From e4bb8f10a3e2abbbbe3221465f30de2d6fbbfd7c Mon Sep 17 00:00:00 2001
From: bruno <bruno@brn.systems>
Date: Thu, 18 Jan 2024 11:49:38 +0100
Subject: [PATCH] big changes hehe

---
 endpoints/global/account.php         | 22 ++++++++++
 index.php                            | 18 ++++++--
 lib/account.php                      | 61 +++++++++-------------------
 lib/config.php                       |  2 +
 lib/endpoint.php                     | 41 +++++++++++++++++++
 lib/{navpages.php => navigation.php} |  0
 lib/{routing.php => page.php}        | 48 +---------------------
 lib/router.php                       | 55 +++++++++++++++++++++++++
 pages/global/account.php             |  2 +-
 9 files changed, 155 insertions(+), 94 deletions(-)
 create mode 100644 endpoints/global/account.php
 create mode 100644 lib/endpoint.php
 rename lib/{navpages.php => navigation.php} (100%)
 rename lib/{routing.php => page.php} (51%)
 create mode 100644 lib/router.php

diff --git a/endpoints/global/account.php b/endpoints/global/account.php
new file mode 100644
index 0000000..cb776cb
--- /dev/null
+++ b/endpoints/global/account.php
@@ -0,0 +1,22 @@
+<?php
+
+require_once "lib/account.php";
+
+function endpoint($endpoint_data)
+{
+    switch ($endpoint_data["action"]){
+
+        case "login":
+            return doLogin($endpoint_data["email"], $endpoint_data["password"]);
+        break;
+
+        case "logout":
+            return doLogout();
+        break;
+
+        case "register":
+            return doRegister($endpoint_data["firstname"], $endpoint_data["lastname"], $endpoint_data["nickname"], $endpoint_data["email"], $endpoint_data["password"], $endpoint_data["minecraftnick"], $endpoint_data["activation_token"]);
+            break;
+
+    }
+}
\ No newline at end of file
diff --git a/index.php b/index.php
index c10efa9..30c22fd 100644
--- a/index.php
+++ b/index.php
@@ -1,9 +1,11 @@
 <?php
 /** @noinspection PhpIncludeInspection */
 require_once "secrets/config.php";
-require_once "lib/navpages.php";
-require_once "lib/routing.php";
 require_once "lib/config.php";
+require_once "lib/navigation.php";
+require_once "lib/router.php";
+require_once "lib/page.php";
+require_once "lib/endpoint.php";
 
 $routerConfig = array();
 $routerRequest = array();
@@ -13,8 +15,16 @@ if(initRouter()) {
     /** @noinspection PhpArrayIsAlwaysEmptyInspection */
     session_set_cookie_params(0, '/', "." . $routerRequest["domain"] . "." . $routerRequest["tld"], true, true);
     session_start();
-    /** @noinspection PhpArrayIsAlwaysEmptyInspection */
-    echo getPage($routerRequest["page_name"]);
+    if($routerRequest["type"] == "api") {
+        echo getEndpoint($routerRequest["page_name"], $_REQUEST);
+
+    }elseif ($routerRequest["type"] == "page") {
+        /** @noinspection PhpArrayIsAlwaysEmptyInspection */
+        echo getPage($routerRequest["page_name"]);
+    }
+    else{
+        echo "Unknown request";
+    }
 }
 else{
     exit();
diff --git a/lib/account.php b/lib/account.php
index 1aee7d6..f40b553 100644
--- a/lib/account.php
+++ b/lib/account.php
@@ -4,29 +4,25 @@ function isLoggedIn(){
     return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]);
 }
 
-function doLogin(){
+function doLogin($email, $password){
     global $mysqli;
-    if(!empty($_POST["email"]) && !empty($_POST["password"])){
-        $email = $_POST["email"];
-        $pass = $_POST["password"];
-        /* prepare statement */
+    if(!empty($email) && !empty($password)){
         $stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, isAdmin FROM Users WHERE EMAIL = ? AND isActive = 1");
         $stmt->bind_param("s", $email);
         $stmt->execute();
+
         $idcko = 0;
         $fname = "";
         $lname = "";
         $nickname = "";
         $pwdhash = "";
         $mcnick = "";
-        /* bind variables to prepared statement */
         $stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, false);
 
-        /* fetch values */
         $found = false;
         if($stmt->num_rows() > 0){
             $stmt->fetch();
-            if (password_verify($pass, $pwdhash)){
+            if (password_verify($password, $pwdhash)){
                 $_SESSION["ID"] = $idcko;
                 $_SESSION["first_name"] = $fname;
                 $_SESSION["last_name"] = $lname;
@@ -38,51 +34,32 @@ function doLogin(){
             }
         }
         $stmt->close();
-        if($found){
-            $status = ["status" => "success"];
-        }
-        else{
-            $status = ["status" => "fail"];
-        }
-        echo json_encode($status);
+        return $found ? ["status" => "success"] : ["status" => "fail"];
     }
 }
 
 function doLogout(){
     if(isLoggedIn()){
         session_destroy();
-        $status = ["status" => "success"];
+        return ["status" => "success"];
+    } else {
+        return ["status" => "fail"];
     }
-    else{
-        $status = ["status" => "fail"];
-    }
-    echo json_encode($status);
 }
 
-function doRegister(){
+function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken){
+    global $mysqli;
     $status = ["status" => "fail"];
-    if (!empty($_POST["activationtoken"])){
-        global $mysqli;
-
-        $firstName = $_POST["firstname"];
-        $lastName = $_POST["lastname"];
-        $nickname = $_POST["nickname"];
-        $email = $_POST["email"];
-        $password = $_POST["password"];
-        $minecraftNick = $_POST["minecraftnick"];
-        $activationToken = $_POST["activationtoken"];
-        if (!empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($email) && !empty($password)) {
-            $passwordHash = password_hash($password, PASSWORD_DEFAULT);
-
-            $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
-            $stmt->bind_param("ssssss", $firstName, $lastName, $nickname, $email, $passwordHash, $minecraftNick, $activationToken);
-            $stmt->execute();
-            if ($stmt->affected_rows > 0) {
-                $status["status"] = "success";
-            }
-            $stmt->close();
+    if (!empty($activationtoken)){
+        $passwordHash = password_hash($password, PASSWORD_DEFAULT);
+        $stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
+        $stmt->bind_param("sssssss", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $activationtoken);
+        $stmt->execute();
+        if ($stmt->affected_rows > 0) {
+            $status["status"] = "success";
         }
+        $stmt->close();
     }
-    echo json_encode($status);
+    return $status;
 }
 
diff --git a/lib/config.php b/lib/config.php
index 9d02198..62f4559 100644
--- a/lib/config.php
+++ b/lib/config.php
@@ -8,6 +8,8 @@
 
         $routerConfig["template_dir"] = "templates/";
 
+        $routerConfig["endpoint_dir"] = "endpoints/";
+
         $routerConfig["page_dir"] = "pages/";
 
         $routerConfig["protocol"] = "https://";
diff --git a/lib/endpoint.php b/lib/endpoint.php
new file mode 100644
index 0000000..8e50f6d
--- /dev/null
+++ b/lib/endpoint.php
@@ -0,0 +1,41 @@
+<?php
+
+function runEndpoint($endpoint_file)
+{
+    global $routerRequest;
+
+    $endpoint_data = $_POST
+    require_once $endpoint_file;
+
+    return endpoint($endpoint_data);
+}
+
+
+function getEndpoint($endpoint_name)
+{
+    $output = array();
+    $output["status"] = "fail";
+    global $routerConfig;
+    global $routerRequest;
+
+    if(!$endpoint_name){
+        $endpoint_name = $routerRequest["page_name"];
+    }
+
+    $endpoint_file = $routerConfig["endpoint_dir"] . $routerRequest["subdomain"] . "/" . $endpoint_name . ".php";
+
+    $endpoint_file_global = $routerConfig["endpoint_dir"] . "global/" . $endpoint_name . ".php";
+
+    if (file_exists($endpoint_file_global)){
+        $output = runEndpoint($endpoint_file_global);
+    }
+    elseif (file_exists($endpoint_file)){
+        $output = runEndpoint($endpoint_file);
+    }
+    else{
+        $output["error"] = "Not found";
+        http_response_code(404);
+    }
+
+    return json_encode($output);
+}
\ No newline at end of file
diff --git a/lib/navpages.php b/lib/navigation.php
similarity index 100%
rename from lib/navpages.php
rename to lib/navigation.php
diff --git a/lib/routing.php b/lib/page.php
similarity index 51%
rename from lib/routing.php
rename to lib/page.php
index 8e836b7..0e084c5 100644
--- a/lib/routing.php
+++ b/lib/page.php
@@ -1,49 +1,4 @@
 <?php
-
-
-function initRouter(){
-    global $routerRequest;
-    global $routerConfig;
-
-    $routerRequest["requestAddress"] = array_slice(explode('.', $_SERVER['HTTP_HOST']), -3, 3); //get the last 3 elements
-
-    $needsRedirect = false;
-
-    if(count($routerRequest["requestAddress"]) < 3){
-        // Root domain accessed directly
-        $needsRedirect = true;
-
-        $routerRequest["subdomain"] = $routerConfig["default_site"];
-        $routerRequest["domain"] = basename($routerRequest["requestAddress"][0]);
-        $routerRequest["tld"] = basename($routerRequest["requestAddress"][1]);
-
-    } else {
-        $routerRequest["subdomain"] = basename($routerRequest["requestAddress"][0]);
-        $routerRequest["domain"] = basename($routerRequest["requestAddress"][1]);
-        $routerRequest["tld"] = basename($routerRequest["requestAddress"][2]);
-
-        $routerRequest["page_name"] = basename($_SERVER["QUERY_STRING"]);
-
-        if (empty($routerRequest["page_name"])) {
-            // Page name is empty
-            $needsRedirect = true;
-            $routerRequest["page_name"] = $routerConfig["default_page"];
-        }
-    }
-
-    if ($needsRedirect) {
-        $redirectAddress = $routerConfig["protocol"] .
-            $routerRequest["subdomain"] . "." .
-            $routerRequest["domain"] . "." .
-            $routerRequest["tld"] . "/" .
-            $routerRequest["page_name"];
-        // Redirect with default page name
-        header("Location: $redirectAddress");
-    }
-
-    return !$needsRedirect;
-}
-
 function renderDynamicPage($page_file)
 {
     require_once $page_file;
@@ -90,5 +45,4 @@ function getPage($page_name = null){
     $out = str_replace("__TEMPLATE__NAV__", $nav, $out);
     $out = str_replace("__TEMPLATE__PAGE__", $page, $out);
     return str_replace("__TEMPLATE_PAGE_NAME__", $page_name, $out);
-}
-
+}
\ No newline at end of file
diff --git a/lib/router.php b/lib/router.php
new file mode 100644
index 0000000..e131ea9
--- /dev/null
+++ b/lib/router.php
@@ -0,0 +1,55 @@
+<?php
+
+
+function initRouter(){
+    global $routerRequest;
+    global $routerConfig;
+
+    $routerRequest["requestAddress"] = array_slice(explode('.', $_SERVER['HTTP_HOST']), -3, 3); //get the last 3 elements
+
+    $needsRedirect = false;
+
+    if(count($routerRequest["requestAddress"]) < 3){
+        // Root domain accessed directly
+        $needsRedirect = true;
+
+        $routerRequest["subdomain"] = $routerConfig["default_site"];
+        $routerRequest["domain"] = basename($routerRequest["requestAddress"][0]);
+        $routerRequest["tld"] = basename($routerRequest["requestAddress"][1]);
+
+    } else {
+        $routerRequest["subdomain"] = basename($routerRequest["requestAddress"][0]);
+        $routerRequest["domain"] = basename($routerRequest["requestAddress"][1]);
+        $routerRequest["tld"] = basename($routerRequest["requestAddress"][2]);
+
+        $routerRequest["page_name"] = basename($_SERVER["QUERY_STRING"]);
+
+        if (empty($routerRequest["page_name"])) {
+            // Page name is empty
+            $needsRedirect = true;
+            $routerRequest["page_name"] = $routerConfig["default_page"];
+        }
+    }
+
+    if ($needsRedirect) {
+        $redirectAddress = $routerConfig["protocol"] .
+            $routerRequest["subdomain"] . "." .
+            $routerRequest["domain"] . "." .
+            $routerRequest["tld"] . "/" .
+            $routerRequest["page_name"];
+        // Redirect with default page name
+        header("Location: $redirectAddress");
+    }
+    else{
+        if($_SERVER["REQUEST_METHOD"] == "POST"){
+            $routerRequest["type"] =  "api";
+        }
+        if(empty($routerRequest["type"])){
+            $routerRequest["type"] = "page";
+        }
+    }
+
+    return !$needsRedirect;
+}
+
+
diff --git a/pages/global/account.php b/pages/global/account.php
index 143d200..a333490 100644
--- a/pages/global/account.php
+++ b/pages/global/account.php
@@ -1,6 +1,6 @@
 <?php
 
-require_once "lib/routing.php";
+require_once "lib/router.php";
 
 function render()
 {