Adding backend

db.json

@@ -0,0 +1,8 @@
+{
+	"Admin_Key"	:  "",
+
+	"SQL_Host"	:  "",
+	"SQL_User"	:  "",
+	"SQL_Password"	:  "",
+	"Database"	:  ""
+}

export.sql

@@ -0,0 +1,110 @@
+-- phpMyAdmin SQL Dump
+-- version 4.8.0
+-- https://www.phpmyadmin.net/
+--
+-- Host: 127.0.0.1
+-- Generation Time: Oct 06, 2018 at 08:05 AM
+-- Server version: 10.1.31-MariaDB
+-- PHP Version: 7.2.4
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET AUTOCOMMIT = 0;
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `trim`
+--
+CREATE DATABASE IF NOT EXISTS `trim` DEFAULT CHARACTER SET utf16 COLLATE utf16_unicode_ci;
+USE `trim`;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `events`
+--
+
+CREATE TABLE `events` (
+  `eventId` smallint(5) UNSIGNED NOT NULL,
+  `name` tinytext COLLATE utf16_unicode_ci,
+  `date` date DEFAULT NULL,
+  `startTime` time DEFAULT NULL,
+  `endTime` time DEFAULT NULL,
+  `address` text COLLATE utf16_unicode_ci,
+  `eventCoordinator` text COLLATE utf16_unicode_ci,
+  `maxSlots` tinyint(4) NOT NULL DEFAULT '10'
+) ENGINE=InnoDB DEFAULT CHARSET=utf16 COLLATE=utf16_unicode_ci;
+
+--
+-- Dumping data for table `events`
+--
+
+INSERT INTO `events` (`eventId`, `name`, `date`, `startTime`, `endTime`, `address`, `eventCoordinator`, `maxSlots`) VALUES
+(1, 'BMMS Winter Concert', '2018-11-27', '18:30:00', '21:30:00', '4300 Centennial Lane\r\nEllicott City, MD 21042', '', 20);
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `signups`
+--
+
+CREATE TABLE `signups` (
+  `signupId` tinyint(3) UNSIGNED NOT NULL,
+  `eventId` smallint(5) UNSIGNED NOT NULL,
+  `name` tinytext COLLATE utf16_unicode_ci NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf16 COLLATE=utf16_unicode_ci;
+
+--
+-- Dumping data for table `signups`
+--
+
+INSERT INTO `signups` (`signupId`, `eventId`, `name`) VALUES
+(1, 1, 'Spongebob Squarepants'),
+(2, 1, 'Squidward Tentacles'),
+(3, 1, 'Patrick Star'),
+(4, 1, 'Sandy Cheeks'),
+(5, 1, 'Eugene Krabs'),
+(6, 1, 'Gary Something');
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `events`
+--
+ALTER TABLE `events`
+  ADD PRIMARY KEY (`eventId`);
+
+--
+-- Indexes for table `signups`
+--
+ALTER TABLE `signups`
+  ADD PRIMARY KEY (`signupId`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `events`
+--
+ALTER TABLE `events`
+  MODIFY `eventId` smallint(5) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
+
+--
+-- AUTO_INCREMENT for table `signups`
+--
+ALTER TABLE `signups`
+  MODIFY `signupId` tinyint(3) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=7;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

public_html/.htaccess

@@ -0,0 +1,24 @@
+# Disable directory browsing
+Options All -Indexes
+
+# Disable 300 multiple choices pages
+Options -MultiViews
+CheckSpelling off
+
+# Redirect WWW requests to non-WWW
+RewriteBase /
+RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
+RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
+
+# Error pages
+ErrorDocument 404 "404 Error: Page Not Found"
+ErrorDocument 403 "403 Error: Forbidden Page"
+
+<FilesMatch "(.png|.ico)$">
+        # 4 days
+        Header set Cache-Control "max-age=345600, public"
+</FilesMatch>
+
+# Hide Apache version
+# Unfortunately, ServerTokens Prod can only be done in the httpd.conf file (which we don't have access to)
+ServerSignature Off

public_html/admin-page.php

@@ -0,0 +1,96 @@
+<?php
+
+$config = json_decode(file_get_contents("../db.json"), true);
+
+// Connection info
+$servername = $config['SQL_Host'];
+$dusername = $config['SQL_User'];
+$dpassword = $config['SQL_Password'];
+$dbname = $config['Database'];
+
+$mysqli = new mysqli($servername, $dusername, $dpassword, $dbname);
+if ($mysqli->connect_errno) {
+    //echo "Failed to connect to MySQL: " . $mysqli->connect_error;
+    exit;
+}
+
+$config = json_decode(file_get_contents("../db.json"), true);
+$admin_key = $config['Admin_Key'];
+
+if (isset($_COOKIE['pwd'])) {
+    $inbound_key = urldecode($_COOKIE['pwd']);
+    $compare_key = md5($inbound_key . "m9phF35dz9XMvDYQ7VM8");
+
+    if ($compare_key === $admin_key)
+    {
+        header("Location: /event-admin-list.php");
+        die;
+        echo "Success";
+    }
+}
+
+if (isset($_POST['password']))
+{
+    $inbound_key = $_POST['password'];
+    $admin_key = $config['Admin_Key'];
+	// not ideal, but ok for now
+	// TODO: use bcrypt instead
+	$compare_key = md5($inbound_key . "m9phF35dz9XMvDYQ7VM8");
+
+	if ($compare_key === $admin_key)
+	{
+		// auth success
+		setcookie("pwd", $inbound_key, 0, '/', 'trim.chseagletime.com', false, true);
+        header("Location: /event-admin-list.php");
+		die;
+	}
+	else
+	{
+		echo "Authentication Failure";
+	}
+
+	#echo $inbound_key . "<br>";
+	#echo $compare_key . "<br>";
+
+	die;
+}
+
+?>
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <!-- Is this whole line needed -->
+        <link type="text/css" rel="stylesheet" href="css/admin-styles.css"  media="screen,projection"/>
+        <!--Let browser know website is optimized for mobile-->
+        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+        <!-- Is this right -->
+        <script type="text/javascript" src="js/script.js"></script>
+    </head>
+
+    <body>
+        <header>
+            <img src="media/threeM.png">
+            <nav>
+                <img onclick="dropdown()" src="media/dropdown.png">
+                <div id="Menu" class="collapsed">
+                    <h1><a href="index.php">Home</a></h1>
+                    <h1><a href="event-list.php">Events</a></h1>
+                    <h1><a href="admin-page.php">Administrator Access</a></h1>
+                </div>
+            </nav>
+        </header>
+
+        <!-- Spacer -->
+        <div style="border-bottom-style: none; height: 5vh"></div>
+
+        <div class="entry">
+            <h1>ENTER AN EDIT KEY</h1>
+		<form method="post">
+		<input type="password" name="password" placeholder="Password" style="border: none; background: none; color: #167887; font-family: Montserrat; font-size: 2.5vh; text-align: center;">
+		<input type="submit" value="Submit"></div></form>
+        </div>
+
+        <script type="text/javascript" src="js/script.js"></script>
+    </body>
+</html>