Add some more account actions,

Add return types,
Add some stuff
This commit is contained in:
Bruno Rybársky 2024-01-31 23:07:12 +01:00
parent 3d22ff555e
commit 8ba1637176
15 changed files with 210 additions and 47 deletions

@ -2,18 +2,35 @@
require_once "lib/account.php";
function endpoint($endpoint_data)
function endpoint($endpoint_data): array
{
switch ($endpoint_data["action"]){
case "login":
return doLogin($endpoint_data["email"], $endpoint_data["password"]);
case "logout":
return doLogout();
case "register":
return doRegister($endpoint_data["firstname"], $endpoint_data["lastname"], $endpoint_data["nickname"], $endpoint_data["email"], $endpoint_data["password"], $endpoint_data["minecraftnick"], $endpoint_data["activation_token"]);
}
return match ($endpoint_data["action"]) {
"login" => doLogin($endpoint_data["email"], $endpoint_data["password"]),
"logout" => doLogout(),
"register" => doRegister(
$endpoint_data["firstname"],
$endpoint_data["lastname"],
$endpoint_data["nickname"],
$endpoint_data["email"],
$endpoint_data["password"],
$endpoint_data["minecraftnick"],
$endpoint_data["activation_token"]
),
"change_password" => changePassword($endpoint_data["user_id"], $endpoint_data["new_password"]),
"update_user_profile" => updateUserProfile(
$endpoint_data["user_id"],
$endpoint_data["first_name"],
$endpoint_data["last_name"],
$endpoint_data["nickname"],
$endpoint_data["minecraft_nick"]
),
"get_user_info" => getUserInfo($endpoint_data["user_id"]),
"is_email_available" => isEmailAvailable($endpoint_data["email"]),
"add_activation_codes" => addActivationCodes($endpoint_data["count"]),
"list_users" => listUsers(),
"list_activation_codes" => listActivationCodes(),
"delete_user" => deleteUser($endpoint_data["user_id"]),
"delete_activation_code" => deleteActivationCode($endpoint_data["activation_code"]),
default => ["status" => "fail", "message" => "Invalid action"],
};
}

@ -16,7 +16,7 @@ if(initRouter()) {
session_set_cookie_params(0, '/', "." . $routerRequest["domain"] . "." . $routerRequest["tld"], true, true);
session_start();
if($routerRequest["type"] == "api") {
echo getEndpoint($routerRequest["page_name"], $_REQUEST);
echo getEndpoint($routerRequest["page_name"]);
}elseif ($routerRequest["type"] == "page") {
/** @noinspection PhpArrayIsAlwaysEmptyInspection */

@ -35,7 +35,7 @@ function doLogin($email, $password): array
global $mysqli, $routerConfig;
$found = false;
if (!empty($email) && !empty($password)) {
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, privilegeLevel FROM Users WHERE EMAIL = ? AND isActive = 1");
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, PrivilegeLevel, LastLoginAt, LoginCount FROM Users WHERE Email = ? AND isActivated = 1");
$stmt->bind_param("s", $email);
$stmt->execute();
@ -46,14 +46,23 @@ function doLogin($email, $password): array
$pwdhash = "";
$mcnick = "";
$privilegelevel = 0;
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel);
$lastLoginAt = null;
$loginCount = 0;
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $privilegelevel, $lastLoginAt, $loginCount);
if ($stmt->num_rows() > 0) {
$stmt->fetch();
if (password_verify($password, $pwdhash) && $privilegelevel >= $routerConfig["logged_in_default_permission_level"]) {
$found = true;
// Update LastLoginAt and LoginCount
$updateLoginStmt = $mysqli->prepare("UPDATE Users SET LastLoginAt = NOW(), LoginCount = LoginCount + 1 WHERE ID = ?");
$updateLoginStmt->bind_param("i", $idcko);
$updateLoginStmt->execute();
$updateLoginStmt->close();
}
}
$_SESSION["ID"] = $idcko;
$_SESSION["first_name"] = $fname;
$_SESSION["last_name"] = $lname;
@ -78,12 +87,13 @@ function doLogout(): array
function doRegister($firstname, $lastname, $nickname, $email, $password, $minecraftnick, $activationtoken): array
{
global $mysqli;
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if (!empty($activationtoken)) {
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
$stmt->bind_param("sssssss", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $activationtoken);
$stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Nickname, Email, PasswordHash, MinecraftNick, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?, ?, NOW())");
$privilegelevel = $routerConfig["logged_in_default_permission_level"];
$stmt->bind_param("ssssssisi", $firstname, $lastname, $nickname, $email, $passwordHash, $minecraftnick, $privilegelevel, $activationtoken);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
@ -175,43 +185,102 @@ function isEmailAvailable($email): bool
}
function addActivationCodes($adminID, $count): array
function addActivationCodes($count): array
{
global $mysqli;
global $mysqli, $routerConfig;
$activationCodes = [];
if (!empty($adminID) && is_numeric($count) && $count > 0) {
$stmt = $mysqli->prepare("INSERT INTO ActivationCodes (AdminID, Code) VALUES (?, ?)");
if (is_numeric($count) && $count > 0 && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("UPDATE Users SET ActivationCode = ?, CreatedAt = NOW(), CreatedBy = ? WHERE ID = ?");
for ($i = 0; $i < $count; $i++) {
$activationCode = generateActivationToken();
$stmt->bind_param("is", $adminID, $activationCode);
$stmt->bind_param("sii", $activationCode, $_SESSION["ID"], $_SESSION["ID"]);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$activationCodes[] = $activationCode;
$activationCodes[] = [
"Code" => $activationCode,
"CreatedAt" => date("Y-m-d H:i:s"),
"CreatedBy" => $_SESSION["ID"]
];
}
}
$stmt->close();
}
return $activationCodes;
}
function listUsers(): array
{
global $mysqli;
global $mysqli, $routerConfig;
$users = ["status" => "fail"]; // Default status is "fail"
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$users = [];
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, privilegeLevel FROM Users");
$result = $mysqli->query("SELECT ID, FirstName, LastName, Nickname, Email, MinecraftNick, PrivilegeLevel, CreatedAt, RegisteredAt, LastLoginAt, LoginCount, CreatedBy FROM Users");
// Check if the query executed successfully
if ($result) {
while ($row = $result->fetch_assoc()) {
$users[] = $row;
}
}
}
return $users;
}
function listActivationCodes(): array
{
global $mysqli;
global $mysqli, $routerConfig;
$activationCodes = ["status" => "fail"]; // Default status is "fail"
if ($_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$activationCodes = [];
$result = $mysqli->query("SELECT Code FROM ActivationCodes");
$result = $mysqli->query("SELECT Code, CreatedAt, CreatedBy FROM Users");
// Check if the query executed successfully
if ($result) {
while ($row = $result->fetch_assoc()) {
$activationCodes[] = $row['Code'];
$activationCodes[] = $row;
}
}
}
return $activationCodes;
}
function deleteUser($userID): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if (!empty($userID) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ID = ?");
$stmt->bind_param("i", $userID);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}
function deleteActivationCode($activationCode): array
{
global $mysqli, $routerConfig;
$status = ["status" => "fail"];
if (!empty($activationCode) && $_SESSION["privilegelevel"] >= $routerConfig["user_admin_permission_level"]) {
$stmt = $mysqli->prepare("DELETE FROM Users WHERE ActivationToken = ?");
$stmt->bind_param("s", $activationCode);
$stmt->execute();
if ($stmt->affected_rows > 0) {
$status["status"] = "success";
}
$stmt->close();
}
return $status;
}

@ -25,5 +25,11 @@
$routerConfig["moderator_permission_level"] = 4;
$routerConfig["adminpermissionlevel"] = 255;
$routerConfig["user_admin_permission_level"] = 254;
$routerConfig["admin_permission_level"] = 255;
$routerConfig["default_page_permission_level"] = 255;
$routerConfig["default_page_secret"] = 1;
}

@ -10,7 +10,7 @@ function runEndpoint($endpoint_file): ?array
}
function getEndpoint($endpoint_name): false|string
function getEndpoint($endpoint_name): string
{
$output = array();
$output["status"] = "fail";

@ -5,6 +5,31 @@ function renderDynamicPage($page_file): false|string
return render();
}
function parsePageTag($input): array
{
// Define the pattern for the tag
$pattern = '/<page\s+([^>]+)><\/page>/i';
// Check if the pattern matches the input
if (preg_match($pattern, $input, $matches)) {
// Extract parameters
$parameters = [];
if (preg_match_all('/(\w+)="([^"]+)"/', $matches[1], $paramMatches, PREG_SET_ORDER)) {
foreach ($paramMatches as $paramMatch) {
$parameters[$paramMatch[1]] = $paramMatch[2];
}
}
// Remove the tag from the input
$output = preg_replace($pattern, '', $input, 1);
return ['parameters' => $parameters, 'output' => $output];
}
// If no match is found, return the original input
return ['parameters' => [], 'output' => $input];
}
function getPage($page_name = null): array|false|string
{
global $routerConfig;
@ -38,6 +63,41 @@ function getPage($page_name = null): array|false|string
else{
$page = file_get_contents($routerConfig["template_dir"] . "404.html");
}
$pageMetadata = parsePageTag($page);
$page = $pageMetadata["output"];
if(!empty($pageMetadata["parameters"]["minimal_permission_level"])){
$page_required_permission = intval($pageMetadata["parameters"]["minimal_permission_level"]);
}
else{
$page_required_permission = $routerConfig["default_page_permission_level"];
}
if(!empty($pageMetadata["parameters"]["secret"])){
$is_secret_page = intval($pageMetadata["parameters"]["secret"]);
}
else{
$is_secret_page = $routerConfig["default_page_secret"];
}
if($page_required_permission < $_SESSION["privilegelevel"]){
if($is_secret_page == 1) {
$page = file_get_contents($routerConfig["template_dir"] . "404.html"); //fake 404 error
}
else{
$page = file_get_contents($routerConfig["template_dir"] . "403.html"); //deny access if doesnt have permissions
}
}
if(!empty($pageMetadata["parameters"]["page_title"])){
$page_title = $pageMetadata["parameters"]["page_title"];
}
else{
$page_title = $page_name;
}
$navpages = generateNavigation();
$nav = str_replace("__NAV_PAGES__", $navpages, $nav);
@ -45,5 +105,5 @@ function getPage($page_name = null): array|false|string
$out = $skeleton;
$out = str_replace("__TEMPLATE__NAV__", $nav, $out);
$out = str_replace("__TEMPLATE__PAGE__", $page, $out);
return str_replace("__TEMPLATE_PAGE_NAME__", $page_name, $out);
return str_replace("__TEMPLATE_PAGE_TITLE__", $page_title, $out);
}

@ -1,4 +1,4 @@
<page minpermissionlevel="0" name="Domov"></page>
<page minimal_permission_level="0" secret="0" page_title="Domov"></page>
<header>
<h1 class="title">Vitaj na tejto úžasnej stránke</h1>
<p>Neoficiálna študentská stránka pre adlerku</p>

@ -1,3 +1,4 @@
<page minimal_permission_level="0" secret="0" page_title="Memečká"></page>
<header>
<h1 class="title">Adlerka Memes</h1>
<p>Skoro ako <a href="https://reddit.com/r/adlerka" target="_blank">r/adlerka</a> - ale lepšie.</p>

@ -1 +1,2 @@
<page minimal_permission_level="0" secret="0" page_title="Memečká info"></page>
<h1>Vitaj na oficiálnej stránke Memeov o AdlerkaSMP</h1>

@ -1,3 +1,4 @@
<page minimal_permission_level="1" secret="0" page_title="Zošit"></page>
<header>
<h1 class="title">Adlerka Zošit</h1>
<hr>

@ -1,3 +1,4 @@
<page minimal_permission_level="0" secret="0" page_title="Domov"></page>
<header>
<h1 class="title">Vitaj na oficiálnej AdlerkaSMP stránke</h1>
<p>Najlepší <a href="https://minecraft.net" style="text-decoration: underline; color: #fff;" target="_blank">Minecraft®™</a> server na Adlerke</p>

@ -1 +1,2 @@
<page minimal_permission_level="0" secret="0" page_title="AdlerkaSMP info"></page>
<h1>Vitaj na oficiálnej stránke Informácii o AdlerkaSMP</h1>

6
templates/403.html Normal file

@ -0,0 +1,6 @@
<div class="wrapper-403">
<h2>TY KÁR KAM TO DEŠ</h2>
<h1 class="error-code">403</h1>
<h3><i class="fa-solid fa-circle-exclamation error"></i> Našli sme stránku ktorú hľadáš, ale nemáš práva na ňu pristupovať: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
<a href="/domov" class="back"><i class="fa-solid fa-arrow-left"></i> SPÄŤ DOMOV</a>
</div>

@ -1,6 +1,6 @@
<div class="wrapper-404">
<h2>TY KÁR KAM TO DEŠ</h2>
<h1 class="error-code">404</h1>
<h3><i class="fa-solid fa-circle-exclamation error"></i> Nenašli sme stránku ktorú hladáš: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
<h3><i class="fa-solid fa-circle-exclamation error"></i> Nenašli sme stránku ktorú hľadáš: <span class="error">__TEMPLATE_PAGE_NAME__</span>. <i class="fa-solid fa-circle-exclamation error"></i></h3>
<a href="/domov" class="back"><i class="fa-solid fa-arrow-left"></i> SPÄŤ DOMOV</a>
</div>

@ -7,7 +7,7 @@
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/remixicon/4.0.1/remixicon.min.css" integrity="sha512-dTsohxprpcruDm4sjU92K0/Gf1nTKVVskNHLOGMqxmokBSkfOAyCzYSB6+5Z9UlDafFRpy5xLhvpkOImeFbX6A==" crossorigin="anonymous" referrerpolicy="no-referrer" />
<link rel="stylesheet" href="/assets/style.css">
<script async src="https://umami.brn.systems/script.js" data-website-id="95e93885-5c19-4cab-ba9b-2f746a316a2a"></script>
<title>Adlerka __TEMPLATE_PAGE_NAME__</title>
<title>Adlerka __TEMPLATE_PAGE_TITLE__</title>
</head>
<body>
__TEMPLATE__NAV__