From 5ddabf9c0f1d7863b308968192ee4587e3a6a916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zden=C4=9Bk=20Borovec?= <zdenda.borovec@gmail.com>
Date: Wed, 8 May 2024 16:00:44 +0200
Subject: [PATCH] use 503 error on db conn error

---
 docs/common/header.php     | 12 ++++++++++++
 docs/www/blog/article.php  | 25 ++++++-------------------
 docs/www/blog/index.php    | 20 ++++++--------------
 docs/www/deleteaccount.php | 14 +++++---------
 docs/www/fileupload.php    |  1 +
 docs/www/login.php         | 13 ++++---------
 docs/www/register.php      | 38 +++++++++++++++++++++-----------------
 7 files changed, 55 insertions(+), 68 deletions(-)

diff --git a/docs/common/header.php b/docs/common/header.php
index 6c31189..e012ee0 100755
--- a/docs/common/header.php
+++ b/docs/common/header.php
@@ -16,6 +16,10 @@ if(isset($_COOKIE["PHPSESSID"]))
 $conn = null;
 attempt_sql_connect();
 
+// this variable is here to ensure header doesn't appear twice (on errors,
+// for example)
+$header_displayed = false;
+
 /** Attempt to connect to sql database
  */
 function attempt_sql_connect() {
@@ -88,6 +92,14 @@ function construct_account_section(){
  * purposes.
  */
 function display_header($pageTitle) {
+	global $header_displayed;
+
+	if($header_displayed){
+		return;
+	}
+
+	$header_displayed = true;
+
 	printf("
 <html lang=\"en\">
 	<head>
diff --git a/docs/www/blog/article.php b/docs/www/blog/article.php
index 9acd12a..39e5f88 100644
--- a/docs/www/blog/article.php
+++ b/docs/www/blog/article.php
@@ -367,13 +367,8 @@ function load_blog($conn, $blogId){
 
 // Check DB connection
 if($conn == null){
-	printf("
-		<article>
-			<h1>Failed DB connection, cannot proceed!</h1>
-			If you see this error in production,
-			please shoot me an email with helpful details.
-		</article>");
-	include_once($COMMONS."/footer.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 	die();
 }
 
@@ -402,12 +397,8 @@ $blogId = sanitize_input($_GET["guid"]);
 // If no ID was entered, display warning and die.
 if(!$blogId) {
 	display_header("No article requested.");
-	printf("
-<article>
-	<h2>You didn't request an article</h2>
-	To request an article, set the `guid` GET parameter to the GUID of the article.
-</article>");
-	include_once($COMMONS."/footer.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 	die();
 }
 
@@ -416,12 +407,8 @@ $blogPost = load_blog($conn, $blogId);
 // If no ID was entered, display warning and die.
 if(!$blogPost) {
 	display_header("Article not found");
-	printf("
-<article>
-	<h2>The article you requested doesn't exist.</h2>
-	If you copied the address manually, try to check if you did so correctly.
-</article>");
-	include_once($COMMONS."/footer.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/errors/404.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 	die();
 }
 
diff --git a/docs/www/blog/index.php b/docs/www/blog/index.php
index 7954a7b..8856d7b 100755
--- a/docs/www/blog/index.php
+++ b/docs/www/blog/index.php
@@ -1,6 +1,4 @@
 <?php
-display_header("Blogs");
-
 /**
  * Display a blog-preview div
  */
@@ -39,19 +37,12 @@ function display_blog_preview($blogpost_id, $title, $abstract,
 /**
  * Select all the blogposts from the database, their tags, then display them.
  */
-function display_blog_previews(){
-	// Access global variables
-	global $conn;
-
+function display_blog_previews($conn){
 	// Check DB connection
 	if($conn == null){
-		printf("
-			<article>
-				<h1>Failed DB connection, cannot proceed!</h1>
-				If you see this error in production,
-				please shoot me an email with helpful details.
-			</article>");
-		return;
+		include($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
+		die();
 	}
 
 	// Prepare statement for selecting all the blogposts
@@ -88,6 +79,7 @@ function display_blog_previews(){
 	}
 }
 
+display_header("Blogs");
 ?>
 
 <article>
@@ -102,5 +94,5 @@ function display_blog_previews(){
 <hr>
 
 <?php
-display_blog_previews();
+display_blog_previews($conn);
 ?>
diff --git a/docs/www/deleteaccount.php b/docs/www/deleteaccount.php
index eb3b4fc..7121df6 100644
--- a/docs/www/deleteaccount.php
+++ b/docs/www/deleteaccount.php
@@ -1,6 +1,4 @@
 <?php
-display_header("Delete account");
-
 // Error string for the content deletion confirmation
 $confStringErr = "";
 
@@ -13,13 +11,8 @@ function delete_user($conn, $confirmString) {
 
 	// Check DB connection
 	if($conn == null){
-		printf("
-			<article>
-				<h1>Failed DB connection, cannot proceed!</h1>
-				If you see this error in production,
-				please shoot me an email with helpful details.
-			</article>");
-		include_once($GLOBALS['COMMONS']."/footer.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 		die();
 	}
 
@@ -73,6 +66,7 @@ function delete_user($conn, $confirmString) {
 	$stmt->bindParam(":userId", $_SESSION["current_user"]->user_id);
 	$stmt->execute();
 
+	// Log the user out
 	if (ini_get("session.use_cookies")) {
 		$params = session_get_cookie_params();
 		setcookie(session_name(), '', time() - 42000,
@@ -90,6 +84,8 @@ if (isset($_POST["submit"])) {
 	delete_user($conn, sanitize_input($_POST["remove_content"]));
 }
 
+display_header("Delete account");
+
 if(sanitize_input($_GET["success"]) == "true"){
 	printf("<article><h2>Deletion succesful.</h2></article>");
 }
diff --git a/docs/www/fileupload.php b/docs/www/fileupload.php
index 0b2784c..2a7f682 100644
--- a/docs/www/fileupload.php
+++ b/docs/www/fileupload.php
@@ -4,6 +4,7 @@
 if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
 	header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
 	include($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
+	include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 	die();
 }
 
diff --git a/docs/www/login.php b/docs/www/login.php
index aa24c2f..6bf6d68 100644
--- a/docs/www/login.php
+++ b/docs/www/login.php
@@ -1,6 +1,4 @@
 <?php
-display_header("Login");
-
 // Define previous attempt and error variables and set to empty values.
 $usernameOld = $passwordOld = "";
 $usernameErr = $passwordErr = "";
@@ -17,13 +15,8 @@ function attempt_login($conn, $username, $password) {
 
 	// Check DB connection
 	if($conn == null){
-		printf("
-			<article>
-				<h1>Failed DB connection, cannot proceed!</h1>
-				If you see this error in production,
-				please shoot me an email with helpful details.
-			</article>");
-		include_once($GLOBALS['COMMONS']."/footer.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 		die();
 	}
 
@@ -100,6 +93,8 @@ if (isset($_POST["submit"])) {
 		header("Location: "."http://www.zdenekborovec-dev.cz");
 	}
 }
+
+display_header("Login");
 ?>
 
 <article>
diff --git a/docs/www/register.php b/docs/www/register.php
index ffcd4a2..6f34027 100644
--- a/docs/www/register.php
+++ b/docs/www/register.php
@@ -1,12 +1,11 @@
 <?php
-display_header("Register");
-
 // Define previous attempt and error variables and set to empty values.
 $usernameOld = $passwordOld = $passwordConfOld = "";
 $usernameErr = $passwordErr = "";
 
 /**
  * Process the information, and if there are no errors, log the user in.
+ * Returns true on success, false on failure.
  */
 function attempt_register($conn, $username, $password, $passwordConf) {
 	// Access global variables
@@ -18,13 +17,8 @@ function attempt_register($conn, $username, $password, $passwordConf) {
 
 	// Check DB connection
 	if($conn == null){
-		printf("
-			<article>
-				<h1>Failed DB connection, cannot proceed!</h1>
-				If you see this error in production,
-				please shoot me an email with helpful details.
-			</article>");
-		include_once($GLOBALS['COMMONS']."/footer.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/errors/503.php");
+		include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
 		die();
 	}
 
@@ -47,7 +41,7 @@ function attempt_register($conn, $username, $password, $passwordConf) {
 		$usernameOld = $username;
 		$passwordOld = $password;
 		$passwordConfOld = $passwordConf;
-		return;
+		return false;
 	}
 
 	// See if a user with this name is already registered
@@ -69,7 +63,7 @@ function attempt_register($conn, $username, $password, $passwordConf) {
 		$usernameOld = $username;
 		$passwordOld = $password;
 		$passwordConfOld = $passwordConf;
-		return;
+		return false;
 	}
 
 	// Hash the password before inserting
@@ -83,20 +77,30 @@ function attempt_register($conn, $username, $password, $passwordConf) {
 
 	// Execute the statement
 	$stmt->execute();
-	printf("<article><h2>Registration succesful!</h2>
-		You can now continue to
-		<a href=\"http://www.zdenekborovec-dev.cz/login\">Login</a>.
-</article>");
+
+	return true;
 }
 
+display_header("Register");
+
 /**
  * If user sent the form, process it. This starts a session.
  * Either login user and redirect to index or set error message variables.
  */
 if (isset($_POST["submit"])) {
 	// Attempt to register
-	attempt_register($conn, $_POST["username"], $_POST["password"],
-		$_POST["password_conf"]);
+	$registerResult = attempt_register($conn, $_POST["username"],
+		$_POST["password"], $_POST["password_conf"]);
+
+	// If registration was succesful, display message, footer and die.
+	if($registerResult) {
+		printf("<article><h2>Registration succesful!</h2>
+		You can now continue to
+		<a href=\"http://www.zdenekborovec-dev.cz/login\">Login</a>.
+		</article>");
+		include($_SERVER["DOCUMENT_ROOT"]."/../common/footer.php");
+		die();
+	}
 }
 ?>