Sample text

This commit is contained in:
Shr3dd3r 2023-08-19 21:15:47 +03:00
parent 611e213592
commit d4b7a03802
8 changed files with 126 additions and 17 deletions

View File

@ -4,12 +4,8 @@ require_once("_db.php"); //("api/_db.php");
// Check if request was to specified file
function ThisFileIsRequested ($fullpath) {
return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
}
session_start();
//session_start();
// This ^ should be placed at login stage
$LOGGED_IN = false;
@ -25,6 +21,18 @@ if (isset($_SESSION["userid"])) {
die("user id used in session does not exist");
}
$LOGGED_IN = true;
} else {
// ATTENTION: idk will this work, but this can be theoretically unsafe or cause fault
if (session_status()) {
session_unset();
session_destroy();
}
if (isset($_COOKIE["PHPSESSID"])) {
unset($_COOKIE["PHPSESSID"]);
setcookie("PHPSESSID", "", time() - 3600, "/");
}
}
?>

View File

@ -1,4 +1,4 @@
<?php
<?php // Parsing configuration file
$Config = array();
$Config_FileName = "config.json";

View File

@ -1,6 +1,6 @@
<?php
<?php // Database setup
require_once("_config.php"); //("api/_config.php");
require_once("_config.php");

View File

@ -1,12 +1,15 @@
<?php
// Internal errors
$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
// Request data parsing errors
$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
$Err_RDP_InvalidArgs = "rdp.invalidargs"; // Invalid arguments supplied to method
// Data processing errors
$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
$Err_DP_AlreadyLoggedIn = "dp.alreadyloggedin"; // User already logged into account
$Err_DP_RegClosed = "dp.regclosed"; // Registration is closed
?>

21
api/_utils.php Normal file
View File

@ -0,0 +1,21 @@
<?php // Utility functions
// Check if request was to specified file
function ThisFileIsRequested ($fullpath): bool {
return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
}
// Generate secure random string
function GenerateRandomString (int $length, string $keyspace = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"): string {
if ($length < 1) {
die("cant generate random string of size less than 1");
}
$pieces = [];
$max = mb_strlen($keyspace, "8bit") - 1;
for ($i = 0; $i < $length; ++$i) {
$pieces []= $keyspace[random_int(0, $max)];
}
return implode('', $pieces);
}
?>

View File

@ -1,5 +1,60 @@
<?php
<?php // Creating account
// TODO
require_once("../_auth.php");
require_once("../_utils.php");
// Create new user account
function User_Create ($login, $password, $email = null, $invite_id = null, $avatar_path = null): bool {
global $db;
$salt = GenerateRandomString(8);
$pwd_hash = hash("sha256", $password . $salt, true);
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, "newbie", $invite_id);
return $s->execute() !== false;
}
if (ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
// If registration turned off
if (!$Config["registration"]["active"]) {
ReturnJSONError($Err_DP_RegClosed, "registrations are closed");
}
// If user is logged in, then we should not allow creation of account
if ($LOGGED_IN)
ReturnJSONError($Err_DP_AlreadyLoggedIn, "you are already logged in");
// If we have some POST data
if (isset($_POST["login"]) && isset($_POST["password"])) {
// If we need email but it isnt supplied
if ($Config["registration"]["need_email"] && !isset($_POST["email"]))
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
elseif (isset($_POST["email"])) {
// Validation of email
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
}
// If we need invite but it isnt supplied
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"]))
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
// Check login and password for pattern match
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
if (preg_match($preg_str, $_POST["login"]) || preg_match($preg_str, $_POST["password"])) {
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
}
// TODO
} else { // Not enough arguments
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
}
}
?>

View File

@ -1,12 +1,23 @@
<?php
<?php // Viewing account data
require_once("../_auth.php");
require_once("../_json.php");
require_once("../_utils.php");
// Check if user with supplied login exists
function User_LoginExist ($login): bool {
global $db;
$s = $db->prepare("SELECT * FROM users WHERE login = ?");
$s->bind_param("s", $login);
$s->execute();
return (bool)$s->get_result()->fetch_assoc();
}
// Check if user has specified role
function User_HasRole ($id, $role) {
function User_HasRole ($id, $role): bool {
global $db;
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@ -72,6 +83,8 @@ function User_GetInfoByID ($id) {
if (ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
$UserID = null;
if (isset($_REQUEST["id"])) {

View File

@ -4,5 +4,14 @@
"name": "e949",
"user": "e949",
"pass": "password"
},
"registration": {
"active": true,
"need_email": false,
"need_invite": false,
"allowed_syms": "a-zA-Z0-9_=+-"
},
"accounts": {
"external_avatars": false
}
}