Initial commit

Author: SkewedZeppelin

LICENSE

@@ -0,0 +1,19 @@
+STATIC BUT NOT REALLY
+=====================
+
+Overview
+--------
+- This is a minimal PHP "framework"/template for creating websites that are mostly static and are functional without JavaScript.
+- It has many rough edges, it is basically a merge of all the stuff I was using in various other sites.
+- Follows a KISS development method :)
+
+Features
+--------
+- No giant libraries, dependencies, or frameworks (eg. composer, node, etc.)
+- CSRF and XSS Protection
+- Light/Dark CSS
+- Contact Form Support via XMPP
+- Minification
+- Disabling right click and devtools
+- Broken Stripe Support
+- Analytics Support

README

@@ -0,0 +1,14 @@
+.h2o {
+  color: #FF5722;
+}
+
+.h3o {
+  color: #4CAF50;
+}
+
+.centero {
+  display: block !important;
+  margin-left: auto !important;
+  margin-right: auto !important;
+  text-align: center;
+}

assets/css/extras.css

@@ -0,0 +1,49 @@
+/* 
+  https://raw.githubusercontent.com/Chalarangelo/mini.css/master/src/flavors/mini-doc.scss
+*/
+.index-splash {
+  width: 100%;
+  height: 100vh;
+}
+
+.index-splash-bg {
+  background-position: center;
+  background-repeat: no-repeat;
+  background-size: cover;
+  width: 100%;
+  height: 100%;
+  position: absolute;
+}
+
+h1.splash {
+  position: absolute;
+  margin: 0;
+  width: 100%;
+  text-align: center;
+  height: 100%;
+  padding-top: 40vh;
+  font-size: 10vmin;
+  font-weight: bold;
+  color: #FF5722;
+}
+
+a.scroll {
+  position: absolute;
+  top: 90vh;
+  width: 50vw;
+  left: 25vw;
+  text-align: center;
+  font-size: 8vmin;
+  font-weight: bold;
+  color: #FF5722;
+}
+
+p.splash {
+  margin: 0;
+  position: absolute;
+  width: 100%;
+  text-align: center;
+  padding-top: 52vh;
+  font-size: 4vmin;
+  color: #FFFFFF;
+}

assets/css/mini-dark.min.css

@@ -0,0 +1,49 @@
+/* 
+  https://raw.githubusercontent.com/Chalarangelo/mini.css/master/src/flavors/mini-doc.scss
+*/
+.index-splash {
+  width: 100%;
+  height: 100vh;
+}
+
+.index-splash-bg {
+  background-position: center;
+  background-repeat: no-repeat;
+  background-size: cover;
+  width: 100%;
+  height: 100%;
+  position: absolute;
+}
+
+h1.splash {
+  position: absolute;
+  margin: 0;
+  width: 100%;
+  text-align: center;
+  height: 100%;
+  padding-top: 40vh;
+  font-size: 10vmin;
+  font-weight: bold;
+  color: #FF5722;
+}
+
+a.scroll {
+  position: absolute;
+  top: 90vh;
+  width: 50vw;
+  left: 25vw;
+  text-align: center;
+  font-size: 8vmin;
+  font-weight: bold;
+  color: #FF5722;
+}
+
+p.splash {
+  margin: 0;
+  position: absolute;
+  width: 100%;
+  text-align: center;
+  padding-top: 52vh;
+  font-size: 4vmin;
+  color: #212121;
+}

assets/css/mini-default.min.css

@@ -0,0 +1,53 @@
+/* eslint-disable spaced-comment */
+/*!
+	devtools-detect
+	Detect if DevTools is open
+	https://github.com/sindresorhus/devtools-detect
+	by Sindre Sorhus
+	MIT License
+*/
+(function () {
+	'use strict';
+	var devtools = {
+		open: false,
+		orientation: null
+	};
+	var threshold = 160;
+	var emitEvent = function (state, orientation) {
+		window.dispatchEvent(new CustomEvent('devtoolschange', {
+			detail: {
+				open: state,
+				orientation: orientation
+			}
+		}));
+	};
+
+	setInterval(function () {
+		var widthThreshold = window.outerWidth - window.innerWidth > threshold;
+		var heightThreshold = window.outerHeight - window.innerHeight > threshold;
+		var orientation = widthThreshold ? 'vertical' : 'horizontal';
+
+		if (!(heightThreshold && widthThreshold) &&
+      ((window.Firebug && window.Firebug.chrome && window.Firebug.chrome.isInitialized) || widthThreshold || heightThreshold)) {
+			if (!devtools.open || devtools.orientation !== orientation) {
+				emitEvent(true, orientation);
+			}
+
+			devtools.open = true;
+			devtools.orientation = orientation;
+		} else {
+			if (devtools.open) {
+				emitEvent(false, null);
+			}
+
+			devtools.open = false;
+			devtools.orientation = null;
+		}
+	}, 500);
+
+	if (typeof module !== 'undefined' && module.exports) {
+		module.exports = devtools;
+	} else {
+		window.devtools = devtools;
+	}
+})();

assets/css/splash-dark.css

@@ -0,0 +1,21 @@
+//requires https://github.com/sindresorhus/devtools-detect
+window.addEventListener('devtoolschange', function (e) {
+	if(e.detail.open) {
+		console.clear();
+		console.log("%cWARNING: UNAUTHORIZED COPYING OF CONTENT FROM THIS SITE IS STRICTLY PROHIBITED", "font: 3em sans-serif; color: #f44336; background-color: #212121;");
+	}
+});
+window.addEventListener("keydown", function(e) {//Credit: https://stackoverflow.com/a/38359924
+	if (e.code == "F12") {
+		e.preventDefault(); e.stopPropagation(); return false;
+	}
+	if (e.getModifierState("Control")  && e.code == "KeyU") {
+		e.preventDefault(); e.stopPropagation(); return false;
+	}
+	if (e.getModifierState("Control") && e.getModifierState("Shift") && event.code == "KeyI") {
+		e.preventDefault(); e.stopPropagation(); return false;
+	}
+	if (e.getModifierState("Control") && e.getModifierState("Shift") && event.code == "KeyK") {
+		e.preventDefault(); e.stopPropagation(); return false;
+	}
+});

assets/css/splash.css

@@ -0,0 +1,47 @@
+function checkout() {
+	var paymentAmount = 100;
+	var paymentDescription = 'A purchase'
+	var handler = StripeCheckout.configure({
+		key: '[PLACEHOLDER_STRIPE_KEY_PUBLIC]',
+		locale: 'auto',
+		allowRememberMe: false,
+		token: function(token) {
+			var req = new XMLHttpRequest();
+			req.onreadystatechange = function() {
+				if (req.readyState == 4 && req.status == 200) {
+					setTimeout(markPurchased, 500);
+				}
+			};
+			req.open("POST", "stripe.php", true);
+			req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+			req.send("PAYMENT_TOKEN=" + token.id
+			+ "&PAYMENT_AMOUNT=" + paymentAmount
+			+ "&PAYMENT_DESCRIPTION=" + btoa(paymentDescription)
+			+ "&CSRF_TOKEN=" + getCSRFToken());
+		}
+	});
+
+	handler.open({
+		name: '[PLACEHOLDER_ORGANIZATION]',
+		description: paymentDescription,
+		zipCode: true,
+		amount: paymentAmount
+	});
+
+	window.addEventListener('popstate', function() {
+		handler.close();
+	});
+}
+
+function markPurchased() {
+
+}
+
+function checkoutProxy() {
+	var warning = "Payment processing is performed by Stripe. By continuing your browser will load proprietary code from their servers. Do you want to continue?";
+	if(confirm(warning)) {
+		loadExternalJS("https://checkout.stripe.com/checkout.js", checkout);
+	} else {
+		//Cancel
+	}
+}

assets/js/devtools-detect.js

@@ -0,0 +1,45 @@
+function loadExternalJS(url, callAfterLoad, integrity) {
+	var tmpJS = document.createElement('script');
+	tmpJS.type = "text/javascript";
+	tmpJS.src = url;
+	if(integrity !== undefined) {
+		tmpJS.integrity = integrity;
+	}
+	tmpJS.onload = callAfterLoad;
+	document.body.appendChild(tmpJS);
+}
+
+//CREDIT: https://www.w3schools.com/js/js_cookies.asp
+function getCookie(cname) {
+    var name = cname + "=";
+    var ca = document.cookie.split(';');
+    for(var i = 0; i < ca.length; i++) {
+        var c = ca[i];
+        while (c.charAt(0) == ' ') {
+            c = c.substring(1);
+        }
+        if (c.indexOf(name) == 0) {
+            return c.substring(name.length, c.length);
+        }
+    }
+    return "";
+}
+
+//CREDIT: https://www.w3schools.com/js/js_cookies.asp
+function setCookie(cname, cvalue, exdays) {
+    var d = new Date();
+    d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000));
+    var expires = "expires="+d.toUTCString();
+    document.cookie = cname + "=" + cvalue + ";" + expires + ";SameSite=Strict;path=/";
+}
+
+//CREDIT: https://stackoverflow.com/a/179514
+function deleteAllCookies() {
+    var cookies = document.cookie.split(";");
+    for (var i = 0; i < cookies.length; i++) {
+        var cookie = cookies[i];
+        var eqPos = cookie.indexOf("=");
+        var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
+        document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
+    }
+}

assets/js/nodev.js

@@ -0,0 +1,51 @@
+<?php
+
+include "sbnr/config.php";
+if($SBNR_CONTACT_ENABLED === false) { exit; }
+
+include "sbnr/security.php";
+include "sbnr/utils.php";
+include "sbnr/pre.php";
+
+if(isset($_POST["CSRF_TOKEN"], $_POST["txtName"], $_POST["txtPhone"], $_POST["txtMessage"])) {
+	if(noHTML($_POST["CSRF_TOKEN"]) == $_SESSION['SBNR_CSRF_TOKEN']) {
+		$name = noHTML(base64_decode(urldecode($_POST["txtName"])));
+		$number = preg_replace("/[^0-9]/", '', noHTML(base64_decode(urldecode($_POST["txtPhone"]))));
+		$message = noHTML(base64_decode(urldecode($_POST["txtMessage"])));
+		if(strlen($name) <= $SBNR_CONTACT_MAX_LENGTH_NAME
+			&& strlen($number) >= $SBNR_CONTACT_MIN_LENGTH_PHONE_NUMBER
+			&& strlen($number) <= $SBNR_CONTACT_MAX_LENGTH_PHONE_NUMBER
+			&& strlen($message) <= $SBNR_CONTACT_MAX_LENGTH_MESSAGE) {
+
+			$msentinel = generateRandomString($SBNR_CONTACT_MESSAGE_PREFIX_LENGTH);
+
+			if ($SBNR_CONTACT_GEOIP) {
+				$geoIP = $_SERVER["MM_COUNTRY_CODE"];
+				if(strlen($_SERVER["MM_CITY_NAME"] .  $_SERVER["MM_REGION_CODE"]) > 1) {
+					$geoIP = $_SERVER["MM_CITY_NAME"] . ", " . $_SERVER["MM_REGION_CODE"] . " " . $_SERVER["MM_COUNTRY_CODE"];
+				}
+				$location = "[" . $msentinel . "] Location: " . $geoIP . "\n";
+			}
+
+			$message = "[" . $msentinel . "] MESSAGE START\n" .
+					"[" . $msentinel . "] Name: " . $name . "\n" .
+					"[" . $msentinel . "] Phone Number: " . $number . "\n" .
+					$location .
+					"[" . $msentinel . "] Message: \n" . $message . "\n" .
+					"[" . $msentinel . "] MESSAGE END";
+
+			exec("echo " . escapeshellarg($message) . " | sendxmpp -f " . $SBNR_CONTACT_SENDXMPP_CONFIG . " -t " . $SBNR_CONTACT_SENDXMPP_RECEIPENT);
+			print("Message Sent!");
+		} else {
+			generateErrorPageBasic(406);
+		}
+	} else {
+		generateErrorPageBasic(401);
+	}
+} else {
+	generateErrorPageBasic(400);
+}
+
+$_SESSION['SBNR_CSRF_TOKEN'] = bin2hex(random_bytes(32)); //Always renew the token to prevent brute forcing
+
+?>

assets/js/purchase.js

@@ -0,0 +1,6 @@
+<!--
+	Insert an analytics snippet here
+
+	Please take advantage of loadExternalJS(remote, callback) provided by utils.js
+	and respect navigator.doNotTrack for the sake of your user's privacy!
+-->

assets/js/utils.js

@@ -0,0 +1,12 @@
+				<div class="card fluid">
+					<h2>Error [PLACEHOLDER_ERROR]</h2>
+					<div class="section">
+						<script type="text/javascript">
+							document.write("<h3>Returning home in two seconds...</h3>");
+							setTimeout(function() {
+								window.location.href = "/index.php";
+							}, 2000);
+						</script>
+						<noscript><h3><a href="/index.php">Click here to return home</a></h3></noscript>
+					</div>
+				</div>