i dont know whats in this commit hopefully it's good

This commit is contained in:
bye 2024-05-29 18:33:57 +01:00
parent dca42da4fc
commit 10702cef41
16 changed files with 426 additions and 82 deletions

View File

@ -30,7 +30,7 @@ function get_display_name($bcid, $use_bcid_fallback=true, $put_bcid_in_parenthes
// Tokens so apps can get VERY BASIC information // Tokens so apps can get VERY BASIC information
function generate_basic_access_token($bcid): array function generate_basic_access_token($bcid, $application_id=""): array
{ {
// Returns an access token, a refresh token and an expiry timestamp. // Returns an access token, a refresh token and an expiry timestamp.
@ -42,14 +42,42 @@ function generate_basic_access_token($bcid): array
// echo $access_token . ":" . $refresh_token; // echo $access_token . ":" . $refresh_token;
if ($application_id) {
db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions) VALUES (?,?,?,?,?, (1<<0 | 1<<1))",
[$access_token, $refresh_token, $expiry, $bcid, $application_id]
);
} else {
db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, permissions) VALUES (?,?,?,?, (1<<0 | 1<<1))",
[$access_token, $refresh_token, $expiry, $bcid]
);
}
return [
"access" => $access_token,
"refresh" => $refresh_token,
"expiry" => $expiry,
"id" => $bcid
];
}
function generate_token($bcid, $application_id=null, $permissions=0): array {
$access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
$refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
$valid_time = 12; // in hours
$expiry = time() + ($valid_time * 60 * 60);
db_execute( db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id) VALUES (?,?,?,?)", "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions, type) VALUES (?,?,?,?,?,?, 'oauth')",
[$access_token, $refresh_token, $expiry, $bcid] [$access_token, $refresh_token, $expiry, $bcid, $application_id, $permissions]
); );
return [ return [
"access" => $access_token, "access" => $access_token,
"refresh" => $refresh_token, "refresh" => $refresh_token,
"permissions" => $permissions,
"expiry" => $expiry, "expiry" => $expiry,
"id" => $bcid "id" => $bcid
]; ];

View File

@ -18,6 +18,11 @@
</li> </li>
</ul> </ul>
<h2>API</h2>
<ul>
<li><a href="/admin/create/token">Token generator</a></li>
</ul>
<h2>Init</h2> <h2>Init</h2>
<ul> <ul>
<li> <li>

View File

@ -21,9 +21,9 @@ $count = $count_req->fetchColumn();
<ul> <ul>
<?php <?php
foreach ($result as $row) { foreach ($result as $row) {
echo "<li><pre>"; echo "<li>";
print_r($row); echo $row['id'];
echo "</pre><p><a href='/admin/signinas?id=".$row['id']."'>Sign in as ".$row['display_name']."</a></li>"; echo "<p><a href='/admin/signinas?id=".$row['id']."'>Sign in as ".htmlspecialchars($row['display_name'])."</a></li>";
} }
?> ?>
</ul> </ul>

86
admin_create_token.php Normal file
View File

@ -0,0 +1,86 @@
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo "<pre>";
print_r($_POST);
echo "</pre>";
$token = generate_token($_POST['owner'], $_POST['application'], $_POST['permissions']);
echo "<p>Created token. Access token: <code>". $token['access'] ."</code></p>";
}
?>
<h1>Token generator</h1>
<form method="post">
<div class="container">
<label for="owner">Token owner</label>
<select name="owner" required id="owner">
<?php
$users = db_query("SELECT * FROM accounts");
foreach ($users as $row) {
echo "<option value='".$row['id']."'>".get_display_name($row['id'])." (".$row['id'].") </option>";
}
?>
</select>
</div>
<div class="container">
<label for="app">Token app</label>
<select name="app" id="app">
<option value="null">None</option>
<?php
$users = db_query("SELECT * FROM apps");
foreach ($users as $row) {
echo "<option value='".$row['id']."'>". $row['title'] ."</option>";
}
?>
</select>
</div>
<input type="hidden" id="permissions" name="permissions" value="0" />
<h2>Permissions</h2>
<p>Permission number: <span id="permissionnumber"></span></p>
<div class="checkboxes container">
<input type="checkbox" id="account.email" value="1" /><label for="account.email"><code>account.email</code></label>
<input type="checkbox" id="account.settings" value="2" /><label for="account.settings"><code>account.settings</code></label>
</div>
<button type="submit">Generate!</button>
</form>
<style>
form .container {
display: unset;
}
</style>
<script>
const displayNumber = document.getElementById("permissionnumber");
const permissionsInput = document.getElementById("permissions");
const checkboxes = document.querySelectorAll("input[type='checkbox']");
console.log(checkboxes);
function updateCheckboxes() {
let permissions = 0;
for (let checkbox of checkboxes) {
if (checkbox.checked) {
permissions += Number(checkbox.value);
}
}
displayNumber.innerText = permissions.toString();
permissionsInput.value = permissions;
}
for (let checkbox of checkboxes) {
checkbox.onchange = updateCheckboxes;
}
updateCheckboxes();
</script>

View File

@ -7,8 +7,6 @@ if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
$access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']); $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
} }
if (!empty($access_token)) { if (!empty($access_token)) {
// Check who the access token belongs to // Check who the access token belongs to
$token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]); $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
@ -27,7 +25,6 @@ function check_authorisation($token=""): int
global $token_owner; global $token_owner;
// Validate token // Validate token
if (!validate_access_token($token) && "" != $token) { if (!validate_access_token($token) && "" != $token) {
echo "invalid";
return 0; // Unauthorised return 0; // Unauthorised
} }
@ -50,8 +47,9 @@ function check_authorisation($token=""): int
} }
return match ($token_row['type']) { return match ($token_row['type']) {
"dangerous" => 22, "dangerous" => 1<<0 | 1<<1, // Everything
"basic" => 1, "basic" => 1<<1, // Basic
"oauth" => $token_row['permissions'],
default => 0, default => 0,
}; };
} }
@ -93,16 +91,12 @@ function api_user_info(): array
// `display_name` = 1 (basic) // `display_name` = 1 (basic)
// `id` = 1 (basic) // `id` = 1 (basic)
// `email` = 1 (basic) // `email` = 1 (basic)
$level = check_authorisation($access_token); $level = check_authorisation($access_token);
$data = null; $data = null;
if ($level & (1 << 0)) {
if ($level >= 1) {
$data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]); $data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
} if ($level == 22) { } else {
$data = db_execute("SELECT * FROM accounts WHERE id = ? LIMIT 1", [$token_owner]); $data = db_execute("SELECT id, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
unset($data['password']);
} }
if (null != $data) { if (null != $data) {
@ -117,7 +111,50 @@ function api_user_info(): array
"response_code" => 401, "response_code" => 401,
"message" => "Unauthorized." "message" => "Unauthorized."
]; ];
}
function api_settings(): array
{
// GET: Return all settings
// POST/PATCH: Update settings
global $access_token, $token_owner;
$level = check_authorisation($access_token);
if (!($level & (1 << 1))) { // account.settings
http_response_code(401);
return [
"response_code" => 401,
"message" => "Unauthorized."
];
}
if ($_SERVER['REQUEST_METHOD'] === "POST") {
// Now for the fucking worstest code ever
$settings_changed = json_decode(file_get_contents('php://input'), true);
if (isset($settings_changed['account'])) {
if (isset($settings_changed['account']['display_name'])) {
$display_name = db_execute('UPDATE accounts SET display_name = ? WHERE id = ?',
[$settings_changed['account']['display_name'], $token_owner]);
}
}
}
// Get account settings
$display_name = db_execute('SELECT display_name FROM accounts WHERE id = ?', [$token_owner])["display_name"];
return [
"response_code" => 200,
"settings" => [
"account" => [
"display_name" => $display_name,
]
]
];
} }
$api_routes = [ // base url is base_url.'/api' $api_routes = [ // base url is base_url.'/api'
@ -129,6 +166,9 @@ $api_routes = [ // base url is base_url.'/api'
// Account stuff // Account stuff
"/account/me" => "api_user_info", "/account/me" => "api_user_info",
// Settings
"/settings" => "api_settings",
// Get avatar // Get avatar
"/avatars/get" => "get_avatar" "/avatars/get" => "get_avatar"
]; ];
@ -142,6 +182,7 @@ if (isset($api_routes[$path])) {
"response_code" => "498", "response_code" => "498",
"message" => "Token expired or invalid." "message" => "Token expired or invalid."
])); ]));
exit();
} }
$response = $api_routes[$path](); $response = $api_routes[$path]();
if (array_key_exists('response_code', $response)) { if (array_key_exists('response_code', $response)) {

View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="300.858"
height="50"
viewBox="0 0 79.602012 13.229167"
version="1.1"
id="svg1"
xml:space="preserve"
inkscape:export-filename="bitmap.png"
inkscape:export-xdpi="192"
inkscape:export-ydpi="192"
inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
sodipodi:docname="bcidsignin.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
id="namedview1"
pagecolor="#ffffff"
bordercolor="#000000"
borderopacity="0.25"
inkscape:showpageshadow="true"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="true"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="px"
showborder="false"
labelstyle="default"
inkscape:zoom="2.8649832"
inkscape:cx="165.446"
inkscape:cy="-36.300388"
inkscape:window-width="1920"
inkscape:window-height="1008"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="layer2" /><defs
id="defs1" /><g
inkscape:groupmode="layer"
id="layer2"
inkscape:label="Layer 2"><rect
style="display:inline;opacity:1;fill:#efdd8d;fill-opacity:1;stroke:#dcc455;stroke-width:0.261525;stroke-dasharray:none;stroke-opacity:1"
id="rect35"
width="79.340492"
height="12.967643"
x="0.13076229"
y="0.13076213"
ry="2.0748229"
rx="2.1097128"
inkscape:label="Background" /><g
style="shape-rendering:crispEdges"
id="g32"
transform="matrix(0.52916667,0,0,0.52916667,9.5250001,3.7041667)"
inkscape:label="BCID person"><g
id="layer1-5"
inkscape:label="BCID logo"><g
id="g27"
inkscape:label="Body"
style="opacity:1"><path
id="rect26"
style="opacity:1;fill:#000000;fill-opacity:1"
d="M 1.0058594,6.5 C 1.0026133,6.5 1,6.5026133 1,6.5058594 V 7.4941406 C 1,7.4973867 1.0026133,7.5 1.0058594,7.5 H 0.00585938 C 0.00261328,7.5 0,7.5026133 0,7.5058594 V 11.494141 C 0,11.497387 0.00261328,11.5 0.00585938,11.5 H 7.9941406 C 7.9973867,11.5 8,11.497387 8,11.494141 V 7.5058594 C 8,7.5026133 7.9973867,7.5 7.9941406,7.5 h -1 C 6.9973867,7.5 7,7.4973867 7,7.4941406 V 6.5058594 C 7,6.5026133 6.9973867,6.5 6.9941406,6.5 Z"
inkscape:label="Body" /></g><g
id="g31"
inkscape:label="Head"><path
id="rect28"
style="opacity:1;fill:#000000;fill-opacity:1"
d="M 1.0058594,-0.5 C 1.0026133,-0.5 1,-0.49738672 1,-0.49414062 V 0.49414062 C 1,0.49738672 1.0026133,0.5 1.0058594,0.5 H 1.9941406 C 1.9973867,0.5 2,0.49738672 2,0.49414062 V -0.49414062 C 2,-0.49738672 1.9973867,-0.5 1.9941406,-0.5 Z m 2,0 C 3.0026133,-0.5 3,-0.49738672 3,-0.49414062 V 0.49414062 C 3,0.49738672 3.0026133,0.5 3.0058594,0.5 H 4.9941406 C 4.9973867,0.5 5,0.49738672 5,0.49414062 V -0.49414062 C 5,-0.49738672 4.9973867,-0.5 4.9941406,-0.5 Z m -1,1 C 2.0026133,0.5 2,0.50261328 2,0.50585938 V 1.4941406 C 2,1.4973867 2.0026133,1.5 2.0058594,1.5 h -1 C 1.0026133,1.5 1,1.5026133 1,1.5058594 V 5.4941406 C 1,5.4973867 1.0026133,5.5 1.0058594,5.5 H 6.9941406 C 6.9973867,5.5 7,5.4973867 7,5.4941406 V 1.5058594 C 7,1.5026133 6.9973867,1.5 6.9941406,1.5 h -4 C 2.9973867,1.5 3,1.4973867 3,1.4941406 V 0.50585938 C 3,0.50261328 2.9973867,0.5 2.9941406,0.5 Z"
inkscape:label="Head" /></g></g></g><g
id="text32"
style="font-weight:500;font-size:4.58611px;font-family:Montserrat;-inkscape-font-specification:'Montserrat, Medium';letter-spacing:-0.079375px;word-spacing:0.0926042px;stroke-width:0;stroke-miterlimit:8.7"
inkscape:label="Sign in"
transform="scale(0.95030748,1.052291)"
aria-label="Sign in with ByeCorps ID"><path
style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
d="m 19.328294,7.9399255 c 0.820914,0 1.196975,-0.4035777 1.196975,-0.875947 0,-1.1694581 -1.976613,-0.6374693 -1.976613,-1.5180025 0,-0.3210277 0.261408,-0.582436 0.84843,-0.582436 0.284339,0 0.605367,0.087136 0.880533,0.2659944 L 20.392272,4.9589539 C 20.13545,4.7800956 19.759389,4.6746151 19.397086,4.6746151 c -0.816327,0 -1.183216,0.4081638 -1.183216,0.8805331 0,1.1878025 1.976613,0.6466416 1.976613,1.5271747 0,0.3164416 -0.261408,0.5686777 -0.862189,0.5686777 -0.421922,0 -0.830085,-0.1651 -1.059391,-0.3898194 l -0.132997,0.2614083 c 0.238478,0.2476499 0.710847,0.417336 1.192388,0.417336 z m 1.952271,-2.9672133 c 0.137584,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238477,0.1054806 -0.238477,0.2293055 0,0.1284111 0.10548,0.2338916 0.238477,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 21.115465 V 7.9124088 Z M 24.19133,5.963312 C 23.989541,5.6468704 23.640997,5.4817705 23.237419,5.4817705 c -0.687917,0 -1.210733,0.4723693 -1.210733,1.1648719 0,0.6925027 0.522816,1.1740442 1.210733,1.1740442 0.394405,0 0.738364,-0.1605138 0.940153,-0.4677832 v 0.3072694 c 0,0.5961943 -0.279753,0.875947 -0.889706,0.875947 -0.371475,0 -0.720019,-0.123825 -0.949325,-0.3301999 l -0.1651,0.2476499 c 0.252236,0.2384777 0.683331,0.3714749 1.123597,0.3714749 0.797984,0 1.206147,-0.376061 1.206147,-1.2061469 V 5.5001149 H 24.19133 Z m -0.921808,1.5684497 c -0.531989,0 -0.912636,-0.3623027 -0.912636,-0.8851193 0,-0.5228165 0.380647,-0.8805331 0.912636,-0.8805331 0.531989,0 0.917222,0.3577166 0.917222,0.8805331 0,0.5228166 -0.385233,0.8851193 -0.917222,0.8851193 z m 3.296006,-2.0499912 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 H 25.33645 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z m 3.17623,-0.5090583 c 0.137583,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.105481,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 29.576658 V 7.9124088 Z M 31.96002,5.4817705 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 h -0.311856 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 V 7.9124088 H 32.95062 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z M 37.447649,7.5501061 36.677182,5.5001149 H 36.397429 L 35.622377,7.5501061 34.865669,5.5001149 h -0.311856 l 0.90805,2.4122939 h 0.307269 l 0.761295,-1.9766134 0.761294,1.9766134 h 0.307269 l 0.912636,-2.4122939 h -0.298097 z m 1.640415,-2.5773939 c 0.137583,0 0.238477,-0.1054805 0.238477,-0.2384777 0,-0.123825 -0.10548,-0.2247194 -0.238477,-0.2247194 -0.132998,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.10548,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 h -0.325614 v 2.4122939 z m 1.984371,-0.3806471 c -0.09172,0.08255 -0.224719,0.123825 -0.357717,0.123825 -0.27058,0 -0.417336,-0.1559278 -0.417336,-0.4402666 V 5.7752815 h 0.733778 V 5.5001149 H 40.457896 V 4.9727122 h -0.325614 v 0.5274027 h -0.431094 v 0.2751666 h 0.431094 v 1.458383 c 0,0.4448527 0.252237,0.7016749 0.706261,0.7016749 0.188031,0 0.380648,-0.055033 0.509059,-0.1696861 z m 1.855963,-2.0499912 c -0.408164,0 -0.724606,0.1605138 -0.903464,0.4402665 V 4.5095151 h -0.325614 v 3.4028937 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z"
id="path40" /><path
style="font-weight:bold;-inkscape-font-specification:'Montserrat, Bold'"
d="m 48.383925,6.2430647 c 0.261408,-0.1375833 0.426508,-0.3852332 0.426508,-0.7062609 0,-0.499886 -0.41275,-0.8346721 -1.215319,-0.8346721 h -1.56845 v 3.2102771 h 1.660172 c 0.843844,0 1.284111,-0.3210277 1.284111,-0.875947 0,-0.4035777 -0.229306,-0.6787443 -0.587022,-0.7933971 z M 47.503392,5.2616372 c 0.362302,0 0.559505,0.123825 0.559505,0.376061 0,0.2522361 -0.197203,0.3806472 -0.559505,0.3806472 H 46.765028 V 5.2616372 Z M 46.765028,7.3529034 V 6.5595063 h 0.866775 c 0.385233,0 0.591608,0.1284111 0.591608,0.3989916 0,0.2751666 -0.206375,0.3944055 -0.591608,0.3944055 z M 50.469192,7.1190118 49.776689,5.4450816 h -0.738364 l 1.068564,2.4856717 -0.0092,0.022931 c -0.09631,0.2201333 -0.206375,0.3072694 -0.403578,0.3072694 -0.142169,0 -0.293511,-0.059619 -0.403578,-0.1559277 l -0.261408,0.5090582 c 0.160514,0.1421694 0.43568,0.2247194 0.687917,0.2247194 0.444852,0 0.784224,-0.1788583 1.022702,-0.7750526 L 51.854197,5.4450816 H 51.16628 Z m 3.947232,-0.4310944 c 0,-0.793397 -0.559506,-1.2795247 -1.284111,-1.2795247 -0.752122,0 -1.316214,0.5319888 -1.316214,1.2703525 0,0.7337776 0.55492,1.2703525 1.407936,1.2703525 0.444853,0 0.788811,-0.1375833 1.018117,-0.3989916 L 53.861505,7.1373562 c -0.169686,0.1605139 -0.357717,0.2384777 -0.619125,0.2384777 -0.376061,0 -0.63747,-0.1880305 -0.706261,-0.4952998 h 1.866547 c 0.0046,-0.05962 0.01376,-0.1375834 0.01376,-0.1926167 z M 53.136899,5.9495537 c 0.321028,0 0.55492,0.2017888 0.605367,0.5136443 h -1.215319 c 0.05045,-0.3164416 0.284338,-0.5136443 0.609952,-0.5136443 z"
id="path41" /><path
style="font-weight:600;-inkscape-font-specification:'Montserrat, Semi-Bold'"
d="m 56.400799,7.9582699 c 0.527402,0 0.976841,-0.1880305 1.274938,-0.5365749 L 57.290504,7.0548062 c -0.233892,0.2568222 -0.522816,0.3806472 -0.857602,0.3806472 -0.664986,0 -1.146528,-0.4677833 -1.146528,-1.1281831 0,-0.6603999 0.481542,-1.1281831 1.146528,-1.1281831 0.334786,0 0.62371,0.123825 0.857602,0.376061 L 57.675737,5.1928455 C 57.37764,4.8443012 56.928201,4.6562706 56.405385,4.6562706 c -0.986014,0 -1.719791,0.6925027 -1.719791,1.6509997 0,0.958497 0.733777,1.6509996 1.715205,1.6509996 z m 2.722731,-0.013758 c 0.761295,0 1.307042,-0.5228166 1.307042,-1.2565942 0,-0.7337776 -0.545747,-1.252008 -1.307042,-1.252008 -0.752122,0 -1.302455,0.5182304 -1.302455,1.252008 0,0.7337776 0.550333,1.2565942 1.302455,1.2565942 z m 0,-0.4907138 c -0.41275,0 -0.724605,-0.2980971 -0.724605,-0.7658804 0,-0.4677832 0.311855,-0.7658804 0.724605,-0.7658804 0.417336,0 0.729192,0.2980972 0.729192,0.7658804 0,0.4677833 -0.311856,0.7658804 -0.729192,0.7658804 z M 61.447281,5.463426 h -0.545747 v 2.4489828 h 0.573263 V 6.7246063 c 0,-0.499886 0.275167,-0.7567082 0.710848,-0.7567082 0.04127,0 0.08255,0.00459 0.132997,0.013758 V 5.4359094 c -0.408164,0 -0.706261,0.128411 -0.871361,0.3852332 z m 2.635605,-0.027517 c -0.334786,0 -0.619125,0.1146527 -0.811741,0.3485443 V 5.463426 h -0.545747 v 3.3386882 h 0.573263 V 7.6143117 c 0.197203,0.2247194 0.47237,0.3301999 0.784225,0.3301999 0.715433,0 1.242836,-0.4952999 1.242836,-1.2565942 0,-0.7567081 -0.527403,-1.252008 -1.242836,-1.252008 z m -0.06421,2.0178884 c -0.41275,0 -0.729192,-0.2980971 -0.729192,-0.7658804 0,-0.4677832 0.316442,-0.7658804 0.729192,-0.7658804 0.41275,0 0.724605,0.2980972 0.724605,0.7658804 0,0.4677833 -0.311855,0.7658804 -0.724605,0.7658804 z m 2.530125,0.4907138 c 0.687916,0 1.109838,-0.2980972 1.109838,-0.7567082 0,-0.958497 -1.513416,-0.5182304 -1.513416,-1.0135303 0,-0.1605139 0.1651,-0.2751666 0.513644,-0.2751666 0.233892,0 0.467784,0.045861 0.701675,0.1834444 l 0.220134,-0.4356805 c -0.220134,-0.1329972 -0.591609,-0.210961 -0.917222,-0.210961 -0.6604,0 -1.077736,0.3026832 -1.077736,0.7658804 0,0.9768414 1.513416,0.5365748 1.513416,1.0043581 0,0.169686 -0.151342,0.2705805 -0.513644,0.2705805 -0.30727,0 -0.63747,-0.1008945 -0.853017,-0.2430639 L 65.512345,7.669345 c 0.220133,0.1559277 0.628297,0.2751666 1.036461,0.2751666 z"
id="path42" /><path
style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
d="M 69.775483,7.9124088 V 4.7021317 H 69.43611 v 3.2102771 z m 2.273299,0 c 1.027288,0 1.719791,-0.6603998 1.719791,-1.6051385 0,-0.9447387 -0.692503,-1.6051386 -1.719791,-1.6051386 H 70.74174 v 3.2102771 z m -0.96767,-2.916766 h 0.949325 c 0.853017,0 1.40335,0.541161 1.40335,1.3116275 0,0.7704665 -0.550333,1.3116275 -1.40335,1.3116275 h -0.949325 z"
id="path43" /></g></g></svg>

After

Width:  |  Height:  |  Size: 12 KiB

View File

@ -7,7 +7,7 @@
></script> ></script>
<title><?php if (isset($doc_title)) { echo $doc_title." | "; } ?>ByeCorps ID</title> <title><?php if (isset($doc_title)) { echo $doc_title." | "; } ?>ByeCorps ID</title>
<link rel="shortcut icon" href="favicon.svg" type="image/svg" /> <link rel="shortcut icon" href="/favicon.svg" type="image/svg" />
<link rel="manifest" href="manifest.json" /> <link rel="manifest" href="manifest.json" />

View File

@ -120,12 +120,14 @@ $paths = array(
"/admin/list/accounts" => ["admin_accounts.php"], "/admin/list/accounts" => ["admin_accounts.php"],
"/admin/list/apps" => ["admin_apps.php"], "/admin/list/apps" => ["admin_apps.php"],
"/admin/create/app" => ["admin_apps_create.php"], "/admin/create/app" => ["admin_apps_create.php"],
"/admin/create/token" => ["admin_create_token.php"],
"/admin/signinas" => ["signinas.php"], "/admin/signinas" => ["signinas.php"],
"/admin/purge" => ["admin_purge.php"], "/admin/purge" => ["admin_purge.php"],
// Settings // Settings
"/dashboard" => ["dashboard.php", "Dashboard"], "/dashboard" => ["dashboard.php", "Dashboard"],
"/settings" => ["settings.php", "Settings"], "/settings" => ["settings.php", "Settings"],
"/settings/account" => ["settings_account.php", "Settings -> Account"],
"/account" => ["account.php", "Your account"], "/account" => ["account.php", "Your account"],
"/signin" => ["signin.php", "Sign in"], "/signin" => ["signin.php", "Sign in"],

View File

@ -1,3 +1,11 @@
<?php
if (isset($_GET['new_landing'])) {
goto new_landing;
}
?>
<div class="hero"> <div class="hero">
<div class="hero-text"> <div class="hero-text">
<img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo"> <img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
@ -12,3 +20,19 @@
</div> </div>
</div> </div>
<?php
exit;
new_landing:
?>
<div class="hero">
<div class="hero-text">
<img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
<h1><span class="bc-1">Bye</span><span class="bc-2">Corps</span><span class="bc-3"> ID</span></h1>
<p>Log into ByeCorps and beyond with a single ID.</p>
</div>

View File

@ -31,9 +31,29 @@ if ($query['callback'] != $app['callback']) {
goto login; goto login;
} }
if ($_SESSION['auth'] && $_SERVER['REQUEST_METHOD'] == 'GET') {
// We can check if there's already a valid token of the same level and just pass that on instead.
$valid_tokens = db_execute_all("SELECT * FROM tokens WHERE owner_id = ? AND type = ? AND application_id = ? AND expiry > ?",
[$_SESSION['id'], "basic", $app_id, time()]);
if (sizeof($valid_tokens) > 0) {
print_r($valid_tokens);
$token = $valid_tokens[0];
header('Location: '. $_GET['callback'].'?access_token='.$token['access_token'].'&refresh='.$token['refresh_token']
.'&expiry='.$token['expiry']);
exit();
}
// if (validate_access_token())
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Here's a few easy steps to figure out if we should give the other party a token or not. // Here's a few easy steps to figure out if we should give the other party a token or not.
print_r($_POST); // print_r($_POST);
// First: match the session ids. If they aren't the same it's probably Not Ok. // First: match the session ids. If they aren't the same it's probably Not Ok.
if (session_id() != $_POST['sessionid']) { if (session_id() != $_POST['sessionid']) {
@ -74,7 +94,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
// The following gets run assuming we know the client is the one CLICKING the button. // The following gets run assuming we know the client is the one CLICKING the button.
$tokens = generate_basic_access_token($_POST['bcid']); $tokens = generate_basic_access_token($_POST['bcid'], $app_id);
header('Location: '. $_POST['callback'].'?access_token='.$tokens['access'].'&refresh='.$tokens['refresh'] header('Location: '. $_POST['callback'].'?access_token='.$tokens['access'].'&refresh='.$tokens['refresh']
.'&expiry='.$tokens['expiry']); .'&expiry='.$tokens['expiry']);
@ -94,15 +114,15 @@ login:
<img src="<?= $app['icon'] ?>" alt="<?= htmlspecialchars($user['title']) ?>'s avatar" /> <img src="<?= $app['icon'] ?>" alt="<?= htmlspecialchars($user['title']) ?>'s avatar" />
</div> </div>
<h1>Sign into <?= htmlspecialchars($app['title']) ?></h1> <h1>Sign into <?= htmlspecialchars($app['title']) ?></h1>
<p class="subtitle">Owned by <strong><?= get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ?></strong></p> <p class="subtitle">Owned by <strong><?= htmlspecialchars( get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ) ?></strong></p>
<!-- <p>--><?php //= htmlspecialchars($app['description']) ?><!--</p>--> <!-- <p>--><?php //= htmlspecialchars($app['description']) ?><!--</p>-->
<?php <?php
error_no_app: error_no_app:
if ($error) { if ($error) {
http_response_code($error[1]); http_response_code($error[1]);
echo " echo "
<div class='error center'> <div class='error center vertical-center'>
<span class='fa-regular fa-2xl center fa-xmark-circle'></span> <span class='fg-error fa-regular fa-2xl center fa-xmark-circle'></span>
<h2>Something went wrong!</h2> <h2>Something went wrong!</h2>
<p>Server returned error:<br /><code>$error[0]</code> (HTTP response code $error[1])</p> <p>Server returned error:<br /><code>$error[0]</code> (HTTP response code $error[1])</p>
</div> </div>
@ -110,9 +130,9 @@ login:
goto dont_show_form; goto dont_show_form;
} }
?> ?>
<p><strong><?= $app['title'] ?></strong> uses ByeCorps ID for authentication.</p> <p><strong><?= htmlspecialchars($app['title']) ?></strong> uses ByeCorps ID for authentication.</p>
<p>Please double-check the information and avoid signing in with your BCID if you do not trust this app.</p> <p>Please double-check the information and avoid signing in with your BCID if you do not trust this app.</p>
<p>Please confirm that you'd like to sign into <strong><?= $app['title'] ?></strong>.</p> <p>Please confirm that you'd like to sign into <strong><?= htmlspecialchars($app['title']) ?></strong>.</p>
<?php <?php
if (null != $flash) { if (null != $flash) {
echo "<p class='flash'>$flash</p>"; echo "<p class='flash'>$flash</p>";
@ -131,11 +151,10 @@ login:
<input type="email" autocomplete="email" name="email" id="email" placeholder="Email" /> <input type="email" autocomplete="email" name="email" id="email" placeholder="Email" />
<input type="password" name="password" id="password" placeholder="Password" /> <input type="password" name="password" id="password" placeholder="Password" />
<?php signedin: ?> <?php signedin: ?>
<button class="primary" type="submit">Sign into <?= $app['title']; ?></button> <button class="primary" type="submit">Sign into <?= htmlspecialchars($app['title']) ?></button>
<button class="secondary" type="reset">GET ME OUT OF HERE</button>
<p class="subtitle center"> <p class="subtitle center">
You will be brought to <strong><?= $query['callback'] ?></strong>. You will be brought to <strong><?= htmlspecialchars($query['callback']) ?></strong>.
<br /><?= $app['title'] ?> will be able to see your email and display name. <br /><strong><?= htmlspecialchars($app['title']) ?></strong> will be able to see your email and display name.
</p> </p>
<input type="hidden" name="callback" value="<?= $query['callback'] ?>" /> <input type="hidden" name="callback" value="<?= $query['callback'] ?>" />
</form> </form>

View File

@ -33,7 +33,7 @@ if ($_SESSION['id'] != $profile['id']) {
} }
// Get badges owned by this person // Get badges owned by this person
$badges = db_execute_all('SELECT * FROM badge_owners INNER JOIN badges b on badge_owners.badge_id = b.id; ', []); $badges = db_execute_all('SELECT * FROM badge_owners INNER JOIN badges b on badge_owners.badge_id = b.id WHERE owner_id = ?; ', [$profile['id']]);
if (!empty($badges)) { if (!empty($badges)) {
if (!array_is_list($badges)) { if (!array_is_list($badges)) {
$badges = array (0 => $badges); $badges = array (0 => $badges);
@ -42,49 +42,3 @@ if (!empty($badges)) {
?> ?>
<div id="profile">
<img src="<?= $avatar ?>" class="avatar" alt="Avatar">
<div class="info">
<div class="displayname"><?= htmlspecialchars($display_name) ?></div>
<div class="bcid"><?= format_bcid( $profile['id'] ); ?></div>
</div>
</div>
<div id="details">
<div id="badges">
<h2>Badges</h2>
<?php
if (empty($badges)) {
echo '<p>This profile has no badges :(</p>';
} else {
foreach ($badges as $badge) {
echo "<div class='badge'>
<img src='". $badge['image'] ."' alt='". htmlspecialchars($badge['title']) ."' />
<div class='details'>
<span class='title'>" . htmlspecialchars($badge['title']) . "</span>
<p>". htmlspecialchars($badge['description']) ."</p>
<p class='subtitle'>". htmlspecialchars($badge['description']) ."</p>
<p class='earned subtitle'>Earned " . $badge['earned'] . "</p>
</div>
</div>";
}
}
?>
</div>
<div id="info">
<h2>Info</h2>
<table>
<tr>
<th>Joined</th>
<td><?= $user['created_date'] ?></td>
</tr>
<tr>
<th>Badges earned</th>
<td><?= count($badges) ?></td>
</tr>
</table>
</div>
</div>

79
settings_account.php Normal file
View File

@ -0,0 +1,79 @@
<?php
if (empty($_SESSION)) {
http_response_code(307);
header('Location: /signin?callback=/dashboard');
exit();
}
if (!$_SESSION['auth']) {
http_response_code(307);
header('Location: /signin?callback=/dashboard');
exit;
}
?>
<link href="/styles/settings.css" rel="stylesheet" />
<div id="settings_split">
<div id="mini_profile" class="left">
<div class="image_container" data-backgroundcolour="white">
<img src="<?= get_avatar_url($user['id']) ?>" alt="<?= htmlspecialchars(get_display_name($user['id'])) ?>'s avatar"/>
</div>
<div class="texts">
<span class="displayname"><?= htmlspecialchars(get_display_name($user['id'], false)) ?></span>
<span class="id bcid"><?= format_bcid($user['id']) ?></span>
</div>
</div>
<div class="other">
<h1>Account</h1>
<form method="post">
<div class="container">
<label for="display_name"><span id="display_name_label"></span> Display name</label>
<input type="text" name="display_name" id="display_name" data-field="account.display_name" placeholder="<?= htmlspecialchars(format_bcid($user['id'])) ?>" value="<?= htmlspecialchars($user['display_name']) ?>">
</div>
<button type="submit">Save</button>
</form>
</div>
</div>
<style>
/*form label {*/
/* padding-right: 1rem;*/
/*}*/
</style>
<script>
const display_name_box = document.getElementById("display_name");
async function updateJsonSettings(data) {
const response = await fetch("https://id.byecorps.com/api/settings", {
method: "POST", // or 'PUT'
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(data),
});
const result = await response.json();
console.log("Success:", result);
return result;
}
display_name_box.onchange = _ => {
document.getElementById("display_name_label").classList = "fa-solid fa-spinner fa-spin-pulse";
updateJsonSettings({
account: {
display_name: display_name_box.value,
}
}).then(_=>{
document.getElementById("display_name_label").classList = "fa-solid fa-check";
}).catch(_=>{
document.getElementById("display_name_label").classList = "fa-solid fa-triangle-exclamation";
});
}
</script>

View File

@ -33,7 +33,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_POST['keep_logged_in'] == "on") { if ($_POST['keep_logged_in'] == "on") {
$token = generate_cookie_access_token($user['id']); $token = generate_cookie_access_token($user['id']);
// print_r($token); // print_r($token);
setcookie("keep_me_logged_in", $token['access']); setcookie("keep_me_logged_in", $token['access'], time()+606024*365);
} }
} }

View File

@ -24,6 +24,8 @@
--grey-8: #343a40; --grey-8: #343a40;
--grey-9: #212529; --grey-9: #212529;
--error-color: var(--red-5);
--background: white; --background: white;
--background-dark: #121212; --background-dark: #121212;
@ -111,6 +113,10 @@ input[data-com-onepassword-filled="dark"] {
color: black; color: black;
} }
.fg-error {
color: var(--error-color);
}
@media screen and (prefers-color-scheme: dark) { @media screen and (prefers-color-scheme: dark) {
:root { :root {
--background: #121212; --background: #121212;

View File

@ -1,4 +1,12 @@
#profile {
display: flex;
}
#profile .avatar {
height: 150px;
}
#mini_profile { #mini_profile {
display: flex; display: flex;
gap: 1rem; gap: 1rem;

View File

@ -52,6 +52,10 @@ h2.subheading + h1 {
text-align: center; text-align: center;
} }
.vertical-center {
vertical-align: center;
}
.icon-true::before { .icon-true::before {
content: "\f00c"; content: "\f00c";
} }