Initial commit.

add_time.php

+<?php
+
+include "base.php";
+
+global $mysql;
+global $authenticated;
+
+if ($authenticated) {
+	$stmt = $mysql->prepare(
+		"INSERT INTO times (name, time, performance_date)
+		 VALUES (?, ?, ?)") or die($mysql->error);
+	$time = $_REQUEST["time"] * 1000;
+	$stmt->bind_param("sss", $_REQUEST["name"], $time, $_REQUEST["when"]);
+	$stmt->execute() or die($mysql->error);
+	$stmt->close();
+
+} else {
+	die("Not logged in");
+}
+
+header("Location: /");
+die();

admin.php

+<?php include "head.php"; ?>
+
+<article>
+
+<?php if (! $authenticated) { ?>
+<form method="POST" action="login.php" class="loginform">
+<label>Username:</label><input type="text" name="username"/>
+<label>Password:</label><input type="password" name="password">
+<input type="hidden" name="returnaddr" value="<?= $url ?>"/>
+<input type="submit" value="Log in"/>
+</form>
+<?php } else { ?>
+
+<h2>Create User</h2>
+<form method="POST" action="create_user.php" class="loginform">
+<label>Username:</label><input type="text" name="username"/>
+<label>Real Name:</label><input type="text" name="real_name"/>
+<label>Password:</label><input type="password" name="password">
+<label>Repeat Password:</label><input type="password" name="password2">
+<input type="hidden" name="returnaddr" value="<?= $url ?>"/>
+<input type="submit" value="Create"/>
+</form>
+
+<?php } ?>
+
+</article>
+
+<?php include "tail.php"; ?>
+

base.php

+<?php
+
+ini_set('display_startup_errors', 1);
+ini_set('display_errors', 1);
+error_reporting(E_ALL);
+// error_reporting(~E_STRICT);
+
+$mysql = new mysqli("localhost", "drain", "securepassword", "drain")
+or die(mysqli_connect_error());
+
+$url = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+
+function create_user($username, $real_name, $password) {
+	global $mysql;
+
+	$salt =  substr(md5(rand()), 0, 64);
+
+	$hash = hash ("sha256", $salt . $password);
+
+	$stmt = $mysql->prepare(
+		"INSERT INTO users (username, full_name, salt, hash)
+		 VALUES (?, ?, ?, ?)") or die($mysql->error);
+	$stmt->bind_param("ssss", $username, $real_name, $salt, $hash);
+	$stmt->execute() or die($mysql->error);
+	$stmt->close();
+}
+
+function login_user($name, $password) {
+	global $mysql;
+	$stmt = $mysql->prepare(
+		"SELECT sha2(concat(salt, ?), 256), hash
+		FROM users WHERE username = ?") or die($mysql->error);
+	$stmt->bind_param("ss", $password, $name);
+	$stmt->execute() or die($mysql->error);
+	$stmt->bind_result($h1, $h2);
+	$stmt->fetch() or die($mysql->error);
+	$stmt->close();
+	if ($h1 === $h2) {
+		$stmt = $mysql->prepare(
+			"INSERT INTO session_cookies (username, best_before, hash)
+			 VALUES (?, ?, ?)") or die($mysql->error);
+
+		// next month
+		$best_before = date("Y-m-d H:i:s", time() + 3600 * 24 * 7 * 4);
+
+		$stmt->bind_param("sss", $name, $best_before, $h1);
+		$stmt->execute() or die($mysql->error);
+		$stmt->close();
+
+		return "name=$name&hash=$h1";
+	} else {
+		return False;
+	}
+}
+
+function auth_cookie($cookie) {
+	global $mysql;
+	parse_str($cookie, $output);
+	$stmt = $mysql->prepare(
+		"SELECT hash FROM session_cookies
+		 WHERE username = ?
+		 ") or die($mysql->error);
+	$stmt->bind_param ("s", $output["name"]);
+	$stmt->bind_result($hash);
+	$stmt->execute() or die($mysql->error);
+	$row = $stmt->fetch();
+	$stmt->close();
+
+	if ($output["hash"] === $hash) {
+		$stmt = $mysql->prepare("SELECT full_name FROM users WHERE username = ?") or die($mysql->error);
+		$stmt->bind_param("s", $output["name"]);
+		$stmt->execute() or die($mysql->error);
+		$stmt->bind_result($name);
+		$stmt->fetch() or die($mysql->error);
+		return array(
+			"name" => $name,
+			"username" => $output["name"]);
+	} else {
+		return False;
+	}
+}
+
+$authenticated = False;
+if (array_key_exists("login", $_COOKIE)) {
+	$authenticated = auth_cookie($_COOKIE["login"]);
+}	

create_user.php

+<?php
+include "base.php";
+
+// $cookie = $_COOKIE["login"] or die("No cookie");
+// 
+// auth_cookie($cookie) or die("Bad cookie");
+
+($_REQUEST["password"] === $_REQUEST["password2"]) or die("passwords don't match");
+
+create_user($_REQUEST["username"], $_REQUEST["real_name"], $_REQUEST["password"]);
+
+header("Location: /");
+die();
+

head.php

+<?php include "base.php" ?>
+
+<!doctype html>
+<html>
+<head>
+	<meta charset="utf-8"/>
+	<meta name="viewport" content="width=device-width; initial-scale=1.0"/>
+	<link rel="stylesheet" href="style.css"/>
+	<title>Häfvfakultet</title>
+</head>
+<body>
+
+<header>
+<div class="left">
+<h2>Häfv nollan, nollan häfv!</h2>
+<?php
+global $authenticated;
+if ($authenticated) {
+?>
+	<p>Välkommen, <?= $authenticated["name"] ?></p>
+<?php } ?>
+</div>
+<img src="hf-logo.png" alt="HF Logo"/>
+</header>
+
+<nav>
+<ul>
+<li><a href="/">Startsidan</a></li>
+<li><a href="medlem.php">Bli medlem</a></li>
+<li><a href="/stadgar.php">Stadgar</a></li>
+<li><a href="/regler.php">Reglemente</a></li>
+<li>Facebook</li>
+<hr/>
+<?php if($authenticated) { ?>
+<li><a href="/logout.php">Log Out</a></li>
+<?php } else { ?>
+<li><a href="/admin.php">Log in</a></li>
+<?php } ?>
+<li><a href="/admin.php">Admin</a></li>
+</ul>
+
+</nav>
+
+<main>
+

index.php

+<?php include "head.php"; ?>
+
+<article>
+<h2>Häfvbastu!</h2>
+
+Den 14 septemebr är det dags för terminens första häfvbastu!
+
+</article>
+
+<hr/>
+
+<article>
+<h2>Bästa Häfvtiderna!</h2>
+<table style="width:100%;">
+<thead>
+	<tr>
+		<th>#</th>
+		<th>Namn</th>
+		<th>Tid</th>
+		<th>När</th>
+	</tr>
+</thead>
+<tbody>
+<?php
+$times = $mysql->query(
+	"SELECT name, time, performance_date FROM times
+	 ORDER BY time ASC")
+	or die($mysql->error);
+$i = 1;
+while ($row = $times->fetch_assoc()) { ?>
+<tr>
+	<td><?= $i++ ?>
+	<td><?= $row["name"] ?></td>
+	<td><?= sprintf("%.2f", $row["time"] / 1000) ?></td>
+	<td><?= substr($row["performance_date"], 0, 10) ?></td>
+</tr>
+<?php } ?>
+</tbody>
+<?php if ($authenticated) { ?>
+<tfoot>
+<form method="POST" action="add_time.php">
+<tr>
+<td></td>
+<td><input name="name" type="text" placeholder="Namn"/></td>
+<td><input name="time" type="number" min="0" max="10" step="0.01" placeholder="Tid" /></td>
+<td><input name="when" type="date" value="<?php echo date('Y-m-d'); ?>" /></td>
+</tr>
+<td></td><td colspan="3"><input style="width: 100%" type="submit"/></td>
+<tr>
+</tr>
+</form>
+</tfoot>
+<?php } ?>
+</table>
+
+</article>
+
+<?php include "tail.php"; ?>

login.php

+<?php
+include "base.php";
+
+$auth = login_user($_REQUEST["username"], $_REQUEST["password"]);
+if ($auth) {
+	setcookie ("login", $auth);
+}
+
+header("Location: /");
+die();
+

logout.php

+<?php
+
+include "base.php";
+
+global $authenticated;
+
+if ($authenticated) {
+	global $mysql;
+	unset($_COOKIE["login"]);
+	setcookie("login", null);
+
+	$stmt = $mysql->prepare("DELETE FROM session_cookies WHERE username = ?") or die($mysql->error);
+	$stmt->bind_param("s", $authenticated["username"]);
+	$stmt->execute() or die($mysql->error);
+
+	header("Location: /");
+	die();
+}

medlem.php

+<?php include "head.php"; ?>
+
+<article>
+You don't.
+</article>
+
+<?php include "tail.php"; ?>

medlemm.php

+<!doctype html>
+<html>
+<head>
+<meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width; initial-scale=1.0"/>
+<link rel="stylesheet" href="style.css"/>
+
+<title>Bli medlemm­- Häfvfakultet</title>
+</head>
+
+<body>
+</body>
+

regler.php

+<?php include "head.php"; ?>
+<article>
+Reglerna kommer snart.
+</article>
+<?php include "tail.php"; ?>

schema.sql

+CREATE TABLE times (
+	id INT(11) AUTO_INCREMENT,
+	name VARCHAR(1023) NOT NULL,
+	time INTEGER NOT NULL,
+	performance_date TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+	PRIMARY KEY (id)
+);
+
+CREATE TABLE users (
+	id INT(11) AUTO_INCREMENT,
+	username varchar(1023) NOT NULL,
+	full_name varchar(1023),
+	salt char(64) NOT NULL,
+	hash char(64) NOT NULL,
+
+	PRIMARY KEY (id),
+	UNIQUE (username)
+);
+
+CREATE TABLE session_cookies (
+	id INT(11) AUTO_INCREMENT,
+	username varchar(1023) NOT NULL,
+	best_before TIMESTAMP NOT NULL,
+
+	hash char(64) NOT NULL,
+
+	PRIMARY KEY (id)
+);

stadgar.php

+<?php include "head.php"; ?>
+
+<article>
+Stadgarna kommer snart.
+</article>
+
+<?php include "tail.php"; ?>
+

style.css

+body {
+	padding: 0;
+	margin: 0;
+	min-height: 100vh;
+	display: flex;
+	flex-direction: column;
+	font-family: arial;
+}
+
+nav {
+	border-bottom: 2px dotted gray;
+}
+
+@media (min-width: 768px) {
+	body {
+		display: grid;
+		grid-template-columns: 200px 1fr 200px;
+		grid-template-rows: auto 1fr auto;
+		grid-template-areas:
+			"header header header"
+			"sidebar main main"
+			"footer footer footer";
+	}
+
+	nav {
+		border-right: 2px dotted gray;
+		border-bottom: none;
+	}
+}
+
+header {
+	grid-area: header;
+	background-color: red;
+	background-image: url("white-plaster.png");
+	height: 100px;
+}
+
+header .left {
+	display: flex;
+	flex-direction: column;
+	float: left;
+	justify-content: space-evenly;
+	height: 100%;
+}
+
+.left > * {
+	margin: 0;
+	padding-left: 1em;
+}
+
+.left > p {
+	padding-left: 4em;
+	color: #333;
+}
+
+header img {
+	float: right;
+	height: 100%;
+}
+
+
+main {
+	grid-area: main;
+	flex: 1;
+	font-family: times;
+}
+nav {
+	grid-area: sidebar;
+}
+footer { grid-area: footer; }
+
+article {
+	margin: 1em;
+}
+
+/* häfv times */
+
+table {
+	border: 1px solid black;
+	border-collapse: collapse;
+}
+
+thead, tbody tr:nth-child(even) {
+	background-color: lightgray;
+}
+
+tbody tr:hover {
+	background-color: #FF67677F;
+}
+
+td {
+	padding: 0.5em;
+	text-align: center;
+}
+
+form td {
+	padding: 0;
+}
+
+.loginform {
+	display: grid;
+	grid-template-columns: 8em auto;
+}
+
+.loginform input[type=submit] {
+	grid-column-end: span 2;
+}
+
+nav ul {
+	list-style-type: none;
+	padding: 0;
+}
+
+nav li {
+	width: 100%;
+	height: 2em;
+	display: flex;
+	align-items: center;
+	justify-content: center;
+
+}
+
+nav li a {
+	text-decoration: none;
+	color: black !important;
+}
+
+nav li:hover {
+	background-color: red;
+}

tail.php

+
+</main>
+<footer>
+Is there supposed to be something in the footer?
+</footer>
+</body>
+</html>
+