DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName); $action = $_POST["action"]; if($action == "login"){ $uname = $_POST["username"]; $pwd = $_POST["password"]; $stmt1 = $mysqli->prepare("SELECT `Password, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = %s;"); $stmt1->bind_param('s', $uname); $stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv); $stmt1->execute(); $stmt1->store_result(); if ($stmt1->num_rows > 0){ while ($stmt1->fetch()){ if(password_verify($pwd, $pwdhash)){ $_SESSION["username"] = $uname; $_SESSION["loggedin"] = 1; $_SESSION["userID"] = $uid; $_SESSION["fullname"] = $fullname; $_SESSION["nickname"] = $nick; $_SESSION["canseefullnames"] = $fullnamepriv; $_SESSION["canseeotherscomments"] = $otherscommentspriv; $_SESSION["isadmin"] = $adminpriv; } } } echo "Logged in"; return; } if($action == "logout"){ session_destroy(); echo "Logged out"; return; } function processUserRelated($actionin, mysqli $mysqliconn){ if($actionin == "setnickname"){ $newNick = $_POST["newnick"]; $_SESSION["nickname"] = $newNick; $stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=%s WHERE ID = %i;"); $stmt2->bind_param('si', $newNick, $_SESSION["userID"]); $stmt2->execute(); $stmt2->store_result(); } if($actionin == "setfullname"){ $newFull = $_POST["newFull"]; $_SESSION["fullname"] = $newNick; $stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=%s WHERE ID = %i;"); $stmt3->bind_param('si', $newFull, $_SESSION["userID"]); $stmt3->execute(); $stmt3->store_result(); } if($actionin == "setpassword"){ $oldPWD = $_POST["oldPWD"]; $newPWD = $_POST["newPWD"]; $stmt4 = $mysqliconn->prepare("SELECT Password FROM Users WHERE ID = %i AND Username = %s;"); $stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]); $stmt4->bind_result($pwdhash); $stmt4->execute(); $stmt4->store_result(); if ($stmt4->num_rows > 0){ while ($stmt4->fetch()){ if(password_verify($oldPWD, $pwdhash)){ $stmt5 = $mysqliconn->prepare("UPDATE Users SET Password=%s WHERE ID = %i;"); $newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT); $stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]); $stmt5->execute(); $stmt5->store_result(); return "Password changed"; } } } } if($actionin == "getallusers"){ $stmt6 = $mysqliconn->prepare("SELECT Username, Nickname, FullName, IsAdmin FROM Users;"); $stmt6->execute(); $stmt6->bind_result($uname, $nick, $fnamex, $isadmin); $stmt6->store_result(); $outarr = array(); if ($stmt6->num_rows > 0){ while ($stmt6->fetch()){ if ($_SESSION["canseefullnames"] == 1){ $fname = $fnamex; } else{ $fname = ""; } $tmparr["username"] = $uname; $tmparr["nickname"] = $nick; $tmparr["fullname"] = $fname; $tmparr["isadmin"] = $isadmin; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "adduser"){ $stmt6 = $mysqliconn->prepare("INSERT INTO Users"); $stmt6->execute(); $stmt6->bind_result($uname, $nick, $fnamex, $isadmin); $stmt6->store_result(); $outarr = array(); if ($stmt6->num_rows > 0){ while ($stmt6->fetch()){ if ($_SESSION["canseefullnames"] == 1){ $fname = $fnamex; } else{ $fname = ""; } $tmparr["username"] = $uname; $tmparr["nickname"] = $nick; $tmparr["fullname"] = $fname; $tmparr["isadmin"] = $isadmin; array_push($outarr, $tmparr); } } return json_encode($outarr); } return 0; } function processCitationRelated($actionin, mysqli $mysqliconn){ if($actionin == "getcitations"){ } if($actionin == "getrandomcitation"){ } if($actionin == "getcitationfulltextsearch"){ } if($actionin == "getcitationsbyuser"){ } if($actionin == "getcitationsbysource"){ } if($actionin == "getcitationsbytags"){ } if($actionin == "getcitationbyverse"){ } return 0; } function processTagsRelated($actionin, mysqli $mysqliconn){ if($actionin == "createtag"){ } if($actionin == "getalltags"){ } if($actionin == "gettagsbycollection"){ } return 0; } function processSourcesRelated($actionin, mysqli $mysqliconn){ if($actionin == "createsource"){ } if($actionin == "getallsources"){ } if($actionin == "getallsourcesbycreator"){ } return 0; } function processCommentRelated($actionin, mysqli $mysqliconn){ if($actionin == "createcomment"){ } if($actionin == "getallcommentsbycreator"){ } if($actionin == "getcommentsbycitationlatestversion"){ } if($actionin == "getcommentsbycitationallversions"){ } return 0; } if($_SESSION["loggedin"] == 1){ $citationreturn = processCitationRelated($action, $mysqli); if($citationreturn != 0){ echo $citationreturn; return; } $commentreturn = processCommentRelated($action, $mysqli); if($commentreturn != 0){ echo $commentreturn; return; } $tagsreturn = processTagsRelated($action, $mysqli); if($tagsreturn != 0){ echo $tagsreturn; return; } $sourcereturn = processSourcesRelated($action, $mysqli); if($sourcereturn != 0){ echo $sourcereturn; return; } $userreturn = processUserRelated($action, $mysqli); if($userreturn != 0){ echo $userreturn; return; } } else{ echo "Not logged in"; return; } ?>