From 9502d03c981be6e0102c826bb6d85403bca0494f Mon Sep 17 00:00:00 2001
From: Aaron Junker <aaron.junker@sus.schulen-stadtsh.ch>
Date: Mon, 14 Sep 2020 19:09:15 +0200
Subject: [PATCH] push

---
 CHANGELOG.md                 |  1 +
 site/admin/login.php         |  2 +-
 site/install/step2.php       |  8 +++-----
 site/lang/en-en.json         |  7 ++++++-
 site/login/changepass.php    |  5 ++---
 site/login/login.php         |  2 +-
 site/login/register.php      |  2 +-
 site/profile.php             |  2 +-
 site/siteelements/header.php | 16 ++++++++--------
 9 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a7e22e15..a5c2b511b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ This is a release Candidate version. Issues will be tracked in #49
 * Moved blogsite, index and HTTP-Errors to page.php
 * Added all translations
 * Updated files to new code conventions
+* Changed de.gravatar.com to gravatar.com
 ## Removed
 * Removed is_there_usoc.json
 * /errors/*
diff --git a/site/admin/login.php b/site/admin/login.php
index e8007bbab..8d1acce03 100644
--- a/site/admin/login.php
+++ b/site/admin/login.php
@@ -12,7 +12,7 @@
     $_POST["B"] = $_SESSION['temp_User_Name'];
   }
   while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC)){
-    if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(@password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])==$zeile["Password"]||isset($_SESSION["code"])) ){
+    if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(password_verify($_POST["P"],$zeile["Password"])||isset($_SESSION["code"]))){
       $login = True;
       $user_id = $zeile["Id"];
       $user_name = $zeile["Username"];
diff --git a/site/install/step2.php b/site/install/step2.php
index 54443a67f..52af5b8ec 100644
--- a/site/install/step2.php
+++ b/site/install/step2.php
@@ -14,15 +14,14 @@
           echo "Can't connect to Database.";
           exit("Error!");
         }
-        $salt = substr(str_shuffle(str_repeat(implode('', range('!','z')), $length)), 0, 25);
-        $pass = password_hash($_POST["Pass"],PASSWORD_DEFAULT,["salt"=>$salt]);
+        $pass = password_hash($_POST["Pass"],PASSWORD_DEFAULT);
         $Name = $_POST["Name"];
         $Author = $_POST["Author"];
         $lang = $_POST["Lang"];
         $UserName = $_POST["UserName"];
         $sql= <<<HEREDOC
         CREATE TABLE `Settings` (
-          `Id` int(20) NOT NULL,  
+          `Id` int(20) NOT NULL,
           `Name` varchar(99) NOT NULL,
           `Value` varchar(99) NOT NULL,
           `Type` varchar(4) NOT NULL
@@ -41,7 +40,6 @@
         (10, 'site.lang', '$lang', 'Text'),
         (11, 'site.robots', 'index, follow', 'Text'),
         (12, '2fa.name', '', 'Text'),
-        (13, 'login.salt', '$salt', 'Text');
 
         ALTER TABLE `Settings`
           ADD PRIMARY KEY (`Id`);
@@ -113,7 +111,7 @@
           MODIFY ID int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=1;
         COMMIT;
         HEREDOC;
-        
+
         mysqli_multi_query($db_link,$sql);
         //File configuration.php creation
         $file = <<<'HEREDOC'
diff --git a/site/lang/en-en.json b/site/lang/en-en.json
index 4e0ad6074..ea0d7549c 100644
--- a/site/lang/en-en.json
+++ b/site/lang/en-en.json
@@ -15,6 +15,7 @@
     "style.darkmode": "Darkmode",
     "style.lightmode": "Normalmode",
     "login": "login",
+    "login.g": "Login",
     "login.already_logged_in": "You're already logged in",
     "login.form_error": "Form error!",
     "login.login_closed": "Login closed",
@@ -56,11 +57,14 @@
     "login.fail_same_password": "Not the same password",
     "login.fillout": "Please fill out everything",
     "login.logout": "You're logged out",
+    "login.logout.action": "Logout",
     "blog": "blog",
     "blog.readmore": "Read more...",
     "login.account.password_changed": "Password changed",
     "error.offline": "<h1>Page offline</h1>\n                <p>This page is no longer available.</p>",
     "error.410": "Gone. This resource is not longer here.",
+    "register": "register",
+    "register.g": "Register",
     "register.succeed": "Register succeeded",
     "register.closed": "Register closed",
     "blog.overwiew": "Blog overview",
@@ -89,5 +93,6 @@
     "admin.welcome": "Welcome!",
     "profile": "Profile",
     "profile.settings": "Profile settings",
-    ""
+    "profile.changePP": "Change profile picture on Gravatar.com",
+    "accessibility.skipnavigation": "Skip Navigation"
 }
diff --git a/site/login/changepass.php b/site/login/changepass.php
index 2736f2f61..9b2b221ac 100644
--- a/site/login/changepass.php
+++ b/site/login/changepass.php
@@ -11,7 +11,7 @@
       $db_erg = mysqli_query( $db_link, $sql );
       while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC))
         {
-          if(md5($zeile["Id"]) == $_SESSION['User_ID']&&$zeile["Password"]==password_hash($_POST["oldpass"],PASSWORD_DEFAULT,["salt"=>$U->getSetting("login.salt")])){
+          if(md5($zeile["Id"]) == $_SESSION['User_ID']&&password_verify($_POST["oldpass"],$zeile["Password"])){
             $passc = True;
           }
         }
@@ -25,9 +25,8 @@
     $passc = False;
     echo $U->getLang("login.changepass.fail");
   }
-  echo $passc;
   if($passc){
-    $sql = "UPDATE User SET password='".password_hash($_POST["oldpass"],PASSWORD_DEFAULT,["salt"=>$U->getSetting("login.salt")])."' WHERE Id='".$_SESSION['User_ID']."';";
+    $sql = "UPDATE User SET password='".password_hash($_POST["newpass"])."' WHERE Id='".$_SESSION['User_ID']."';";
     echo $sql;
     $db_erg = mysqli_query( $db_link, $sql );
   }
diff --git a/site/login/login.php b/site/login/login.php
index 9efdb7819..508abd21b 100644
--- a/site/login/login.php
+++ b/site/login/login.php
@@ -12,7 +12,7 @@
     $_POST["B"] = $_SESSION['temp_User_Name'];
   }
   while ($zeile = mysqli_fetch_array( $db_erg, MYSQLI_ASSOC)){
-    if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(@password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])==$zeile["Password"]||isset($_SESSION["code"])) ){
+    if((strtolower($_POST["B"])==strtolower($zeile["Username"])||strtolower($_POST["B"])==strtolower($zeile["Mail"]))&&(password_verify($_POST["P"],$zeile["Password"])||isset($_SESSION["code"])) ){
       $login = True;
       $user_id = $zeile["Id"];
       $user_name = $zeile["Username"];
diff --git a/site/login/register.php b/site/login/register.php
index 54d88806c..6e02a8c7c 100644
--- a/site/login/register.php
+++ b/site/login/register.php
@@ -41,7 +41,7 @@
     $register = False;
   }
   if($register){
-    $sql = 'INSERT INTO User (Username, Mail, Password, Type) VALUES ('."'".$_POST["U"]."'".','."'".$_POST["M"]."'".','."'".password_hash($_POST["P"],PASSWORD_DEFAULT,["salt"=>getSetting("login.salt")])."'".',0);';
+    $sql = 'INSERT INTO User (Username, Mail, Password, Type) VALUES ('."'".$_POST["U"]."'".','."'".$_POST["M"]."'".','."'".password_hash($_POST["P"],PASSWORD_DEFAULT)."'".',0);';
     if($db_erg = mysqli_query( $db_link, $sql )){
       echo $U->getLang("register.succeed");
       header("Location: ".$USOC["DOMAIN"]);
diff --git a/site/profile.php b/site/profile.php
index df80e83ea..a35ad2f65 100644
--- a/site/profile.php
+++ b/site/profile.php
@@ -45,7 +45,7 @@ function onSignIn(googleUser) {
         <?php
           echo $U->getPP();
         ?>
-        <br><a target="_blank" href="https://de.gravatar.com"><button>Profilbild ändern auf Gravatar.com</button></a><br />
+        <br><a target="_blank" href="https://gravatar.com"><button><?php $U->getLang("profile.changePP") ?></button></a><br />
         <?php
         $db_link = mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DATABASE);
         $sql = "SELECT * FROM User WHERE Username='".$_SESSION["User_Name"]."'";
diff --git a/site/siteelements/header.php b/site/siteelements/header.php
index a2a407c2f..6161c470e 100644
--- a/site/siteelements/header.php
+++ b/site/siteelements/header.php
@@ -8,13 +8,13 @@
   <a id="skipnavigation" href="<?php echo $_SERVER["PHP_SELF"];
   if(isset($_GET["URL"])){
     echo "?URL=".$_GET["URL"];
-  }?>#maincontent">Skip navigation </a>
+  }?>#maincontent"><?php $U->getLang("accessibility.skipnavigation"); ?></a>
   <a href="index.php" id="headerlink"><img src="logo.png" height="100" alt="Logo" /><h1><?php echo $U->getSetting("site.name") ?></h1></a>
   <br />
   <div style="border-top: 1px;border-top-style:solid;border-top-color:black;">
     <ul id="menu">
       <li class="menuitem"><a href="page.php?URL=index">Home</a></li>
-      <li class="menuitem"><a href="blogsite.php">Blog</a></li>
+      <li class="menuitem"><a href="blogsite">Blog</a></li>
       <li class="menuitem dropdown">
         <a href="javascript:void(0)" class="dropbtn">Sites</a>
         <div class="dropdown-content">
@@ -37,20 +37,20 @@ function register_open(){
           session_start();
         }
         if(isset($_SESSION["User_ID"])){
-          echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="javascript:void(0)">'.$_SESSION["User_Name"].'</a><div style="right:0.5%;" class="dropdown-content"><a href="changepassword.php" onmouseover="menuhover()" class="dropdownlink">Passwort wechseln</a><br /><a href="profil.php" onmouseover="menuhover()" class="dropdownlink">Profileinstellungen</a><br /><a href="logout.php" onmouseover="menuhover()" class="dropdownlink">Ausloggen</a></div></li>';
+          echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="javascript:void(0)">'.$_SESSION["User_Name"].'</a><div style="right:0.5%;" class="dropdown-content"><a href="changepassword.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("login.changepass").'</a><br /><a href="profil.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("profile.settings").'</a><br /><a href="logout.php" onmouseover="menuhover()" class="dropdownlink">'.$U->getLang("login.logout.action").'</a></div></li>';
           if(isset($_SESSION["Admin"])){
-            echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="'.$USOC["Admin"].'">Adminbereich</a>';
+            echo '<li class="menuitem dropdown" style="float:right;"><a class="dropbtn" href="'.$USOC["Admin"].'">'.$U->getLang("admin").'</a>';
             if(isset($_GET["URL"])&&preg_match('/(page)/i',$_SERVER["PHP_SELF"])){
-                echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=editor&SiteName='.$_GET["URL"].'">Seite bearbeiten</a></div>';
+                echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=editor&SiteName='.$_GET["URL"].'">'.$U->getLang("admin.edit.site").'</a></div>';
               }elseif(isset($_GET["URL"])&&preg_match('/(blog)/i',$_SERVER["PHP_SELF"])){
-                echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=blogeditor&SiteName='.$_GET["URL"].'">Seite bearbeiten</a></div>';
+                echo '<div class="dropdown-content"><a onmouseover="menuhover()" class="dropdownlink" href="adminbg/index.php?URL=blogeditor&SiteName='.$_GET["URL"].'">'.$U->getLang("admin.edit.site").'</a></div>';
               }
               echo "</li>";
           }
         }else{
-          echo '<li class="menuitem" style="float:right;"><a href="login.php">Login</a></li>';
+          echo '<li class="menuitem" style="float:right;"><a href="login.php">'.$U->getLang("login.g").'</a></li>';
           if(register_open()){
-            echo '<li class="menuitem" style="float:right;"><a href="register.php">Registrieren</a></li>';
+            echo '<li class="menuitem" style="float:right;"><a href="register.php">'.$U->getLang("register.g").'</a></li>';
           }
         }
       ?>