mirror of https://github.com/byecorps/id.git
Auto stash before merge of "rewrite" and "origin/rewrite"
This commit is contained in:
parent
19c32f0a71
commit
1878d156fd
|
@ -1,5 +1,7 @@
|
|||
<?php
|
||||
|
||||
const DEMO_USER = "9999999";
|
||||
|
||||
function generate_bcid($duplicate_check=false): string
|
||||
{
|
||||
$CHARS = str_split("ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890");
|
||||
|
@ -94,13 +96,18 @@ function get_user_avatar($userId) {
|
|||
return 'https://cdn.id.byecorps.com/profile/default.png';
|
||||
}
|
||||
|
||||
function set_user_language(string $lang_code, string $id): void
|
||||
function set_user_language(string $lang_code, string $id="9999999"): void
|
||||
{
|
||||
$_SESSION['lang'] = $lang_code;
|
||||
|
||||
if ($id == DEMO_USER) {
|
||||
return;
|
||||
}
|
||||
|
||||
db_execute(
|
||||
'UPDATE accounts SET language = ? WHERE id = ?',
|
||||
[$lang_code, $id]
|
||||
);
|
||||
$_SESSION['lang'] = $lang_code;
|
||||
}
|
||||
|
||||
function requires_auth($redirect = '/auth/login') {
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
<?php
|
||||
|
||||
function get_app_by_id(int $id) {
|
||||
return db_execute('SELECT * FROM apps WHERE id = ?', [$id]);
|
||||
}
|
||||
|
||||
function get_apps_by_owner_id(str $bcid) {
|
||||
$results = db_execute_all('SELECT * FROM apps WHERE owner_id = ?', [$bcid]);
|
||||
return $results;
|
||||
}
|
|
@ -12,6 +12,14 @@ function location(string $url):void
|
|||
exit();
|
||||
}
|
||||
|
||||
function flash(string $text, string $type, array &$flash) {
|
||||
function flash(string $text, array &$flash, string $type="warning") {
|
||||
$flash[] = ['text' => $text, 'type' => $type];
|
||||
}
|
||||
|
||||
function show_flash(array $flash) {
|
||||
$output = '<ul class="flash">';
|
||||
foreach ($flash as $item) {
|
||||
$output .= '<li>'. $item['text'] .'</li>';
|
||||
}
|
||||
return $output;
|
||||
}
|
||||
|
|
|
@ -12,20 +12,26 @@ const LANGAUGES = [
|
|||
'flag' => 'usa'
|
||||
],
|
||||
[
|
||||
'code' => 'en_UWU',
|
||||
'name' => 'Cute English',
|
||||
'flag' => 'owo'
|
||||
'code' => 'fi',
|
||||
'name' => 'suomi'
|
||||
],
|
||||
[
|
||||
'code' => 'ga',
|
||||
'name' => 'Irish',
|
||||
'name' => 'Gaeilge',
|
||||
'flag' => 'ie'
|
||||
],
|
||||
[
|
||||
'code' => 'nb_NO',
|
||||
'name' => 'Norwegian Bokmål',
|
||||
'name' => 'Norsk bokmål',
|
||||
'flag' => 'no'
|
||||
]
|
||||
],
|
||||
|
||||
// Joke languages
|
||||
[
|
||||
'code' => 'en_UWU',
|
||||
'name' => 'Cute English',
|
||||
'flag' => 'owo'
|
||||
],
|
||||
];
|
||||
|
||||
function get_string($key="generic.generic", $substitutes=[]) {
|
||||
|
|
|
@ -1,5 +1,31 @@
|
|||
<?php
|
||||
|
||||
function csfr(): string
|
||||
{
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$_SESSION['CSFR_TOKEN'] = $token;
|
||||
return $token;
|
||||
}
|
||||
|
||||
function csfr_input($echo = false): string
|
||||
{
|
||||
$token = csfr();
|
||||
$output = "<input type='hidden' name='CSFR_TOKEN' value='$token' />";
|
||||
if ($echo) echo $output;
|
||||
else return $output;
|
||||
}
|
||||
|
||||
function validate_csfr($token = null): bool
|
||||
{
|
||||
$token = $token ?: $_REQUEST['CSFR_TOKEN'];
|
||||
|
||||
if ($_SESSION['CSFR_TOKEN'] == $token) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function validate_email($email) {
|
||||
return filter_var($email, FILTER_VALIDATE_EMAIL);
|
||||
}
|
||||
|
|
18
index.php
18
index.php
|
@ -28,6 +28,7 @@ require_once 'common/strings.php';
|
|||
require_once 'common/validation.php';
|
||||
require_once 'common/database.php';
|
||||
require_once 'common/account_utils.php';
|
||||
require_once 'common/app_utils.php';
|
||||
require_once 'common/files.php';
|
||||
require_once 'common/misc.php';
|
||||
|
||||
|
@ -88,21 +89,25 @@ patch_lang($_SESSION['lang']);
|
|||
|
||||
|
||||
$routes = [
|
||||
'' => function () { require 'views/home.php'; },
|
||||
'' => function () { global $user; require 'views/home.php'; },
|
||||
'admin' => function () {
|
||||
global $path, $query, $DOC_ROOT, $flash;
|
||||
global $path, $query, $DOC_ROOT, $flash, $user;
|
||||
|
||||
requires_auth();
|
||||
requires_admin();
|
||||
|
||||
if (key_exists(2, $path)) {
|
||||
switch ($path[2]) {
|
||||
default: return 404;
|
||||
case 'files':
|
||||
require 'views/admin/files.php';
|
||||
}
|
||||
} else {
|
||||
require 'views/admin/dashboard.php';
|
||||
}
|
||||
},
|
||||
'api' => function () {
|
||||
global $path, $query;
|
||||
global $path, $query, $user;
|
||||
|
||||
unset($path[1]);
|
||||
$path = array_values($path);
|
||||
|
@ -110,7 +115,7 @@ $routes = [
|
|||
require 'api.php'; /* Handoff further routing to API script. */
|
||||
},
|
||||
'auth' => function () {
|
||||
global $path, $query, $flash;
|
||||
global $path, $query, $flash, $user;
|
||||
|
||||
switch ($path[2]) {
|
||||
case 'signout':
|
||||
|
@ -122,6 +127,9 @@ $routes = [
|
|||
case 'login':
|
||||
require 'views/login.php';
|
||||
break;
|
||||
case 'oauth':
|
||||
require 'views/oauth_login.php';
|
||||
break;
|
||||
default:
|
||||
return 404;
|
||||
}
|
||||
|
@ -162,7 +170,7 @@ $routes = [
|
|||
return 200;
|
||||
},
|
||||
'settings' => function () {
|
||||
global $path, $flash, $user;
|
||||
global $path, $flash, $user, $query;
|
||||
if (isset($path[2])) {
|
||||
switch ($path[2]) {
|
||||
default: return 404;
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
|
||||
if (!requires_admin()) {exit;} // failsafe in case this file is opened from "not the index".
|
||||
|
||||
if (isset($query['delete'])) {
|
||||
delete_file_by_id($query['delete']);
|
||||
}
|
||||
|
||||
$files = db_execute_all('SELECT * FROM files');
|
||||
|
||||
?>
|
||||
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<?php include $DOC_ROOT.'/views/partials/head.php' ?>
|
||||
<title>[A] Dashboard ~> ByeCorps ID</title>
|
||||
</head>
|
||||
<body>
|
||||
<?php include $DOC_ROOT.'/views/partials/header.php' ?>
|
||||
<main>
|
||||
<h1>[ADMIN] Dashboard</h1>
|
||||
|
||||
<nav>
|
||||
<ul>
|
||||
<li>
|
||||
<a href="/admin/files">Manage files</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="/admin/applications">Manage applications</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</main>
|
||||
<?php include $DOC_ROOT.'/views/partials/footer.php' ?>
|
||||
</body>
|
||||
</html>
|
|
@ -10,6 +10,11 @@ if ($_SESSION['auth']) {
|
|||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
if (!validate_csfr()) {
|
||||
flash(get_string('error.generic'), $flash);
|
||||
goto skip;
|
||||
}
|
||||
|
||||
// Validate email address
|
||||
if (!validate_email($_POST['email'])) {
|
||||
$error_body = get_string('error.invalidEmail');
|
||||
|
@ -67,13 +72,15 @@ skip:
|
|||
if (isset($subtitle)) {
|
||||
echo '<p class="subtitle center">'. $subtitle .'</p>';
|
||||
}
|
||||
?>
|
||||
<?php
|
||||
|
||||
if (isset($error_body)) {
|
||||
include 'partials/error.php';
|
||||
}
|
||||
?>
|
||||
|
||||
<form class="login-form" method="post">
|
||||
<?= csfr_input() ?>
|
||||
|
||||
<div class="input"><label for="email"><?= get_string("auth.email") ?></label>
|
||||
<input type="email" name="email" id="email" /></div>
|
||||
<div class="input"><label for="password"><?= get_string("auth.password") ?></label>
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
<?php
|
||||
|
||||
$please_exit = false;
|
||||
$passed_callback = false;
|
||||
|
||||
$app = null;
|
||||
|
||||
// Try to get the app details
|
||||
try {
|
||||
$app = get_app_by_id($query['appid']);
|
||||
} catch (TypeError $e) {
|
||||
flash(get_string('error.noAppId'), $flash);
|
||||
$please_exit = true;
|
||||
}
|
||||
|
||||
if (empty($app)) {
|
||||
flash(get_string('error.invalidAppId'), $flash);
|
||||
}
|
||||
|
||||
if (key_exists('callback', $query)) {
|
||||
if ($query['callback'] == $app['callback']) {
|
||||
$passed_callback = true;
|
||||
}
|
||||
}
|
||||
|
||||
$signed_in = !is_null($user);
|
||||
|
||||
?>
|
||||
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<?php include 'partials/head.php' ?>
|
||||
<link rel="stylesheet" href="/styles/login_form.css" />
|
||||
</head>
|
||||
<body>
|
||||
<?php include 'partials/header.php' ?>
|
||||
|
||||
<main>
|
||||
<?=
|
||||
show_flash($flash);
|
||||
if ($please_exit) {
|
||||
goto pls_quit;
|
||||
}
|
||||
?>
|
||||
|
||||
<h1><?= htmlspecialchars($app['title']) ?> wants to sign in with your ByeCorps ID</h1>
|
||||
<p><i><?= htmlspecialchars($app['description']) ?></i><br>(The above was provided by the developers)</p>
|
||||
|
||||
<?php
|
||||
if ($signed_in && $passed_callback) {
|
||||
echo 'PASSED!!';
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
pls_quit:
|
||||
?>
|
||||
</main>
|
||||
|
||||
<?php include 'partials/footer.php' ?>
|
||||
</body>
|
||||
</html>
|
|
@ -4,6 +4,7 @@
|
|||
<div><?= get_string('footer.executionTime', ['time'=>round((microtime(true) - $_SERVER['REQUEST_TIME_FLOAT']) * 1000, 3)]) ?></div>
|
||||
</div>
|
||||
<div class="item">
|
||||
<script src="/scripts/langauge_switcher.js" defer></script>
|
||||
<p><a href="/settings/region"><?= get_string('generic.changeLanguage') ?> - Change language</a></p>
|
||||
<!-- <script src="/scripts/langauge_switcher.js" defer></script>-->
|
||||
</div>
|
||||
</footer>
|
|
@ -9,6 +9,9 @@
|
|||
<div class="section">
|
||||
<?php
|
||||
if ($_SESSION['auth']) {
|
||||
if ($user['is_admin']) {
|
||||
echo '<a class="item" href="/admin">Admin dashboard</a>';
|
||||
}
|
||||
echo '<div class="item">' . get_string("header.hello", ['display_name' => get_user_display_name($_SESSION['id'])]) . '</div>';
|
||||
echo '<a class="item" href="/dashboard">' . get_string('page.dashboard') . '</a>';
|
||||
echo '<div class="item"><a href="/auth/signout">'. get_string('auth.signout') .'</a></div>';
|
||||
|
|
|
@ -3,8 +3,17 @@
|
|||
function update_language(): void
|
||||
{
|
||||
global $user;
|
||||
if (is_null($user)) {
|
||||
$user['id'] = DEMO_USER;
|
||||
}
|
||||
set_user_language($_POST['lang'], $user['id']);
|
||||
location('/settings/region');
|
||||
location('/settings/region?success=true');
|
||||
}
|
||||
|
||||
if (array_key_exists('success', $query)) {
|
||||
if ($query['success'] == 'true') {
|
||||
flash(get_string('generic.languageUpdated'), $flash);
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($path[3])) {
|
||||
|
@ -37,11 +46,16 @@ if (isset($path[3])) {
|
|||
<main>
|
||||
<h1><span class="fa-solid fa-fw fa-cog"></span> <?= get_string('page.settings'); ?></h1>
|
||||
<div class="grid">
|
||||
<?php include 'partials/settings_list.php' ?>
|
||||
<?php
|
||||
if ($_SESSION['auth']) {
|
||||
include 'partials/settings_list.php';
|
||||
}
|
||||
?>
|
||||
<div class="settingsthingy">
|
||||
<h2><?= get_string('settings.region') ?></h2>
|
||||
<p>Here you can set the language ByeCorps ID is displayed in.</p>
|
||||
<form action="/settings/region/set_language" method="post">
|
||||
<?= show_flash($flash); ?>
|
||||
<div class="language-selector">
|
||||
<?php
|
||||
foreach (LANGAUGES as $lang) {
|
||||
|
@ -51,7 +65,7 @@ if (isset($path[3])) {
|
|||
}
|
||||
echo '<label>
|
||||
<input type="radio" name="lang" '.$checked.' id="lang" value="'. $lang['code'] . '" />
|
||||
'. $lang['name'] .'
|
||||
'. get_string('language.'.$lang['code']) .' - '. $lang['name'] .'
|
||||
</label>';
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue