Moved background generation

CHANGELOG.md

@@ -1,5 +1,10 @@
 ChangeLog
 =========
+1.0.2 (2021-08-02)
+-------------------------
+- Moved background generation
+
+
 1.0.1 (2021-07-21)
 -------------------------
 - Fix delete note without confirmation

config.inc.php.dist

@@ -9,4 +9,6 @@ $loglevel = 9;                                  // loglevel; 9=debug; 8=notice;
 $lang = 'en';									// set the locale for dates and other values
 $mailbox = '{imap.server.com:993/imap/ssl}';	// IMAP connection string, see https://www.php.net/manual/en/function.imap-open.php for possible values; set to null or empty for not authentication or using .htaccess
 $database = '/mnt/path/to/notes.db';			// path to database, leave empty or set to null, if you dont need 'stay logged in' feature
+$enckey = '3Z8V1TxkyNIwYc2v';					// random key for encryption
+$enchash = 'DACl6JbhwZs3XEgH';					// random hash for encryption
 ?>

css/notes.css

@@ -5,7 +5,7 @@ body {
 	font-size: 0.85em;
 }
 .login {
-	background: url(../background.php) no-repeat center center fixed;
+	background: url(../?bg=1) no-repeat center center fixed;
 	background-size: cover;
 	height: 100%;
 }
@@ -138,6 +138,10 @@ button.LogoutB {
         transform: rotate(360deg);
     }
 }
+li.task-list-item {
+	list-style: none;
+	margin-left: -1.5em;
+}
 #tocButton {
 	position: absolute;
 	z-index: 1;
@@ -158,14 +162,14 @@ button.LogoutB {
 	width: 300px;
 	white-space: nowrap;
 	padding: 10px 0;
-	box-shadow: 1px 3px 3px 0 rgba(50,50,50,.3);
+	box-shadow: 0px 3px 3px 1px rgba(50,50,50,.3);
 	border-bottom-left-radius: 5px;
 	border-bottom-right-radius: 5px;
-	border: 1px solid #bbb;
+	border-left: 1px solid #bbb;
 	border-top: 0;
 	overflow: auto;
-	max-height: calc(100% - 140px);
-	right: -310px;
+	max-height: calc(100% - 210px);
+	right: -320px;
 }
 #tocDIV ul {
 	margin: 0;
@@ -450,4 +454,8 @@ button.LogoutB {
 }
 .editor-statusbar {
 	background: #efefef;
+}
+.editor-preview pre code {
+	font-weight: 600;
+	font-size: 1em;
 }

index.php

@@ -2,7 +2,7 @@
 /**
  * Notes
  *
- * @version 1.0.1
+ * @version 1.0.2
  * @author Offerel
  * @copyright Copyright (c) 2021, Offerel
  * @license GNU General Public License, version 3
@@ -11,6 +11,35 @@
 include_once "config.inc.php.dist";
 include_once "config.inc.php";
 
+if(isset($_GET['bg'])) {
+	$files = array();
+	$backgroundsDir = dirname(__FILE__).'/images/';
+	if($handle = @opendir($backgroundsDir)) {
+		while($file = readdir($handle)) {
+			if($file != '.' AND $file != '..' AND mime_content_type($backgroundsDir.$file) == 'image/jpeg') {
+				$files[] = $file;
+			}
+		}
+	}
+	$bg_file = $backgroundsDir.$files[array_rand($files)];
+	$cacheContent = file_get_contents($bg_file);
+	$hash = sha1($bg_file);
+	header('Content-Disposition: inline;filename='.basename($bg_file));
+	header('Content-type: image/jpeg');
+	header("ETag: $hash");
+	header("Last-Modified: ".gmdate('D, d M Y H:i:s T', filemtime($bg_file)));
+	header('Content-Length: '.strlen($cacheContent));
+
+	if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
+		if($_SERVER['HTTP_IF_NONE_MATCH'] == $hash) {
+			header('HTTP/1.1 304 Not Modified');
+			exit();
+		}
+	}
+	echo $cacheContent;
+	die();
+}
+
 if((strlen($mailbox) > 0) && (!isset($_SESSION['iauth']))) {
 	if(!imapLogin($mailbox)) {
 		die();
@@ -468,7 +497,7 @@ function db_query($query) {
 function clearAuthCookie() {
 	e_log(8,'Reset Cookie');
 	if(isset($_COOKIE['rmpnotes'])) {
-		$cookieArr = json_decode($_COOKIE['rmpnotes'], true);
+		$cookieArr = json_decode(cryptCookie($_COOKIE['rmpnotes'], 2), true);
 		$query = "DELETE FROM `auth_token` WHERE `user` = '".$cookieArr['mail']."' AND `client` = '".$cookieArr['token']."'";
 		db_query($query);
 
@@ -491,7 +520,7 @@ function imapLogin($mailbox) {
 	$success = false;
 	if(!isset($_SESSION['iauth']) && isset($_COOKIE['rmpnotes']))	{
 		e_log(8,"Cookie found. Try to login...");
-		$cookieArr = json_decode($_COOKIE['rmpnotes'], true);
+		$cookieArr = json_decode(cryptCookie($_COOKIE['rmpnotes'], 2), true);
 		$query = "SELECT * FROM `auth_token` WHERE `user` = '".$cookieArr['mail']."' ORDER BY `exDate` DESC;";
 		$tkdata = db_query($query);
 
@@ -510,7 +539,8 @@ function imapLogin($mailbox) {
 				);
 				$rtoken = unique_code(32);
 				$dtoken = $cookieArr['key'];
-				setcookie('rmpnotes', json_encode(array('mail' => $cookieArr['mail'], 'key' => $rtoken, 'token' => $dtoken)), $cOptions);
+				$cookieData = cryptCookie(json_encode(array('key' => $rtoken, 'mail' => $cookieArr['mail'], 'token' => $dtoken)), 1);
+				setcookie('rmpnotes', $cookieData, $cOptions);
 				$rtoken = password_hash($rtoken, PASSWORD_DEFAULT);
 				$query = "UPDATE `auth_token` SET `tHash` = '$rtoken', `exDate` = '$expireTime' WHERE `token` = ".$token['token'].";";
 				$erg = db_query($query);
@@ -546,7 +576,8 @@ function imapLogin($mailbox) {
 			$rtoken = unique_code(32);
 			$dtoken = bin2hex(openssl_random_pseudo_bytes(16));
 
-			setcookie('rmpnotes', json_encode(array('mail' => $username, 'key' => $rtoken, 'token' => $dtoken)), $cOptions);
+			$cookieData = cryptCookie(json_encode(array('key' => $rtoken, 'mail' => $username, 'token' => $dtoken)), 1);
+			setcookie('rmpnotes', $cookieData, $cOptions);
 			$rtoken = password_hash($rtoken, PASSWORD_DEFAULT);
 
 			$query = "INSERT INTO `auth_token` (`user`,`client`, `tHash`,`exDate`) VALUES ('$username', '$dtoken', '$rtoken', '$expireTime');";
@@ -604,6 +635,16 @@ function sCookie($title, $media_folder) {
 	setcookie("primitivenotes", json_encode($cArr), $cOptions);
 }
 
+function cryptCookie($data, $crypt) {
+	global $enckey, $enchash;
+	$method = 'aes-256-cbc';
+	$iv = substr(hash('sha256', $enchash), 0, 16);
+	$opts   = defined('OPENSSL_RAW_DATA') ? OPENSSL_RAW_DATA : true;
+	$key = hash('sha256', $enckey);
+	$str = ($crypt == 1) ? base64_encode(openssl_encrypt($data, $method, $key, $opts, $iv)):openssl_decrypt(base64_decode($data), $method, $key, $opts, $iv);
+	return $str;
+}
+
 echo getHeader();
 echo prepareLayout($notes_path);
 echo getFooter();

js/notes.js

@@ -1,7 +1,7 @@
 /**
  * Notes
  *
- * @version 1.0.1
+ * @version 1.0.2
  * @author Offerel
  * @copyright Copyright (c) 2021, Offerel
  * @license GNU General Public License, version 3
@@ -90,11 +90,15 @@ document.addEventListener("DOMContentLoaded", function() {
 		indentWithTabs: true,
 		sideBySideFullscreen: false,
 		autoDownloadFontAwesome: false,
+		placeholder: "Add your note here...",
 		renderingConfig: {
+			markedOptions: {
+				sanitize: false,
+        	},
 			codeSyntaxHighlighting: true,
 			sanitizerFunction: function(renderedHTML) {
 				return renderedHTML.replaceAll(cval.mf, document.location.pathname+'?nimg=');
-			},
+			}
 		},
 		shortcuts: {
 			Preview: "Cmd-P",
@@ -426,11 +430,12 @@ function deleteNote(note) {
 		xhr.open("POST", document.location.pathname, true);
 		xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
 		xhr.send(data);
-	} //deleteNote(this.dataset.na);
+	}
 }
 
 function tpreview() {
 	if(document.getElementById('tocButton')) document.getElementById("tocButton").remove();
+	if(document.getElementById('tocDIV')) document.getElementById("tocDIV").remove();
 
 	if(mde.isPreviewActive()) {
 		document.getElementById('ntitle').disabled = false;
@@ -528,6 +533,7 @@ function showNote() {
 
 function getTOC() {
 	if(document.getElementById('tocButton')) document.getElementById("tocButton").remove();
+	if(document.getElementById('tocDIV')) document.getElementById("tocDIV").remove();
 
     let headings = document.querySelectorAll('h1, h2, h3, h4, h5, h6');
     if(headings.length > 0) {