Merge pull request #169 from kim3-sudo/master

Updated sorting, version number in README ( Fixes #168 )

.gitignore

@@ -0,0 +1,4 @@
+config.php
+.idea/
+.vscode/
+.code/

README.md

@@ -1,19 +1,19 @@
-# Server Status Beta (Official)
-## This is the official beta fork of Server Status by the contributors.
+# Server Status (Official)
+## This is the official Server Status Project.
 ![License](https://img.shields.io/github/license/Pryx/server-status.svg) ![Current release](https://img.shields.io/badge/version-2-blue) 
 ![Beta-Build](https://img.shields.io/badge/latest_beta-Developmet_Beta_7-black)
-![Beta-Stability](https://img.shields.io/badge/Beta_Stability-Fully_Stable_with_Visual_Imperfections-red)
 ![Stability](https://img.shields.io/badge/master_stability-Stable-red)
 ![Build](https://img.shields.io/badge/build-success-green)
-
+<!--
 ## What does **contributor beta** mean?
 It means the beta that is heavily unstable that is meant for contributors to make changes and use as a recovery point.
-### Other Beta Type
+### Other Beta Types
 #### Development Beta
 ##### This beta has some bugs that are noticeable and is sometimes unstable. Best for new contributors
 #### Public Beta
 ##### This beta has some bugs that are not really noticeable and mostly exist as bugs. Best for trying the new features before updating!
-Very simple server status page written in PHP that can run on **PHP 5.4+** - even on **shared webhosting** even without shell access. Because why waste your money on another server (or host on a server that you might want to do maintenance on), when you can use cheap webhosting? And as a cherry on top - it works even without javascript!
+-->
+Very simple server status page written in PHP that can run on **PHP 5.5+** - even on **shared webhosting** even without shell access. Because why waste your money on another server (or host on a server that you might want to do maintenance on), when you can use cheap webhosting? And as a cherry on top - it works even without javascript!
 
 ## How do I install this thing?
 Simply put the files on your server and access it from your browser. There will be a simple install dialog waiting for you.

SECURITY.md

@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of server-status is being supported. Older versions won't recieve security updates.
+
+## Reporting a Vulnerability
+
+If you believe that you have have discovered a vulnerability you can report it by emailing the [lead maintainer](https://github.com/Pryx) at vojtech@sajdl.com. 
+
+Please include the keyword VULNERABILITY and the repository name in the subject of the email. 
+
+In the email, please describe your findings, the project versions you tested and were affected by the vulnerability and also include the full steps to reproduce it. 
+We appreciate your efforts to make server-status more secure and will try to do everytihing in our power to get the issues resolved as fast as possible. We will 
+keep you informed of the progress towards a fix.

api/status.php

@@ -15,26 +15,25 @@ else{
 	  $array = $constellation->render_status(true, false);
 	  echo json_encode($array);
   }else{
-  	$query = $mysqli->prepare("SELECT name FROM services WHERE id=?");
-  	$query->bind_param("i", $_GET['id']);
-  	$query->execute();
-    $result = $query->get_result()->fetch_assoc();
+    // get id of service, check if service exists
+    $queryId = $mysqli->prepare("SELECT id from services where id = ?;");
+    $queryId->bind_param("i", $_GET['id']);
+    $queryId->execute();
+    $result = $queryId->get_result()->fetch_assoc();
     if (!count($result))
     {
     	die(json_encode(["error" => _("Service does not exist!")]));
     }
-
-  	$sql = $mysqli->prepare("SELECT type FROM services_status INNER JOIN status ON services_status.status_id = status.id WHERE service_id = ? AND `time` <= ? AND (`end_time` >= ? OR `end_time`=0) ORDER BY `time` DESC LIMIT 1");
-
-    $sql->bind_param("iii", $id, $timestamp, $timestamp);
-    $sql->execute();
-    $tmp = $sql->get_result();
-    if ($tmp->num_rows)
-    {
-      $service = new Service($_GET['id'], $result['name'], $tmp->fetch_assoc()['type']);
-    }
-    else{
-      $service = new Service($_GET['id'], $result['name']);
+    // get name, description and status.type (status of service) by id
+  	$query = $mysqli->prepare("select services.id, name, description, status.type from services inner join status on status.id = services.id where services.id = ?;");
+  	$query->bind_param("i", $_GET['id']);
+  	$query->execute();
+    $result = $query->get_result()->fetch_assoc();
+    // if type is a number then return it, else just return the service name/desc
+    if (is_numeric($result["type"])) {
+      $service = new Service($_GET["id"], $result["name"], $result["description"], '', $result["type"]);
+    } else {
+      $service = new Service($_GET["id"], $result["name"], $result["description"]);
     }
 
     echo json_encode($service);

classes/constellation.php

@@ -73,7 +73,7 @@ class Constellation
     global $mysqli;
 
     //$query = $mysqli->query("SELECT id, name, description FROM services");
-    $query = $mysqli->query("SELECT services.id, services.name, services.description, services_groups.name as group_name FROM services LEFT JOIN services_groups ON services.group_id=services_groups.id ORDER BY services_groups.name ");
+    $query = $mysqli->query("SELECT services.id, services.name, services.description, services_groups.name as group_name FROM services LEFT JOIN services_groups ON services.group_id=services_groups.id ORDER BY services_groups.name ASC, services.name;");
     $array = array();
     if ($query->num_rows){
       $timestamp = time();

css/main.css

@@ -64,9 +64,9 @@ a.desc-tool-tip, a.desc-tool-tip:hover, a.desc-tool-tip:visited {
     background: gray;
 }
 .navbar-default {
-	z-index: 200;
-	background-color: gray;
-	border-color: transparent;
+    z-index: 200;
+    background-color: gray;
+    border-color: transparent;
 	border-radius: 0px 0px 30px 30px;
 	height: 77px;
     position: fixed;
@@ -133,7 +133,7 @@ body a h1{
 .status{
 	float: right;
 	box-sizing: border-box;
-	padding: 15px 35px;
+	padding: 0px 35px;
 	text-align: right;
 	font-size: 1.05em;
 	font-family: 'Fira Sans', sans-serif;

install.php

@@ -9,6 +9,14 @@ define("COPYRIGHT_TEXT","");
 require_once("classes/locale-negotiator.php");
 require_once("classes/db-class.php");
 
+$isDeveleoperEnvironement = false;
+if(isset($_GET["isDev"])){
+    if($_GET["isDev"] == "devMode"){
+        $isDeveleoperEnvironement = true;
+    }
+}
+
+
 $negotiator = new LocaleNegotiator("en_GB");
 $message = "";
 $db = new SSDB();
@@ -161,11 +169,12 @@ if(isset($_POST['server']) && empty($message))
 		$db->setSetting($mysqli,"google_recaptcha_secret","");
 		$db->setSetting($mysqli,"google_recaptcha_sitekey","");
 		$db->setSetting($mysqli,"cron_server_ip","");
-		unlink("create-server-config.php");
-		unlink("config.php.template");
-		unlink("install.sql");
-		unlink(__FILE__);
-
+		if(!$isDeveleoperEnvironement) {
+            unlink("create-server-config.php");
+            unlink("config.php.template");
+            unlink("install.sql");
+            unlink(__FILE__);
+        }
 		header("Location: ".WEB_URL);
 	}
 }

template.php

@@ -1,6 +1,4 @@
 <?php
-//This should later be translatable, maybe find a better solution?
-//This is here for better generation of POT files :)
 $statuses = array(_("Major outage"), _("Minor outage"), _("Planned maintenance"), _("Operational") );
 $classes = array("danger", "warning", "primary", "success" );
 $icons = array("fa fa-times", "fa fa-exclamation", "fa fa-info", "fa fa-check" );
@@ -58,9 +56,13 @@ class Template{
       <html lang="en">
       <head>
        <?php
+       if(!admin){
         $headfile = fopen("head.txt", "r") or die("Unable to open head.txt!");
         $head_additionalcode = fread($versionfile,filesize("head.txt"));
-        fclose($headfile); ?>
+        fclose($headfile);
+        echo $head_additionalcode;
+        }
+       ?>
         <meta charset="utf-8">
         <title><?php echo $page_name." - ".NAME ?></title>
         <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -174,6 +176,9 @@ class Template{
   /**
   * Renders a toggle switch
   * Created by Yigit Kerem Oktay
+  * @param String $toggletext will decide what the description text next to the toggle will be
+  * @param String $input_name will decide what the HTML Name attribute of the toggle will be
+  * @param Boolean $checked will decide if the toggle will initially be on or off
   */
   public static function render_toggle($toggletext,$input_name,$checked){
     ?>
@@ -199,7 +204,7 @@ class Template{
     <div id="footerwrap">
       <div class="container">
         <div class="row centered">
-          <div class="col-md-4 text-left"><a href="https://github.com/Pryx/server-status/graphs/contributors" target="_blank">Copyright © <?php echo date("Y");?> Server Status Project Contributors </a><?php if(strlen(COPYRIGHT_TEXT)>1){ echo " and ".COPYRIGHT_TEXT; } ?></div>
+          <div class="col-md-4 text-left"><a href="https://github.com/server-status-project/server-status/graphs/contributors" target="_blank">Copyright © <?php echo date("Y");?> Server Status Project Contributors </a><?php if(strlen(COPYRIGHT_TEXT)>1){ echo " and ".COPYRIGHT_TEXT; } ?></div>
           <div class="col-md-4 text-center">
             <div class="btn-group dropup">
               <button type="button" class="btn btn-primary"><?php echo '<img src="'.WEB_URL.'/locale/'.$_SESSION['locale'].'/flag.png" alt="'.$lang_names[$_SESSION['locale']].'">'.$lang_names[$_SESSION['locale']];?></button>