Adleraci/adlerka.top
4
1
Fork 3
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add some more account actions,

Browse Source 
Add return types,
This commit is contained in:
Bruno Rybársky 2024-01-31 22:05:23 +01:00
parent a4fd20ad00
commit 3d22ff555e
9 changed files with 194 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
assets/login-script.js
View File

@ -1,6 +1,6 @@
function login() { function login() {
var email = document.getElementById("email").value; const email = document.getElementById("email").value;
var password = document.getElementById("password").value; const password = document.getElementById("password").value;
// Assuming you use fetch API to send data to the server // Assuming you use fetch API to send data to the server
fetch('https://home.adlerka.top/account', { fetch('https://home.adlerka.top/account', {

176
lib/account.php
View File

@ -1,14 +1,41 @@
<?php <?php
function isLoggedIn(){ use Random\RandomException;
return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]);
function isLoggedIn(): bool
{
global $routerConfig;
return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"];
} }
function doLogin($email, $password){ function generateActivationToken(): string
{
try {
return bin2hex(random_bytes(16));
} catch (RandomException $e) {
return "error_generating_code_because_of_$e";
} // Adjust the length of the token as needed
}
function verifyPassword($userID, $password): bool
{
global $mysqli; global $mysqli;
$stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
$pwdhash = "";
$stmt->bind_result($pwdhash);
$stmt->fetch();
$stmt->close();
return !empty($pwdhash) && password_verify($password, $pwdhash);
}
function doLogin($email, $password): array
{
global $mysqli, $routerConfig;
$found = false; $found = false;
if(!empty($email) && !empty($password)){ if(!empty($email) && !empty($password)){
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, isAdmin FROM Users WHERE EMAIL = ? AND isActive = 1"); $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, privilegeLevel FROM Users WHERE EMAIL = ? AND isActive = 1");
$stmt->bind_param("s", $email); $stmt->bind_param("s", $email);
$stmt->execute(); $stmt->execute();
@ -18,27 +45,29 @@ function doLogin($email, $password){
$nickname = ""; $nickname = "";
$pwdhash = ""; $pwdhash = "";
$mcnick = ""; $mcnick = "";
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, false); $privilegelevel = 0;
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel);
if($stmt->num_rows() > 0){ if($stmt->num_rows() > 0){
$stmt->fetch(); $stmt->fetch();
if (password_verify($password, $pwdhash)){ if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]){
$found = true;
}
}
$_SESSION["ID"] = $idcko; $_SESSION["ID"] = $idcko;
$_SESSION["first_name"] = $fname; $_SESSION["first_name"] = $fname;
$_SESSION["last_name"] = $lname; $_SESSION["last_name"] = $lname;
$_SESSION["nickname"] = $nickname; $_SESSION["nickname"] = $nickname;
$_SESSION["email"] = $email; $_SESSION["email"] = $email;
$_SESSION["mcnick"] = $mcnick; $_SESSION["mcnick"] = $mcnick;
$_SESSION["isadmin"] = false; $_SESSION["privilegelevel"] = $privilegelevel;
$found = true;
}
}
$stmt->close(); $stmt->close();
} }
return $found ? ["status" => "success"] : ["status" => "fail"]; return $found ? ["status" => "success"] : ["status" => "fail"];
} }
function doLogout(){ function doLogout(): array
{
if(isLoggedIn()){ if(isLoggedIn()){
session_destroy(); session_destroy();
return ["status" => "success"]; return ["status" => "success"];
@ -47,7 +76,8 @@ function doLogout(){
} }
} }
function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken){ function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array
{
global $mysqli; global $mysqli;
$status = ["status" => "fail"]; $status = ["status" => "fail"];
if (!empty($activationtoken)){ if (!empty($activationtoken)){
@ -63,3 +93,125 @@ function doRegister($firstname, $lastname, $nickname, $email, $password, $minecr
return $status; return $status;
} }
function changePassword($userID, $newPassword): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if(!empty($userID) && !empty($newPassword) && verifyPassword($userID, $newPassword) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]){
$passwordHash = password_hash($newPassword, PASSWORD_DEFAULT);
$stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?");
$stmt->bind_param("si", $passwordHash, $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function updateUserProfile($userID, $firstName, $lastName, $nickname, $minecraftNick): array
{
global $mysqli;
$status = ["status" => "fail"];
if (!empty($userID)) {
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?");
$stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraftNick, $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function getUserInfo($userID): array
{
global $mysqli;
$userInfo = [];
if (!empty($userID)) {
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
$id = 0;
$firstName = "";
$lastName = "";
$nickname = "";
$email = "";
$minecraftNick = "";
$privilegeLevel = 0;
$stmt->bind_result($id, $firstName, $lastName, $nickname, $email, $minecraftNick, $privilegeLevel);
$stmt->fetch();
$stmt->close();
$userInfo = [
"ID" => $id,
"FirstName" => $firstName,
"LastName" => $lastName,
"Nickname" => $nickname,
"Email" => $email,
"MinecraftNick" => $minecraftNick,
"PrivilegeLevel" => $privilegeLevel
];
}
return $userInfo;
}
function isEmailAvailable($email): bool
{
global $mysqli;
$stmt = $mysqli->prepare("SELECT COUNT(*) FROM Users WHERE Email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$count = -1;
$stmt->bind_result($count);
$stmt->fetch();
$stmt->close();
return $count === 0;
}
function addActivationCodes($adminID, $count): array
{
global $mysqli;
$activationCodes = [];
if (!empty($adminID) && is_numeric($count) && $count > 0) {
$stmt = $mysqli->prepare("INSERT INTO ActivationCodes (AdminID, Code) VALUES (?, ?)");
for ($i = 0; $i < $count; $i++) {
$activationCode = generateActivationToken();
$stmt->bind_param("is", $adminID, $activationCode);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$activationCodes[] = $activationCode;
}
}
$stmt->close();
}
return $activationCodes;
}
function listUsers(): array
{
global $mysqli;
$users = [];
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users");
while ($row = $result->fetch_assoc()) {
$users[] = $row;
}
return $users;
}
function listActivationCodes(): array
{
global $mysqli;
$activationCodes = [];
$result = $mysqli->query("SELECT Code FROM ActivationCodes");
while ($row = $result->fetch_assoc()) {
$activationCodes[] = $row['Code'];
}
return $activationCodes;
}

15
lib/config.php
View File

@ -1,5 +1,6 @@
<?php <?php
function loadRouterConfig(){ function loadRouterConfig(): void
{
global $routerConfig; global $routerConfig;
$routerConfig["default_page"] = "domov"; $routerConfig["default_page"] = "domov";
@ -13,4 +14,16 @@
$routerConfig["page_dir"] = "pages/"; $routerConfig["page_dir"] = "pages/";
$routerConfig["protocol"] = "https://"; $routerConfig["protocol"] = "https://";
$routerConfig["logged_out_permission_level"] = 0;
$routerConfig["logged_in_default_permission_level"] = 1;
$routerConfig["verified_permission_level"] = 2;
$routerConfig["trustworthy_permission_level"] = 3;
$routerConfig["moderator_permission_level"] = 4;
$routerConfig["adminpermissionlevel"] = 255;
} }

4
lib/endpoint.php
View File

@ -1,6 +1,6 @@
<?php <?php
function runEndpoint($endpoint_file) function runEndpoint($endpoint_file): ?array
{ {
$endpoint_data = $_POST; $endpoint_data = $_POST;
@ -10,7 +10,7 @@ function runEndpoint($endpoint_file)
} }
function getEndpoint($endpoint_name) function getEndpoint($endpoint_name): false|string
{ {
$output = array(); $output = array();
$output["status"] = "fail"; $output["status"] = "fail";

2
lib/navigation.php
View File

@ -1,6 +1,6 @@
<?php <?php
function generateNavigation() function generateNavigation(): string
{ {
global $routerConfig; global $routerConfig;
global $routerRequest; global $routerRequest;

5
lib/page.php
View File

@ -1,11 +1,12 @@
<?php <?php
function renderDynamicPage($page_file) function renderDynamicPage($page_file): false|string
{ {
require_once $page_file; require_once $page_file;
return render(); return render();
} }
function getPage($page_name = null){ function getPage($page_name = null): array|false|string
{
global $routerConfig; global $routerConfig;
global $routerRequest; global $routerRequest;

3
lib/router.php
View File

@ -1,7 +1,8 @@
<?php <?php
function initRouter(){ function initRouter(): bool
{
global $routerRequest; global $routerRequest;
global $routerConfig; global $routerConfig;

2
pages/global/account.php
View File

@ -2,7 +2,7 @@
require_once "lib/router.php"; require_once "lib/router.php";
function render() function render(): false|string
{ {
global $routerConfig; global $routerConfig;

3
pages/home/domov.html
View File

@ -1,5 +1,6 @@
<page minpermissionlevel="0" name="Domov"></page>
<header> <header>
<h1 class="title">Vitaj na tejto úžasnej stránke</h1> <h1 class="title">Vitaj na tejto úžasnej stránke</h1>
<p>Oficiálna stránka pre adlerka.top</p> <p>Neoficiálna študentská stránka pre adlerku</p>
<hr> <hr>
</header> </header>