog/, you would enter 'myblog' there)
+   3. _OPTIONAL_ Change the number of blog posts to show per page with the `PAGINATION` option
+   4. _OPTIONAL_ Set the `DEBUG_MODE` option to `true` if you want/need to see any and all errors
+4. Upload all the files to your web server
+5. Go to your new site (e.g. www.example.com/myblog/)
 
 ### URL Rewrite
-The latest update introduces 'slugs', also known as 'SEO URLs'.   
-After you update to the latest version, click on the "Generate slugs (SEO URLs)" button on the admin dashboard and slugs will be generated for all existing posts.   
+The system now uses **slugs**, also known as **SEO URLs**
 
-The blog posts URL structure is like this: `http://localhost/p/4/apple-reveals-apple-watch-series-7`   
+The blog posts URL structure is like this: `http://www.example.com/myblog/p/4/apple-reveals-apple-watch-series-7`, where the `p/4/apple-reveals-apple-watch-series-7` is the slug
 
-If you use Apache, enable the Apache rewrite module for the .htaccess rewrite rule to work.
+#### Apache servers
+There is an .htaccess file that has the required rewrite module and rule in the files.
 
+#### Nginx servers
 If you use NGINX, you can insert something similar to the code below in your NGINX configuration block.      
 ```
 location / {
     rewrite ^p/(.*) view.php?id=$1;
 }
 ```
 
-# Default Admin Login
+Using the Simple-PHP-Blog
+===
+
+The system is quite easy to use, as there isnt much work required to do a simple blog.
+
+## Default Admin Login
 Username: admin  
 Password: 12345   
 
-There is no way to update the admin password through the dashboard yet.  
-To change your password, hash your password with PHP's `password_hash()` function. Then update the database value with the new password hash.   
+**__There is no way to update the admin password through the dashboard yet.__**
+**__To change your password, hash your password with PHP's `password_hash()` function. Then update the database value with the new password hash.__**
 
-# Screenshots
+## Screenshots
 
 ![screenshot_01](https://user-images.githubusercontent.com/16838612/66112823-78d32e00-e5c3-11e9-9b38-93ba488071e0.jpg)
 ![screenshot_02](https://user-images.githubusercontent.com/16838612/66112874-8d172b00-e5c3-11e9-97e4-590da5675100.jpg)

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

admin.php

@@ -1,16 +1,21 @@
 <?php
-require_once 'connect.php';
 require_once 'header.php';
-require_once 'security.php';
+require_once 'functions/security.php';
+
+# Turn on debug mode, and show all errors.
+if (DEBUG_MODE == true) {
+    error_reporting(E_ALL);
+    ini_set("display_errors", 1);
+}
+
 ?>
-    <h2 class="w3-container w3-teal w3-center">Admin Dashboard</h2>
-    <div class="w3-container">
-        <p>Welcome <?php echo $_SESSION['username']; ?>,</p>
-        <p><a href="new.php" class="w3-button w3-teal">Create new post</a></p>
-        <p><a href="generate_slugs.php" class="w3-button w3-teal">Generate slugs (SEO URLs)</a></p>
+<h2 class="w3-container w3-teal w3-center">Admin Dashboard</h2>
+<div class="w3-container">
+    <p>Welcome <?php echo $_SESSION['displayname']; ?>,</p>
+    <p><a href="new.php" class="w3-button w3-teal">Create new post</a></p>
 
-    </div>
-    <h5 class="w3-center">Posts</h5>
+</div>
+<h5 class="w3-center">Posts</h5>
 <?php
 $sql = "SELECT COUNT(*) FROM posts";
 $result = mysqli_query($dbcon, $sql);
@@ -22,7 +27,7 @@
 $page = 1;
 
 if (isset($_GET['page']) && is_numeric($_GET['page'])) {
-    $page = (INT)$_GET['page'];
+    $page = (int)$_GET['page'];
 }
 if ($page > $totalpages) {
     $page = $totalpages;
@@ -54,19 +59,19 @@
     $author = $row['posted_by'];
     $time = $row['date'];
 
-    $permalink = "p/".$id ."/".$slug;
-    ?>
+    $permalink = "p/" . $id . "/" . $slug;
+?>
 
     <tr>
         <td><?php echo $id; ?></td>
         <td><a href="<?php echo $permalink; ?>"><?php echo substr($title, 0, 50); ?></a></td>
         <td><?php echo $time; ?></td>
-        <td><a href="edit.php?id=<?php echo $id; ?>">Edit</a> | <a href="del.php?id=<?php echo $id; ?>"
-                                                                   onclick="return confirm('Are you sure you want to delete this post?')">Delete</a>
+        <td><?php echo "<h3><a href='$permalink'>view post</a></h3><p>"; ?></td>
+        <td><a href="edit.php?id=<?php echo $id; ?>">Edit</a> | <a href="del.php?id=<?php echo $id; ?>" onclick="return confirm('Are you sure you want to delete this post?')">Delete</a>
         </td>
     </tr>
 
-    <?php
+<?php
 }
 echo "</table>";
 

cat.php

@@ -1,8 +1,13 @@
 <?php
-require_once 'connect.php';
 require_once 'header.php';
 
-$id = (INT)$_GET['id'];
+# Turn on debug mode, and show all errors.
+if (DEBUG_MODE == true) {
+    error_reporting(E_ALL);
+    ini_set("display_errors", 1);
+}
+
+$id = (int)$_GET['id'];
 if ($id < 1) {
     header("location: index.php");
 }
@@ -51,4 +56,4 @@
     echo '</div>';
 }
 
-include("footer.php");
+include("footer.php");

categories.php

@@ -1,22 +1,24 @@
-<div class="w3-container w3-center w3-teal"><h3>Categories</div>
+<div class="w3-container w3-center w3-teal">
+    <h3>Categories
+</div>
 <?php
 $sql = "SELECT * FROM category";
 $result = mysqli_query($dbcon, $sql);
 
-if ($result){
+if ($result) {
     echo "<div class='w3-container w3-border'>";
     while ($row = mysqli_fetch_assoc($result)) {
         $id = $row['id'];
         $catname = $row['catname'];
         $description = $row['description'];
-        ?>
+?>
 
         <div class="w3-panel w3-border"><a href="cat.php?id=<?php echo $id; ?>"><?php echo $catname; ?></a><br>
             <?php echo $description; ?>
         </div>
-        <?php
+<?php
     }
     echo "</div>";
-}else{
+} else {
     echo "<div class='w3-panel w3-pale-red'>No Category found.</div>";
 }

composer.json

@@ -0,0 +1,42 @@
+{
+    "name": "composer/composer",
+    "type": "library",
+    "description": "Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere.",
+    "keywords": [
+    ],
+    "authors": [
+        {
+            "name": "Philipinho (Philip)",
+            "homepage": "https://github.com/Philipinho",
+            "role": "Developer"
+        },
+        {
+            "name": "7s9n (Hussein Sarea)",
+            "homepage": "https://github.com/7s9n",
+            "role": "Contributor"
+        },
+        {
+            "name": "ankheur (Pierrick Rancoeur)",
+            "homepage": "https://github.com/ankheur",
+            "role": "Contributor"
+        },
+        {
+            "name": "terzinnorbert",
+            "homepage": "https://github.com/terzinnorbert",
+            "role": "Contributor"
+        },
+        {
+            "name": "myckgoncalves (Myck Gonçalves)",
+            "homepage": "https://github.com/myckgoncalves",
+            "role": "Contributor"
+        },
+        {
+            "name": "rastating",
+            "homepage": "https://github.com/rastating",
+            "role": "Contributor"
+        }
+    ],
+    "require": {
+        "php": "^7.2.5 || ^8.0"
+    }
+}

config.php

@@ -1,3 +1,13 @@
 <?php
-define('SITE_ROOT', ''); // If installed on a sub-folder, replace the empty constant with the folder's name
-define('PAGINATION', 10); // Pagination results per page
+/* Database credentials.*/
+define('DB_TYPE', 'mysql');         // NOT USED
+define('DB_SERVER', 'LOCALHOST');   // Server name/IP for the mysql server
+define('DB_USERNAME', 'USERNAME');  // What username to log in with
+define('DB_PASSWORD', 'PASSWORD');  // What password to use when logging in
+define('DB_NAME', 'MySimpleBlog');  // What is the database we are using
+define('DB_CHARSET', 'utf8');       // What character set are we using
+
+/* Define some settings for the blog */
+define('SITE_ROOT', ''); // If installed on a sub-folder. E.g. if installed to 'www.example.com/blog', enter 'blog' for SITE_ROOT
+define('PAGINATION', 10); // Pagination results per page
+define('DEBUG_MODE', false); // Turns on all debug errors