diff --git a/api/_auth.php b/api/_auth.php index 3a47c82..531f3cf 100644 --- a/api/_auth.php +++ b/api/_auth.php @@ -34,7 +34,7 @@ $THIS_USER = null; // ID of logged in user if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // If there are active session // Check if user still exist - $s = $db->prepare("SELECT * FROM users WHERE id = ?"); + $s = $db->prepare("SELECT id FROM users WHERE id = ?"); $s->bind_param("s", $_SESSION["userid"]); $s->execute(); if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session @@ -47,6 +47,7 @@ if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // die("ERROR: please enable sessions in php config"); } +// HACK if ($Config["debug"] && isset($_REQUEST["debug"])) { // If there are not any session and debug mode is on // ATTENTION: FOR DEBUG PURPOSES ONLY! if ($_REQUEST["debug"] == "drop") { diff --git a/api/user/create.php b/api/user/create.php index abe9745..d3adb55 100644 --- a/api/user/create.php +++ b/api/user/create.php @@ -63,7 +63,7 @@ function User_Create_Method (array $req): ReturnT { // Input sanity checks - // If registration turned off + // If registration is turned off if (!$Config["registration"]["active"]) return new ReturnT(err_code: E_AUT_REGCLOSED); @@ -77,8 +77,8 @@ function User_Create_Method (array $req): ReturnT { $password = $req["password"]; // If password is too weak - if (strlen($password) < 8) - return new ReturnT(err_code: E_AUT_PWD2WEAK); + if (strlen($password) < $Config["registration"]["min_passw_len"]) + return new ReturnT(err_code: E_AUT_PWD2WEAK, err_desc: "password must contain at least " . strval($Config["registration"]["min_passw_len"]) . " characters"); // If we need email but it isnt supplied if ($Config["registration"]["need_email"] && !isset($req["email"])) { @@ -95,13 +95,13 @@ function User_Create_Method (array $req): ReturnT { } elseif (isset($req["invite_id"])) { // TODO: check invite and reject if it invalid //$invite_id = $req["invite_id"]; - return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented"); + return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented yet"); } // Check login and password for pattern match $preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/"; if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) - return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols are: " . $Config["registration"]["allowed_syms"]); + return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols in login and password are: " . $Config["registration"]["allowed_syms"]); // Check if login already exists if (User_LoginExist($login)) diff --git a/api/user/login.php b/api/user/login.php index 11f7417..18f24a6 100644 --- a/api/user/login.php +++ b/api/user/login.php @@ -43,7 +43,7 @@ function User_Login_Method (array $req): ReturnT { return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "you must supply both login and password"); // Checking if password is correct - $s = $db->prepare("SELECT * FROM users WHERE login = ?"); + $s = $db->prepare("SELECT id,password_hash,salt FROM users WHERE login = ?"); $s->bind_param("s", $login); $s->execute(); $d = $s->get_result()->fetch_assoc(); diff --git a/config.json b/config.json index 10d6c33..804df8b 100644 --- a/config.json +++ b/config.json @@ -10,7 +10,8 @@ "active": true, "need_email": false, "need_invite": false, - "allowed_syms": "a-zA-Z0-9_=+-" + "allowed_syms": "a-zA-Z0-9_=+-", + "min_passw_len": 8 }, "accounts": { "external_avatars": false diff --git a/front/notifications.php b/front/notifications.php index 10eaafe..96835e6 100644 --- a/front/notifications.php +++ b/front/notifications.php @@ -15,6 +15,9 @@ function NTFY_AddNotice (string $text, string $type = "fail") { case "fail": $NTFY_NoticesStack[] = "

$text

"; break; + case "success": + $NTFY_NoticesStack[] = "

$text

"; + break; default: die("invalid notification type: $type"); } diff --git a/front/pages/login/page.php b/front/pages/login/page.php index 5e89768..be8e221 100644 --- a/front/pages/login/page.php +++ b/front/pages/login/page.php @@ -9,14 +9,20 @@ require_once("front/notifications.php"); +// Redirecting to main page if already logged in +if ($LOGGED_IN) { + header("Location: ."); + exit(); +} + // If there is attempt to login in if (isset($_POST["login"]) || isset($_POST["password"])) { $result = User_Login_Method($_POST); - if ($result->IsError()) { + if ($result->IsError()) { // Something happened NTFY_AddNotice("Failed to log into account! Check your credentials and try again.
" . $result->GetError()); - } else { - header("Location: index.php"); + } else { // All OK + header("Location: ."); exit(); } } @@ -31,7 +37,7 @@ NTFY_EchoAllNotices();

- + >

diff --git a/front/pages/main_nav.php b/front/pages/main_nav.php index 2bd10ee..7903c51 100644 --- a/front/pages/main_nav.php +++ b/front/pages/main_nav.php @@ -4,21 +4,28 @@ $MARKUP_CURRENT_PAGE = "class=\"current\""; -$MARKUP_CURRENT_PAGE_LOGIN = ""; +$MARKUP_CURRENT_PAGE_LOGIN = ""; +$MARKUP_CURRENT_PAGE_REGISTER = ""; if ($WHAT_PAGE_IS_CURRENT["login"]) - $MARKUP_CURRENT_PAGE_LOGIN = $MARKUP_CURRENT_PAGE; + $MARKUP_CURRENT_PAGE_LOGIN = $MARKUP_CURRENT_PAGE; +if ($WHAT_PAGE_IS_CURRENT["register"]) + $MARKUP_CURRENT_PAGE_REGISTER = $MARKUP_CURRENT_PAGE; ?>