Реструктура стилей, страница логина, уведомления
This commit is contained in:
@@ -1,4 +1,7 @@
|
||||
<?php
|
||||
// Things related to authentication
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND)
|
||||
@@ -9,7 +12,7 @@ else
|
||||
|
||||
|
||||
// End currently active session
|
||||
function EndSession () {
|
||||
function AUTH_EndSession () {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
if (isset($_COOKIE["PHPSESSID"])) {
|
||||
@@ -35,8 +38,7 @@ if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { //
|
||||
$s->bind_param("s", $_SESSION["userid"]);
|
||||
$s->execute();
|
||||
if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
|
||||
EndSession();
|
||||
echo "user id does not exist";
|
||||
AUTH_EndSession();
|
||||
die("user id used in session does not exist");
|
||||
}
|
||||
$LOGGED_IN = true;
|
||||
@@ -48,7 +50,7 @@ if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { //
|
||||
if ($Config["debug"] && isset($_REQUEST["debug"])) { // If there are not any session and debug mode is on
|
||||
// ATTENTION: FOR DEBUG PURPOSES ONLY!
|
||||
if ($_REQUEST["debug"] == "drop") {
|
||||
EndSession();
|
||||
AUTH_EndSession();
|
||||
die("session discarded");
|
||||
}
|
||||
$_SESSION["userid"] = intval($_REQUEST["debug"]);
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // Parsing configuration file
|
||||
<?php
|
||||
// Parsing configuration file
|
||||
|
||||
|
||||
|
||||
$Config = array();
|
||||
$Config_FileName = "config.json";
|
||||
@@ -31,7 +34,13 @@ function CreateDirIfNotExist ($path) {
|
||||
mkdir($path, 0755, true);
|
||||
}
|
||||
|
||||
CreateDirIfNotExist("../" . $Config["media"]["pics_path"]); // TODO: treat path as absolute
|
||||
CreateDirIfNotExist("../" . $Config["media"]["prevs_path"]);
|
||||
// Creating dirs at correct path
|
||||
if ($IS_FRONTEND) {
|
||||
CreateDirIfNotExist($Config["media"]["pics_path"]);
|
||||
CreateDirIfNotExist($Config["media"]["prevs_path"]);
|
||||
} else {
|
||||
CreateDirIfNotExist("../" . $Config["media"]["pics_path"]);
|
||||
CreateDirIfNotExist("../" . $Config["media"]["prevs_path"]);
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // Database setup
|
||||
<?php
|
||||
// Database setup
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND)
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php // All existing errors
|
||||
<?php
|
||||
// All existing errors
|
||||
|
||||
|
||||
|
||||
@@ -23,6 +24,7 @@ const E_AUT_ALRLOGIN = 301; // User is already logged in
|
||||
const E_AUT_REGCLOSED = 302; // Registrations are closed
|
||||
const E_AUT_PWD2WEAK = 303; // Password is too weak
|
||||
const E_AUT_NOTAUTHED = 304; // Not authenticated
|
||||
const E_AUT_WRONGCREDS = 305; // User with that credentials does not exist
|
||||
// Access errors
|
||||
const E_ACS_PERMDENIED = 401; // Permission to object denied
|
||||
const E_ACS_INSUFROLE = 402; // Insufficient role
|
||||
@@ -55,6 +57,7 @@ $Errors_Enum = array(
|
||||
array("aut.regclosed", E_AUT_REGCLOSED, "registrations are closed"),
|
||||
array("aut.pwd2weak", E_AUT_PWD2WEAK, "password is too weak"),
|
||||
array("aut.notauthed", E_AUT_NOTAUTHED, "not authenticated"),
|
||||
array("aut.wrongcreds", E_AUT_WRONGCREDS, "no such user name and/or password"),
|
||||
// Access errors
|
||||
array("acs.permdenied", E_ACS_PERMDENIED, "permission denied"),
|
||||
array("acs.insufrole", E_ACS_INSUFROLE, "insufficient role"),
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // JSON-related functions
|
||||
<?php
|
||||
// JSON-related functions
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND)
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // Necessary functions, types and other stuff
|
||||
<?php
|
||||
// Necessary functions, types and other stuff
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php // Utility functions
|
||||
<?php
|
||||
// Utility functions
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,10 +1,22 @@
|
||||
<?php // Get all comments from comment section by ID and base methods for managing comment sections
|
||||
<?php
|
||||
// Get all comments from comment section by ID and base methods for managing comment sections
|
||||
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("../user/index.php");
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
require_once("api/user/index.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("../user/index.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,11 +1,22 @@
|
||||
<?php // Create new post
|
||||
<?php
|
||||
// Create new post
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("../user/index.php");
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
require_once("api/user/index.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("../user/index.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // Get single post by ID
|
||||
<?php
|
||||
// Get single post by ID
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
|
||||
@@ -1,6 +1,12 @@
|
||||
<?php // Start session as any user
|
||||
<?php
|
||||
// Start session as any user
|
||||
// ATTENTION: FOR DEBUG PURPOSES ONLY!
|
||||
|
||||
|
||||
|
||||
if ($IS_FRONTEND)
|
||||
die("this file must not be included!");
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
@@ -17,9 +23,6 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
if (!isset($_REQUEST["id"]))
|
||||
JSON_ReturnError(code: E_UIN_INSUFARGS, desc: "valid id must be specified");
|
||||
|
||||
if (!isset($_SESSION["userid"]))
|
||||
session_start();
|
||||
|
||||
$_SESSION["userid"] = intval($_REQUEST["id"]);
|
||||
JSON_ReturnData($_SESSION);
|
||||
}
|
||||
|
||||
@@ -1,11 +1,22 @@
|
||||
<?php // Creating account
|
||||
<?php
|
||||
// Creating account
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("index.php");
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
require_once("api/user/index.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("./index.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,10 +1,20 @@
|
||||
<?php // Deleting existing account
|
||||
<?php
|
||||
// Deleting existing account
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("./index.php");
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/user/index.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("./index.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -73,7 +83,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
} else {
|
||||
// If it was self-deletion
|
||||
if ($id === $THIS_USER)
|
||||
EndSession();
|
||||
AUTH_EndSession();
|
||||
JSON_ReturnData(["success" => $result->GetData()]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php // Viewing account data
|
||||
<?php
|
||||
// Viewing account data
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
@@ -86,7 +89,7 @@ function User_IsMod (int $id): ReturnT {
|
||||
* Get user information from DB
|
||||
*/
|
||||
function User_GetInfoByID (int $id): ReturnT {
|
||||
global $db, $THIS_USER;
|
||||
global $db, $THIS_USER, $LOGGED_IN;
|
||||
|
||||
$result = array();
|
||||
|
||||
@@ -104,9 +107,15 @@ function User_GetInfoByID (int $id): ReturnT {
|
||||
$result["avatar_path"] = $d["avatar_path"];
|
||||
$result["role"] = $d["role"];
|
||||
$result["banned"] = $d["banned"];
|
||||
if (($id === $THIS_USER) || User_IsMod($THIS_USER)->GetData()) { // User himself and mods can see additional info
|
||||
// User himself and mods can see additional info
|
||||
if ($id === $THIS_USER) {
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
} elseif ($LOGGED_IN) {
|
||||
if (User_IsMod($THIS_USER)->GetData()) {
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
}
|
||||
|
||||
return new ReturnT(data: $result);
|
||||
|
||||
89
api/user/login.php
Normal file
89
api/user/login.php
Normal file
@@ -0,0 +1,89 @@
|
||||
<?php
|
||||
// Logging into account
|
||||
|
||||
|
||||
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
require_once("api/user/index.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("./index.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Methods
|
||||
|
||||
/*
|
||||
* METHOD
|
||||
* Log into existing user account
|
||||
*/
|
||||
function User_Login_Method (array $req): ReturnT {
|
||||
global $db, $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$login = $req["login"];
|
||||
$password = $req["password"];
|
||||
|
||||
// Input sanity checks
|
||||
|
||||
// If already logged in
|
||||
if ($LOGGED_IN)
|
||||
return new ReturnT(err_code: E_AUT_ALRLOGIN, err_desc: "you are already logged in");
|
||||
|
||||
// If no password or login supplied
|
||||
if (!isset($login) || !isset($password))
|
||||
return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "you must supply both login and password");
|
||||
|
||||
// Checking if password is correct
|
||||
$s = $db->prepare("SELECT * FROM users WHERE login = ?");
|
||||
$s->bind_param("s", $login);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
// Wrong login
|
||||
if (!(bool)$d)
|
||||
return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");
|
||||
|
||||
$suppl_pwd_hash = hash("sha256", $password . $d["salt"], true);
|
||||
$real_pwd_hash = $d["password_hash"];
|
||||
|
||||
// Wrong password
|
||||
if ($suppl_pwd_hash !== $real_pwd_hash)
|
||||
return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");
|
||||
|
||||
// Actions
|
||||
|
||||
$_SESSION["userid"] = $d["id"];
|
||||
$THIS_USER = $d["id"];
|
||||
|
||||
return new ReturnT(data: true);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// HACK: for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
// Log into account
|
||||
$result = User_Login_Method($_POST);
|
||||
|
||||
// Checking result
|
||||
if ($result->IsError())
|
||||
$result->ThrowJSONError();
|
||||
else
|
||||
JSON_ReturnData(["success" => $result->GetData()]);
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user