Реструктура стилей, страница логина, уведомления

api/user/__admin_session.php

@@ -1,6 +1,12 @@
-<?php // Start session as any user
+<?php
+// Start session as any user
 // ATTENTION: FOR DEBUG PURPOSES ONLY!
 
+
+
+if ($IS_FRONTEND)
+	die("this file must not be included!");
+
 // Includes
 require_once("../_auth.php");
 require_once("../_utils.php");
@@ -17,9 +23,6 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
 	if (!isset($_REQUEST["id"]))
 		JSON_ReturnError(code: E_UIN_INSUFARGS, desc: "valid id must be specified");
 
-	if (!isset($_SESSION["userid"]))
-		session_start();
-
 	$_SESSION["userid"] = intval($_REQUEST["id"]);
 	JSON_ReturnData($_SESSION);
 }

api/user/create.php

@@ -1,11 +1,22 @@
-<?php // Creating account
+<?php
+// Creating account
+
+
 
 // Includes
-require_once("../_auth.php");
-require_once("../_utils.php");
-require_once("../_errorslist.php");
-require_once("../_types.php");
-require_once("index.php");
+if ($IS_FRONTEND) {
+	require_once("api/_auth.php");
+	require_once("api/_utils.php");
+	require_once("api/_errorslist.php");
+	require_once("api/_types.php");
+	require_once("api/user/index.php");
+} else {
+	require_once("../_auth.php");
+	require_once("../_utils.php");
+	require_once("../_errorslist.php");
+	require_once("../_types.php");
+	require_once("./index.php");
+}
 
 
 

api/user/delete.php

@@ -1,10 +1,20 @@
-<?php // Deleting existing account
+<?php
+// Deleting existing account
+
+
 
 // Includes
-require_once("../_auth.php");
-require_once("../_utils.php");
-require_once("../_errorslist.php");
-require_once("./index.php");
+if ($IS_FRONTEND) {
+	require_once("api/_auth.php");
+	require_once("api/_utils.php");
+	require_once("api/_errorslist.php");
+	require_once("api/user/index.php");
+} else {
+	require_once("../_auth.php");
+	require_once("../_utils.php");
+	require_once("../_errorslist.php");
+	require_once("./index.php");
+}
 
 
 
@@ -73,7 +83,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
 	} else {
 		// If it was self-deletion
 		if ($id === $THIS_USER)
-			EndSession();
+			AUTH_EndSession();
 		JSON_ReturnData(["success" => $result->GetData()]);
 	}
 }

api/user/index.php

@@ -1,4 +1,7 @@
-<?php // Viewing account data
+<?php
+// Viewing account data
+
+
 
 // Includes
 if ($IS_FRONTEND) {
@@ -86,7 +89,7 @@ function User_IsMod (int $id): ReturnT {
  * Get user information from DB
  */
 function User_GetInfoByID (int $id): ReturnT {
-	global $db, $THIS_USER;
+	global $db, $THIS_USER, $LOGGED_IN;
 
 	$result = array();
 
@@ -104,9 +107,15 @@ function User_GetInfoByID (int $id): ReturnT {
 	$result["avatar_path"]   = $d["avatar_path"];
 	$result["role"]          = $d["role"];
 	$result["banned"]        = $d["banned"];
-	if (($id === $THIS_USER) || User_IsMod($THIS_USER)->GetData()) { // User himself and mods can see additional info
+	// User himself and mods can see additional info
+	if ($id === $THIS_USER) {
 		$result["email"]     = $d["email"];
 		$result["invite_id"] = $d["invite_id"];
+	} elseif ($LOGGED_IN) {
+		if (User_IsMod($THIS_USER)->GetData()) {
+			$result["email"]     = $d["email"];
+			$result["invite_id"] = $d["invite_id"];
+		}
 	}
 
 	return new ReturnT(data: $result);

api/user/login.php

@@ -0,0 +1,89 @@
+<?php
+// Logging into account
+
+
+
+// Includes
+if ($IS_FRONTEND) {
+	require_once("api/_auth.php");
+	require_once("api/_utils.php");
+	require_once("api/_errorslist.php");
+	require_once("api/_types.php");
+	require_once("api/user/index.php");
+} else {
+	require_once("../_auth.php");
+	require_once("../_utils.php");
+	require_once("../_errorslist.php");
+	require_once("../_types.php");
+	require_once("./index.php");
+}
+
+
+
+// Methods
+
+/*
+ * METHOD
+ * Log into existing user account
+ */
+function User_Login_Method (array $req): ReturnT {
+	global $db, $LOGGED_IN, $THIS_USER;
+
+	$login = $req["login"];
+	$password = $req["password"];
+
+	// Input sanity checks
+
+	// If already logged in
+	if ($LOGGED_IN)
+		return new ReturnT(err_code: E_AUT_ALRLOGIN, err_desc: "you are already logged in");
+
+	// If no password or login supplied
+	if (!isset($login) || !isset($password))
+		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "you must supply both login and password");
+
+	// Checking if password is correct
+	$s = $db->prepare("SELECT * FROM users WHERE login = ?");
+	$s->bind_param("s", $login);
+	$s->execute();
+	$d = $s->get_result()->fetch_assoc();
+
+	// Wrong login
+	if (!(bool)$d)
+		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");
+
+	$suppl_pwd_hash = hash("sha256", $password . $d["salt"], true);
+	$real_pwd_hash = $d["password_hash"];
+
+	// Wrong password
+	if ($suppl_pwd_hash !== $real_pwd_hash)
+		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "wrong login or password");
+
+	// Actions
+
+	$_SESSION["userid"] = $d["id"];
+	$THIS_USER = $d["id"];
+
+	return new ReturnT(data: true);
+}
+
+
+
+if (Utils_ThisFileIsRequested(__FILE__)) {
+	require_once("../_json.php");
+
+	// HACK: for debugging purposes. Will be removed later
+	if ($Config["debug"])
+		$_POST = $_REQUEST;
+
+	// Log into account
+	$result = User_Login_Method($_POST);
+
+	// Checking result
+	if ($result->IsError())
+		$result->ThrowJSONError();
+	else
+		JSON_ReturnData(["success" => $result->GetData()]);
+}
+
+?>