forked from Cyclone-Team/e949
Sample text
This commit is contained in:
parent
611e213592
commit
d4b7a03802
@ -4,12 +4,8 @@ require_once("_db.php"); //("api/_db.php");
|
||||
|
||||
|
||||
|
||||
// Check if request was to specified file
|
||||
function ThisFileIsRequested ($fullpath) {
|
||||
return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
|
||||
}
|
||||
|
||||
session_start();
|
||||
//session_start();
|
||||
// This ^ should be placed at login stage
|
||||
|
||||
$LOGGED_IN = false;
|
||||
|
||||
@ -25,6 +21,18 @@ if (isset($_SESSION["userid"])) {
|
||||
die("user id used in session does not exist");
|
||||
}
|
||||
$LOGGED_IN = true;
|
||||
} else {
|
||||
// ATTENTION: idk will this work, but this can be theoretically unsafe or cause fault
|
||||
|
||||
if (session_status()) {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
if (isset($_COOKIE["PHPSESSID"])) {
|
||||
unset($_COOKIE["PHPSESSID"]);
|
||||
setcookie("PHPSESSID", "", time() - 3600, "/");
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
@ -1,4 +1,4 @@
|
||||
<?php
|
||||
<?php // Parsing configuration file
|
||||
|
||||
$Config = array();
|
||||
$Config_FileName = "config.json";
|
||||
|
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
<?php // Database setup
|
||||
|
||||
require_once("_config.php"); //("api/_config.php");
|
||||
require_once("_config.php");
|
||||
|
||||
|
||||
|
||||
|
@ -1,12 +1,15 @@
|
||||
<?php
|
||||
|
||||
// Internal errors
|
||||
$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
|
||||
$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
|
||||
|
||||
// Request data parsing errors
|
||||
$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
|
||||
$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
|
||||
$Err_RDP_InvalidArgs = "rdp.invalidargs"; // Invalid arguments supplied to method
|
||||
|
||||
// Data processing errors
|
||||
$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
|
||||
$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
|
||||
$Err_DP_AlreadyLoggedIn = "dp.alreadyloggedin"; // User already logged into account
|
||||
$Err_DP_RegClosed = "dp.regclosed"; // Registration is closed
|
||||
|
||||
?>
|
21
api/_utils.php
Normal file
21
api/_utils.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?php // Utility functions
|
||||
|
||||
// Check if request was to specified file
|
||||
function ThisFileIsRequested ($fullpath): bool {
|
||||
return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
|
||||
}
|
||||
|
||||
// Generate secure random string
|
||||
function GenerateRandomString (int $length, string $keyspace = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"): string {
|
||||
if ($length < 1) {
|
||||
die("cant generate random string of size less than 1");
|
||||
}
|
||||
$pieces = [];
|
||||
$max = mb_strlen($keyspace, "8bit") - 1;
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$pieces []= $keyspace[random_int(0, $max)];
|
||||
}
|
||||
return implode('', $pieces);
|
||||
}
|
||||
|
||||
?>
|
@ -1,5 +1,60 @@
|
||||
<?php
|
||||
<?php // Creating account
|
||||
|
||||
// TODO
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
|
||||
|
||||
|
||||
// Create new user account
|
||||
function User_Create ($login, $password, $email = null, $invite_id = null, $avatar_path = null): bool {
|
||||
global $db;
|
||||
|
||||
$salt = GenerateRandomString(8);
|
||||
$pwd_hash = hash("sha256", $password . $salt, true);
|
||||
|
||||
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
|
||||
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, "newbie", $invite_id);
|
||||
return $s->execute() !== false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// If registration turned off
|
||||
if (!$Config["registration"]["active"]) {
|
||||
ReturnJSONError($Err_DP_RegClosed, "registrations are closed");
|
||||
}
|
||||
|
||||
// If user is logged in, then we should not allow creation of account
|
||||
if ($LOGGED_IN)
|
||||
ReturnJSONError($Err_DP_AlreadyLoggedIn, "you are already logged in");
|
||||
|
||||
// If we have some POST data
|
||||
if (isset($_POST["login"]) && isset($_POST["password"])) {
|
||||
// If we need email but it isnt supplied
|
||||
if ($Config["registration"]["need_email"] && !isset($_POST["email"]))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
|
||||
elseif (isset($_POST["email"])) {
|
||||
// Validation of email
|
||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
|
||||
}
|
||||
// If we need invite but it isnt supplied
|
||||
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
|
||||
|
||||
// Check login and password for pattern match
|
||||
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
|
||||
if (preg_match($preg_str, $_POST["login"]) || preg_match($preg_str, $_POST["password"])) {
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
|
||||
}
|
||||
|
||||
// TODO
|
||||
} else { // Not enough arguments
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
@ -1,12 +1,23 @@
|
||||
<?php
|
||||
<?php // Viewing account data
|
||||
|
||||
require_once("../_auth.php");
|
||||
require_once("../_json.php");
|
||||
require_once("../_utils.php");
|
||||
|
||||
|
||||
|
||||
// Check if user with supplied login exists
|
||||
function User_LoginExist ($login): bool {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE login = ?");
|
||||
$s->bind_param("s", $login);
|
||||
$s->execute();
|
||||
|
||||
return (bool)$s->get_result()->fetch_assoc();
|
||||
}
|
||||
|
||||
// Check if user has specified role
|
||||
function User_HasRole ($id, $role) {
|
||||
function User_HasRole ($id, $role): bool {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
@ -72,6 +83,8 @@ function User_GetInfoByID ($id) {
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
$UserID = null;
|
||||
|
||||
if (isset($_REQUEST["id"])) {
|
||||
|
@ -4,5 +4,14 @@
|
||||
"name": "e949",
|
||||
"user": "e949",
|
||||
"pass": "password"
|
||||
},
|
||||
"registration": {
|
||||
"active": true,
|
||||
"need_email": false,
|
||||
"need_invite": false,
|
||||
"allowed_syms": "a-zA-Z0-9_=+-"
|
||||
},
|
||||
"accounts": {
|
||||
"external_avatars": false
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user