From 10702cef414eec6611086117565d565f8c35e8ee Mon Sep 17 00:00:00 2001
From: bye <bye@byecorps.com>
Date: Wed, 29 May 2024 18:33:57 +0100
Subject: [PATCH] i dont know whats in this commit hopefully it's good

---
 accounts_handler.php          | 34 ++++++++++++--
 admin.php                     |  5 ++
 admin_accounts.php            |  6 +--
 admin_create_token.php        | 86 ++++++++++++++++++++++++++++++++++
 api_handler.php               | 65 +++++++++++++++++++++-----
 assets/buttons/signinwith.svg | 88 +++++++++++++++++++++++++++++++++++
 head.php                      |  2 +-
 index.php                     |  2 +
 landing.php                   | 32 +++++++++++--
 login_external_basic.php      | 41 +++++++++++-----
 profile.php                   | 48 +------------------
 settings_account.php          | 79 +++++++++++++++++++++++++++++++
 signin.php                    |  2 +-
 styles/colours.css            |  6 +++
 styles/profiles.css           |  8 ++++
 styles/types.css              |  4 ++
 16 files changed, 426 insertions(+), 82 deletions(-)
 create mode 100644 admin_create_token.php
 create mode 100644 assets/buttons/signinwith.svg
 create mode 100644 settings_account.php

diff --git a/accounts_handler.php b/accounts_handler.php
index 34e6c0a..1ae09c3 100644
--- a/accounts_handler.php
+++ b/accounts_handler.php
@@ -30,7 +30,7 @@ function get_display_name($bcid, $use_bcid_fallback=true, $put_bcid_in_parenthes
 
 // Tokens so apps can get VERY BASIC information
 
-function generate_basic_access_token($bcid): array
+function generate_basic_access_token($bcid, $application_id=""): array
 {
     // Returns an access token, a refresh token and an expiry timestamp.
 
@@ -42,14 +42,42 @@ function generate_basic_access_token($bcid): array
 
 //    echo $access_token . ":" . $refresh_token;
 
+    if ($application_id) {
+        db_execute(
+            "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions) VALUES (?,?,?,?,?, (1<<0 | 1<<1))",
+            [$access_token, $refresh_token, $expiry, $bcid, $application_id]
+        );
+    } else {
+        db_execute(
+            "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, permissions) VALUES (?,?,?,?, (1<<0 | 1<<1))",
+            [$access_token, $refresh_token, $expiry, $bcid]
+        );
+    }
+
+    return [
+        "access" => $access_token,
+        "refresh" => $refresh_token,
+        "expiry" => $expiry,
+        "id" => $bcid
+    ];
+}
+
+function generate_token($bcid, $application_id=null, $permissions=0): array {
+    $access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
+    $refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
+
+    $valid_time = 12; // in hours
+    $expiry = time() + ($valid_time * 60 * 60);
+
     db_execute(
-        "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id) VALUES (?,?,?,?)",
-        [$access_token, $refresh_token, $expiry, $bcid]
+        "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions, type) VALUES (?,?,?,?,?,?, 'oauth')",
+        [$access_token, $refresh_token, $expiry, $bcid, $application_id, $permissions]
     );
 
     return [
         "access" => $access_token,
         "refresh" => $refresh_token,
+        "permissions" => $permissions,
         "expiry" => $expiry,
         "id" => $bcid
     ];
diff --git a/admin.php b/admin.php
index d92d029..efb0b73 100644
--- a/admin.php
+++ b/admin.php
@@ -18,6 +18,11 @@
     </li>
 </ul>
 
+<h2>API</h2>
+<ul>
+    <li><a href="/admin/create/token">Token generator</a></li>
+</ul>
+
 <h2>Init</h2>
 <ul>
 	<li>
diff --git a/admin_accounts.php b/admin_accounts.php
index 3a73e80..b353838 100644
--- a/admin_accounts.php
+++ b/admin_accounts.php
@@ -21,9 +21,9 @@ $count = $count_req->fetchColumn();
 <ul>
     <?php
     foreach ($result as $row) {
-        echo "<li><pre>";
-        print_r($row);
-        echo "</pre><p><a href='/admin/signinas?id=".$row['id']."'>Sign in as ".$row['display_name']."</a></li>";
+        echo "<li>";
+        echo $row['id'];
+        echo "<p><a href='/admin/signinas?id=".$row['id']."'>Sign in as ".htmlspecialchars($row['display_name'])."</a></li>";
     }
     ?>
 </ul>
diff --git a/admin_create_token.php b/admin_create_token.php
new file mode 100644
index 0000000..6456f05
--- /dev/null
+++ b/admin_create_token.php
@@ -0,0 +1,86 @@
+<?php
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    echo "<pre>";
+    print_r($_POST);
+    echo "</pre>";
+
+    $token = generate_token($_POST['owner'], $_POST['application'], $_POST['permissions']);
+
+    echo "<p>Created token. Access token: <code>". $token['access'] ."</code></p>";
+}
+
+?>
+
+<h1>Token generator</h1>
+
+<form method="post">
+    <div class="container">
+        <label for="owner">Token owner</label>
+        <select name="owner" required id="owner">
+            <?php
+            $users = db_query("SELECT * FROM accounts");
+            foreach ($users as $row) {
+                echo "<option value='".$row['id']."'>".get_display_name($row['id'])." (".$row['id'].") </option>";
+            }
+            ?>
+        </select>
+    </div>
+    <div class="container">
+        <label for="app">Token app</label>
+        <select name="app" id="app">
+            <option value="null">None</option>
+            <?php
+            $users = db_query("SELECT * FROM apps");
+            foreach ($users as $row) {
+                echo "<option value='".$row['id']."'>". $row['title'] ."</option>";
+            }
+            ?>
+        </select>
+    </div>
+
+    <input type="hidden" id="permissions" name="permissions" value="0" />
+
+    <h2>Permissions</h2>
+    <p>Permission number: <span id="permissionnumber"></span></p>
+    <div class="checkboxes container">
+        <input type="checkbox" id="account.email" value="1" /><label for="account.email"><code>account.email</code></label>
+        <input type="checkbox" id="account.settings" value="2" /><label for="account.settings"><code>account.settings</code></label>
+    </div>
+
+    <button type="submit">Generate!</button>
+</form>
+
+<style>
+    form .container {
+        display: unset;
+    }
+</style>
+
+<script>
+    const displayNumber = document.getElementById("permissionnumber");
+    const permissionsInput = document.getElementById("permissions");
+    const checkboxes = document.querySelectorAll("input[type='checkbox']");
+
+    console.log(checkboxes);
+
+    function updateCheckboxes() {
+        let permissions = 0;
+
+        for (let checkbox of checkboxes) {
+            if (checkbox.checked) {
+                permissions += Number(checkbox.value);
+            }
+        }
+
+        displayNumber.innerText = permissions.toString();
+        permissionsInput.value = permissions;
+    }
+
+    for (let checkbox of checkboxes) {
+        checkbox.onchange = updateCheckboxes;
+    }
+
+    updateCheckboxes();
+
+</script>
diff --git a/api_handler.php b/api_handler.php
index 2792cb1..164e5c0 100644
--- a/api_handler.php
+++ b/api_handler.php
@@ -7,8 +7,6 @@ if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
     $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
 }
 
-
-
 if (!empty($access_token)) {
     // Check who the access token belongs to
     $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
@@ -27,7 +25,6 @@ function check_authorisation($token=""): int
     global $token_owner;
     // Validate token
     if (!validate_access_token($token) && "" != $token) {
-        echo "invalid";
         return 0; // Unauthorised
     }
 
@@ -50,8 +47,9 @@ function check_authorisation($token=""): int
     }
 
     return match ($token_row['type']) {
-        "dangerous" => 22,
-        "basic"     => 1,
+        "dangerous" => 1<<0 | 1<<1, // Everything
+        "basic"     => 1<<1, // Basic
+        "oauth"     => $token_row['permissions'],
         default     => 0,
     };
 }
@@ -93,16 +91,12 @@ function api_user_info(): array
     // `display_name`   = 1 (basic)
     // `id`             = 1 (basic)
     // `email`          = 1 (basic)
-
     $level = check_authorisation($access_token);
-
     $data = null;
-
-    if ($level >= 1) {
+    if ($level & (1 << 0)) {
         $data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
-    } if ($level == 22) {
-        $data = db_execute("SELECT * FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
-        unset($data['password']);
+    } else {
+        $data = db_execute("SELECT id, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
     }
 
     if (null != $data) {
@@ -117,7 +111,50 @@ function api_user_info(): array
         "response_code" => 401,
         "message" => "Unauthorized."
     ];
+}
 
+function api_settings(): array
+{
+    // GET: Return all settings
+    // POST/PATCH: Update settings
+
+    global $access_token, $token_owner;
+
+    $level = check_authorisation($access_token);
+
+    if (!($level & (1 << 1))) { // account.settings
+        http_response_code(401);
+        return [
+            "response_code" => 401,
+            "message" => "Unauthorized."
+        ];
+    }
+
+    if ($_SERVER['REQUEST_METHOD'] === "POST") {
+
+        // Now for the fucking worstest code ever
+        $settings_changed = json_decode(file_get_contents('php://input'), true);
+
+        if (isset($settings_changed['account'])) {
+            if (isset($settings_changed['account']['display_name'])) {
+                $display_name = db_execute('UPDATE accounts SET display_name = ? WHERE id = ?',
+                    [$settings_changed['account']['display_name'], $token_owner]);
+            }
+        }
+    }
+
+    // Get account settings
+    $display_name = db_execute('SELECT display_name FROM accounts WHERE id = ?', [$token_owner])["display_name"];
+
+
+    return [
+        "response_code" => 200,
+        "settings" => [
+            "account" => [
+                "display_name" => $display_name,
+            ]
+        ]
+    ];
 }
 
 $api_routes = [ // base url is base_url.'/api'
@@ -129,6 +166,9 @@ $api_routes = [ // base url is base_url.'/api'
     // Account stuff
     "/account/me" => "api_user_info",
 
+    // Settings
+    "/settings" => "api_settings",
+
     // Get avatar
     "/avatars/get" => "get_avatar"
 ];
@@ -142,6 +182,7 @@ if (isset($api_routes[$path])) {
             "response_code" => "498",
             "message" => "Token expired or invalid."
         ]));
+        exit();
     }
     $response = $api_routes[$path]();
     if (array_key_exists('response_code', $response)) {
diff --git a/assets/buttons/signinwith.svg b/assets/buttons/signinwith.svg
new file mode 100644
index 0000000..ca72560
--- /dev/null
+++ b/assets/buttons/signinwith.svg
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+        width="300.858"
+        height="50"
+        viewBox="0 0 79.602012 13.229167"
+        version="1.1"
+        id="svg1"
+        xml:space="preserve"
+        inkscape:export-filename="bitmap.png"
+        inkscape:export-xdpi="192"
+        inkscape:export-ydpi="192"
+        inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+        sodipodi:docname="bcidsignin.svg"
+        xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+        xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+        xmlns="http://www.w3.org/2000/svg"
+        xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="true"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="true"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="px"
+     showborder="false"
+     labelstyle="default"
+     inkscape:zoom="2.8649832"
+     inkscape:cx="165.446"
+     inkscape:cy="-36.300388"
+     inkscape:window-width="1920"
+     inkscape:window-height="1008"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer2" /><defs
+        id="defs1" /><g
+        inkscape:groupmode="layer"
+        id="layer2"
+        inkscape:label="Layer 2"><rect
+       style="display:inline;opacity:1;fill:#efdd8d;fill-opacity:1;stroke:#dcc455;stroke-width:0.261525;stroke-dasharray:none;stroke-opacity:1"
+       id="rect35"
+       width="79.340492"
+       height="12.967643"
+       x="0.13076229"
+       y="0.13076213"
+       ry="2.0748229"
+       rx="2.1097128"
+       inkscape:label="Background" /><g
+        style="shape-rendering:crispEdges"
+        id="g32"
+        transform="matrix(0.52916667,0,0,0.52916667,9.5250001,3.7041667)"
+        inkscape:label="BCID person"><g
+         id="layer1-5"
+         inkscape:label="BCID logo"><g
+           id="g27"
+           inkscape:label="Body"
+           style="opacity:1"><path
+             id="rect26"
+             style="opacity:1;fill:#000000;fill-opacity:1"
+             d="M 1.0058594,6.5 C 1.0026133,6.5 1,6.5026133 1,6.5058594 V 7.4941406 C 1,7.4973867 1.0026133,7.5 1.0058594,7.5 H 0.00585938 C 0.00261328,7.5 0,7.5026133 0,7.5058594 V 11.494141 C 0,11.497387 0.00261328,11.5 0.00585938,11.5 H 7.9941406 C 7.9973867,11.5 8,11.497387 8,11.494141 V 7.5058594 C 8,7.5026133 7.9973867,7.5 7.9941406,7.5 h -1 C 6.9973867,7.5 7,7.4973867 7,7.4941406 V 6.5058594 C 7,6.5026133 6.9973867,6.5 6.9941406,6.5 Z"
+             inkscape:label="Body" /></g><g
+        id="g31"
+        inkscape:label="Head"><path
+             id="rect28"
+             style="opacity:1;fill:#000000;fill-opacity:1"
+             d="M 1.0058594,-0.5 C 1.0026133,-0.5 1,-0.49738672 1,-0.49414062 V 0.49414062 C 1,0.49738672 1.0026133,0.5 1.0058594,0.5 H 1.9941406 C 1.9973867,0.5 2,0.49738672 2,0.49414062 V -0.49414062 C 2,-0.49738672 1.9973867,-0.5 1.9941406,-0.5 Z m 2,0 C 3.0026133,-0.5 3,-0.49738672 3,-0.49414062 V 0.49414062 C 3,0.49738672 3.0026133,0.5 3.0058594,0.5 H 4.9941406 C 4.9973867,0.5 5,0.49738672 5,0.49414062 V -0.49414062 C 5,-0.49738672 4.9973867,-0.5 4.9941406,-0.5 Z m -1,1 C 2.0026133,0.5 2,0.50261328 2,0.50585938 V 1.4941406 C 2,1.4973867 2.0026133,1.5 2.0058594,1.5 h -1 C 1.0026133,1.5 1,1.5026133 1,1.5058594 V 5.4941406 C 1,5.4973867 1.0026133,5.5 1.0058594,5.5 H 6.9941406 C 6.9973867,5.5 7,5.4973867 7,5.4941406 V 1.5058594 C 7,1.5026133 6.9973867,1.5 6.9941406,1.5 h -4 C 2.9973867,1.5 3,1.4973867 3,1.4941406 V 0.50585938 C 3,0.50261328 2.9973867,0.5 2.9941406,0.5 Z"
+             inkscape:label="Head" /></g></g></g><g
+        id="text32"
+        style="font-weight:500;font-size:4.58611px;font-family:Montserrat;-inkscape-font-specification:'Montserrat, Medium';letter-spacing:-0.079375px;word-spacing:0.0926042px;stroke-width:0;stroke-miterlimit:8.7"
+        inkscape:label="Sign in"
+        transform="scale(0.95030748,1.052291)"
+        aria-label="Sign in with ByeCorps ID"><path
+         style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
+         d="m 19.328294,7.9399255 c 0.820914,0 1.196975,-0.4035777 1.196975,-0.875947 0,-1.1694581 -1.976613,-0.6374693 -1.976613,-1.5180025 0,-0.3210277 0.261408,-0.582436 0.84843,-0.582436 0.284339,0 0.605367,0.087136 0.880533,0.2659944 L 20.392272,4.9589539 C 20.13545,4.7800956 19.759389,4.6746151 19.397086,4.6746151 c -0.816327,0 -1.183216,0.4081638 -1.183216,0.8805331 0,1.1878025 1.976613,0.6466416 1.976613,1.5271747 0,0.3164416 -0.261408,0.5686777 -0.862189,0.5686777 -0.421922,0 -0.830085,-0.1651 -1.059391,-0.3898194 l -0.132997,0.2614083 c 0.238478,0.2476499 0.710847,0.417336 1.192388,0.417336 z m 1.952271,-2.9672133 c 0.137584,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238477,0.1054806 -0.238477,0.2293055 0,0.1284111 0.10548,0.2338916 0.238477,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 21.115465 V 7.9124088 Z M 24.19133,5.963312 C 23.989541,5.6468704 23.640997,5.4817705 23.237419,5.4817705 c -0.687917,0 -1.210733,0.4723693 -1.210733,1.1648719 0,0.6925027 0.522816,1.1740442 1.210733,1.1740442 0.394405,0 0.738364,-0.1605138 0.940153,-0.4677832 v 0.3072694 c 0,0.5961943 -0.279753,0.875947 -0.889706,0.875947 -0.371475,0 -0.720019,-0.123825 -0.949325,-0.3301999 l -0.1651,0.2476499 c 0.252236,0.2384777 0.683331,0.3714749 1.123597,0.3714749 0.797984,0 1.206147,-0.376061 1.206147,-1.2061469 V 5.5001149 H 24.19133 Z m -0.921808,1.5684497 c -0.531989,0 -0.912636,-0.3623027 -0.912636,-0.8851193 0,-0.5228165 0.380647,-0.8805331 0.912636,-0.8805331 0.531989,0 0.917222,0.3577166 0.917222,0.8805331 0,0.5228166 -0.385233,0.8851193 -0.917222,0.8851193 z m 3.296006,-2.0499912 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 H 25.33645 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z m 3.17623,-0.5090583 c 0.137583,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.105481,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 29.576658 V 7.9124088 Z M 31.96002,5.4817705 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 h -0.311856 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 V 7.9124088 H 32.95062 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z M 37.447649,7.5501061 36.677182,5.5001149 H 36.397429 L 35.622377,7.5501061 34.865669,5.5001149 h -0.311856 l 0.90805,2.4122939 h 0.307269 l 0.761295,-1.9766134 0.761294,1.9766134 h 0.307269 l 0.912636,-2.4122939 h -0.298097 z m 1.640415,-2.5773939 c 0.137583,0 0.238477,-0.1054805 0.238477,-0.2384777 0,-0.123825 -0.10548,-0.2247194 -0.238477,-0.2247194 -0.132998,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.10548,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 h -0.325614 v 2.4122939 z m 1.984371,-0.3806471 c -0.09172,0.08255 -0.224719,0.123825 -0.357717,0.123825 -0.27058,0 -0.417336,-0.1559278 -0.417336,-0.4402666 V 5.7752815 h 0.733778 V 5.5001149 H 40.457896 V 4.9727122 h -0.325614 v 0.5274027 h -0.431094 v 0.2751666 h 0.431094 v 1.458383 c 0,0.4448527 0.252237,0.7016749 0.706261,0.7016749 0.188031,0 0.380648,-0.055033 0.509059,-0.1696861 z m 1.855963,-2.0499912 c -0.408164,0 -0.724606,0.1605138 -0.903464,0.4402665 V 4.5095151 h -0.325614 v 3.4028937 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z"
+         id="path40" /><path
+        style="font-weight:bold;-inkscape-font-specification:'Montserrat, Bold'"
+        d="m 48.383925,6.2430647 c 0.261408,-0.1375833 0.426508,-0.3852332 0.426508,-0.7062609 0,-0.499886 -0.41275,-0.8346721 -1.215319,-0.8346721 h -1.56845 v 3.2102771 h 1.660172 c 0.843844,0 1.284111,-0.3210277 1.284111,-0.875947 0,-0.4035777 -0.229306,-0.6787443 -0.587022,-0.7933971 z M 47.503392,5.2616372 c 0.362302,0 0.559505,0.123825 0.559505,0.376061 0,0.2522361 -0.197203,0.3806472 -0.559505,0.3806472 H 46.765028 V 5.2616372 Z M 46.765028,7.3529034 V 6.5595063 h 0.866775 c 0.385233,0 0.591608,0.1284111 0.591608,0.3989916 0,0.2751666 -0.206375,0.3944055 -0.591608,0.3944055 z M 50.469192,7.1190118 49.776689,5.4450816 h -0.738364 l 1.068564,2.4856717 -0.0092,0.022931 c -0.09631,0.2201333 -0.206375,0.3072694 -0.403578,0.3072694 -0.142169,0 -0.293511,-0.059619 -0.403578,-0.1559277 l -0.261408,0.5090582 c 0.160514,0.1421694 0.43568,0.2247194 0.687917,0.2247194 0.444852,0 0.784224,-0.1788583 1.022702,-0.7750526 L 51.854197,5.4450816 H 51.16628 Z m 3.947232,-0.4310944 c 0,-0.793397 -0.559506,-1.2795247 -1.284111,-1.2795247 -0.752122,0 -1.316214,0.5319888 -1.316214,1.2703525 0,0.7337776 0.55492,1.2703525 1.407936,1.2703525 0.444853,0 0.788811,-0.1375833 1.018117,-0.3989916 L 53.861505,7.1373562 c -0.169686,0.1605139 -0.357717,0.2384777 -0.619125,0.2384777 -0.376061,0 -0.63747,-0.1880305 -0.706261,-0.4952998 h 1.866547 c 0.0046,-0.05962 0.01376,-0.1375834 0.01376,-0.1926167 z M 53.136899,5.9495537 c 0.321028,0 0.55492,0.2017888 0.605367,0.5136443 h -1.215319 c 0.05045,-0.3164416 0.284338,-0.5136443 0.609952,-0.5136443 z"
+        id="path41" /><path
+        style="font-weight:600;-inkscape-font-specification:'Montserrat, Semi-Bold'"
+        d="m 56.400799,7.9582699 c 0.527402,0 0.976841,-0.1880305 1.274938,-0.5365749 L 57.290504,7.0548062 c -0.233892,0.2568222 -0.522816,0.3806472 -0.857602,0.3806472 -0.664986,0 -1.146528,-0.4677833 -1.146528,-1.1281831 0,-0.6603999 0.481542,-1.1281831 1.146528,-1.1281831 0.334786,0 0.62371,0.123825 0.857602,0.376061 L 57.675737,5.1928455 C 57.37764,4.8443012 56.928201,4.6562706 56.405385,4.6562706 c -0.986014,0 -1.719791,0.6925027 -1.719791,1.6509997 0,0.958497 0.733777,1.6509996 1.715205,1.6509996 z m 2.722731,-0.013758 c 0.761295,0 1.307042,-0.5228166 1.307042,-1.2565942 0,-0.7337776 -0.545747,-1.252008 -1.307042,-1.252008 -0.752122,0 -1.302455,0.5182304 -1.302455,1.252008 0,0.7337776 0.550333,1.2565942 1.302455,1.2565942 z m 0,-0.4907138 c -0.41275,0 -0.724605,-0.2980971 -0.724605,-0.7658804 0,-0.4677832 0.311855,-0.7658804 0.724605,-0.7658804 0.417336,0 0.729192,0.2980972 0.729192,0.7658804 0,0.4677833 -0.311856,0.7658804 -0.729192,0.7658804 z M 61.447281,5.463426 h -0.545747 v 2.4489828 h 0.573263 V 6.7246063 c 0,-0.499886 0.275167,-0.7567082 0.710848,-0.7567082 0.04127,0 0.08255,0.00459 0.132997,0.013758 V 5.4359094 c -0.408164,0 -0.706261,0.128411 -0.871361,0.3852332 z m 2.635605,-0.027517 c -0.334786,0 -0.619125,0.1146527 -0.811741,0.3485443 V 5.463426 h -0.545747 v 3.3386882 h 0.573263 V 7.6143117 c 0.197203,0.2247194 0.47237,0.3301999 0.784225,0.3301999 0.715433,0 1.242836,-0.4952999 1.242836,-1.2565942 0,-0.7567081 -0.527403,-1.252008 -1.242836,-1.252008 z m -0.06421,2.0178884 c -0.41275,0 -0.729192,-0.2980971 -0.729192,-0.7658804 0,-0.4677832 0.316442,-0.7658804 0.729192,-0.7658804 0.41275,0 0.724605,0.2980972 0.724605,0.7658804 0,0.4677833 -0.311855,0.7658804 -0.724605,0.7658804 z m 2.530125,0.4907138 c 0.687916,0 1.109838,-0.2980972 1.109838,-0.7567082 0,-0.958497 -1.513416,-0.5182304 -1.513416,-1.0135303 0,-0.1605139 0.1651,-0.2751666 0.513644,-0.2751666 0.233892,0 0.467784,0.045861 0.701675,0.1834444 l 0.220134,-0.4356805 c -0.220134,-0.1329972 -0.591609,-0.210961 -0.917222,-0.210961 -0.6604,0 -1.077736,0.3026832 -1.077736,0.7658804 0,0.9768414 1.513416,0.5365748 1.513416,1.0043581 0,0.169686 -0.151342,0.2705805 -0.513644,0.2705805 -0.30727,0 -0.63747,-0.1008945 -0.853017,-0.2430639 L 65.512345,7.669345 c 0.220133,0.1559277 0.628297,0.2751666 1.036461,0.2751666 z"
+        id="path42" /><path
+        style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
+        d="M 69.775483,7.9124088 V 4.7021317 H 69.43611 v 3.2102771 z m 2.273299,0 c 1.027288,0 1.719791,-0.6603998 1.719791,-1.6051385 0,-0.9447387 -0.692503,-1.6051386 -1.719791,-1.6051386 H 70.74174 v 3.2102771 z m -0.96767,-2.916766 h 0.949325 c 0.853017,0 1.40335,0.541161 1.40335,1.3116275 0,0.7704665 -0.550333,1.3116275 -1.40335,1.3116275 h -0.949325 z"
+        id="path43" /></g></g></svg>
diff --git a/head.php b/head.php
index 1998630..5ea88ad 100644
--- a/head.php
+++ b/head.php
@@ -7,7 +7,7 @@
 ></script>
 <title><?php if (isset($doc_title)) { echo $doc_title." | "; } ?>ByeCorps ID</title>
 
-<link rel="shortcut icon" href="favicon.svg" type="image/svg" />
+<link rel="shortcut icon" href="/favicon.svg" type="image/svg" />
 
 <link rel="manifest" href="manifest.json" />
 
diff --git a/index.php b/index.php
index 9f068c5..3d7a309 100755
--- a/index.php
+++ b/index.php
@@ -120,12 +120,14 @@ $paths = array(
     "/admin/list/accounts" => ["admin_accounts.php"],
     "/admin/list/apps" => ["admin_apps.php"],
     "/admin/create/app" => ["admin_apps_create.php"],
+    "/admin/create/token" => ["admin_create_token.php"],
     "/admin/signinas" => ["signinas.php"],
     "/admin/purge" => ["admin_purge.php"],
 
     // Settings
     "/dashboard" => ["dashboard.php", "Dashboard"],
     "/settings" => ["settings.php", "Settings"],
+    "/settings/account" => ["settings_account.php", "Settings -> Account"],
 
     "/account" => ["account.php", "Your account"],
     "/signin" => ["signin.php", "Sign in"],
diff --git a/landing.php b/landing.php
index a4ea89b..c4769b4 100644
--- a/landing.php
+++ b/landing.php
@@ -1,3 +1,11 @@
+<?php
+
+if (isset($_GET['new_landing'])) {
+    goto new_landing;
+}
+
+?>
+
 <div class="hero">
     <div class="hero-text">
         <img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
@@ -5,10 +13,26 @@
         <p>Log into ByeCorps and beyond with a single ID.</p>
         <!-- <p><input type="email" name="loginEmail" id="loginEmail" placeholder="Email" /></p> -->
 
-        <?php 
-        if ( $_SESSION['auth']) { echo "<a href='/account' class='button primary'>Manage account</a>"; } 
-        else { echo "<a href='/signin' class='button primary'>Sign in</a><a href='/signup' class='button'>Create an account</a>"; } 
+        <?php
+        if ( $_SESSION['auth']) { echo "<a href='/account' class='button primary'>Manage account</a>"; }
+        else { echo "<a href='/signin' class='button primary'>Sign in</a><a href='/signup' class='button'>Create an account</a>"; }
         ?>
 
     </div>
-</div>
\ No newline at end of file
+</div>
+
+<?php
+
+exit;
+
+new_landing:
+
+?>
+
+<div class="hero">
+    <div class="hero-text">
+        <img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
+        <h1><span class="bc-1">Bye</span><span class="bc-2">Corps</span><span class="bc-3"> ID</span></h1>
+        <p>Log into ByeCorps and beyond with a single ID.</p>
+</div>
+
diff --git a/login_external_basic.php b/login_external_basic.php
index af0e93e..2a1c68c 100644
--- a/login_external_basic.php
+++ b/login_external_basic.php
@@ -31,9 +31,29 @@ if ($query['callback'] != $app['callback']) {
     goto login;
 }
 
+if ($_SESSION['auth'] && $_SERVER['REQUEST_METHOD'] == 'GET') {
+    // We can check if there's already a valid token of the same level and just pass that on instead.
+    $valid_tokens = db_execute_all("SELECT * FROM tokens WHERE owner_id = ? AND type = ? AND application_id = ? AND expiry > ?",
+        [$_SESSION['id'], "basic", $app_id, time()]);
+
+    if (sizeof($valid_tokens) > 0) {
+        print_r($valid_tokens);
+
+        $token = $valid_tokens[0];
+
+        header('Location: '. $_GET['callback'].'?access_token='.$token['access_token'].'&refresh='.$token['refresh_token']
+                .'&expiry='.$token['expiry']);
+        exit();
+    }
+
+//    if (validate_access_token())
+
+
+}
+
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     // Here's a few easy steps to figure out if we should give the other party a token or not.
-    print_r($_POST);
+//    print_r($_POST);
 
     // First: match the session ids. If they aren't the same it's probably Not Ok.
     if (session_id() != $_POST['sessionid']) {
@@ -74,7 +94,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 
     // The following gets run assuming we know the client is the one CLICKING the button.
-    $tokens = generate_basic_access_token($_POST['bcid']);
+    $tokens = generate_basic_access_token($_POST['bcid'], $app_id);
 
     header('Location: '. $_POST['callback'].'?access_token='.$tokens['access'].'&refresh='.$tokens['refresh']
                                 .'&expiry='.$tokens['expiry']);
@@ -94,15 +114,15 @@ login:
                 <img src="<?= $app['icon'] ?>" alt="<?= htmlspecialchars($user['title']) ?>'s avatar" />
             </div>
             <h1>Sign into <?= htmlspecialchars($app['title']) ?></h1>
-            <p class="subtitle">Owned by <strong><?= get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ?></strong></p>
+            <p class="subtitle">Owned by <strong><?= htmlspecialchars( get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ) ?></strong></p>
 <!--            <p>--><?php //= htmlspecialchars($app['description']) ?><!--</p>-->
             <?php
             error_no_app:
             if ($error) {
                 http_response_code($error[1]);
                 echo "
-<div class='error center'>
-<span class='fa-regular fa-2xl center fa-xmark-circle'></span>
+<div class='error center vertical-center'>
+<span class='fg-error fa-regular fa-2xl center fa-xmark-circle'></span>
 <h2>Something went wrong!</h2>
 <p>Server returned error:<br /><code>$error[0]</code> (HTTP response code $error[1])</p>
 </div>
@@ -110,9 +130,9 @@ login:
                 goto dont_show_form;
             }
             ?>
-            <p><strong><?= $app['title'] ?></strong> uses ByeCorps ID for authentication.</p>
+            <p><strong><?= htmlspecialchars($app['title']) ?></strong> uses ByeCorps ID for authentication.</p>
             <p>Please double-check the information and avoid signing in with your BCID if you do not trust this app.</p>
-            <p>Please confirm that you'd like to sign into <strong><?= $app['title'] ?></strong>.</p>
+            <p>Please confirm that you'd like to sign into <strong><?= htmlspecialchars($app['title']) ?></strong>.</p>
             <?php
             if (null != $flash) {
                 echo "<p class='flash'>$flash</p>";
@@ -131,11 +151,10 @@ login:
                 <input type="email" autocomplete="email" name="email" id="email" placeholder="Email" />
                 <input type="password" name="password" id="password" placeholder="Password" />
                 <?php signedin: ?>
-                <button class="primary" type="submit">Sign into <?= $app['title']; ?></button>
-                <button class="secondary" type="reset">GET ME OUT OF HERE</button>
+                <button class="primary" type="submit">Sign into <?= htmlspecialchars($app['title']) ?></button>
                 <p class="subtitle center">
-                    You will be brought to <strong><?= $query['callback'] ?></strong>.
-                    <br /><?= $app['title'] ?> will be able to see your email and display name.
+                    You will be brought to <strong><?= htmlspecialchars($query['callback']) ?></strong>.
+                    <br /><strong><?= htmlspecialchars($app['title']) ?></strong> will be able to see your email and display name.
                 </p>
                 <input type="hidden" name="callback" value="<?= $query['callback'] ?>" />
             </form>
diff --git a/profile.php b/profile.php
index 4f65db5..1636266 100644
--- a/profile.php
+++ b/profile.php
@@ -33,7 +33,7 @@ if ($_SESSION['id'] != $profile['id']) {
 }
 
 // Get badges owned by this person
-$badges = db_execute_all('SELECT * FROM badge_owners INNER JOIN badges b on badge_owners.badge_id = b.id; ', []);
+$badges = db_execute_all('SELECT * FROM badge_owners INNER JOIN badges b on badge_owners.badge_id = b.id WHERE owner_id = ?; ', [$profile['id']]);
 if (!empty($badges)) {
     if (!array_is_list($badges)) {
         $badges = array (0 => $badges);
@@ -42,49 +42,3 @@ if (!empty($badges)) {
 
 ?>
 
-<div id="profile">
-    <img src="<?= $avatar ?>" class="avatar" alt="Avatar">
-    <div class="info">
-        <div class="displayname"><?= htmlspecialchars($display_name) ?></div>
-        <div class="bcid"><?= format_bcid( $profile['id'] ); ?></div>
-    </div>
-</div>
-
-<div id="details">
-    <div id="badges">
-        <h2>Badges</h2>
-        <?php
-        if (empty($badges)) {
-            echo '<p>This profile has no badges :(</p>';
-        } else {
-            foreach ($badges as $badge) {
-                echo "<div class='badge'>
-<img src='". $badge['image'] ."' alt='". htmlspecialchars($badge['title']) ."' />
-<div class='details'>
-<span class='title'>" . htmlspecialchars($badge['title']) . "</span>
-<p>". htmlspecialchars($badge['description']) ."</p>
-<p class='subtitle'>". htmlspecialchars($badge['description']) ."</p>
-<p class='earned subtitle'>Earned " . $badge['earned'] . "</p>
-</div>
-</div>";
-            }
-        }
-        ?>
-    </div>
-
-    <div id="info">
-        <h2>Info</h2>
-
-        <table>
-            <tr>
-                <th>Joined</th>
-                <td><?= $user['created_date'] ?></td>
-            </tr>
-            <tr>
-                <th>Badges earned</th>
-                <td><?= count($badges) ?></td>
-            </tr>
-        </table>
-
-    </div>
-</div>
diff --git a/settings_account.php b/settings_account.php
new file mode 100644
index 0000000..08cf72f
--- /dev/null
+++ b/settings_account.php
@@ -0,0 +1,79 @@
+<?php
+
+if (empty($_SESSION)) {
+    http_response_code(307);
+    header('Location: /signin?callback=/dashboard');
+    exit();
+}
+if (!$_SESSION['auth']) {
+    http_response_code(307);
+    header('Location: /signin?callback=/dashboard');
+    exit;
+}
+
+?>
+
+<link href="/styles/settings.css" rel="stylesheet" />
+
+<div id="settings_split">
+    <div id="mini_profile" class="left">
+        <div class="image_container" data-backgroundcolour="white">
+            <img src="<?= get_avatar_url($user['id']) ?>"  alt="<?= htmlspecialchars(get_display_name($user['id'])) ?>'s avatar"/>
+        </div>
+        <div class="texts">
+            <span class="displayname"><?= htmlspecialchars(get_display_name($user['id'], false)) ?></span>
+            <span class="id bcid"><?= format_bcid($user['id']) ?></span>
+        </div>
+    </div>
+
+    <div class="other">
+        <h1>Account</h1>
+        <form method="post">
+            <div class="container">
+                <label for="display_name"><span id="display_name_label"></span> Display name</label>
+                <input type="text" name="display_name" id="display_name" data-field="account.display_name" placeholder="<?= htmlspecialchars(format_bcid($user['id'])) ?>" value="<?= htmlspecialchars($user['display_name']) ?>">
+            </div>
+
+            <button type="submit">Save</button>
+        </form>
+    </div>
+</div>
+
+<style>
+    /*form label {*/
+    /*    padding-right: 1rem;*/
+    /*}*/
+</style>
+
+<script>
+    const display_name_box = document.getElementById("display_name");
+
+    async function updateJsonSettings(data) {
+        const response = await fetch("https://id.byecorps.com/api/settings", {
+            method: "POST", // or 'PUT'
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(data),
+        });
+
+        const result = await response.json();
+        console.log("Success:", result);
+        return result;
+    }
+
+    display_name_box.onchange = _ => {
+        document.getElementById("display_name_label").classList = "fa-solid fa-spinner fa-spin-pulse";
+
+        updateJsonSettings({
+            account: {
+                display_name: display_name_box.value,
+            }
+        }).then(_=>{
+            document.getElementById("display_name_label").classList = "fa-solid fa-check";
+        }).catch(_=>{
+            document.getElementById("display_name_label").classList = "fa-solid fa-triangle-exclamation";
+        });
+
+    }
+</script>
diff --git a/signin.php b/signin.php
index 7814a1a..0574d99 100644
--- a/signin.php
+++ b/signin.php
@@ -33,7 +33,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
             if ($_POST['keep_logged_in'] == "on") {
                 $token = generate_cookie_access_token($user['id']);
 //            print_r($token);
-                setcookie("keep_me_logged_in", $token['access']);
+                setcookie("keep_me_logged_in", $token['access'], time()+606024*365);
             }
         }
 
diff --git a/styles/colours.css b/styles/colours.css
index fe71ae5..b346a2f 100644
--- a/styles/colours.css
+++ b/styles/colours.css
@@ -24,6 +24,8 @@
     --grey-8: #343a40;
     --grey-9: #212529;
 
+    --error-color: var(--red-5);
+
     --background: white;
     --background-dark: #121212;
 
@@ -111,6 +113,10 @@ input[data-com-onepassword-filled="dark"] {
     color: black;
 }
 
+.fg-error {
+    color: var(--error-color);
+}
+
 @media screen and (prefers-color-scheme: dark) {
     :root {
         --background: #121212;
diff --git a/styles/profiles.css b/styles/profiles.css
index fb02a44..d5b4f78 100644
--- a/styles/profiles.css
+++ b/styles/profiles.css
@@ -1,4 +1,12 @@
 
+#profile {
+    display: flex;
+}
+
+#profile .avatar {
+    height: 150px;
+}
+
 #mini_profile {
     display: flex;
     gap: 1rem;
diff --git a/styles/types.css b/styles/types.css
index 26b27af..2861f85 100644
--- a/styles/types.css
+++ b/styles/types.css
@@ -52,6 +52,10 @@ h2.subheading + h1 {
     text-align: center;
 }
 
+.vertical-center {
+    vertical-align: center;
+}
+
 .icon-true::before {
     content: "\f00c";
 }