From c48f83773885bcee2db5c11eb5d932a24ac4a60f Mon Sep 17 00:00:00 2001
From: shr3dd3r <uraneban@blackhost.xyz>
Date: Mon, 15 Jan 2024 04:58:29 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A0=D0=B5=D0=B3=D0=B8=D1=81=D1=82=D1=80?=
 =?UTF-8?q?=D0=B0=D1=86=D0=B8=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Фронт (стили+страница), полировка стр. логина, микроправки и микрооптимизации
---
 api/_auth.php                 |  3 +-
 api/user/create.php           | 10 ++--
 api/user/login.php            |  2 +-
 config.json                   |  3 +-
 front/notifications.php       |  3 ++
 front/pages/login/page.php    | 14 +++--
 front/pages/main_nav.php      | 21 ++++----
 front/pages/register/page.php | 99 +++++++++++++++++++++++++++++++++++
 front/styles/base.css         | 15 +++++-
 front/styles/main.css         |  8 ++-
 index.php                     | 10 +++-
 11 files changed, 161 insertions(+), 27 deletions(-)
 create mode 100644 front/pages/register/page.php

diff --git a/api/_auth.php b/api/_auth.php
index 3a47c82..531f3cf 100644
--- a/api/_auth.php
+++ b/api/_auth.php
@@ -34,7 +34,7 @@ $THIS_USER = null; // ID of logged in user
 
 if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { // If there are active session
 	// Check if user still exist
-	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
+	$s = $db->prepare("SELECT id FROM users WHERE id = ?");
 	$s->bind_param("s", $_SESSION["userid"]);
 	$s->execute();
 	if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
@@ -47,6 +47,7 @@ if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION["userid"])) { //
 	die("ERROR: please enable sessions in php config");
 }
 
+// HACK
 if ($Config["debug"] && isset($_REQUEST["debug"])) { // If there are not any session and debug mode is on
 	// ATTENTION: FOR DEBUG PURPOSES ONLY!
 	if ($_REQUEST["debug"] == "drop") {
diff --git a/api/user/create.php b/api/user/create.php
index abe9745..d3adb55 100644
--- a/api/user/create.php
+++ b/api/user/create.php
@@ -63,7 +63,7 @@ function User_Create_Method (array $req): ReturnT {
 
 	// Input sanity checks
 
-	// If registration turned off
+	// If registration is turned off
 	if (!$Config["registration"]["active"])
 		return new ReturnT(err_code: E_AUT_REGCLOSED);
 
@@ -77,8 +77,8 @@ function User_Create_Method (array $req): ReturnT {
 		$password = $req["password"];
 
 		// If password is too weak
-		if (strlen($password) < 8)
-			return new ReturnT(err_code: E_AUT_PWD2WEAK);
+		if (strlen($password) < $Config["registration"]["min_passw_len"])
+			return new ReturnT(err_code: E_AUT_PWD2WEAK, err_desc: "password must contain at least " . strval($Config["registration"]["min_passw_len"]) . " characters");
 
 		// If we need email but it isnt supplied
 		if ($Config["registration"]["need_email"] && !isset($req["email"])) {
@@ -95,13 +95,13 @@ function User_Create_Method (array $req): ReturnT {
 		} elseif (isset($req["invite_id"])) {
 			// TODO: check invite and reject if it invalid
 			//$invite_id = $req["invite_id"];
-			return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented");
+			return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented yet");
 		}
 
 		// Check login and password for pattern match
 		$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
 		if (preg_match($preg_str, $login) || preg_match($preg_str, $password))
-			return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
+			return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols in login and password are: " . $Config["registration"]["allowed_syms"]);
 
 		// Check if login already exists
 		if (User_LoginExist($login))
diff --git a/api/user/login.php b/api/user/login.php
index 11f7417..18f24a6 100644
--- a/api/user/login.php
+++ b/api/user/login.php
@@ -43,7 +43,7 @@ function User_Login_Method (array $req): ReturnT {
 		return new ReturnT(err_code: E_AUT_WRONGCREDS, err_desc: "you must supply both login and password");
 
 	// Checking if password is correct
-	$s = $db->prepare("SELECT * FROM users WHERE login = ?");
+	$s = $db->prepare("SELECT id,password_hash,salt FROM users WHERE login = ?");
 	$s->bind_param("s", $login);
 	$s->execute();
 	$d = $s->get_result()->fetch_assoc();
diff --git a/config.json b/config.json
index 10d6c33..804df8b 100644
--- a/config.json
+++ b/config.json
@@ -10,7 +10,8 @@
 		"active": true,
 		"need_email": false,
 		"need_invite": false,
-		"allowed_syms": "a-zA-Z0-9_=+-"
+		"allowed_syms": "a-zA-Z0-9_=+-",
+		"min_passw_len": 8
 	},
 	"accounts": {
 		"external_avatars": false
diff --git a/front/notifications.php b/front/notifications.php
index 10eaafe..96835e6 100644
--- a/front/notifications.php
+++ b/front/notifications.php
@@ -15,6 +15,9 @@ function NTFY_AddNotice (string $text, string $type = "fail") {
 		case "fail":
 			$NTFY_NoticesStack[] = "<div class=\"notification_fail\"><p>$text</p></div>";
 			break;
+		case "success":
+			$NTFY_NoticesStack[] = "<div class=\"notification_success\"><p>$text</p></div>";
+			break;
 		default:
 			die("invalid notification type: $type");
 	}
diff --git a/front/pages/login/page.php b/front/pages/login/page.php
index 5e89768..be8e221 100644
--- a/front/pages/login/page.php
+++ b/front/pages/login/page.php
@@ -9,14 +9,20 @@ require_once("front/notifications.php");
 
 
 
+// Redirecting to main page if already logged in
+if ($LOGGED_IN) {
+	header("Location: .");
+	exit();
+}
+
 // If there is attempt to login in
 if (isset($_POST["login"]) || isset($_POST["password"])) {
 	$result = User_Login_Method($_POST);
 
-	if ($result->IsError()) {
+	if ($result->IsError()) { // Something happened
 		NTFY_AddNotice("Failed to log into account! Check your credentials and try again.<br>" . $result->GetError());
-	} else {
-		header("Location: index.php");
+	} else { // All OK
+		header("Location: .");
 		exit();
 	}
 }
@@ -31,7 +37,7 @@ NTFY_EchoAllNotices();
 	<form class="login" action="./?do=login" accept-charset="UTF-8" method="post">
 		<div>
 			<label for="login">Username</label><br>
-			<input type="text" name="login" id="login">
+			<input type="text" name="login" id="login" <?php if (isset($_POST["login"])) { echo "value=\"" . $_POST["login"] . "\""; } ?>>
 		</div>
 		<div>
 			<label for="password">Password</label><br>
diff --git a/front/pages/main_nav.php b/front/pages/main_nav.php
index 2bd10ee..7903c51 100644
--- a/front/pages/main_nav.php
+++ b/front/pages/main_nav.php
@@ -4,21 +4,28 @@
 
 
 $MARKUP_CURRENT_PAGE = "class=\"current\"";
-$MARKUP_CURRENT_PAGE_LOGIN = "";
+$MARKUP_CURRENT_PAGE_LOGIN    = "";
+$MARKUP_CURRENT_PAGE_REGISTER = "";
 
 if ($WHAT_PAGE_IS_CURRENT["login"])
-	$MARKUP_CURRENT_PAGE_LOGIN = $MARKUP_CURRENT_PAGE;
+	$MARKUP_CURRENT_PAGE_LOGIN    = $MARKUP_CURRENT_PAGE;
+if ($WHAT_PAGE_IS_CURRENT["register"])
+	$MARKUP_CURRENT_PAGE_REGISTER = $MARKUP_CURRENT_PAGE;
 
 
 
 ?>
 <nav class="main">
 	<ul>
+		<li>
+			<p><a title="Main site page" href="./?do=main">Index</p></a>
+		</li>
+		<span>|</span>
 		<li <?php echo $MARKUP_CURRENT_PAGE_LOGIN; ?>>
 			<p><a title="Login in existing account" href="./?do=login">Login</p></a>
 		</li>
 		<span>|</span>
-		<li>
+		<li <?php echo $MARKUP_CURRENT_PAGE_REGISTER; ?>>
 			<p><a title="Create new account" href="./?do=register">Register</p></a>
 		</li>
 		<span>|</span>
@@ -38,14 +45,6 @@ if ($WHAT_PAGE_IS_CURRENT["login"])
 			<p><a title="Contacts" href="./?do=show_contacts">Contacts</p></a>
 		</li>
 		<span>|</span>
-		<li>
-			<p><a title="Terms of service" href="./?do=show_tos">ToS</p></a>
-		</li>
-		<span>|</span>
-		<li>
-			<p><a title="Privacy policy" href="./?do=there_are_my_data">Privacy</p></a>
-		</li>
-		<span>|</span>
 		<li>
 			<p><a title="A site map" href="./?do=view_sitemap">Site map</p></a>
 		</li>
diff --git a/front/pages/register/page.php b/front/pages/register/page.php
new file mode 100644
index 0000000..b797a4b
--- /dev/null
+++ b/front/pages/register/page.php
@@ -0,0 +1,99 @@
+<?php
+// Registration page
+
+
+// Includes
+require_once("api/_config.php");
+require_once("api/user/create.php");
+require_once("front/pages/main_nav.php");
+require_once("front/notifications.php");
+
+
+
+$REGISTRATION_IS_OPEN = $Config["registration"]["active"];
+
+// Redirecting to main page if already logged in
+if ($LOGGED_IN) {
+	header("Location: .");
+	exit();
+}
+
+
+
+// If there is attempt to register
+if ((isset($_POST["login"]) || isset($_POST["password"])) && $REGISTRATION_IS_OPEN) {
+	// If ToS arent accepted
+	if ($_POST["tos_check"] !== "tos_check") {
+		NTFY_AddNotice("You MUST accept Terms of Service!", "fail");
+	} else { // Ok, noice
+		if ($_POST["password"] === $_POST["password2"]) {
+			$result = User_Create_Method($_POST);
+
+			if ($result->IsError()) { // Something happened
+				NTFY_AddNotice("Failed to create account! Reason:<br>" . $result->GetError(), "fail");
+			} else { // All OK
+				NTFY_AddNotice("Account registered! You can log in <a href=\"./?do=login\">here</a>", "success");
+			}
+		} else {
+			NTFY_AddNotice("Password mismatch! Check and try again", "fail");
+		}
+	}
+}
+
+NTFY_EchoAllNotices();
+
+
+
+?>
+<div class="visualbox">
+	<h1>Register</h1>
+	<?php
+		if ($REGISTRATION_IS_OPEN) {
+	?>
+	<form class="login" action="./?do=register" accept-charset="UTF-8" method="post">
+		<div>
+			<label for="login">Your desired username:</label><br>
+			<input type="text" name="login" id="login" spellcheck="false" <?php if (isset($_POST["login"])) { echo "value=\"" . $_POST["login"] . "\""; } ?>>
+		</div>
+		<div>
+			<label for="password">Password:</label><br>
+			<input type="password" name="password" id="password"><br>
+			<label for="password2">Repeat password:</label><br>
+			<input type="password" name="password2" id="password2">
+		</div>
+		<?php
+			if ($Config["registration"]["need_email"]) { // TODO: move description to ToS
+		?>
+		<div>
+			<label for="email">E-Mail address <span style="font-size: 50%;">(we will send you penis enlargement ads)</span>:</label><br>
+			<input type="text" name="email" id="email" inputmode="email" <?php if (isset($_POST["email"])) { echo "value=\"" . $_POST["email"] . "\""; } ?>>
+		</div>
+		<?php
+			}
+
+			if ($Config["registration"]["need_invite"]) {
+		?>
+		<div>
+			<label for="invite_id">Invite code:</label><br>
+			<input type="text" name="invite_id" id="invite_id" spellcheck="false" <?php if (isset($_POST["invite_id"])) { echo "value=\"" . $_POST["invite_id"] . "\""; } ?>>
+		</div>
+		<?php
+			}
+		?>
+		<div>
+			<input type="checkbox" name="tos_check" id="tos_check" value="tos_check">
+			<label for="tos_check">I've read and accept your boring Terms of Service</label>
+		</div>
+		<div>
+			<input type="submit" value="Submit">
+		</div>
+	</form>
+	<div class="loginmisc">
+		<p>Already have an account? <a href="./?do=login">Login here</a></p>
+	</div>
+	<?php
+		} else {
+			echo "<h2 style=\"color: red;\">Registrations are closed!</h2>";
+		}
+	?>
+</div>
diff --git a/front/styles/base.css b/front/styles/base.css
index 4e8e95e..15598d6 100644
--- a/front/styles/base.css
+++ b/front/styles/base.css
@@ -60,6 +60,10 @@ div.visualbox {
 	backdrop-filter: blur(6px);
 }
 
+
+
+/* Notifications */
+
 div.notification_fail {
 	margin: 10px;
 	padding: 10px;
@@ -73,6 +77,16 @@ div.notification_fail p {
 	color: red;
 }
 
+div.notification_success {
+	margin: 10px;
+	padding: 10px;
+	border-radius: 5px;
+	box-shadow: 0 0 5px green;
+	text-shadow: 0 0 2px black, 0 0 6px black;
+	backdrop-filter: blur(6px);
+	background-color: #0f03;
+}
+
 
 
 /* Input */
@@ -124,5 +138,4 @@ input[type=submit]:focus {
 /* Checkbox */
 input[type=checkbox] {
 	cursor: pointer;
-	background-color: red;
 }
diff --git a/front/styles/main.css b/front/styles/main.css
index 706c6ad..ed41dc3 100644
--- a/front/styles/main.css
+++ b/front/styles/main.css
@@ -36,8 +36,8 @@ nav.main ul {
 
 nav.main ul li {
 	display: inline-block;
-	margin-left: 1.75vw;
-	margin-right: 1.75vw;
+	margin-left: 2.5vw;
+	margin-right: 2.5vw;
 }
 
 nav.main ul li a {
@@ -72,6 +72,10 @@ form.login a {
 	font-size: 80%;
 }
 
+form.login label[for="tos_check"] {
+	cursor: pointer;
+}
+
 div.loginmisc {
 	margin-top: 4px;
 	margin-bottom: 4px;
diff --git a/index.php b/index.php
index e0a37ae..f1a2cb6 100644
--- a/index.php
+++ b/index.php
@@ -26,11 +26,19 @@ else
 
 $WHAT_PAGE_IS_CURRENT = array(
 	"main" => false,
-	"login" => false
+	"login" => false,
+	"register" => false
 );
 
 // Picking current page
 switch ($PICKED_PAGE) {
+	// Registration page
+	case "register":
+		$WHAT_PAGE_IS_CURRENT["register"] = true;
+		$PAGE_TITLE = "Register";
+		$PAGE_STYLE = "front/styles/main.css";
+		$PAGE_FILE  = "front/pages/register/page.php";
+		break;
 	// Login page
 	case "login":
 		$WHAT_PAGE_IS_CURRENT["login"] = true;