From dbda11e9742202924ace5cd9b18b7ceb95b8621f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= <bruno@brn.systems>
Date: Tue, 16 Jan 2024 19:24:40 +0100
Subject: [PATCH] stuff

---
 index.php                       | 40 +++-----------
 lib/account.php                 | 93 +++++++++++++++++++++++++++++++++
 {templates => lib}/navpages.php |  0
 lib/routing.php                 | 40 ++++++++++++++
 pages/global/account.php        | 39 ++++++++++++++
 pages/global/login.php          | 56 --------------------
 6 files changed, 178 insertions(+), 90 deletions(-)
 create mode 100644 lib/account.php
 rename {templates => lib}/navpages.php (100%)
 create mode 100644 lib/routing.php
 create mode 100644 pages/global/account.php
 delete mode 100644 pages/global/login.php

diff --git a/index.php b/index.php
index bc8b76d..df030a1 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,7 @@
 <?php
 require "secrets/config.php";
-require "templates/navpages.php";
-
-session_start();
+require "lib/navpages.php";
+require "lib/routing.php";
 
 $default_page = "domov";
 
@@ -17,12 +16,8 @@ $dynamic_page_dir = "dynamic/";
 $subdomain = basename(explode('.', $_SERVER['HTTP_HOST'])[0]);
 $domain = basename(explode('.', $_SERVER['HTTP_HOST'])[1]);
 $tld = basename(explode('.', $_SERVER['HTTP_HOST'])[2]);
-$page_name = basename($_SERVER["QUERY_STRING"]);;
-
-
-$srvname = $_SERVER["SERVER_NAME"];
-
-$protocol = $_SERVER['PROTOCOL'] = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) ? "https://" : "http://";
+$page_name = basename($_SERVER["QUERY_STRING"]);
+$protocol = getProtocol();
 
 if (empty($tld)){
     header("Location: $protocol$default_site.$subdomain.$domain/$default_page");
@@ -34,31 +29,8 @@ if (empty($page_name)){
     return;
 }
 
-
-$dynamic_page_file = $static_page_dir . $subdomain . "/" . $page_name . ".php";
-$page_file = $static_page_dir . $subdomain . "/" . $page_name . ".html";
-
-$dynamic_page_file_global = $static_page_dir . "global/" . $page_name . ".php";
-$page_file_global = $static_page_dir . "global/" . $page_name . ".html";
-
-$skeleton = file_get_contents($template_dir . "skeleton.html");
-$nav = file_get_contents($template_dir . "nav.html");
-
-if (file_exists($dynamic_page_file_global)){
-    $page = include_once $dynamic_page_file_global;
-}
-elseif (file_exists($page_file_global)){
-    $page = file_get_contents($page_file_global);
-}
-elseif (file_exists($dynamic_page_file)){
-    $page = include_once $dynamic_page_file;
-}
-elseif (file_exists($page_file)){
-    $page = file_get_contents($page_file);
-}
-else{
-    $page = file_get_contents($template_dir . "404.html");
-}
+session_set_cookie_params(0, '/', ".$domain.$tld", true, true);
+session_start();
 
 $navpages = generateNavigation($static_page_dir, $protocol, $subdomain, $domain, $tld, $default_page, $page_name);
 
diff --git a/lib/account.php b/lib/account.php
new file mode 100644
index 0000000..d90f988
--- /dev/null
+++ b/lib/account.php
@@ -0,0 +1,93 @@
+<?php
+
+function isLoggedIn(){
+    return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]);
+}
+
+function doLogin(){
+    global $mysqli;
+    if(!empty($_POST["email"]) && !empty($_POST["password"])){
+        $email = $_POST["email"];
+        $pass = $_POST["password"];
+        /* prepare statement */
+        $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, isAdmin FROM Users WHERE EMAIL = ? AND isActive = 1");
+        $stmt->bind_param("s", $email);
+        $stmt->execute();
+        $idcko = 0;
+        $fname = "";
+        $lname = "";
+        $nickname = "";
+        $pwdhash = "";
+        $mcnick = "";
+        $isadmin = false;
+        /* bind variables to prepared statement */
+        $stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $isadmin);
+        
+        $found = false;
+        /* fetch values */
+        while ($stmt->fetch()) {
+            if (password_verify($pass, $pwdhash)){
+                $_SESSION["ID"] = $idcko;
+                $_SESSION["first_name"] = $fname;
+                $_SESSION["last_name"] = $lname;
+                $_SESSION["nickname"] = $nickname;
+                $_SESSION["email"] = $email;
+                $_SESSION["mcnick"] = $mcnick;
+                $_SESSION["isadmin"] = $isadmin;
+                $found = true; 
+                break;
+            }
+            else{
+                $found = false;
+            }
+            break;
+        }
+        $stmt->close();
+        if($found){
+            $status = ["status" => "success"];
+        }
+        else{
+            $status = ["status" => "fail"];
+        }
+        echo json_encode($status);
+    }
+}
+
+function doLogout(){
+    if(isLoggedIn()){
+        session_destroy();
+        $status = ["status" => "success"];
+    }
+    else{
+        $status = ["status" => "fail"];
+    }
+    echo json_encode($status);
+}
+
+function doRegister(){
+    $status = ["status" => "fail"];
+    if (!empty($_POST["activationtoken"])){
+        global $mysqli;
+
+        $firstName = $_POST["firstname"];
+        $lastName = $_POST["lastname"];
+        $nickname = $_POST["nickname"];
+        $email = $_POST["email"];
+        $password = $_POST["password"];
+        $minecraftNick = $_POST["minecraftnick"];
+        $activationToken = $_POST["activationtoken"];
+        if (!empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($email) && !empty($password) && !empty($activationToken)){
+            $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+
+            $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
+            $stmt->bind_param("ssssss", $firstName, $lastName, $nickname, $email, $passwordHash, $minecraftNick, $activationToken);
+            $stmt->execute();
+            if ($stmt->affected_rows > 0) {
+                $status["status"] = "success";
+            }
+            $stmt->close();
+        }
+    }
+}
+
+?>
\ No newline at end of file
diff --git a/templates/navpages.php b/lib/navpages.php
similarity index 100%
rename from templates/navpages.php
rename to lib/navpages.php
diff --git a/lib/routing.php b/lib/routing.php
new file mode 100644
index 0000000..fbf1bf3
--- /dev/null
+++ b/lib/routing.php
@@ -0,0 +1,40 @@
+<?php
+
+function getProtocol(){
+    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && !empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+        return "https://";
+    } else {
+        return "http://";
+    }
+}
+
+function getPage($routerConfig){
+    $page_dir = $routerConfig['page_dir'];
+
+    $dynamic_page_file = $page_dir . $subdomain . "/" . $page_name . ".php";
+    $page_file = $page_dir . $subdomain . "/" . $page_name . ".html";
+
+    $dynamic_page_file_global = $page_dir . "global/" . $page_name . ".php";
+    $page_file_global = $page_dir . "global/" . $page_name . ".html";
+
+    $skeleton = file_get_contents($template_dir . "skeleton.html");
+    $nav = file_get_contents($template_dir . "nav.html");
+
+    if (file_exists($dynamic_page_file_global)){
+        $page = include_once $dynamic_page_file_global;
+    }
+    elseif (file_exists($page_file_global)){
+        $page = file_get_contents($page_file_global);
+    }
+    elseif (file_exists($dynamic_page_file)){
+        $page = include_once $dynamic_page_file;
+    }
+    elseif (file_exists($page_file)){
+        $page = file_get_contents($page_file);
+    }
+    else{
+        $page = file_get_contents($template_dir . "404.html");
+}
+}
+
+?>
\ No newline at end of file
diff --git a/pages/global/account.php b/pages/global/account.php
new file mode 100644
index 0000000..ed323b1
--- /dev/null
+++ b/pages/global/account.php
@@ -0,0 +1,39 @@
+<?php
+
+$template_dir = "templates/";
+
+$diddoAjax = true;
+
+switch($_POST["action"]){
+    case "login":
+        doLogin();
+    break;
+    case "register":
+        doRegister();
+    break;
+    case "logout":
+        doLogout();
+    break;
+    default:
+        $diddoAjax = false;
+    break;
+}
+
+if($diddoAjax){
+    return; // dont use templates on ajax calls
+}
+
+ob_start();
+
+if ($_SESSION["ID"] > 0){
+    $account_template = file_get_contents($template_dir . "account.html");
+    echo $account_template;
+}
+else{
+    $login_template = file_get_contents($template_dir . "login.html");
+    echo $login_template;
+}
+
+return ob_get_clean();
+
+?>
\ No newline at end of file
diff --git a/pages/global/login.php b/pages/global/login.php
deleted file mode 100644
index dd6e9e2..0000000
--- a/pages/global/login.php
+++ /dev/null
@@ -1,56 +0,0 @@
-<?php
-ob_start();
-
-$template_dir = "templates/";
-
-if($_SERVER["REQUEST_METHOD"] == "POST"){
-    if(!empty($_POST["email"]) && !empty($_POST["password"])){
-        $email = $_POST["email"];
-        $pass = $_POST["password"];
-        /* prepare statement */
-        $stmt = $mysqli->prepare("SELECT ID, PSWD, IGN, ISADMIN FROM Users where EMAIL = ?");
-        $stmt->bind_param("s", $email);
-        $stmt->execute();
-        /* bind variables to prepared statement */
-        $stmt->bind_result($idcko, $hash, $ign, $isadmin);
-        
-        $found = false;
-        /* fetch values */
-        while ($stmt->fetch()) {
-            if (password_verify($pass, $hash)){
-                $_SESSION["ID"] = $idcko;
-                $_SESSION["email"] = $email;
-                $_SESSION["ign"] = $ign;
-                $_SESSION["isadmin"] = $isadmin;
-                $found = true; 
-                break;
-            }
-            else{
-                $_SESSION["ID"] = 0;
-                $_SESSION["email"] = "";
-                $_SESSION["ign"] = "";
-                $_SESSION["isadmin"] = 0;
-                $found = false;
-            }
-            break;
-        }
-        if($found){
-            echo "Login successful";
-        }
-        else{
-            echo "Login failed";
-        }
-    }
-}
-if ($_SESSION["ID"] > 0){
-    $account_template = file_get_contents($template_dir . "account.html");
-    echo $account_template;
-}
-else{
-    $login_template = file_get_contents($template_dir . "login.html");
-    echo $login_template;
-}
-
-return ob_get_clean();
-
-?>
\ No newline at end of file