diff --git a/assets/script.js b/assets/script.js new file mode 100644 index 0000000..c533727 --- /dev/null +++ b/assets/script.js @@ -0,0 +1,37 @@ +function doAction(requestData, successMessage, failureMessage) { + return fetch('https://home.adlerka.top/account', { + method: 'POST', + body: requestData, + }) + .then(response => { + if (!response.ok) { + throw new Error(`HTTP error! Status: ${response.status}`); + } + return response.json(); + }) + .then(data => { + handleResponse(data, successMessage, failureMessage); + return data; // Returning the response data for further processing + }) + .catch((error) => { + console.error('Error:', error); + }); +} + +function handleResponse(data, SuccessMessage, failureMessage) { + const StatusMessageElement = document.getElementById("StatusMessage"); + + if (data.Status === 'Success') { + StatusMessageElement.innerText = SuccessMessage; + } else { + StatusMessageElement.innerText = failureMessage; + } +} + +function logout() { + const data = new URLSearchParams(); + data.append("action", "logout"); + + doAction(data, "Logout Successful!", "Logout failed."); +} + diff --git a/assets/scripts/global/account.js b/assets/scripts/global/account.js deleted file mode 100644 index 0090282..0000000 --- a/assets/scripts/global/account.js +++ /dev/null @@ -1,31 +0,0 @@ -function login(){ - const email = document.getElementById("email").value; - const password = document.getElementById("password").value; - doLogin(email, password); -} - -function doLogin(email, password) { - - const data = new URLSearchParams(); - data.append("action", "login"); - data.append("email", email); - data.append("password", password); - - // Assuming you use fetch API to send data to the server - fetch('https://home.adlerka.top/account', { - method: 'POST', - body: data, - }) - .then(response => response.json()) - .then(data => { - if (data.status === 'success') { - document.getElementById("statusMessage").innerText = "Login successful!"; - // Redirect or perform other actions after successful login - } else { - document.getElementById("statusMessage").innerText = "Login failed. Please check your credentials."; - } - }) - .catch((error) => { - console.error('Error:', error); - }); -} diff --git a/assets/scripts/home/account.js b/assets/scripts/home/account.js new file mode 100644 index 0000000..b28b04f --- /dev/null +++ b/assets/scripts/home/account.js @@ -0,0 +1,3 @@ + + + diff --git a/endpoints/global/account.php b/endpoints/global/account.php index 1604f3f..51da7f4 100644 --- a/endpoints/global/account.php +++ b/endpoints/global/account.php @@ -4,33 +4,39 @@ require_once "lib/account.php"; function endpoint($endpoint_data): array { + return match ($endpoint_data["action"]) { + //not logged in start "login" => doLogin($endpoint_data["email"], $endpoint_data["password"]), - "logout" => doLogout(), "register" => doRegister( $endpoint_data["firstname"], $endpoint_data["lastname"], - $endpoint_data["nickname"], $endpoint_data["email"], $endpoint_data["password"], - $endpoint_data["minecraftnick"], $endpoint_data["activation_token"] ), - "change_password" => changePassword($endpoint_data["user_id"], $endpoint_data["new_password"]), + //not logged in end + //logged in start + "logout" => doLogout(), + "change_password" => changePassword( + $endpoint_data["old_password"], + $endpoint_data["new_password"] + ), "update_user_profile" => updateUserProfile( - $endpoint_data["user_id"], $endpoint_data["first_name"], $endpoint_data["last_name"], $endpoint_data["nickname"], $endpoint_data["minecraft_nick"] ), - "get_user_info" => getUserInfo($endpoint_data["user_id"]), - "is_email_available" => isEmailAvailable($endpoint_data["email"]), + "get_user_info" => getUserInfo(), + //logged in end + //admin start "add_activation_codes" => addActivationCodes($endpoint_data["count"]), "list_users" => listUsers(), "list_activation_codes" => listActivationCodes(), "delete_user" => deleteUser($endpoint_data["user_id"]), "delete_activation_code" => deleteActivationCode($endpoint_data["activation_code"]), - default => ["status" => "fail", "message" => "Invalid action"], + //admin end + default => ["Status" => "Fail", "message" => "Invalid action"], }; -} +} \ No newline at end of file diff --git a/lib/account.php b/lib/account.php index dd03015..52df5fc 100644 --- a/lib/account.php +++ b/lib/account.php @@ -5,181 +5,45 @@ use Random\RandomException; function isLoggedIn(): bool { global $routerConfig; - return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]; + return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]) && $_SESSION["privilege_level"] >= $routerConfig["logged_in_default_permission_level"]; } - -function setDefaultSessionData(): void +function isVerified(): bool { global $routerConfig; - $_SESSION["ID"] = 0; - $_SESSION["first_name"] = ""; - $_SESSION["last_name"] = ""; - $_SESSION["nickname"] = ""; - $_SESSION["email"] = ""; - $_SESSION["mcnick"] = ""; - $_SESSION["privilegelevel"] = $routerConfig["logged_out_permission_level"]; + return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["verified_permission_level"]; } +function isTrustWorthy(): bool +{ + global $routerConfig; + return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["trustworthy_permission_level"]; +} + +function isModerator(): bool +{ + global $routerConfig; + return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["moderator_permission_level"]; +} + +function isUserAdmin(): bool +{ + global $routerConfig; + return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["user_admin_permission_level"]; +} + +function isAdmin(): bool +{ + global $routerConfig; + return isLoggedIn() && $_SESSION["privilege_level"] >= $routerConfig["admin_permission_level"]; +} + + function generateActivationToken(): string { try { return bin2hex(random_bytes(16)); - } catch (RandomException $e) { - return "error_generating_code_because_of_$e"; - } // Adjust the length of the token as needed -} -function verifyPassword($userID, $password): bool -{ - global $mysqli; - $stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?"); - $stmt->bind_param("i", $userID); - $stmt->execute(); - $pwdhash = ""; - $stmt->bind_result($pwdhash); - $stmt->fetch(); - $stmt->close(); - - return !empty($pwdhash) && password_verify($password, $pwdhash); -} - -function doLogin($email, $password): array -{ - global $mysqli, $routerConfig; - $found = false; - if (!empty($email) && !empty($password)) { - $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1"); - $stmt->bind_param("s", $email); - $stmt->execute(); - - $idcko = 0; - $fname = ""; - $lname = ""; - $nickname = ""; - $pwdhash = ""; - $mcnick = ""; - $privilegelevel = 0; - $lastLoginAt = null; - $loginCount = 0; - $stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel, $lastLoginAt, $loginCount); - - if ($stmt->num_rows() > 0) { - $stmt->fetch(); - if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]) { - $found = true; - - // Update LastLoginAt and LoginCount - $updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?"); - $updateLoginStmt->bind_param("i", $idcko); - $updateLoginStmt->execute(); - $updateLoginStmt->close(); - } - } - - $_SESSION["ID"] = $idcko; - $_SESSION["first_name"] = $fname; - $_SESSION["last_name"] = $lname; - $_SESSION["nickname"] = $nickname; - $_SESSION["email"] = $email; - $_SESSION["mcnick"] = $mcnick; - $_SESSION["privilegelevel"] = $privilegelevel; - $stmt->close(); + } catch (RandomException) { } - return $found ? ["status" => "success"] : ["status" => "fail"]; -} - -function doLogout(): array -{ - if(isLoggedIn()){ - session_destroy(); - return ["status" => "success"]; - } else { - return ["status" => "fail"]; - } -} - -function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array -{ - global $mysqli, $routerConfig; - $status = ["status" => "fail"]; - if (!empty($activationtoken)) { - $passwordHash = password_hash($password, PASSWORD_DEFAULT); - $stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Nickname, Email, PasswordHash, MinecraftNick, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?, ?, NOW())"); - $privilegelevel = $routerConfig["logged_in_default_permission_level"]; - $stmt->bind_param("ssssssisi", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $privilegelevel, $activationtoken); - $stmt->execute(); - if ($stmt->affected_rows > 0) { - $status["status"] = "success"; - } - $stmt->close(); - } - return $status; -} - -function changePassword($userID, $newPassword): array -{ - global $mysqli, $routerConfig; - $status = ["status" => "fail"]; - if(!empty($userID) && !empty($newPassword) && verifyPassword($userID, $newPassword) && $_SESSION["privilegelevel"] >= $routerConfig["logged_in_default_permission_level"]){ - $passwordHash = password_hash($newPassword, PASSWORD_DEFAULT); - $stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?"); - $stmt->bind_param("si", $passwordHash, $userID); - $stmt->execute(); - if ($stmt->affected_rows > 0) { - $status["status"] = "success"; - } - $stmt->close(); - } - return $status; -} - - -function updateUserProfile($userID, $firstName, $lastName, $nickname, $minecraftNick): array -{ - global $mysqli; - $status = ["status" => "fail"]; - if (!empty($userID)) { - $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?"); - $stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraftNick, $userID); - $stmt->execute(); - if ($stmt->affected_rows > 0) { - $status["status"] = "success"; - } - $stmt->close(); - } - return $status; -} - -function getUserInfo($userID): array -{ - global $mysqli; - $userInfo = []; - if (!empty($userID)) { - $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users WHERE ID = ?"); - $stmt->bind_param("i", $userID); - $stmt->execute(); - $id = 0; - $firstName = ""; - $lastName = ""; - $nickname = ""; - $email = ""; - $minecraftNick = ""; - $privilegeLevel = 0; - - $stmt->bind_result($id, $firstName, $lastName, $nickname, $email, $minecraftNick, $privilegeLevel); - $stmt->fetch(); - $stmt->close(); - - $userInfo = [ - "ID" => $id, - "FirstName" => $firstName, - "LastName" => $lastName, - "Nickname" => $nickname, - "Email" => $email, - "MinecraftNick" => $minecraftNick, - "PrivilegeLevel" => $privilegeLevel - ]; - } - return $userInfo; } function isEmailAvailable($email): bool @@ -196,13 +60,230 @@ function isEmailAvailable($email): bool return $count === 0; } +function setDefaultSessionData(): void +{ + global $routerConfig; + $_SESSION["ID"] = 0; + $_SESSION["first_name"] = ""; + $_SESSION["last_name"] = ""; + $_SESSION["nickname"] = ""; + $_SESSION["email"] = ""; + $_SESSION["minecraft_nickname"] = ""; + $_SESSION["privilege_level"] = $routerConfig["logged_out_permission_level"]; +} + +function verifyPassword($userID, $password): bool +{ + global $mysqli; + $stmt = $mysqli->prepare("SELECT PasswordHash FROM Users WHERE ID = ?"); + $stmt->bind_param("i", $userID); + $stmt->execute(); + $password_hash = ""; + $stmt->bind_result($password_hash); + $stmt->fetch(); + $stmt->close(); + + return !empty($password_hash) && password_verify($password, $password_hash); +} + +function doLogin($email, $password): array +{ + global $mysqli, $routerConfig; + $found = false; + if (!empty($email) && !empty($password)) { + $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1"); + $stmt->bind_param("s", $email); + $stmt->execute(); + + $uid = 0; + $first_name = ""; + $last_name = ""; + $nickname = ""; + $password_hash = ""; + $minecraft_nickname = ""; + $privilege_level = 0; + $lastLoginAt = null; + $loginCount = 0; + $stmt->bind_result($uid, $first_name, $last_name, $nickname, $password_hash, $minecraft_nickname, $privilege_level, $lastLoginAt, $loginCount); + + if ($stmt->num_rows() > 0) { + $stmt->fetch(); + if (password_verify($password, $password_hash) && $privilege_level >= $routerConfig["logged_in_default_permission_level"]) { + $found = true; + + // Update LastLoginAt and LoginCount + $updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?"); + $updateLoginStmt->bind_param("i", $uid); + $updateLoginStmt->execute(); + $updateLoginStmt->close(); + } + } + + $_SESSION["ID"] = $uid; + $_SESSION["first_name"] = $first_name; + $_SESSION["last_name"] = $last_name; + $_SESSION["nickname"] = $nickname; + $_SESSION["email"] = $email; + $_SESSION["minecraft_nickname"] = $minecraft_nickname; + $_SESSION["privilege_level"] = $privilege_level; + $stmt->close(); + } + return $found ? ["Status" => "Success"] : ["Status" => "Fail"]; +} + +function doLogout(): array +{ + if(isLoggedIn()){ + setDefaultSessionData(); + return ["Status" => "Success"]; + } else { + return ["Status" => "Fail"]; + } +} + +function doRegister($firstname, $lastname, $email, $password, $activation_token): array +{ + global $mysqli, $routerConfig; + $status = ["Status" => "Fail"]; + if (!empty($activation_token) && !empty($email) && !empty($password) && !empty($firstname) && !empty($lastname) && isEmailAvailable($email)) { + $passwordHash = password_hash($password, PASSWORD_DEFAULT); + $stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Email, PasswordHash, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, 1, ?, NOW())"); + $privilege_level = $routerConfig["logged_in_default_permission_level"]; + $stmt->bind_param("ssssis", $firstname, $lastname, $email, $passwordHash, $privilege_level, $activation_token); + $stmt->execute(); + if ($stmt->affected_rows > 0) { + $status["Status"] = "Success"; + } + $stmt->close(); + } + return $status; +} + +function changePassword($oldPassword, $newPassword): array +{ + global $mysqli; + $status = ["Status" => "Fail"]; + $userID = $_SESSION["ID"]; + if(!empty($oldPassword) && !empty($newPassword) && isLoggedIn() && verifyPassword($userID, $oldPassword)){ + $passwordHash = password_hash($newPassword, PASSWORD_DEFAULT); + $stmt = $mysqli->prepare("UPDATE Users SET PasswordHash = ? WHERE ID = ?"); + $stmt->bind_param("si", $passwordHash, $userID); + $stmt->execute(); + if ($stmt->affected_rows > 0) { + $status["Status"] = "Success"; + } + $stmt->close(); + } + return $status; +} + + +// Function to update user profile +function updateUserProfile($firstName, $lastName, $nickname, $minecraft_nickname): array +{ + global $mysqli; + $status = ["Status" => "Fail"]; + + if (isLoggedIn() && !empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($minecraft_nickname)) { + $userID = $_SESSION["ID"]; + + $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, MinecraftNick = ? WHERE ID = ?"); + $stmt->bind_param("ssssi", $firstName, $lastName, $nickname, $minecraft_nickname, $userID); + $stmt->execute(); + + if ($stmt->affected_rows > 0) { + $status["Status"] = "Success"; + } + + $stmt->close(); + } + + return $status; +} + +// Function to update user email +function updateUserEmail($email): array +{ + global $mysqli; + $status = ["Status" => "Fail"]; + $validmail = false; + + if (isLoggedIn() && !empty($email)) { + $userID = $_SESSION["ID"]; + + $stmt_email_check = $mysqli->prepare("SELECT Email FROM Users WHERE ID = ?"); + $stmt_email_check->bind_param("i", $userID); + $old_email = ""; + $stmt_email_check->bind_result($old_email); + $stmt_email_check->execute(); + $stmt_email_check->fetch(); + $stmt_email_check->close(); + + if ($email != $old_email) { + if (isEmailAvailable($email)) { + $validmail = true; + } + } else { + $validmail = true; + } + + if ($validmail) { + $stmt = $mysqli->prepare("UPDATE Users SET Email = ? WHERE ID = ?"); + $stmt->bind_param("si", $email, $userID); + $stmt->execute(); + + if ($stmt->affected_rows > 0) { + $status["Status"] = "Success"; + } + + $stmt->close(); + } + } + + return $status; +} + +function getUserInfo(): array +{ + $output = ["Status" => "Fail"]; + if(isLoggedIn()) { + global $mysqli; + $userID = $_SESSION["ID"]; + $stmt = $mysqli->prepare("SELECT FirstName, LastName, Nickname, Email, MinecraftNick FROM Users WHERE ID = ?"); + $stmt->bind_param("i", $userID); + $stmt->execute(); + + $firstName = ""; + $lastName = ""; + $nickname = ""; + $email = ""; + $minecraft_nickname = ""; + + $stmt->bind_result($firstName, $lastName, $nickname, $email, $minecraft_nickname); + $stmt->fetch(); + $stmt->close(); + $output = ["Status" => "Success"]; + + $output += [ + "ID" => $userID, + "FirstName" => $firstName, + "LastName" => $lastName, + "Nickname" => $nickname, + "Email" => $email, + "MinecraftNick" => $minecraft_nickname + ]; + + } + return $output; +} + function addActivationCodes($count): array { global $mysqli, $routerConfig; $activationCodes = []; - if (is_numeric($count) && $count > 0 && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) { + if (is_numeric($count) && $count > 0 && $_SESSION["privilege_level"] >= $routerConfig["user_admin_permission_level"] && isLoggedIn()) { $stmt = $mysqli->prepare("UPDATE Users SET ActivationToken = ?, CreatedAt = NOW(), CreatedBy = ? WHERE ID = ?"); for ($i = 0; $i < $count; $i++) { @@ -228,13 +309,13 @@ function addActivationCodes($count): array function listUsers(): array { global $mysqli, $routerConfig; - $users = ["status" => "fail"]; // Default status is "fail" + $users = ["Status" => "Fail"]; // Default Status is "Fail" - if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) { + if (isUserAdmin()) { $users = []; $result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users"); - // Check if the query executed successfully + // Check if the query executed Successfully if ($result) { while ($row = $result->fetch_assoc()) { $users[] = $row; @@ -248,13 +329,13 @@ function listUsers(): array function listActivationCodes(): array { global $mysqli, $routerConfig; - $activationCodes = ["status" => "fail"]; // Default status is "fail" + $activationCodes = ["Status" => "Fail"]; // Default Status is "Fail" - if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) { + if (isUserAdmin()) { $activationCodes = []; $result = $mysqli->query("SELECT ActivationToken, CreatedAt, CreatedBy FROM Users"); - // Check if the query executed successfully + // Check if the query executed Successfully if ($result) { while ($row = $result->fetch_assoc()) { $activationCodes[] = $row; @@ -268,13 +349,13 @@ function listActivationCodes(): array function deleteUser($userID): array { global $mysqli, $routerConfig; - $status = ["status" => "fail"]; - if (!empty($userID) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) { + $status = ["Status" => "Fail"]; + if (!empty($userID) && isUserAdmin()) { $stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?"); $stmt->bind_param("i", $userID); $stmt->execute(); if ($stmt->affected_rows > 0) { - $status["status"] = "success"; + $status["Status"] = "Success"; } $stmt->close(); } @@ -284,13 +365,13 @@ function deleteUser($userID): array function deleteActivationCode($activationCode): array { global $mysqli, $routerConfig; - $status = ["status" => "fail"]; - if (!empty($activationCode) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) { + $status = ["Status" => "Fail"]; + if (!empty($activationCode) && isUserAdmin()) { $stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?"); $stmt->bind_param("s", $activationCode); $stmt->execute(); if ($stmt->affected_rows > 0) { - $status["status"] = "success"; + $status["Status"] = "Success"; } $stmt->close(); } diff --git a/lib/endpoint.php b/lib/endpoint.php index 0f80bc3..ce0d177 100644 --- a/lib/endpoint.php +++ b/lib/endpoint.php @@ -13,7 +13,7 @@ function runEndpoint($endpoint_file): ?array function getEndpoint($endpoint_name): string { $output = array(); - $output["status"] = "fail"; + $output["Status"] = "Fail"; global $routerConfig; global $routerRequest; diff --git a/lib/navigation.php b/lib/navigation.php index 8058d7c..e271cc1 100644 --- a/lib/navigation.php +++ b/lib/navigation.php @@ -39,20 +39,20 @@ function generateNavigation(): string $navpages = ""; foreach ($pages_dir as $page_file) { - $page_dir_tmp = explode(".", $page_file); - $page_dir = $page_dir_tmp[0]; + $page_file_tmp = explode(".", $page_file); + $page_basename = $page_file_tmp[0]; $page_class = "class=\"navpage_link\""; - if ($routerRequest["subdomain"] == $site_dir && $routerRequest["page_name"] == $page_dir) { + if ($routerRequest["subdomain"] == $site_dir && $routerRequest["page_name"] == $page_basename) { $page_class = "class=\"navpage_link active\""; } - $page_location = $routerConfig["protocol"] . $site_subdomain . $routerRequest["domain"] . "." . $routerRequest["tld"] . "/" . $page_dir; + $page_location = $routerConfig["protocol"] . $site_subdomain . $routerRequest["domain"] . "." . $routerRequest["tld"] . "/" . $page_basename; - $page_name = str_replace("_", " ", $page_dir); + $page_name = str_replace("_", " ", $page_basename); $page_name = explode(".", $page_name)[0]; $page_name = ucfirst($page_name); $page_file_path = $routerConfig["page_dir"] . $site_dir . "/" . $page_file ; - if($page_dir_tmp[1] == "html"){ + if($page_file_tmp[1] == "html"){ $page_tmp = file_get_contents($page_file_path); $pageMetadata = parsePageTag($page_tmp); @@ -63,19 +63,19 @@ function generateNavigation(): string $page_required_permission = $routerConfig["default_page_permission_level"]; } } - elseif($page_dir_tmp[1] == "php"){ + elseif($page_file_tmp[1] == "php"){ $page_required_permission = getDynamicPermission($page_file_path); } else{ $page_required_permission = $routerConfig["default_page_permission_level"]; } - if($page_required_permission <= $_SESSION["privilegelevel"]) { - $navpages .= ""; + if($page_required_permission <= $_SESSION["privilege_level"]) { + $navpages .= ""; } } if(!empty($navpages)){ - $nav_out .= ""; + $nav_out .= ""; } } diff --git a/lib/page.php b/lib/page.php index 15107b4..6459ea5 100644 --- a/lib/page.php +++ b/lib/page.php @@ -89,7 +89,7 @@ function getPage($page_name = null): array|false|string } - if($page_required_permission > $_SESSION["privilegelevel"]){ + if($page_required_permission > $_SESSION["privilege_level"]){ if($is_secret_page == 1) { $page_tmp = file_get_contents($routerConfig["template_dir"] . "404.html"); $pageMetadata = parsePageTag($page_tmp); diff --git a/lib/router.php b/lib/router.php index 59fd357..628a2b4 100644 --- a/lib/router.php +++ b/lib/router.php @@ -57,7 +57,7 @@ function initRouter(): bool } else{ if($_SERVER["REQUEST_METHOD"] == "POST"){ - $routerRequest["type"] = "api"; + $routerRequest["type"] = "api"; } if(empty($routerRequest["type"])){ $routerRequest["type"] = "page"; diff --git a/pages/home/account.php b/pages/home/account.php index 7b0a87c..6dce949 100644 --- a/pages/home/account.php +++ b/pages/home/account.php @@ -1,10 +1,11 @@ 1, "secret" => "no", "page_title" => "Domov"]; + return ["minimal_permission_level" => 1, "secret" => "no", "page_title" => "Account"]; } function render(): string @@ -13,12 +14,10 @@ function render(): string ob_start(); - if ($_SESSION["ID"] > 0) { - $account_template = file_get_contents($routerConfig["template_dir"] . "home.html"); - echo $account_template; + if (isLoggedIn()) { + echo file_get_contents($routerConfig["template_dir"] . "dashboard.html"); } else { - $login_template = file_get_contents($routerConfig["template_dir"] . "login.html"); - echo $login_template; + echo file_get_contents($routerConfig["template_dir"] . "login.html"); } return ob_get_clean(); diff --git a/pages/home/settings.php b/pages/home/settings.php new file mode 100644 index 0000000..2530638 --- /dev/null +++ b/pages/home/settings.php @@ -0,0 +1,24 @@ + 2, "secret" => "no", "page_title" => "Settings"]; +} + +function render(): string +{ + global $routerConfig; + + ob_start(); + + if (isUserAdmin()) { + echo file_get_contents($routerConfig["template_dir"] . "adminActions.html"); + } else { + echo file_get_contents($routerConfig["template_dir"] . "userActions.html"); + } + + return ob_get_clean(); +} \ No newline at end of file diff --git a/templates/adminActions.html b/templates/adminActions.html new file mode 100644 index 0000000..5ecb36e --- /dev/null +++ b/templates/adminActions.html @@ -0,0 +1,124 @@ + + +
+

Add Activation Codes

+
+ + + + +
+
+ +
+

List Users

+
+ +
+
+ +
+

List Activation Codes

+
+ +
+
+ +
+

Delete User

+
+ + + + +
+
+ +
+

Delete Activation Code

+
+ + + + +
+
+ + +

diff --git a/templates/login.html b/templates/login.html index 71b4ae8..7910a09 100644 --- a/templates/login.html +++ b/templates/login.html @@ -1,13 +1,32 @@ -
+ + +

Login

-
+ - +
-

-
\ No newline at end of file +
+ + +

\ No newline at end of file diff --git a/templates/register.html b/templates/register.html new file mode 100644 index 0000000..c648fbb --- /dev/null +++ b/templates/register.html @@ -0,0 +1,58 @@ + + +
+

Register

+
+ + + + + + + + + + + + + + + + + + + + + + +
+
+ + +

\ No newline at end of file diff --git a/templates/userActions.html b/templates/userActions.html new file mode 100644 index 0000000..389c4fc --- /dev/null +++ b/templates/userActions.html @@ -0,0 +1,128 @@ + + +
+

Change Password

+
+ + + + + + + + + + +
+
+ +
+

Update User Profile

+
+ + + + + + + + + + + + + + + + +
+
+ +
+

Get User Info

+
+ + + + +
+
+ + + + + + +