BRNSystems/Citations_old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve users

Browse Source
This commit is contained in:
Bruno Rybársky
2023-08-07 09:37:44 +02:00
parent 4e21e2593e
commit f6ee043099
1 changed files with 82 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
api.php
View File

@@ -1,7 +1,6 @@
<?php <?php
session_start(); session_start();
$mysqllogin = json_decode(file_get_contents("secrets/MysqlLogin.json"), false); $mysqllogin = json_decode(file_get_contents("secrets/MysqlLogin.json"), false);
$adminpwd = file_get_contents("secrets/AdminPwd");
$mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName); $mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName);
@@ -10,7 +9,7 @@ $action = $_POST["action"];
if($action == "login"){ if($action == "login"){
$uname = $_POST["username"]; $uname = $_POST["username"];
$pwd = $_POST["password"]; $pwd = $_POST["password"];
$stmt1 = $mysqli->prepare("Select Password, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin From Users Where Username = %s;"); $stmt1 = $mysqli->prepare("SELECT `Password, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = %s;");
$stmt1->bind_param('s', $uname); $stmt1->bind_param('s', $uname);
$stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv); $stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv);
$stmt1->execute(); $stmt1->execute();
@@ -23,15 +22,20 @@ if($action == "login"){
$_SESSION["userID"] = $uid; $_SESSION["userID"] = $uid;
$_SESSION["fullname"] = $fullname; $_SESSION["fullname"] = $fullname;
$_SESSION["nickname"] = $nick; $_SESSION["nickname"] = $nick;
$_SESSION["canseefullnames"] = $fullnamepriv;
$_SESSION["canseeotherscomments"] = $otherscommentspriv;
$_SESSION["isadmin"] = $adminpriv;
} }
} }
} }
return "Logged in"; echo "Logged in";
return;
} }
if($action == "logout"){ if($action == "logout"){
session_destroy(); session_destroy();
return "Logged out"; echo "Logged out";
return;
} }
@@ -42,7 +46,7 @@ function processUserRelated($actionin, mysqli $mysqliconn){
if($actionin == "setnickname"){ if($actionin == "setnickname"){
$newNick = $_POST["newnick"]; $newNick = $_POST["newnick"];
$_SESSION["nickname"] = $newNick; $_SESSION["nickname"] = $newNick;
$stmt2 = $mysqliconn->prepare("Update Users Set Nickname=%s Where ID = %i;"); $stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=%s WHERE ID = %i;");
$stmt2->bind_param('si', $newNick, $_SESSION["userID"]); $stmt2->bind_param('si', $newNick, $_SESSION["userID"]);
$stmt2->execute(); $stmt2->execute();
$stmt2->store_result(); $stmt2->store_result();
@@ -51,7 +55,7 @@ function processUserRelated($actionin, mysqli $mysqliconn){
if($actionin == "setfullname"){ if($actionin == "setfullname"){
$newFull = $_POST["newFull"]; $newFull = $_POST["newFull"];
$_SESSION["fullname"] = $newNick; $_SESSION["fullname"] = $newNick;
$stmt3 = $mysqliconn->prepare("Update Users Set FullName=%s Where ID = %i;"); $stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=%s WHERE ID = %i;");
$stmt3->bind_param('si', $newFull, $_SESSION["userID"]); $stmt3->bind_param('si', $newFull, $_SESSION["userID"]);
$stmt3->execute(); $stmt3->execute();
$stmt3->store_result(); $stmt3->store_result();
@@ -60,7 +64,7 @@ function processUserRelated($actionin, mysqli $mysqliconn){
if($actionin == "setpassword"){ if($actionin == "setpassword"){
$oldPWD = $_POST["oldPWD"]; $oldPWD = $_POST["oldPWD"];
$newPWD = $_POST["newPWD"]; $newPWD = $_POST["newPWD"];
$stmt4 = $mysqliconn->prepare("Select Password From Users Where ID = %i AND Username = %s;"); $stmt4 = $mysqliconn->prepare("SELECT Password FROM Users WHERE ID = %i AND Username = %s;");
$stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]); $stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]);
$stmt4->bind_result($pwdhash); $stmt4->bind_result($pwdhash);
$stmt4->execute(); $stmt4->execute();
@@ -68,7 +72,7 @@ function processUserRelated($actionin, mysqli $mysqliconn){
if ($stmt4->num_rows > 0){ if ($stmt4->num_rows > 0){
while ($stmt4->fetch()){ while ($stmt4->fetch()){
if(password_verify($oldPWD, $pwdhash)){ if(password_verify($oldPWD, $pwdhash)){
$stmt5 = $mysqliconn->prepare("Update Users Set Password=%s Where ID = %i;"); $stmt5 = $mysqliconn->prepare("UPDATE Users SET Password=%s WHERE ID = %i;");
$newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT); $newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT);
$stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]); $stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]);
$stmt5->execute(); $stmt5->execute();
@@ -80,7 +84,51 @@ function processUserRelated($actionin, mysqli $mysqliconn){
} }
if($actionin == "getallusers"){ if($actionin == "getallusers"){
$stmt6 = $mysqliconn->prepare("SELECT Username, Nickname, FullName, IsAdmin FROM Users;");
$stmt6->execute();
$stmt6->bind_result($uname, $nick, $fnamex, $isadmin);
$stmt6->store_result();
$outarr = array();
if ($stmt6->num_rows > 0){
while ($stmt6->fetch()){
if ($_SESSION["canseefullnames"] == 1){
$fname = $fnamex;
}
else{
$fname = "";
}
$tmparr["username"] = $uname;
$tmparr["nickname"] = $nick;
$tmparr["fullname"] = $fname;
$tmparr["isadmin"] = $isadmin;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
}
if($actionin == "adduser"){
$stmt6 = $mysqliconn->prepare("INSERT INTO Users");
$stmt6->execute();
$stmt6->bind_result($uname, $nick, $fnamex, $isadmin);
$stmt6->store_result();
$outarr = array();
if ($stmt6->num_rows > 0){
while ($stmt6->fetch()){
if ($_SESSION["canseefullnames"] == 1){
$fname = $fnamex;
}
else{
$fname = "";
}
$tmparr["username"] = $uname;
$tmparr["nickname"] = $nick;
$tmparr["fullname"] = $fname;
$tmparr["isadmin"] = $isadmin;
array_push($outarr, $tmparr);
}
}
return json_encode($outarr);
} }
return 0; return 0;
@@ -180,31 +228,37 @@ if($_SESSION["loggedin"] == 1){
$citationreturn = processCitationRelated($action, $mysqli); $citationreturn = processCitationRelated($action, $mysqli);
if($citationreturn != 0){ if($citationreturn != 0){
return $citationreturn; echo $citationreturn;
return;
} }
$commentreturn = processCommentRelated($action, $mysqli); $commentreturn = processCommentRelated($action, $mysqli);
if($commentreturn != 0){ if($commentreturn != 0){
return $commentreturn; echo $commentreturn;
return;
} }
$tagsreturn = processTagsRelated($action, $mysqli); $tagsreturn = processTagsRelated($action, $mysqli);
if($tagsreturn != 0){ if($tagsreturn != 0){
return $tagsreturn; echo $tagsreturn;
return;
} }
$sourcereturn = processSourcesRelated($action, $mysqli); $sourcereturn = processSourcesRelated($action, $mysqli);
if($sourcereturn != 0){ if($sourcereturn != 0){
return $sourcereturn; echo $sourcereturn;
return;
} }
$userreturn = processUserRelated($action, $mysqli); $userreturn = processUserRelated($action, $mysqli);
if($userreturn != 0){ if($userreturn != 0){
return $userreturn; echo $userreturn;
return;
} }
} }
else{ else{
return "Not logged in"; echo "Not logged in";
return;
} }