byecorps
/
id
mirror of https://github.com/byecorps/id.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto stash before merge of "rewrite" and "origin/rewrite"

This commit is contained in:
Bye 2024-10-29 17:59:36 +00:00
parent 19c32f0a71
commit 1878d156fd
14 changed files with 215 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

11
common/account_utils.php
View File

@ -1,5 +1,7 @@
<?php
const DEMO_USER = "9999999";
function generate_bcid($duplicate_check=false): string
{
$CHARS = str_split("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890");
@ -94,13 +96,18 @@ function get_user_avatar($userId) {
return 'https://cdn.id.byecorps.com/profile/default.png';
}
function set_user_language(string $lang_code, string $id): void
function set_user_language(string $lang_code, string $id="9999999"): void
{
$_SESSION['lang'] = $lang_code;
if ($id == DEMO_USER) {
return;
}
db_execute(
'UPDATE accounts SET language = ? WHERE id = ?',
[$lang_code, $id]
);
$_SESSION['lang'] = $lang_code;
}
function requires_auth($redirect = '/auth/login') {

10
common/app_utils.php Normal file
View File

@ -0,0 +1,10 @@
<?php
function get_app_by_id(int $id) {
return db_execute('SELECT * FROM apps WHERE id = ?', [$id]);
}
function get_apps_by_owner_id(str $bcid) {
$results = db_execute_all('SELECT * FROM apps WHERE owner_id = ?', [$bcid]);
return $results;
}

10
common/misc.php
View File

@ -12,6 +12,14 @@ function location(string $url):void
exit();
}
function flash(string $text, string $type, array &$flash) {
function flash(string $text, array &$flash, string $type="warning") {
$flash[] = ['text' => $text, 'type' => $type];
}
function show_flash(array $flash) {
$output = '<ul class="flash">';
foreach ($flash as $item) {
$output .= '<li>'. $item['text'] .'</li>';
}
return $output;
}

18
common/strings.php
View File

@ -12,20 +12,26 @@ const LANGAUGES = [
'flag' => 'usa'
],
[
'code' => 'en_UWU',
'name' => 'Cute English',
'flag' => 'owo'
'code' => 'fi',
'name' => 'suomi'
],
[
'code' => 'ga',
'name' => 'Irish',
'name' => 'Gaeilge',
'flag' => 'ie'
],
[
'code' => 'nb_NO',
'name' => 'Norwegian Bokmål',
'name' => 'Norsk bokmål',
'flag' => 'no'
]
],
// Joke languages
[
'code' => 'en_UWU',
'name' => 'Cute English',
'flag' => 'owo'
],
];
function get_string($key="generic.generic", $substitutes=[]) {

26
common/validation.php
View File

@ -1,5 +1,31 @@
<?php
function csfr(): string
{
$token = bin2hex(random_bytes(32));
$_SESSION['CSFR_TOKEN'] = $token;
return $token;
}
function csfr_input($echo = false): string
{
$token = csfr();
$output = "<input type='hidden' name='CSFR_TOKEN' value='$token' />";
if ($echo) echo $output;
else return $output;
}
function validate_csfr($token = null): bool
{
$token = $token ?: $_REQUEST['CSFR_TOKEN'];
if ($_SESSION['CSFR_TOKEN'] == $token) {
return true;
}
return false;
}
function validate_email($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL);
}

26
index.php
View File

@ -28,6 +28,7 @@ require_once 'common/strings.php';
require_once 'common/validation.php';
require_once 'common/database.php';
require_once 'common/account_utils.php';
require_once 'common/app_utils.php';
require_once 'common/files.php';
require_once 'common/misc.php';
@ -88,21 +89,25 @@ patch_lang($_SESSION['lang']);
$routes = [
'' => function () { require 'views/home.php'; },
'' => function () { global $user; require 'views/home.php'; },
'admin' => function () {
global $path, $query, $DOC_ROOT, $flash;
global $path, $query, $DOC_ROOT, $flash, $user;
requires_auth();
requires_admin();
switch ($path[2]) {
default: return 404;
case 'files':
require 'views/admin/files.php';
if (key_exists(2, $path)) {
switch ($path[2]) {
default: return 404;
case 'files':
require 'views/admin/files.php';
}
} else {
require 'views/admin/dashboard.php';
}
},
'api' => function () {
global $path, $query;
global $path, $query, $user;
unset($path[1]);
$path = array_values($path);
@ -110,7 +115,7 @@ $routes = [
require 'api.php'; /* Handoff further routing to API script. */
},
'auth' => function () {
global $path, $query, $flash;
global $path, $query, $flash, $user;
switch ($path[2]) {
case 'signout':
@ -122,6 +127,9 @@ $routes = [
case 'login':
require 'views/login.php';
break;
case 'oauth':
require 'views/oauth_login.php';
break;
default:
return 404;
}
@ -162,7 +170,7 @@ $routes = [
return 200;
},
'settings' => function () {
global $path, $flash, $user;
global $path, $flash, $user, $query;
if (isset($path[2])) {
switch ($path[2]) {
default: return 404;

BIN
views/.DS_Store vendored Normal file
View File

Binary file not shown.

38
views/admin/dashboard.php Normal file
View File

@ -0,0 +1,38 @@
<?php
if (!requires_admin()) {exit;} // failsafe in case this file is opened from "not the index".
if (isset($query['delete'])) {
delete_file_by_id($query['delete']);
}
$files = db_execute_all('SELECT * FROM files');
?>
<!doctype html>
<html>
<head>
<?php include $DOC_ROOT.'/views/partials/head.php' ?>
<title>[A] Dashboard ~> ByeCorps ID</title>
</head>
<body>
<?php include $DOC_ROOT.'/views/partials/header.php' ?>
<main>
<h1>[ADMIN] Dashboard</h1>
<nav>
<ul>
<li>
<a href="/admin/files">Manage files</a>
</li>
<li>
<a href="/admin/applications">Manage applications</a>
</li>
</ul>
</nav>
</main>
<?php include $DOC_ROOT.'/views/partials/footer.php' ?>
</body>
</html>

11
views/login.php
View File

@ -10,6 +10,11 @@ if ($_SESSION['auth']) {
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!validate_csfr()) {
flash(get_string('error.generic'), $flash);
goto skip;
}
// Validate email address
if (!validate_email($_POST['email'])) {
$error_body = get_string('error.invalidEmail');
@ -67,13 +72,15 @@ skip:
if (isset($subtitle)) {
echo '<p class="subtitle center">'. $subtitle .'</p>';
}
?>
<?php
if (isset($error_body)) {
include 'partials/error.php';
}
?>
<form class="login-form" method="post">
<?= csfr_input() ?>
<div class="input"><label for="email"><?= get_string("auth.email") ?></label>
<input type="email" name="email" id="email" /></div>
<div class="input"><label for="password"><?= get_string("auth.password") ?></label>

63
views/oauth_login.php Normal file
View File

@ -0,0 +1,63 @@
<?php
$please_exit = false;
$passed_callback = false;
$app = null;
// Try to get the app details
try {
$app = get_app_by_id($query['appid']);
} catch (TypeError $e) {
flash(get_string('error.noAppId'), $flash);
$please_exit = true;
}
if (empty($app)) {
flash(get_string('error.invalidAppId'), $flash);
}
if (key_exists('callback', $query)) {
if ($query['callback'] == $app['callback']) {
$passed_callback = true;
}
}
$signed_in = !is_null($user);
?>
<!doctype html>
<html lang="en">
<head>
<?php include 'partials/head.php' ?>
<link rel="stylesheet" href="/styles/login_form.css" />
</head>
<body>
<?php include 'partials/header.php' ?>
<main>
<?=
show_flash($flash);
if ($please_exit) {
goto pls_quit;
}
?>
<h1><?= htmlspecialchars($app['title']) ?> wants to sign in with your ByeCorps ID</h1>
<p><i><?= htmlspecialchars($app['description']) ?></i><br>(The above was provided by the developers)</p>
<?php
if ($signed_in && $passed_callback) {
echo 'PASSED!!';
}
?>
<?php
pls_quit:
?>
</main>
<?php include 'partials/footer.php' ?>
</body>
</html>

3
views/partials/footer.php
View File

@ -4,6 +4,7 @@
<div><?= get_string('footer.executionTime', ['time'=>round((microtime(true) - $_SERVER['REQUEST_TIME_FLOAT']) * 1000, 3)]) ?></div>
</div>
<div class="item">
<script src="/scripts/langauge_switcher.js" defer></script>
<p><a href="/settings/region"><?= get_string('generic.changeLanguage') ?> - Change language</a></p>
<!-- <script src="/scripts/langauge_switcher.js" defer></script>-->
</div>
</footer>

3
views/partials/header.php
View File

@ -9,6 +9,9 @@
<div class="section">
<?php
if ($_SESSION['auth']) {
if ($user['is_admin']) {
echo '<a class="item" href="/admin">Admin dashboard</a>';
}
echo '<div class="item">' . get_string("header.hello", ['display_name' => get_user_display_name($_SESSION['id'])]) . '</div>';
echo '<a class="item" href="/dashboard">' . get_string('page.dashboard') . '</a>';
echo '<div class="item"><a href="/auth/signout">'. get_string('auth.signout') .'</a></div>';

20
views/settings_region.php
View File

@ -3,8 +3,17 @@
function update_language(): void
{
global $user;
if (is_null($user)) {
$user['id'] = DEMO_USER;
}
set_user_language($_POST['lang'], $user['id']);
location('/settings/region');
location('/settings/region?success=true');
}
if (array_key_exists('success', $query)) {
if ($query['success'] == 'true') {
flash(get_string('generic.languageUpdated'), $flash);
}
}
if (isset($path[3])) {
@ -37,11 +46,16 @@ if (isset($path[3])) {
<main>
<h1><span class="fa-solid fa-fw fa-cog"></span> <?= get_string('page.settings'); ?></h1>
<div class="grid">
<?php include 'partials/settings_list.php' ?>
<?php
if ($_SESSION['auth']) {
include 'partials/settings_list.php';
}
?>
<div class="settingsthingy">
<h2><?= get_string('settings.region') ?></h2>
<p>Here you can set the language ByeCorps ID is displayed in.</p>
<form action="/settings/region/set_language" method="post">
<?= show_flash($flash); ?>
<div class="language-selector">
<?php
foreach (LANGAUGES as $lang) {
@ -51,7 +65,7 @@ if (isset($path[3])) {
}
echo '<label>
<input type="radio" name="lang" '.$checked.' id="lang" value="'. $lang['code'] . '" />
'. $lang['name'] .'
'. get_string('language.'.$lang['code']) .' - '. $lang['name'] .'
</label>';
}
?>