From 0f1529404d358946cbf847b3e84c9091ec41ac62 Mon Sep 17 00:00:00 2001
From: BenForino <benforino@gmail.com>
Date: Tue, 14 Dec 2021 10:03:09 +0000
Subject: [PATCH 1/6] testing

---
 public_html/account.php               |  6 ++++++
 public_html/scripts/accountScript.js  | 23 +++++++++++++++++++++++
 public_html/scripts/functions.php     | 10 +++++-----
 public_html/scripts/manageAccount.php | 12 ++++++++++++
 4 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/public_html/account.php b/public_html/account.php
index 83167d6..4d72794 100644
--- a/public_html/account.php
+++ b/public_html/account.php
@@ -15,6 +15,12 @@
         <input required type="date" name="dob" placeholder="Date of Birth">
         <input required type="text" name="mobile" placeholder="Mobile Number">
         <button type="button" name="submit" id="submit">Update Details</button>
+        <button id="switch">Change Password</button>
+    </form>
+    <form class="inline-form" id="passform" style="display: none">
+        <input required type="password" name="oldPassword" placeholder="Current Password">
+        <input required type="password" name="newPassword" placeholder="New Password">
+        <button type="button" id="submitPass">Update Password</button>
     </form>
     <div>
         <p id="output"></p>
diff --git a/public_html/scripts/accountScript.js b/public_html/scripts/accountScript.js
index 8ad8b15..52059c2 100644
--- a/public_html/scripts/accountScript.js
+++ b/public_html/scripts/accountScript.js
@@ -42,6 +42,29 @@ $(document).ready(function () {
 			});
 		}
 	});
+	$("#switch").click(function (e) {
+		e.preventDefault();
+		$("#user_details").hide();
+		$("#passform").show();
+	});
+	$("#submitPass").click(function (e) {
+		e.preventDefault();
+		$.ajax({
+			type: "POST",
+			url: "scripts/manageAccount.php",
+			data: $("#passform").serialize() + "&request=changePassword",
+			dataType: "json",
+			success: function (response) {
+				console.log(response);
+				if (response["result"] != "errpr") {
+					$("#output").html("Password updated succesfully");
+				} else {
+					$("#output").html("There was an error");
+				}
+				refresh();
+			},
+		});
+	});
 });
 function getDetails() {
 	$.ajax({
diff --git a/public_html/scripts/functions.php b/public_html/scripts/functions.php
index a71507f..e2c0b53 100644
--- a/public_html/scripts/functions.php
+++ b/public_html/scripts/functions.php
@@ -195,7 +195,7 @@ function keyGen($conn, $password, $user_id)
  * `[98,	"Unknown error, Unknown DBMS state"]`\
  * `[99,	"Catastrophic Failure, Unknown DBMS stat"]`
  */
-function changeUserPassword($conn, $oldPassword, $newPassword)
+function changeUserPassword($conn, $user_id, $oldPassword, $newPassword)
 {
 	try {
 		mysqli_autocommit($conn, FALSE); // stops rollbacks
@@ -206,18 +206,18 @@ function changeUserPassword($conn, $oldPassword, $newPassword)
 		die("Can't change passwrod safely");
 	}
 	try {
-		$resultFromKeyChange = keyPasswordChange($conn, $_SESSION["user_id"], $oldPassword, $newPassword);
+		$resultFromKeyChange = keyPasswordChange($conn, $user_id, $oldPassword, $newPassword);
 		$pswdHash = password_hash($newPassword, PASSWORD_DEFAULT); //hashes the users password before it is stored
 		if ($resultFromKeyChange) {
 			$sql = "update user set master_password = ? where user_id = ?;";
 			$stmt = mysqli_stmt_init($conn);
 			mysqli_stmt_prepare($stmt, $sql);
-			mysqli_stmt_bind_param($stmt, "si", $pswdHash, $_SESSION["user_id"]);
+			mysqli_stmt_bind_param($stmt, "si", $pswdHash, $user_id);
 			mysqli_stmt_execute($stmt);
 			$sql = "SELECT `master_password` FROM user WHERE user_id =  ?;";
 			$stmt = mysqli_stmt_init($conn);
 			mysqli_stmt_prepare($stmt, $sql);
-			mysqli_stmt_bind_param($stmt, "i", $_SESSION["user_id"]);
+			mysqli_stmt_bind_param($stmt, "i", $user_id);
 			mysqli_stmt_execute($stmt); //executes sql query
 			$stmtresult = mysqli_stmt_get_result($stmt); //gets the result of the sql query
 			if ($row = mysqli_fetch_assoc($stmtresult)) {  // creates an associative array of the sql result
@@ -382,7 +382,7 @@ function getWebsiteList($conn, $user_identifier)
 	if ($user_identifier[0] == 0)
 		$user_id = $user_identifier[1];
 	else
-	$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
+		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
 	$sql = "SELECT website_id, website_name, web_address from user JOIN saved_website ON user.user_id = saved_website.user_id WHERE user.user_id = ? order by saved_website.website_name";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
diff --git a/public_html/scripts/manageAccount.php b/public_html/scripts/manageAccount.php
index 5e94075..9b05c49 100644
--- a/public_html/scripts/manageAccount.php
+++ b/public_html/scripts/manageAccount.php
@@ -94,6 +94,18 @@
             echo json_encode(array("result" => mysqli_stmt_error($stmt)));
             exit();
         }
+    } elseif ($_POST["request"] == "changePassword") {
+        $pD = array_map('htmlentities', $_POST);
+        if (!emptyFields($pD)) {
+            echo json_encode(array("result" => "error", "error" => "ef"));
+            exit();
+        }
+        if (!passwordComplex($_POST["newPassword"])) {
+            echo json_encode(array("result" => "error", "error" => "passcomplex"));
+            exit();
+        }
+        echo json_encode(changeUserPassword($conn, $_SESSION["user_id"], $_POST["oldPassword"], $_POST["newPassword"]));
+        exit();
     } else {
         echo json_encode(array("result" => "error", "error" => "selection not understood"));
         exit();

From b7b8c91250fcfc0237ee739386518dcabe638d08 Mon Sep 17 00:00:00 2001
From: Harry Syreed <me@harrysy.red>
Date: Tue, 14 Dec 2021 11:44:21 +0000
Subject: [PATCH 2/6] FUCKING TYPOS ALLWAYS!!! Anyway keyPasswordChange Fixed

---
 public_html/main.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/public_html/main.php b/public_html/main.php
index 900c312..fbf4b5c 100644
--- a/public_html/main.php
+++ b/public_html/main.php
@@ -12,7 +12,6 @@
             <button id="mainAddImport" class="mainAddImport">Add</button>
 			<a onclick="refresh()" href="#">Refresh</a>
             <div id="list">
-                <button class="websiteName">Amazon</button>
             </div>
 
         </div>
@@ -21,7 +20,6 @@
         <div class="mainSection2" id="mainSection2">
             <div id="mainUserButtons" class="mainUserName">
 				<div id="accounts">
-					<button value="hello" class="name">Username</button>
 				</div>
 				<div style="width:100%;display:flex;">
 					<button onclick="makeOverlayPassword()" class="name">add</button>

From f5b7de6f46ca14f488c3d90babad2af6659d4cc4 Mon Sep 17 00:00:00 2001
From: Harry Syreed <me@harrysy.red>
Date: Wed, 15 Dec 2021 11:27:08 +0000
Subject: [PATCH 3/6] it kind of works?

---
 public_html/scripts/functions.php | 22 ++++++--
 public_html/upload.php            | 83 +++++++++++++++++++++++++++++++
 2 files changed, 101 insertions(+), 4 deletions(-)
 create mode 100644 public_html/upload.php

diff --git a/public_html/scripts/functions.php b/public_html/scripts/functions.php
index e2c0b53..26d0365 100644
--- a/public_html/scripts/functions.php
+++ b/public_html/scripts/functions.php
@@ -226,7 +226,6 @@ function changeUserPassword($conn, $user_id, $oldPassword, $newPassword)
 					mysqli_autocommit($conn, TRUE);
 					return [0, "Success"];
 				} else {
-
 					mysqli_rollback($conn);
 					mysqli_autocommit($conn, TRUE);
 					return [2, "Failure to change Passwrod, DBMS rolled back"];
@@ -282,7 +281,7 @@ function keyPasswordChange($conn, $user_id, $oldPassword, $newPassword)
 		mysqli_stmt_prepare($stmt, $sql);
 		mysqli_stmt_bind_param($stmt, "ssi", $masterkey, $based_iv, $user_id);
 		mysqli_stmt_execute($stmt);
-		if ($key == keyGet($conn, $user_id, $newPassword)) {
+		if ($key == keyGet($conn, $newPassword, $user_id)) {
 			return TRUE;
 		} else {
 			return FALSE;
@@ -393,6 +392,21 @@ function getWebsiteList($conn, $user_identifier)
 	mysqli_free_result($stmtresult);
 	return json_encode($result);
 }
+function checkIfExists($conn,$user_id,$wb_address){
+
+	$sql = "SELECT website_id FROM `saved_website` WHERE web_address = ? and user_id = ?";
+	$stmt = mysqli_stmt_init($conn);
+	mysqli_stmt_prepare($stmt, $sql);
+	mysqli_stmt_bind_param($stmt, "ss", $wb_address,$user_id);
+	mysqli_stmt_execute($stmt);
+	$stmtresult =  mysqli_stmt_get_result($stmt);
+	$result = mysqli_fetch_all($stmtresult, MYSQLI_ASSOC);
+	if(sizeof($result) >= 1)
+		return $result[0]["webiste_id"];
+	else
+		return 0;
+	
+}
 function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 {
 	$website_name = ($wb_name);
@@ -405,7 +419,7 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 	$rand = 0;
 	$available = false;
 	do {
-		$rand = rand(0, 999999999);
+		$rand = rand(1, 999999999);
 		$sql = "SELECT 1 as 'exists' from saved_website WHERE website_id = ?";
 		$stmt = mysqli_stmt_init($conn);
 		mysqli_stmt_prepare($stmt, $sql);
@@ -427,7 +441,7 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 	mysqli_stmt_bind_param($stmt, "iiss", $rand, $user_id, $website_name, $website_address);
 	mysqli_stmt_execute($stmt);
 	$result =  mysqli_stmt_affected_rows($stmt);
-	return json_encode(["result" => $result, "name" => $website_name, "address" => $website_address]);
+	return json_encode(["result" => $result,"website_id" => $rand]);
 }
 function addPassword($conn, $user_identifier, $website_id, $pw_username, $pw_password, $key)
 {
diff --git a/public_html/upload.php b/public_html/upload.php
new file mode 100644
index 0000000..a434322
--- /dev/null
+++ b/public_html/upload.php
@@ -0,0 +1,83 @@
+<?php
+require_once "scripts/functions.php";
+require_once "scripts/db.php";
+session_start(["cookie_domain" => "passman.harrysy.red"]);
+/**
+ * @param string[] $head
+ * The column header of the CVS
+ * @return bool
+ * If its valid or not
+ */
+function csvValidator($head){
+	if(sizeof($head) >= 3)
+		if(in_array("url",$head)||in_array("login_uri",$head))
+			if(in_array("username",$head)||in_array("login_username",$head))
+				if(in_array("password",$head)||in_array("login_password",$head))
+					return TRUE;
+	return FALSE;
+}
+if($_SERVER['REQUEST_METHOD'] == 'POST'){
+	$f = file_get_contents($_FILES["passwordCsv"]["tmp_name"]);
+	$s = $_FILES["passwrodCsv"]["size"];
+	/** @var array<array<string,string>> */
+	$array = array_map("str_getcsv", explode("\n", $f));
+	if((sizeof($array)>1) && csvValidator($array[0])){
+		if(536870912 >= $s){
+			$head = $array[0];
+			$noName = in_array("name",$head);
+			$tmpPwd = [];
+			for ($i = 1;$i < sizeof($array);$i++){
+				$row = $array[$i];
+				for ($j = 0;$j < min(sizeof($head),sizeof($row));$j++){
+					
+					if(($head[$j] == "url")||($head[$j] == "login_uri"))
+						$tmpPwd[$i]["url"] = $row[$j];
+					else if($head[$j] == "name")
+						$tmpPwd[$i]["name"] = $row[$j];
+					else if(($head[$j] == "username")||($head[$j] == "login_username"))
+						$tmpPwd[$i]["username"] = $row[$j];
+					else if(($head[$j] == "password")||($head[$j] == "login_password"))
+						$tmpPwd[$i]["password"] = $row[$j];
+				}
+			}
+			$count = 0;
+
+			for ($i = 0;$i < sizeof($tmpPwd);$i++){
+
+				if(isset($tmpPwd[$i]["username"]) && isset($tmpPwd[$i]["password"])){
+					$ifExists = checkIfExists($conn,$_SESSION["user_id"],$tmpPwd[$i]["url"]);
+					if($ifExists != 0){
+						addPassword($conn,$_SESSION["user_id"],$ifExists,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
+						echo "Added ".$tmpPwd[$i]["username"]." - ".$tmpPwd[$i]["password"].$tmpPwd[$i]["url"];
+					}else{
+						$websiteId = "";
+						if($noName)
+							$websiteId = addWebsite($conn,$_SESSION["user_id"],$tmpPwd[$i]["url"],$tmpPwd[$i]["url"]);
+						else
+							$websiteId = addWebsite($conn,$_SESSION["user_id"],$tmpPwd[$i]["name"],$tmpPwd[$i]["url"]);
+						echo "Added website ".$tmpPwd[$i]["url"];
+						addPassword($conn,$_SESSION["user_id"],$websiteId,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
+						echo "Added ".$tmpPwd[$i]["username"]." - ".$tmpPwd[$i]["password"].$tmpPwd[$i]["url"];
+					}
+					$count++;
+				}	
+			}
+			echo "Added ".$count." of ".sizeof($tmpPwd);
+		}else{
+			die("<p><h1>Error:</h1></p><br/><a href=\"/upload.php\">Go back and try again</a>");
+		}
+
+	}else{
+		die("<p><h1>Error:</h1>Wrong Format, the CVS provided is not formated correctly or is incompatible at the current time. Current supported formates are 'Chrome', 'Firefox', 'BitWarden'</p><br/><a href=\"/upload.php\">Go back and try again</a>");
+	}
+	
+}
+else{
+echo '
+	<form method="post" action="/upload.php" enctype="multipart/form-data" >
+	<h1>Upload your old passwords:</h1>
+	<input type="file" name="passwordCsv" accept="text/csv,.csv">
+	<input type="submit" value="submit CSV"/>
+	</form>
+	';
+}
\ No newline at end of file

From f61da5dca27e9c4855533bc1cb097c4874c76f0a Mon Sep 17 00:00:00 2001
From: Harry Syreed <me@harrysy.red>
Date: Thu, 16 Dec 2021 13:20:20 +0000
Subject: [PATCH 4/6] upload.php now works and you can upload most csv files.

---
 .gitignore                        |  3 ++-
 public_html/scripts/functions.php |  2 ++
 public_html/upload.php            | 21 ++++++++++-----------
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/.gitignore b/.gitignore
index d8e16cd..fc9f404 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,4 +22,5 @@
 !.vscode/*.code-snippets
 
 # End of https://www.toptal.com/developers/gitignore/api/visualstudiocode
-.DS_Store
\ No newline at end of file
+.DS_Store
+error.log
diff --git a/public_html/scripts/functions.php b/public_html/scripts/functions.php
index 26d0365..21ac996 100644
--- a/public_html/scripts/functions.php
+++ b/public_html/scripts/functions.php
@@ -436,10 +436,12 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 		$stmt->close();
 	} while (!$available);
 	$sql = "INSERT INTO saved_website VALUES (?,?,?,?,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP())";
+
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "iiss", $rand, $user_id, $website_name, $website_address);
 	mysqli_stmt_execute($stmt);
+	echo mysqli_stmt_error($stmt);
 	$result =  mysqli_stmt_affected_rows($stmt);
 	return json_encode(["result" => $result,"website_id" => $rand]);
 }
diff --git a/public_html/upload.php b/public_html/upload.php
index a434322..8392ecf 100644
--- a/public_html/upload.php
+++ b/public_html/upload.php
@@ -18,13 +18,13 @@ function csvValidator($head){
 }
 if($_SERVER['REQUEST_METHOD'] == 'POST'){
 	$f = file_get_contents($_FILES["passwordCsv"]["tmp_name"]);
-	$s = $_FILES["passwrodCsv"]["size"];
+	$s = 512;
 	/** @var array<array<string,string>> */
 	$array = array_map("str_getcsv", explode("\n", $f));
 	if((sizeof($array)>1) && csvValidator($array[0])){
 		if(536870912 >= $s){
 			$head = $array[0];
-			$noName = in_array("name",$head);
+			$noName = !in_array("name",$head);
 			$tmpPwd = [];
 			for ($i = 1;$i < sizeof($array);$i++){
 				$row = $array[$i];
@@ -47,17 +47,16 @@ function csvValidator($head){
 				if(isset($tmpPwd[$i]["username"]) && isset($tmpPwd[$i]["password"])){
 					$ifExists = checkIfExists($conn,$_SESSION["user_id"],$tmpPwd[$i]["url"]);
 					if($ifExists != 0){
-						addPassword($conn,$_SESSION["user_id"],$ifExists,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
-						echo "Added ".$tmpPwd[$i]["username"]." - ".$tmpPwd[$i]["password"].$tmpPwd[$i]["url"];
+						addPassword($conn,[0,$_SESSION["user_id"]],$ifExists,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
 					}else{
 						$websiteId = "";
-						if($noName)
-							$websiteId = addWebsite($conn,$_SESSION["user_id"],$tmpPwd[$i]["url"],$tmpPwd[$i]["url"]);
-						else
-							$websiteId = addWebsite($conn,$_SESSION["user_id"],$tmpPwd[$i]["name"],$tmpPwd[$i]["url"]);
-						echo "Added website ".$tmpPwd[$i]["url"];
-						addPassword($conn,$_SESSION["user_id"],$websiteId,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
-						echo "Added ".$tmpPwd[$i]["username"]." - ".$tmpPwd[$i]["password"].$tmpPwd[$i]["url"];
+						if($noName){
+							$websiteId = json_decode(addWebsite($conn,[0,$_SESSION["user_id"]],$tmpPwd[$i]["url"],$tmpPwd[$i]["url"]),true)["website_id"];
+						}
+						else{
+							$websiteId = json_decode(addWebsite($conn,[0,$_SESSION["user_id"]],$tmpPwd[$i]["name"],$tmpPwd[$i]["url"]),true)["website_id"];
+						}
+						addPassword($conn,[0,$_SESSION["user_id"]],$websiteId,$tmpPwd[$i]["username"],$tmpPwd[$i]["password"],$_COOKIE["key"]);
 					}
 					$count++;
 				}	

From 7d8b4c004054ee02beb461081a462004fb27a396 Mon Sep 17 00:00:00 2001
From: BenForino <benforino@gmail.com>
Date: Thu, 16 Dec 2021 20:29:17 +0000
Subject: [PATCH 5/6] Comments

---
 error.log                          |  3 +++
 public_html/scripts/emailContents  | 40 ------------------------------
 public_html/scripts/errorHandle.js |  1 +
 public_html/scripts/loginAPI.php   | 32 ------------------------
 public_html/scripts/userInfo.php   |  2 +-
 public_html/styles/styles.css      |  3 +++
 6 files changed, 8 insertions(+), 73 deletions(-)
 create mode 100644 error.log
 delete mode 100644 public_html/scripts/emailContents
 delete mode 100644 public_html/scripts/loginAPI.php

diff --git a/error.log b/error.log
new file mode 100644
index 0000000..2d28a3f
--- /dev/null
+++ b/error.log
@@ -0,0 +1,3 @@
+2021/12/16 12:10:50 [error] 393007#393007: *1 FastCGI sent in stderr: "PHP message: PHP Notice:  Undefined index: passwordCsv in /var/www/passman/public_html/upload.php on line 20PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP Notice:  Trying to access array offset on value of type null in /var/www/passman/public_html/upload.php on line 20PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP Warning:  file_get_contents(): Filename cannot be empty in /var/www/passman/public_html/upload.php on line 20PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP   2. file_get_contents($filename = NULL) /var/www/passman/public_html/upload.php:20PHP message: PHP Notice:  Undefined index: passwordCsv in /var/www/passman/public_html/upload.php on line 21PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP Notice:  Trying to access array offset on value of type null in /var/www/passman/public_html/upload.php on line 21PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0" while reading response header from upstream, client: 194.80.64.241, server: passman.harrysy.red, request: "POST /upload.php HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "passman.harrysy.red", referrer: "https://passman.harrysy.red/upload.php"
+2021/12/16 12:10:58 [error] 393007#393007: *1 FastCGI sent in stderr: "PHP message: PHP Notice:  Trying to access array offset on value of type int in /var/www/passman/public_html/scripts/functions.php on line 415PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP   2. addWebsite($conn = class mysqli { public $affected_rows = -1; public $client_info = 'mysqlnd 7.4.25'; public $client_version = 70425; public $connect_errno = 0; public $connect_error = NULL; public $errno = 0; public $error = ''; public $error_list = []; public $field_count = 1; public $host_info = 'Localhost via UNIX socket'; public $info = NULL; public $insert_id = 0; public $server_info = '5.5.5-10.5.12-MariaDB-0+deb11u1'; public $server_version = 100512; public $sqlstate = '00000'; public $protocol_version = 10; public $thread_id = 13152; public $warning_count = 0 }, $user_identifier = 21, $wb_name = 'https://benforino.co.uk/login', $wb_address = 'https://benforino.co.uk/login') /var/www/passman/public_html/upload.php:55PHP message: PHP Notice:  Trying to access array offset on value of type int in /var/www/passman/public_html/scripts/functions.php on line 416PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP   2. addWebsite($conn = class mysqli { public $affected_rows = -1; public $client_info = 'mysqlnd 7.4.25'; public $client_version = 70425; public $connect_errno = 0; public $connect_error = NULL; public $errno = 0; public $error = ''; public $error_list = []; public $field_count = 1; public $host_info = 'Localhost via UNIX socket'; public $info = NULL; public $insert_id = 0; public $server_info = '5.5.5-10.5.12-MariaDB-0+deb11u1'; public $server_version = 100512; public $sqlstate = '00000'; public $protocol_version = 10; public $thread_id = 13152; public $warning_count = 0 }, $user_identifier = 21, $wb_name = 'https://benforino.co.uk/login', $wb_address = 'https://benforino.co.uk/login') /var/www/passman/pub
+2021/12/16 12:15:00 [error] 393007#393007: *5 FastCGI sent in stderr: "PHP message: PHP Notice:  Trying to access array offset on value of type int in /var/www/passman/public_html/scripts/functions.php on line 415PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP   2. addWebsite($conn = class mysqli { public $affected_rows = -1; public $client_info = 'mysqlnd 7.4.25'; public $client_version = 70425; public $connect_errno = 0; public $connect_error = NULL; public $errno = 0; public $error = ''; public $error_list = []; public $field_count = 1; public $host_info = 'Localhost via UNIX socket'; public $info = NULL; public $insert_id = 0; public $server_info = '5.5.5-10.5.12-MariaDB-0+deb11u1'; public $server_version = 100512; public $sqlstate = '00000'; public $protocol_version = 10; public $thread_id = 13154; public $warning_count = 0 }, $user_identifier = 21, $wb_name = 'https://benforino.co.uk/login', $wb_address = 'https://benforino.co.uk/login') /var/www/passman/public_html/upload.php:55PHP message: PHP Notice:  Trying to access array offset on value of type int in /var/www/passman/public_html/scripts/functions.php on line 416PHP message: PHP Stack trace:PHP message: PHP   1. {main}() /var/www/passman/public_html/upload.php:0PHP message: PHP   2. addWebsite($conn = class mysqli { public $affected_rows = -1; public $client_info = 'mysqlnd 7.4.25'; public $client_version = 70425; public $connect_errno = 0; public $connect_error = NULL; public $errno = 0; public $error = ''; public $error_list = []; public $field_count = 1; public $host_info = 'Localhost via UNIX socket'; public $info = NULL; public $insert_id = 0; public $server_info = '5.5.5-10.5.12-MariaDB-0+deb11u1'; public $server_version = 100512; public $sqlstate = '00000'; public $protocol_version = 10; public $thread_id = 13154; public $warning_count = 0 }, $user_identifier = 21, $wb_name = 'https://benforino.co.uk/login', $wb_address = 'https://benforino.co.uk/login') /var/www/passman/pub
diff --git a/public_html/scripts/emailContents b/public_html/scripts/emailContents
deleted file mode 100644
index 0f64a98..0000000
--- a/public_html/scripts/emailContents
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php session_start(["cookie_domain" => "passman.harrysy.red"]); ?>
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-	<meta charset="UTF-8">
-	<meta name="viewport" content="width=device-width, initial-scale=1">
-	<link rel="stylesheet" href="/styles/styles.css">
-	<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
-	<script src="scripts/errorHandle.js"></script>
-	<link rel="icon" href="/img/DeliverIT-icon.png" type="image/png">
-	<title>PassMan</title>
-</head>
-
-<body>
-
-<div class="containerMain">
-		<div class="containerMainLeft">
-			<div class="logo">
-				<img src="logo.png" style="width:1em;float:left;" /><span><span>Pass</span>Man</span>
-			</div>
-		</div>
-
-		<div class="vl"></div>
-		
-		<div class="containerMainRight">
-			<img id="loginIcon" src="img\profilePicture.jpeg">
-			<p id="emailVerifi">Email verification code sent to example@gmail.com</p>
-
-			<form action="scripts/otp.php" method="POST">
-				<input type="text" name="otp" placeholder="Please enter OTP">
-				<button type="submit" name="otp_submit">Submit</button>
-			</form>
-	
-			<div>
-				<p id="error"></p>
-			</div>
-		</div>
-	</div>
-</body>
diff --git a/public_html/scripts/errorHandle.js b/public_html/scripts/errorHandle.js
index a22f074..e7542eb 100644
--- a/public_html/scripts/errorHandle.js
+++ b/public_html/scripts/errorHandle.js
@@ -36,6 +36,7 @@ $(document).ready(function () {
 });
 
 function errorMsg($_GET) {
+	//Gets the error message returned and outputs it
 	switch ($_GET["error"]) {
 		case "ef":
 			displayErrorMsg(
diff --git a/public_html/scripts/loginAPI.php b/public_html/scripts/loginAPI.php
deleted file mode 100644
index 3c33438..0000000
--- a/public_html/scripts/loginAPI.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php
-// require '../debug.php'; needs to be added
-$username = strtolower("");
-$password = "";
-
-// require './hash.php';
-require "../pwd/mysql.php";
-$dsn = "mysql:host=$sqlHost;dbname=$sqlDatabase";
-$sqlConn = new PDO($dsn, $sqlUsername, $sqlPassword);
-$sql = "SELECT * FROM users WHERE username = :username";
-$statement = $sqlConn->prepare($sql);
-$statement->bindParam(':username', $username, PDO::PARAM_STR);
-$statement->execute();
-$rows = $statement->fetchAll(PDO::FETCH_ASSOC);
-$passwordhash = password_hash($password, PASSWORD_DEFAULT);
-if (count($rows) == 1) {
-	if (
-		($rows[0]["username"] == $username)
-		and
-		($rows[0]["password"] == $passwordhash)
-	) {
-		echo "Result: Logged in as " . $rows[0]["username"];
-		// this will be turned into function and used elsewhere
-	} else {
-		echo "Result: Could not authenticate";
-	}
-} else {
-	echo "Result: Could not authenticate";
-}
-//elseif (($action == "search") and $debug) {
-//	echo "Result:<pre>".htmlspecialchars(var_export($rows,true))."</pre>";
-//	//print_r(str_replace("\n","<br/>",var_export($rows,true)));
diff --git a/public_html/scripts/userInfo.php b/public_html/scripts/userInfo.php
index cdf4f7e..bd48ef1 100644
--- a/public_html/scripts/userInfo.php
+++ b/public_html/scripts/userInfo.php
@@ -1,7 +1,7 @@
 <?php session_start(["cookie_domain" => "passman.harrysy.red"]);
 require_once "db.php";
 if (isset($_SESSION["user_id"])) {
-	$sql = "SELECT first_name, last_name FROM user WHERE user_id = ?";
+	$sql = "SELECT first_name, last_name FROM user WHERE user_id = ?"; //Selects the user details required and returns them in a JSON format
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "i", $_SESSION["user_id"]);
diff --git a/public_html/styles/styles.css b/public_html/styles/styles.css
index 4cad2eb..a59b0ed 100644
--- a/public_html/styles/styles.css
+++ b/public_html/styles/styles.css
@@ -168,6 +168,9 @@ button#bugSend:hover {
 	font-size: 2.5rem;
 	padding: 15px;
 }
+#output {
+	text-align: center;
+}
 
 .containerReportBug {
 	display: flex;

From ea73bbfc59e9b3ca5ca9b764bcd8b7c2927342db Mon Sep 17 00:00:00 2001
From: Harry Syreed <me@harrysy.red>
Date: Thu, 16 Dec 2021 21:00:58 +0000
Subject: [PATCH 6/6] comment completed

---
 public_html/footer.php            |  10 ++-
 public_html/main.php              |   2 +-
 public_html/scripts/functions.php | 124 ++++++++++++++----------------
 public_html/styles/styles.css     |   1 +
 public_html/upload.php            |  32 ++++----
 5 files changed, 84 insertions(+), 85 deletions(-)

diff --git a/public_html/footer.php b/public_html/footer.php
index 84973d5..c7f70c3 100644
--- a/public_html/footer.php
+++ b/public_html/footer.php
@@ -1,9 +1,11 @@
 </body>
 <footer>
-	<h3><a href=""> Contact Us</a></h3>
-	<h3><a href=""> Report a Bug</a></h3>
-	<h3><a href=""> Documentation</a> </h3>
-	<h3><a href="/LICENSE.txt"> Copyright (c) 2021, PassMan Team<br /> All rights reserved</a></h3>
+
+	<h3 style="margin-left:20px;"><a href="/contact.php">Contact Us</a></h3>
+	<h3 style="margin-left:20px;"><a href="/reportabug.php">Report a Bug</a></h3>
+	<h3 style="margin-left:20px;"><a href="/upload.php">Upload CSV</a></h3>
+	<h3 style="margin-left:20px;"><a href="/docs.pdf">Documentation</a> </h3>
+	<h3 style="margin-left:20px;"><a href="/LICENSE.txt"> Copyright (c) 2021, PassMan Team<br /> All rights reserved</a></h3>
 </footer>
 
 <script>
diff --git a/public_html/main.php b/public_html/main.php
index fbf4b5c..f88c809 100644
--- a/public_html/main.php
+++ b/public_html/main.php
@@ -10,7 +10,7 @@
             <h1 class="mainSection1Title">Website Name</h1>
             <!--<input type="search" class="mainSearch" value="Search">-->
             <button id="mainAddImport" class="mainAddImport">Add</button>
-			<a onclick="refresh()" href="#">Refresh</a>
+			<button onclick="refresh()" href="#">Refresh</button>
             <div id="list">
             </div>
 
diff --git a/public_html/scripts/functions.php b/public_html/scripts/functions.php
index 21ac996..b546e13 100644
--- a/public_html/scripts/functions.php
+++ b/public_html/scripts/functions.php
@@ -71,26 +71,26 @@ function generateOneTimePassword($conn, $userInfo, $pD)
 	$to = $userInfo["email"];
 	$subject = "OTP from PassMan";
 	// $txt = uniqid("otp_", true);
-	$txt = "otp_" . bin2hex(openssl_random_pseudo_bytes(4));
+	$txt = "otp_" . bin2hex(openssl_random_pseudo_bytes(4));// makes a 8 letter otp
 	$tempPath = "./temp/email.html";
 	try //tries to read email template
 	{
-		$f = fopen($tempPath, 'r');
-		$temp = fread($f, filesize($tempPath));
-		fclose($f);
+		$f = fopen($tempPath, 'r');// tries to open template
+		$temp = fread($f, filesize($tempPath));//reads template
+		fclose($f);//closes it
 	} catch (Exception $ex) {
-		$temp = '$name here is your code:<br/>$code';
+		$temp = '$name here is your code:<br/>$code';//failsafe if didn't work
 	}
 	if (($temp == "") or ($temp == null)) {
-		$temp = '$name here is your code:<br/>$code';
+		$temp = '$name here is your code:<br/>$code';//another failsave
 	}
 	try {
-		include "getBrowserInfo.php";
-		$browser = getOS() . " - " . getBrowser();
+		include "getBrowserInfo.php";// imports function to find browser info
+		$browser = getOS() . " - " . getBrowser();//gets browser info
 	} catch (Exception $ex) {
-		$browser = grabIp();
+		$browser = grabIp();//failsafe to just use users ip
 	}
-	$body = str_replace('$device', $browser, str_replace('$code', $txt, str_replace('$name', $userInfo["first_name"], $temp)));
+	$body = str_replace('$device', $browser, str_replace('$code', $txt, str_replace('$name', $userInfo["first_name"], $temp)));//replaces values in template with data
 	$headers = "MIME-Version: 1.0" . "\r\n"; // tells email provider to accept next line
 	$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; // tells email provider that this email is formatted in HTML
 	$headers .= "From: otp@passman.harrysy.red"; //tells email that it was sent by
@@ -198,42 +198,42 @@ function keyGen($conn, $password, $user_id)
 function changeUserPassword($conn, $user_id, $oldPassword, $newPassword)
 {
 	try {
-		mysqli_autocommit($conn, FALSE); // stops rollbacks
+		mysqli_autocommit($conn, FALSE); // stops commits to allow rollback
 
-		mysqli_commit($conn);
+		mysqli_commit($conn);// makes commit to rollback too
 	} catch (Exception $e) {
 		return [98, "Error caught by try:\n " . $e . ", Unknown DBMS state"];
 		die("Can't change passwrod safely");
 	}
 	try {
-		$resultFromKeyChange = keyPasswordChange($conn, $user_id, $oldPassword, $newPassword);
+		$resultFromKeyChange = keyPasswordChange($conn, $user_id, $oldPassword, $newPassword);// tries to change key to new password
 		$pswdHash = password_hash($newPassword, PASSWORD_DEFAULT); //hashes the users password before it is stored
 		if ($resultFromKeyChange) {
-			$sql = "update user set master_password = ? where user_id = ?;";
+			$sql = "update user set master_password = ? where user_id = ?;";// sql to update master password
 			$stmt = mysqli_stmt_init($conn);
 			mysqli_stmt_prepare($stmt, $sql);
 			mysqli_stmt_bind_param($stmt, "si", $pswdHash, $user_id);
 			mysqli_stmt_execute($stmt);
-			$sql = "SELECT `master_password` FROM user WHERE user_id =  ?;";
+			$sql = "SELECT `master_password` FROM user WHERE user_id =  ?;";// sql to check new master password
 			$stmt = mysqli_stmt_init($conn);
 			mysqli_stmt_prepare($stmt, $sql);
 			mysqli_stmt_bind_param($stmt, "i", $user_id);
 			mysqli_stmt_execute($stmt); //executes sql query
 			$stmtresult = mysqli_stmt_get_result($stmt); //gets the result of the sql query
 			if ($row = mysqli_fetch_assoc($stmtresult)) {  // creates an associative array of the sql result
-				if (password_verify($newPassword, $row["master_password"])) {
-					mysqli_commit($conn);
-					mysqli_autocommit($conn, TRUE);
+				if (password_verify($newPassword, $row["master_password"])) {//verifies master password has changed and works
+					mysqli_commit($conn);// if all is good commit changes
+					mysqli_autocommit($conn, TRUE);// enable autocommit again
 					return [0, "Success"];
 				} else {
-					mysqli_rollback($conn);
+					mysqli_rollback($conn);//rollback database 
 					mysqli_autocommit($conn, TRUE);
-					return [2, "Failure to change Passwrod, DBMS rolled back"];
+					return [2, "Failure to change Passwrod, DBMS rolled back"];//tell user that the password could not be changed but account is fine
 				}
 			} else {
-				mysqli_rollback($conn);
+				mysqli_rollback($conn);// rollback database
 				mysqli_autocommit($conn, TRUE);
-				return [2, "Failure to change Passwrod, DBMS rolled back"];
+				return [2, "Failure to change Passwrod, DBMS rolled back"];//rell user that the passwoudl could not be changed but account is fine
 			}
 		} else {
 			mysqli_rollback($conn);
@@ -246,10 +246,10 @@ function changeUserPassword($conn, $user_id, $oldPassword, $newPassword)
 			mysqli_autocommit($conn, TRUE);
 			return [4, "Error Caught By Try: " . $e . ", DBMS rolled back"];
 		} catch (Exception $ee) {
-			return [98, "Error caught by try:\n " . $ee . "\n\nAND\n\n" . $e . ", Unknown DBMS state"];
+			return [98, "Error caught by try:\n " . $ee . "\n\nAND\n\n" . $e . ", Unknown DBMS state"];// report full error and the state of database is unknown
 		}
 	}
-	return [99, "Catastrophic Failure, Unknown DBMS stat"];
+	return [99, "Catastrophic Failure, Unknown DBMS stat"];// report error and that state of database is unknown
 }
 /**
  * This updates the key to new password\
@@ -273,15 +273,15 @@ function keyPasswordChange($conn, $user_id, $oldPassword, $newPassword)
 {
 	try {
 		$iv = generateIV(); // genorates iv
-		$key = keyGet($conn, $oldPassword, $user_id);
-		$based_iv = base64_encode($iv); //base64
-		$masterkey = encryptData($key, $newPassword, $iv);
+		$key = keyGet($conn, $oldPassword, $user_id);// gets current key
+		$based_iv = base64_encode($iv); // turns IV to base64 to store
+		$masterkey = encryptData($key, $newPassword, $iv);// encrypts the master key with the master password
 		$sql = "update user set masterkey = ?, masteriv = ? where user_id = ?;";
 		$stmt = mysqli_stmt_init($conn);
 		mysqli_stmt_prepare($stmt, $sql);
 		mysqli_stmt_bind_param($stmt, "ssi", $masterkey, $based_iv, $user_id);
 		mysqli_stmt_execute($stmt);
-		if ($key == keyGet($conn, $newPassword, $user_id)) {
+		if ($key == keyGet($conn, $newPassword, $user_id)) {//tests if the key has been updated and is the same value
 			return TRUE;
 		} else {
 			return FALSE;
@@ -342,23 +342,6 @@ function decryptData($ciphertext, $key, $iv)
 		return -1;
 	}
 }
-
-function createWebEntry($conn, $pD)
-{
-	$sql = "INSERT INTO saved_website (user_id, website_name, web_address) VALUES (?,?,?);";
-	$stmt = mysqli_stmt_init($conn);
-	if (!mysqli_stmt_prepare($stmt, $sql)) {
-		header("location: ../index.php?error=stmtfailed");
-		exit();
-	}
-	mysqli_stmt_bind_param($stmt, "sss", $_SESSION["user_id"], $pD["website_name"], $pD["web_address"]);
-	if (!mysqli_stmt_execute($stmt)) { //executes the INSERT statement
-		header("location:../index.php?error=stmtfailed");
-		exit();
-	}
-	header("location:../index.php?error=success");
-}
-
 function passwordComplex($pswd)
 {
 	if (strlen($pswd) < 20) {
@@ -377,23 +360,28 @@ function passwordComplex($pswd)
 }
 function getWebsiteList($conn, $user_identifier)
 {
+	// gets user id from either user id or auth code
 	$user_id = "";
 	if ($user_identifier[0] == 0)
 		$user_id = $user_identifier[1];
 	else
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
+	// setup sql select statement to get all websites linked to a userr
 	$sql = "SELECT website_id, website_name, web_address from user JOIN saved_website ON user.user_id = saved_website.user_id WHERE user.user_id = ? order by saved_website.website_name";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "s", $user_id);
 	mysqli_stmt_execute($stmt);
+	
 	$stmtresult =  mysqli_stmt_get_result($stmt);
 	$result = mysqli_fetch_all($stmtresult, MYSQLI_ASSOC);
 	mysqli_free_result($stmtresult);
-	return json_encode($result);
+	return json_encode($result);// sending results to user
 }
+/**
+ * checks if website with web address exists
+ */
 function checkIfExists($conn,$user_id,$wb_address){
-
 	$sql = "SELECT website_id FROM `saved_website` WHERE web_address = ? and user_id = ?";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
@@ -401,11 +389,10 @@ function checkIfExists($conn,$user_id,$wb_address){
 	mysqli_stmt_execute($stmt);
 	$stmtresult =  mysqli_stmt_get_result($stmt);
 	$result = mysqli_fetch_all($stmtresult, MYSQLI_ASSOC);
-	if(sizeof($result) >= 1)
-		return $result[0]["webiste_id"];
+	if(sizeof($result) >= 1)// if one or more websites with the same address exists  then
+		return $result[0]["webiste_id"];// send website ids
 	else
-		return 0;
-	
+		return 0;// return 0
 }
 function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 {
@@ -418,6 +405,7 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
 	$rand = 0;
 	$available = false;
+	// makes a random number webiste id and checks if it is already taken, if it is try another random number
 	do {
 		$rand = rand(1, 999999999);
 		$sql = "SELECT 1 as 'exists' from saved_website WHERE website_id = ?";
@@ -435,6 +423,7 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 		}
 		$stmt->close();
 	} while (!$available);
+	//creates sql to create new website entry
 	$sql = "INSERT INTO saved_website VALUES (?,?,?,?,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP())";
 
 	$stmt = mysqli_stmt_init($conn);
@@ -447,17 +436,19 @@ function addWebsite($conn, $user_identifier, $wb_name, $wb_address)
 }
 function addPassword($conn, $user_identifier, $website_id, $pw_username, $pw_password, $key)
 {
-	$iv = generateIV(); // genorates a new IV per new version of a password
-	$cryptUsername = encryptData($pw_username, $key, $iv);
-	$cryptPassword = encryptData($pw_password, $key, $iv);
+	// creates a initialization vector to keep passwords secure
+	$iv = generateIV(); // genorates a new IV per new version of a password for securty
+	$cryptUsername = encryptData($pw_username, $key, $iv);// encrypts username
+	$cryptPassword = encryptData($pw_password, $key, $iv);// encrypts password
 	$user_id = "";
 	if ($user_identifier[0] == 0)
 		$user_id = $user_identifier[1];
 	else
-
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
+	
 	$rand = 0;
 	$available = false;
+	// creates a random password_id until one is not already taken
 	do {
 		$rand = rand(0, 999999999);
 		$sql = "SELECT 1 as 'exists' from website_password WHERE password_id = ?";
@@ -475,9 +466,8 @@ function addPassword($conn, $user_identifier, $website_id, $pw_username, $pw_pas
 		}
 		$stmt->close();
 	} while (!$available);
+	// adds encrypted passwords to databse
 	$sql = "INSERT INTO website_password values (?,(SELECT sw.website_id FROM `saved_website` as sw WHERE sw.website_id = ? AND sw.user_id = ?),?,?,?)";
-	//$sql = "INSERT INTO website_password values (?,(SELECT website_id FROM `saved_website` WHERE website_id = ? AND user_id = ?),?,?,?)";
-	//$sql = "INSERT INTO password_id VALUES (?,?,?,?,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP())";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "iiisss", $rand, $website_id, $user_id, $cryptUsername, $cryptPassword, base64_encode($iv));
@@ -502,11 +492,14 @@ function getPasswordList($conn, $user_identifier, $website_id, $key)
 	$cipher = mysqli_fetch_all($stmtresult, MYSQLI_ASSOC);
 	mysqli_free_result($stmtresult);
 	$result = [];
+	// creates new array with decrypted passwords
 	for ($i = 0; $i < sizeof($cipher); $i++) {
 		$result[$i] = [];
 		$result[$i]["website_id"]  = $cipher[$i]["website_id"];
 		$result[$i]["password_id"] = $cipher[$i]["password_id"];
+		//decrypts username
 		$result[$i]["username"] = decryptData($cipher[$i]["username"], $key, base64_decode($cipher[$i]["iv"]));
+		//decrypts password
 		$result[$i]["password"] = decryptData($cipher[$i]["password"], $key, base64_decode($cipher[$i]["iv"]));
 	}
 	return json_encode($result);
@@ -519,6 +512,7 @@ function response($response, $error = "none")
 	echo json_encode($return);
 	exit();
 }
+// Gets the user_id when an authentication token is used
 function getUidWhereAuthCode($conn, $authToken)
 {
 	/**TODO:
@@ -541,14 +535,13 @@ function deletePassword($conn, $user_identifier, $password_id)
 		$user_id = $user_identifier[1];
 	else
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
-	//$sql = "SELECT website_password.website_id, password_id, username, password, vi from website_password JOIN [SELECT website_id, from user JOIN saved_website ON user.user_id = saved_website.user_id WHERE user.user_id = ?] where website";
-	//$sql = "SELECT website_password.* from website_password JOIN (SELECT website_id FROM user JOIN saved_website ON user.user_id = saved_website.user_id where user.user_id = ?) as websites on website_password.website_id = websites.website_id where website_password.website_id = ?";
-	//$sql = "UPDATE website_password as tb set tb.username = ?, tb.password = ?, tb.iv = ? where tb.password_id = ? AND password_id in (select website_password.password_id from user inner join saved_website on user.user_id = saved_website.user_id inner join website_password on saved_website.website_id = website_password.website_id WHERE user.user_id = ?) ";
+	// creates sql to delete passwrod
 	$sql = "DELETE FROM website_password where password_id = ? AND password_id in (select website_password.password_id from user inner join saved_website on user.user_id = saved_website.user_id inner join website_password on saved_website.website_id = website_password.website_id WHERE user.user_id = ?) ";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "ii", $password_id, $user_id);
 	mysqli_stmt_execute($stmt);
+	// return how many rows were affected as success value, will either be 1 or 0
 	return ["success" => mysqli_stmt_affected_rows($stmt)];
 }
 function deleteWebsite($conn, $user_identifier, $website_id)
@@ -558,15 +551,12 @@ function deleteWebsite($conn, $user_identifier, $website_id)
 		$user_id = $user_identifier[1];
 	else
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
-	//$sql = "SELECT website_password.website_id, password_id, username, password, vi from website_password JOIN [SELECT website_id, from user JOIN saved_website ON user.user_id = saved_website.user_id WHERE user.user_id = ?] where website";
-	//$sql = "SELECT website_password.* from website_password JOIN (SELECT website_id FROM user JOIN saved_website ON user.user_id = saved_website.user_id where user.user_id = ?) as websites on website_password.website_id = websites.website_id where website_password.website_id = ?";
-	//$sql = "UPDATE website_password as tb set tb.username = ?, tb.password = ?, tb.iv = ? where tb.password_id = ? AND password_id in (select website_password.password_id from user inner join saved_website on user.user_id = saved_website.user_id inner join website_password on saved_website.website_id = website_password.website_id WHERE user.user_id = ?) ";
-	//$sql = "DELETE FROM website_password where password_id = ? AND password_id in (select website_password.password_id from user inner join saved_website on user.user_id = saved_website.user_id inner join website_password on saved_website.website_id = website_password.website_id WHERE user.user_id = ?) ";
 	$sql = "DELETE FROM saved_website where website_id = ? AND user_id = ?";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "ii", $website_id, $user_id);
 	mysqli_stmt_execute($stmt);
+	//returns how many rows were affected as success value, will either be 1 or 0
 	return ["success" => mysqli_stmt_affected_rows($stmt)];
 }
 function setPassword($conn, $user_identifier, $password_id, $key, $username, $password)
@@ -577,17 +567,19 @@ function setPassword($conn, $user_identifier, $password_id, $key, $username, $pa
 	else
 		$user_id = getUidWhereAuthCode($conn, $user_identifier[1]);
 	$iv = generateIV(); // genorates a new IV per new version of a password
-	//$sql = "SELECT website_password.website_id, password_id, username, password, vi from website_password JOIN [SELECT website_id, from user JOIN saved_website ON user.user_id = saved_website.user_id WHERE user.user_id = ?] where website";
-	//$sql = "SELECT website_password.* from website_password JOIN (SELECT website_id FROM user JOIN saved_website ON user.user_id = saved_website.user_id where user.user_id = ?) as websites on website_password.website_id = websites.website_id where website_password.website_id = ?";
+	// encrypt username and password
 	$cryptUsername = encryptData($username, $key, $iv);
 	$cryptPassword = encryptData($password, $key, $iv);
+	//updates password
 	$sql = "UPDATE website_password as tb set tb.username = ?, tb.password = ?, tb.iv = ? where tb.password_id = ? AND password_id in (select website_password.password_id from user inner join saved_website on user.user_id = saved_website.user_id inner join website_password on saved_website.website_id = website_password.website_id WHERE user.user_id = ?) ";
 	$stmt = mysqli_stmt_init($conn);
 	mysqli_stmt_prepare($stmt, $sql);
 	mysqli_stmt_bind_param($stmt, "sssii", $cryptUsername, $cryptPassword, base64_encode($iv), $password_id, $user_id);
 	mysqli_stmt_execute($stmt);
+	//returns how many rows were affected as success value, will either be 1 or 0
 	return ["success" => mysqli_stmt_affected_rows($stmt)];
 }
+// checks if password is in common passwords
 function commonPassword($conn, $pD)
 {
 	$pD["password"] = strtolower($pD["password"]);
diff --git a/public_html/styles/styles.css b/public_html/styles/styles.css
index a59b0ed..fcaf2c5 100644
--- a/public_html/styles/styles.css
+++ b/public_html/styles/styles.css
@@ -577,6 +577,7 @@ div.overlay > div.btn > input {
 	border-style: solid;
 	border-width: 0.5rem;
 	border-top-right-radius: 0.5rem;
+	visibility: hidden;
 }
 .ad button {
 	background-color: red;
diff --git a/public_html/upload.php b/public_html/upload.php
index 8392ecf..bdedbc8 100644
--- a/public_html/upload.php
+++ b/public_html/upload.php
@@ -1,4 +1,5 @@
 <?php
+require "header.php";
 require_once "scripts/functions.php";
 require_once "scripts/db.php";
 session_start(["cookie_domain" => "passman.harrysy.red"]);
@@ -17,19 +18,22 @@ function csvValidator($head){
 	return FALSE;
 }
 if($_SERVER['REQUEST_METHOD'] == 'POST'){
-	$f = file_get_contents($_FILES["passwordCsv"]["tmp_name"]);
-	$s = 512;
+	$f = file_get_contents($_FILES["passwordCsv"]["tmp_name"]);// grabs the text of the file
+	$s = $_FILES["passwordCsv"]["size"];// this get the size of the file
 	/** @var array<array<string,string>> */
-	$array = array_map("str_getcsv", explode("\n", $f));
+	$array = array_map("str_getcsv", explode("\n", $f));// turns content into an array of each line that is an array of each value (that was seperated by commas)
 	if((sizeof($array)>1) && csvValidator($array[0])){
-		if(536870912 >= $s){
-			$head = $array[0];
-			$noName = !in_array("name",$head);
-			$tmpPwd = [];
+		if(536870912 >= $s){// check the size of the file
+			$head = $array[0];// sets the first line to an array that is the headers of the data
+			$noName = !in_array("name",$head);// checks if the csv header for name
+			$tmpPwd = [];// temporay array of passwords
+
+			/**
+			 * This will add arrays contianint URL, NAME, USERNAME and PASSWORDS values
+			 */
 			for ($i = 1;$i < sizeof($array);$i++){
 				$row = $array[$i];
 				for ($j = 0;$j < min(sizeof($head),sizeof($row));$j++){
-					
 					if(($head[$j] == "url")||($head[$j] == "login_uri"))
 						$tmpPwd[$i]["url"] = $row[$j];
 					else if($head[$j] == "name")
@@ -40,10 +44,10 @@ function csvValidator($head){
 						$tmpPwd[$i]["password"] = $row[$j];
 				}
 			}
-			$count = 0;
+			$count = 0;// counts how many passwords are added to database
 
+			// takes tmpPwd and adds it to database
 			for ($i = 0;$i < sizeof($tmpPwd);$i++){
-
 				if(isset($tmpPwd[$i]["username"]) && isset($tmpPwd[$i]["password"])){
 					$ifExists = checkIfExists($conn,$_SESSION["user_id"],$tmpPwd[$i]["url"]);
 					if($ifExists != 0){
@@ -63,11 +67,10 @@ function csvValidator($head){
 			}
 			echo "Added ".$count." of ".sizeof($tmpPwd);
 		}else{
-			die("<p><h1>Error:</h1></p><br/><a href=\"/upload.php\">Go back and try again</a>");
+			die("<p><h1>Error:</h1></p><br/><a href=\"/upload.php\">Go back and try again</a>");//tells user that the CSV has been rejected
 		}
-
 	}else{
-		die("<p><h1>Error:</h1>Wrong Format, the CVS provided is not formated correctly or is incompatible at the current time. Current supported formates are 'Chrome', 'Firefox', 'BitWarden'</p><br/><a href=\"/upload.php\">Go back and try again</a>");
+		die("<p><h1>Error:</h1>Wrong Format, the CVS provided is not formated correctly or is incompatible at the current time. Current supported formates are 'Chrome', 'Firefox', 'BitWarden'</p><br/><a href=\"/upload.php\">Go back and try again</a>");// tells the user that the CSV has been rejected
 	}
 	
 }
@@ -79,4 +82,5 @@ function csvValidator($head){
 	<input type="submit" value="submit CSV"/>
 	</form>
 	';
-}
\ No newline at end of file
+}
+require "footer.php";
\ No newline at end of file