From a5e968cef8d8b1ef762fe748dc8dbed246bed8a9 Mon Sep 17 00:00:00 2001
From: bye <bye@byecorps.com>
Date: Mon, 1 Jul 2024 22:15:51 +0100
Subject: [PATCH] Signing out and logging in work

---
 common/account_utils.php  | 33 +++++++++++++++++++++++++++++++--
 index.php                 | 15 ++++++++-------
 strings                   |  2 +-
 styles/base.css           | 13 +++++++++++++
 styles/colours.css        | 25 +++++++++++++++++++++++++
 views/404.php             |  2 +-
 views/login.php           | 37 +++++++++++++++++++++++++++++++------
 views/partials/error.php  |  2 +-
 views/partials/header.php | 14 +++++++++++---
 views/signedout.php       | 26 ++++++++++++++++++++++++++
 views/signup.php          | 23 ++++++++++++-----------
 11 files changed, 160 insertions(+), 32 deletions(-)
 create mode 100644 views/signedout.php

diff --git a/common/account_utils.php b/common/account_utils.php
index 6d67431..884d8da 100644
--- a/common/account_utils.php
+++ b/common/account_utils.php
@@ -40,6 +40,35 @@ function format_bcid ($bcid): string
 }
 
 function get_user_by_id($bcid) {
-    $user = db_execute('SELECT * FROM accounts WHERE id = ? LIMIT 1', [$bcid]);
-    return $user;
+    return db_execute('SELECT * FROM accounts WHERE id = ? LIMIT 1', [$bcid]);
+}
+
+function get_user_display_name($userId, $escape = true) {
+    global $user;
+
+    if (!$_SESSION['auth']) {
+        return '';
+    }
+
+    $target = array();
+    if ($userId == $user['id']) {
+        $target = $user;
+    } else {
+        $target = get_user_by_id($userId);
+    }
+
+    if (is_null($user['display_name'])) {
+        try {
+            return format_bcid($user['id']);
+        } catch (Exception $e) {
+            return 'Invalid BCID';
+        }
+    }
+
+    $display_name = $user['display_name'];
+    if ($escape) {
+        $display_name = htmlspecialchars($display_name);
+    }
+
+    return $display_name;
 }
diff --git a/index.php b/index.php
index c30f63b..ac1b2bd 100644
--- a/index.php
+++ b/index.php
@@ -38,7 +38,7 @@ $uri_explode = explode('?', $uri_string);
 $path_raw = $uri_explode[0]; // `/foo/bar`
 $path = explode('/', $path_raw);
 
-
+$query = array();
 if(isset($uri_explode[1])) {
     $uri_string = $uri_explode[0];
     $uri_explode = explode('&', $uri_explode[1]);
@@ -63,17 +63,18 @@ $routes = [
     '' => function () { require 'views/home.php'; },
     'api' => function () { require 'api.php'; /* Handoff further routing to API script. */ },
     'auth' => function () {
-        global $path;
+        global $path, $query;
 
-        if ($path[2] == 'signup') {
+        if ($path[2] == 'signout') {
+            require 'views/signedout.php';
+        } else if ($path[2] == 'signup') {
             require 'views/signup.php';
-            exit;
         } else if ($path[2] == 'login') {
             require 'views/login.php';
-            exit;
+        } else {
+            return 404;
         }
-
-        return 404;
+        exit();
     },
     'profile' => function () {
         global $path, $user, $profile_owner; // don't forget this lol
diff --git a/strings b/strings
index 9e538d7..729d95f 160000
--- a/strings
+++ b/strings
@@ -1 +1 @@
-Subproject commit 9e538d7e87b6cae822bfa77f3636335cbd505352
+Subproject commit 729d95f1310a930ab57c8983d9c35cc63d8f233d
diff --git a/styles/base.css b/styles/base.css
index 75b412b..a8ca346 100644
--- a/styles/base.css
+++ b/styles/base.css
@@ -30,6 +30,15 @@ header {
     color: var(--dark-slate-gray);
 }
 
+header > .section {
+    display: flex;
+    gap: 1em;
+}
+
+.largeicon {
+    font-size: 48px;
+}
+
 main {
     flex: 1;
 
@@ -90,3 +99,7 @@ body > .errorbox {
 .bc-3 {
     font-weight: 400;
 }
+
+.center {
+    text-align: center;
+}
diff --git a/styles/colours.css b/styles/colours.css
index a162b57..b30b51f 100644
--- a/styles/colours.css
+++ b/styles/colours.css
@@ -10,4 +10,29 @@
     --fern-green: #65743a;
     --flax: #efdd8d;
     --mindaro: #f4fdaf;
+
+    --grey-5: #adb5bd;
+
+    --red-2: #ffc9c9;
+    --red-3: #ffa8a8;
+    --red-7: #f03e3e;
+    --red-9: #c92a2a;
+
+    --link-fg: var(--dark-slate-gray);
+    --error-fg: var(--red-9);
+}
+
+@media screen and (prefers-color-scheme: dark) {
+    :root {
+        --link-fg: var(--flax);
+        --error-fg: var(--red-3);
+    }
+}
+
+.error-fg {
+    color: var(--error-fg);
+}
+
+a {
+    color: var(--link-fg);
 }
diff --git a/views/404.php b/views/404.php
index 90db39d..3830de8 100644
--- a/views/404.php
+++ b/views/404.php
@@ -12,7 +12,7 @@ http_response_code(404);
     <?php include "partials/header.php"; ?>
 
     <main>
-        <div id="content">
+        <div id="content" class="center">
             <h1>404</h1>
             <p>Sorry, but that doesn't exist anymore.</p>
             <p><small>(or it never existed)</small></p>
diff --git a/views/login.php b/views/login.php
index 3ed2497..3380862 100644
--- a/views/login.php
+++ b/views/login.php
@@ -9,6 +9,29 @@ if ($_SESSION['auth']) {
     exit();
 }
 
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    // Figure out if it's a user
+    $user_to_log_in_as = db_execute('SELECT id, email, password FROM accounts WHERE email = ?', [$_POST['email']]);
+    if (!$user_to_log_in_as) {
+        $error_body = get_string('error.incorrectAuth');
+        goto skip;
+    }
+
+    if (password_verify($_POST['password'], $user_to_log_in_as['password'])) {
+        $_SESSION['auth'] = true;
+        $_SESSION['id'] = $user_to_log_in_as['id'];
+
+        if (key_exists('callback', $query)) {
+            header('Location: ' . $query['callback']);
+        } else {
+            header('Location: /dashboard');
+        }
+        exit();
+    }
+}
+
+skip:
+
 ?>
 
 <!doctype html>
@@ -23,18 +46,20 @@ if ($_SESSION['auth']) {
 
     if ($_SESSION['auth']) {
         $error_body = get_string('error.loggedIn');
-        include 'partials/error.php';
     }
 
     ?>
-    <h1>Sign up</h1>
+    <h1><?= get_string('page.login') ?></h1>
+    <?php
+        if (isset($error_body)) {
+            include 'partials/error.php';
+        }
+    ?>
     <form method="post">
-        <p><label for="email">Email</label>
+        <p><label for="email"><?= get_string("auth.email") ?></label>
             <input type="email" name="email" id="email" /></p>
-        <p><label for="password">Password</label>
+        <p><label for="password"><?= get_string("auth.password") ?></label>
             <input type="password" name="password" id="password" /></p>
-        <p><label for="repeat_password">Confirm password</label>
-            <input type="password" name="repeat_password" id="repeat_password" /></p>
 
         <button type="submit">Submit</button>
     </form>
diff --git a/views/partials/error.php b/views/partials/error.php
index 0ff6acf..7ded725 100644
--- a/views/partials/error.php
+++ b/views/partials/error.php
@@ -8,6 +8,6 @@ $error_body = $error_body ?? "No message provided.";
     <div class="icon">
         <span class="fa-solid fa-fw fa-circle-xmark"></span>
     </div>
-    <h2>An error occurred.</h2>
+    <h2><?= get_string("generic.error") ?></h2>
     <p><?= htmlspecialchars($error_body) ?></p>
 </div>
diff --git a/views/partials/header.php b/views/partials/header.php
index 81329b7..86c41bd 100644
--- a/views/partials/header.php
+++ b/views/partials/header.php
@@ -6,8 +6,16 @@
         </a>
     </div>
 
-    <div>
-        <a href="/auth/signup"><?= get_string("auth.signup") ?></a>
-        <a href="/auth/login"><?= get_string("auth.login") ?></a>
+    <div class="section">
+        <?php
+            if ($_SESSION['auth']) {
+                echo '<div class="item">Hey hey ' . htmlspecialchars(get_user_display_name($_SESSION['id'])) . '!</div>';
+                echo '<div class="item"><a href="/auth/signout">'. get_string('auth.signout') .'</a></div>';
+            }
+            else {
+                echo '<a href="/auth/signup">' . get_string("auth.signup")
+                    . '</a> <a href="/auth/login">'. get_string("auth.login") . '</a>';
+            }
+        ?>
     </div>
 </header>
diff --git a/views/signedout.php b/views/signedout.php
new file mode 100644
index 0000000..9c7038c
--- /dev/null
+++ b/views/signedout.php
@@ -0,0 +1,26 @@
+<?php
+
+$_SESSION['auth'] = false;
+session_destroy();
+
+?>
+
+<!doctype html>
+<html lang="$lang_code">
+<head>
+    <title>Signed out ~> ByeCorps ID</title>
+    <?php include 'partials/head.php'; ?>
+</head>
+<body>
+    <?php include 'partials/header.php'; ?>
+    <main>
+        <center>
+            <div class="largeicon">
+                <span class="fa-fw fa-solid fa-person-through-window"></span>
+            </div>
+            <p><?= get_string('auth.signedout'); ?></p>
+        </center>
+    </main>
+    <?php include 'partials/footer.php'; ?>
+</body>
+</html>
\ No newline at end of file
diff --git a/views/signup.php b/views/signup.php
index 7183bb5..b12bf3c 100644
--- a/views/signup.php
+++ b/views/signup.php
@@ -16,17 +16,18 @@
             }
 
         ?>
-        <h1>Sign up</h1>
-        <form method="post">
-            <p><label for="email">Email</label>
-                <input type="email" name="email" id="email" /></p>
-            <p><label for="password">Password</label>
-                <input type="password" name="password" id="password" /></p>
-            <p><label for="repeat_password">Confirm password</label>
-                <input type="password" name="repeat_password" id="repeat_password" /></p>
-
-            <button type="submit">Submit</button>
-        </form>
+        <h1><?= get_string('page.signup'); ?></h1>
+        <p>Sign ups are disabled.</p>
+<!--        <form method="post">-->
+<!--            <p><label for="email">--><?php //= get_string("auth.email") ?><!--</label>-->
+<!--                <input type="email" name="email" id="email" /></p>-->
+<!--            <p><label for="password">--><?php //= get_string("auth.password") ?><!--</label>-->
+<!--                <input type="password" name="password" id="password" /></p>-->
+<!--            <p><label for="repeat_password">--><?php //= get_string("auth.confirmPassword") ?><!--</label>-->
+<!--                <input type="password" name="repeat_password" id="repeat_password" /></p>-->
+<!---->
+<!--            <button type="submit">Submit</button>-->
+<!--        </form>-->
     </main>
 
     <?php include 'partials/footer.php' ?>