forked from Adleraci/adlerka.top
Add some more account actions,
Add return types, Add some stuff
This commit is contained in:
parent
3d22ff555e
commit
8ba1637176
@ -2,18 +2,35 @@
|
||||
|
||||
require_once "lib/account.php";
|
||||
|
||||
function endpoint($endpoint_data)
|
||||
function endpoint($endpoint_data): array
|
||||
{
|
||||
switch ($endpoint_data["action"]){
|
||||
|
||||
case "login":
|
||||
return doLogin($endpoint_data["email"], $endpoint_data["password"]);
|
||||
|
||||
case "logout":
|
||||
return doLogout();
|
||||
|
||||
case "register":
|
||||
return doRegister($endpoint_data["firstname"], $endpoint_data["lastname"], $endpoint_data["nickname"], $endpoint_data["email"], $endpoint_data["password"], $endpoint_data["minecraftnick"], $endpoint_data["activation_token"]);
|
||||
|
||||
}
|
||||
return match ($endpoint_data["action"]) {
|
||||
"login" => doLogin($endpoint_data["email"], $endpoint_data["password"]),
|
||||
"logout" => doLogout(),
|
||||
"register" => doRegister(
|
||||
$endpoint_data["firstname"],
|
||||
$endpoint_data["lastname"],
|
||||
$endpoint_data["nickname"],
|
||||
$endpoint_data["email"],
|
||||
$endpoint_data["password"],
|
||||
$endpoint_data["minecraftnick"],
|
||||
$endpoint_data["activation_token"]
|
||||
),
|
||||
"change_password" => changePassword($endpoint_data["user_id"], $endpoint_data["new_password"]),
|
||||
"update_user_profile" => updateUserProfile(
|
||||
$endpoint_data["user_id"],
|
||||
$endpoint_data["first_name"],
|
||||
$endpoint_data["last_name"],
|
||||
$endpoint_data["nickname"],
|
||||
$endpoint_data["minecraft_nick"]
|
||||
),
|
||||
"get_user_info" => getUserInfo($endpoint_data["user_id"]),
|
||||
"is_email_available" => isEmailAvailable($endpoint_data["email"]),
|
||||
"add_activation_codes" => addActivationCodes($endpoint_data["count"]),
|
||||
"list_users" => listUsers(),
|
||||
"list_activation_codes" => listActivationCodes(),
|
||||
"delete_user" => deleteUser($endpoint_data["user_id"]),
|
||||
"delete_activation_code" => deleteActivationCode($endpoint_data["activation_code"]),
|
||||
default => ["status" => "fail", "message" => "Invalid action"],
|
||||
};
|
||||
}
|
@ -16,7 +16,7 @@ if(initRouter()) {
|
||||
session_set_cookie_params(0, '/', "." . $routerRequest["domain"] . "." . $routerRequest["tld"], true, true);
|
||||
session_start();
|
||||
if($routerRequest["type"] == "api") {
|
||||
echo getEndpoint($routerRequest["page_name"], $_REQUEST);
|
||||
echo getEndpoint($routerRequest["page_name"]);
|
||||
|
||||
}elseif ($routerRequest["type"] == "page") {
|
||||
/** @noinspection PhpArrayIsAlwaysEmptyInspection */
|
||||
|
119
lib/account.php
119
lib/account.php
@ -34,8 +34,8 @@ function doLogin($email, $password): array
|
||||
{
|
||||
global $mysqli, $routerConfig;
|
||||
$found = false;
|
||||
if(!empty($email) && !empty($password)){
|
||||
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, privilegeLevel FROM Users WHERE EMAIL = ? AND isActive = 1");
|
||||
if (!empty($email) && !empty($password)) {
|
||||
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1");
|
||||
$stmt->bind_param("s", $email);
|
||||
$stmt->execute();
|
||||
|
||||
@ -46,14 +46,23 @@ function doLogin($email, $password): array
|
||||
$pwdhash = "";
|
||||
$mcnick = "";
|
||||
$privilegelevel = 0;
|
||||
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel);
|
||||
$lastLoginAt = null;
|
||||
$loginCount = 0;
|
||||
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel, $lastLoginAt, $loginCount);
|
||||
|
||||
if($stmt->num_rows() > 0){
|
||||
if ($stmt->num_rows() > 0) {
|
||||
$stmt->fetch();
|
||||
if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]){
|
||||
if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]) {
|
||||
$found = true;
|
||||
|
||||
// Update LastLoginAt and LoginCount
|
||||
$updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?");
|
||||
$updateLoginStmt->bind_param("i", $idcko);
|
||||
$updateLoginStmt->execute();
|
||||
$updateLoginStmt->close();
|
||||
}
|
||||
}
|
||||
|
||||
$_SESSION["ID"] = $idcko;
|
||||
$_SESSION["first_name"] = $fname;
|
||||
$_SESSION["last_name"] = $lname;
|
||||
@ -78,12 +87,13 @@ function doLogout(): array
|
||||
|
||||
function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array
|
||||
{
|
||||
global $mysqli;
|
||||
global $mysqli, $routerConfig;
|
||||
$status = ["status" => "fail"];
|
||||
if (!empty($activationtoken)){
|
||||
if (!empty($activationtoken)) {
|
||||
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
||||
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
|
||||
$stmt->bind_param("sssssss", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $activationtoken);
|
||||
$stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Nickname, Email, PasswordHash, MinecraftNick, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?, ?, NOW())");
|
||||
$privilegelevel = $routerConfig["logged_in_default_permission_level"];
|
||||
$stmt->bind_param("ssssssisi", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $privilegelevel, $activationtoken);
|
||||
$stmt->execute();
|
||||
if ($stmt->affected_rows > 0) {
|
||||
$status["status"] = "success";
|
||||
@ -175,43 +185,102 @@ function isEmailAvailable($email): bool
|
||||
}
|
||||
|
||||
|
||||
function addActivationCodes($adminID, $count): array
|
||||
function addActivationCodes($count): array
|
||||
{
|
||||
global $mysqli;
|
||||
global $mysqli, $routerConfig;
|
||||
$activationCodes = [];
|
||||
if (!empty($adminID) && is_numeric($count) && $count > 0) {
|
||||
$stmt = $mysqli->prepare("INSERT INTO ActivationCodes (AdminID, Code) VALUES (?, ?)");
|
||||
|
||||
if (is_numeric($count) && $count > 0 && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
|
||||
$stmt = $mysqli->prepare("UPDATE Users SET ActivationCode = ?, CreatedAt = NOW(), CreatedBy = ? WHERE ID = ?");
|
||||
|
||||
for ($i = 0; $i < $count; $i++) {
|
||||
$activationCode = generateActivationToken();
|
||||
$stmt->bind_param("is", $adminID, $activationCode);
|
||||
$stmt->bind_param("sii", $activationCode, $_SESSION["ID"], $_SESSION["ID"]);
|
||||
$stmt->execute();
|
||||
|
||||
if ($stmt->affected_rows > 0) {
|
||||
$activationCodes[] = $activationCode;
|
||||
$activationCodes[] = [
|
||||
"Code" => $activationCode,
|
||||
"CreatedAt" => date("Y-m-d H:i:s"),
|
||||
"CreatedBy" => $_SESSION["ID"]
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
return $activationCodes;
|
||||
}
|
||||
|
||||
function listUsers(): array
|
||||
{
|
||||
global $mysqli;
|
||||
$users = [];
|
||||
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users");
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$users[] = $row;
|
||||
global $mysqli, $routerConfig;
|
||||
$users = ["status" => "fail"]; // Default status is "fail"
|
||||
|
||||
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
|
||||
$users = [];
|
||||
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users");
|
||||
|
||||
// Check if the query executed successfully
|
||||
if ($result) {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$users[] = $row;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $users;
|
||||
}
|
||||
|
||||
function listActivationCodes(): array
|
||||
{
|
||||
global $mysqli;
|
||||
$activationCodes = [];
|
||||
$result = $mysqli->query("SELECT Code FROM ActivationCodes");
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$activationCodes[] = $row['Code'];
|
||||
global $mysqli, $routerConfig;
|
||||
$activationCodes = ["status" => "fail"]; // Default status is "fail"
|
||||
|
||||
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
|
||||
$activationCodes = [];
|
||||
$result = $mysqli->query("SELECT Code, CreatedAt, CreatedBy FROM Users");
|
||||
|
||||
// Check if the query executed successfully
|
||||
if ($result) {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$activationCodes[] = $row;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $activationCodes;
|
||||
}
|
||||
|
||||
function deleteUser($userID): array
|
||||
{
|
||||
global $mysqli, $routerConfig;
|
||||
$status = ["status" => "fail"];
|
||||
if (!empty($userID) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
|
||||
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?");
|
||||
$stmt->bind_param("i", $userID);
|
||||
$stmt->execute();
|
||||
if ($stmt->affected_rows > 0) {
|
||||
$status["status"] = "success";
|
||||
}
|
||||
$stmt->close();
|
||||
}
|
||||
return $status;
|
||||
}
|
||||
|
||||
function deleteActivationCode($activationCode): array
|
||||
{
|
||||
global $mysqli, $routerConfig;
|
||||
$status = ["status" => "fail"];
|
||||
if (!empty($activationCode) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
|
||||
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?");
|
||||
$stmt->bind_param("s", $activationCode);
|
||||
$stmt->execute();
|
||||
if ($stmt->affected_rows > 0) {
|
||||
$status["status"] = "success";
|
||||
}
|
||||
$stmt->close();
|
||||
}
|
||||
return $status;
|
||||
}
|
@ -25,5 +25,11 @@
|
||||
|
||||
$routerConfig["moderator_permission_level"] = 4;
|
||||
|
||||
$routerConfig["adminpermissionlevel"] = 255;
|
||||
$routerConfig["user_admin_permission_level"] = 254;
|
||||
|
||||
$routerConfig["admin_permission_level"] = 255;
|
||||
|
||||
$routerConfig["default_page_permission_level"] = 255;
|
||||
|
||||
$routerConfig["default_page_secret"] = 1;
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ function runEndpoint($endpoint_file): ?array
|
||||
}
|
||||
|
||||
|
||||
function getEndpoint($endpoint_name): false|string
|
||||
function getEndpoint($endpoint_name): string
|
||||
{
|
||||
$output = array();
|
||||
$output["status"] = "fail";
|
||||
|
62
lib/page.php
62
lib/page.php
@ -5,6 +5,31 @@ function renderDynamicPage($page_file): false|string
|
||||
return render();
|
||||
}
|
||||
|
||||
function parsePageTag($input): array
|
||||
{
|
||||
// Define the pattern for the tag
|
||||
$pattern = '/<page\s+([^>]+)><\/page>/i';
|
||||
|
||||
// Check if the pattern matches the input
|
||||
if (preg_match($pattern, $input, $matches)) {
|
||||
// Extract parameters
|
||||
$parameters = [];
|
||||
if (preg_match_all('/(\w+)="([^"]+)"/', $matches[1], $paramMatches, PREG_SET_ORDER)) {
|
||||
foreach ($paramMatches as $paramMatch) {
|
||||
$parameters[$paramMatch[1]] = $paramMatch[2];
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the tag from the input
|
||||
$output = preg_replace($pattern, '', $input, 1);
|
||||
|
||||
return ['parameters' => $parameters, 'output' => $output];
|
||||
}
|
||||
|
||||
// If no match is found, return the original input
|
||||
return ['parameters' => [], 'output' => $input];
|
||||
}
|
||||
|
||||
function getPage($page_name = null): array|false|string
|
||||
{
|
||||
global $routerConfig;
|
||||
@ -38,6 +63,41 @@ function getPage($page_name = null): array|false|string
|
||||
else{
|
||||
$page = file_get_contents($routerConfig["template_dir"] . "404.html");
|
||||
}
|
||||
|
||||
$pageMetadata = parsePageTag($page);
|
||||
|
||||
$page = $pageMetadata["output"];
|
||||
|
||||
if(!empty($pageMetadata["parameters"]["minimal_permission_level"])){
|
||||
$page_required_permission = intval($pageMetadata["parameters"]["minimal_permission_level"]);
|
||||
}
|
||||
else{
|
||||
$page_required_permission = $routerConfig["default_page_permission_level"];
|
||||
}
|
||||
|
||||
if(!empty($pageMetadata["parameters"]["secret"])){
|
||||
$is_secret_page = intval($pageMetadata["parameters"]["secret"]);
|
||||
}
|
||||
else{
|
||||
$is_secret_page = $routerConfig["default_page_secret"];
|
||||
}
|
||||
|
||||
if($page_required_permission < $_SESSION["privilegelevel"]){
|
||||
if($is_secret_page == 1) {
|
||||
$page = file_get_contents($routerConfig["template_dir"] . "404.html"); //fake 404 error
|
||||
}
|
||||
else{
|
||||
$page = file_get_contents($routerConfig["template_dir"] . "403.html"); //deny access if doesnt have permissions
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($pageMetadata["parameters"]["page_title"])){
|
||||
$page_title = $pageMetadata["parameters"]["page_title"];
|
||||
}
|
||||
else{
|
||||
$page_title = $page_name;
|
||||
}
|
||||
|
||||
$navpages = generateNavigation();
|
||||
|
||||
$nav = str_replace("__NAV_PAGES__", $navpages, $nav);
|
||||
@ -45,5 +105,5 @@ function getPage($page_name = null): array|false|string
|
||||
$out = $skeleton;
|
||||
$out = str_replace("__TEMPLATE__NAV__", $nav, $out);
|
||||
$out = str_replace("__TEMPLATE__PAGE__", $page, $out);
|
||||
return str_replace("__TEMPLATE_PAGE_NAME__", $page_name, $out);
|
||||
return str_replace("__TEMPLATE_PAGE_TITLE__", $page_title, $out);
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
<page minpermissionlevel="0" name="Domov"></page>
|
||||
<page minimal_permission_level="0" secret="0" page_title="Domov"></page>
|
||||
<header>
|
||||
<h1 class="title">Vitaj na tejto úžasnej stránke</h1>
|
||||
<p>Neoficiálna študentská stránka pre adlerku</p>
|
||||
|
@ -1,3 +1,4 @@
|
||||
<page minimal_permission_level="0" secret="0" page_title="Memečká"></page>
|
||||
<header>
|
||||
<h1 class="title">Adlerka Memes</h1>
|
||||
<p>Skoro ako <a href="https://reddit.com/r/adlerka" target="_blank">r/adlerka</a> - ale lepšie.</p>
|
||||
|
@ -1 +1,2 @@
|
||||
<page minimal_permission_level="0" secret="0" page_title="Memečká info"></page>
|
||||
<h1>Vitaj na oficiálnej stránke Memeov o AdlerkaSMP</h1>
|
@ -1,3 +1,4 @@
|
||||
<page minimal_permission_level="1" secret="0" page_title="Zošit"></page>
|
||||
<header>
|
||||
<h1 class="title">Adlerka Zošit</h1>
|
||||
<hr>
|
||||
|
@ -1,3 +1,4 @@
|
||||
<page minimal_permission_level="0" secret="0" page_title="Domov"></page>
|
||||
<header>
|
||||
<h1 class="title">Vitaj na oficiálnej AdlerkaSMP stránke</h1>
|
||||
<p>Najlepší <a href="https://minecraft.net" style="text-decoration: underline; color: #fff;" target="_blank">Minecraft®™</a> server na Adlerke</p>
|
||||
|
@ -1 +1,2 @@
|
||||
<page minimal_permission_level="0" secret="0" page_title="AdlerkaSMP info"></page>
|
||||
<h1>Vitaj na oficiálnej stránke Informácii o AdlerkaSMP</h1>
|
6
templates/403.html
Normal file
6
templates/403.html
Normal file
@ -0,0 +1,6 @@
|
||||
<div class="wrapper-403">
|
||||
<h2>TY KÁR KAM TO DEŠ</h2>
|
||||
<h1 class="error-code">403</h1>
|
||||
<h3><i class="fa-solid fa-circle-exclamation error"></i> Našli sme stránku ktorú hľadáš, ale nemáš práva na ňu pristupovať: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
|
||||
<a href="/domov" class="back"><i class="fa-solid fa-arrow-left"></i> SPÄŤ DOMOV</a>
|
||||
</div>
|
@ -1,6 +1,6 @@
|
||||
<div class="wrapper-404">
|
||||
<h2>TY KÁR KAM TO DEŠ</h2>
|
||||
<h2>TY KÁR KAM TO DEŠ</h2>
|
||||
<h1 class="error-code">404</h1>
|
||||
<h3><i class="fa-solid fa-circle-exclamation error"></i> Nenašli sme stránku ktorú hladáš: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
|
||||
<h3><i class="fa-solid fa-circle-exclamation error"></i> Nenašli sme stránku ktorú hľadáš: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
|
||||
<a href="/domov" class="back"><i class="fa-solid fa-arrow-left"></i> SPÄŤ DOMOV</a>
|
||||
</div>
|
@ -7,7 +7,7 @@
|
||||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/remixicon/4.0.1/remixicon.min.css" integrity="sha512-dTsohxprpcruDm4sjU92K0/Gf1nTKVVskNHLOGMqxmokBSkfOAyCzYSB6+5Z9UlDafFRpy5xLhvpkOImeFbX6A==" crossorigin="anonymous" referrerpolicy="no-referrer" />
|
||||
<link rel="stylesheet" href="/assets/style.css">
|
||||
<script async src="https://umami.brn.systems/script.js" data-website-id="95e93885-5c19-4cab-ba9b-2f746a316a2a"></script>
|
||||
<title>Adlerka __TEMPLATE_PAGE_NAME__</title>
|
||||
<title>Adlerka __TEMPLATE_PAGE_TITLE__</title>
|
||||
</head>
|
||||
<body>
|
||||
__TEMPLATE__NAV__
|
||||
|
Loading…
Reference in New Issue
Block a user