Signing out and logging in work

This commit is contained in:
bye 2024-07-01 22:15:51 +01:00
parent 6d280e4920
commit a5e968cef8
11 changed files with 160 additions and 32 deletions

View File

@ -40,6 +40,35 @@ function format_bcid ($bcid): string
} }
function get_user_by_id($bcid) { function get_user_by_id($bcid) {
$user = db_execute('SELECT * FROM accounts WHERE id = ? LIMIT 1', [$bcid]); return db_execute('SELECT * FROM accounts WHERE id = ? LIMIT 1', [$bcid]);
return $user; }
function get_user_display_name($userId, $escape = true) {
global $user;
if (!$_SESSION['auth']) {
return '';
}
$target = array();
if ($userId == $user['id']) {
$target = $user;
} else {
$target = get_user_by_id($userId);
}
if (is_null($user['display_name'])) {
try {
return format_bcid($user['id']);
} catch (Exception $e) {
return 'Invalid BCID';
}
}
$display_name = $user['display_name'];
if ($escape) {
$display_name = htmlspecialchars($display_name);
}
return $display_name;
} }

View File

@ -38,7 +38,7 @@ $uri_explode = explode('?', $uri_string);
$path_raw = $uri_explode[0]; // `/foo/bar` $path_raw = $uri_explode[0]; // `/foo/bar`
$path = explode('/', $path_raw); $path = explode('/', $path_raw);
$query = array();
if(isset($uri_explode[1])) { if(isset($uri_explode[1])) {
$uri_string = $uri_explode[0]; $uri_string = $uri_explode[0];
$uri_explode = explode('&', $uri_explode[1]); $uri_explode = explode('&', $uri_explode[1]);
@ -63,17 +63,18 @@ $routes = [
'' => function () { require 'views/home.php'; }, '' => function () { require 'views/home.php'; },
'api' => function () { require 'api.php'; /* Handoff further routing to API script. */ }, 'api' => function () { require 'api.php'; /* Handoff further routing to API script. */ },
'auth' => function () { 'auth' => function () {
global $path; global $path, $query;
if ($path[2] == 'signup') { if ($path[2] == 'signout') {
require 'views/signedout.php';
} else if ($path[2] == 'signup') {
require 'views/signup.php'; require 'views/signup.php';
exit;
} else if ($path[2] == 'login') { } else if ($path[2] == 'login') {
require 'views/login.php'; require 'views/login.php';
exit; } else {
}
return 404; return 404;
}
exit();
}, },
'profile' => function () { 'profile' => function () {
global $path, $user, $profile_owner; // don't forget this lol global $path, $user, $profile_owner; // don't forget this lol

@ -1 +1 @@
Subproject commit 9e538d7e87b6cae822bfa77f3636335cbd505352 Subproject commit 729d95f1310a930ab57c8983d9c35cc63d8f233d

View File

@ -30,6 +30,15 @@ header {
color: var(--dark-slate-gray); color: var(--dark-slate-gray);
} }
header > .section {
display: flex;
gap: 1em;
}
.largeicon {
font-size: 48px;
}
main { main {
flex: 1; flex: 1;
@ -90,3 +99,7 @@ body > .errorbox {
.bc-3 { .bc-3 {
font-weight: 400; font-weight: 400;
} }
.center {
text-align: center;
}

View File

@ -10,4 +10,29 @@
--fern-green: #65743a; --fern-green: #65743a;
--flax: #efdd8d; --flax: #efdd8d;
--mindaro: #f4fdaf; --mindaro: #f4fdaf;
--grey-5: #adb5bd;
--red-2: #ffc9c9;
--red-3: #ffa8a8;
--red-7: #f03e3e;
--red-9: #c92a2a;
--link-fg: var(--dark-slate-gray);
--error-fg: var(--red-9);
}
@media screen and (prefers-color-scheme: dark) {
:root {
--link-fg: var(--flax);
--error-fg: var(--red-3);
}
}
.error-fg {
color: var(--error-fg);
}
a {
color: var(--link-fg);
} }

View File

@ -12,7 +12,7 @@ http_response_code(404);
<?php include "partials/header.php"; ?> <?php include "partials/header.php"; ?>
<main> <main>
<div id="content"> <div id="content" class="center">
<h1>404</h1> <h1>404</h1>
<p>Sorry, but that doesn't exist anymore.</p> <p>Sorry, but that doesn't exist anymore.</p>
<p><small>(or it never existed)</small></p> <p><small>(or it never existed)</small></p>

View File

@ -9,6 +9,29 @@ if ($_SESSION['auth']) {
exit(); exit();
} }
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Figure out if it's a user
$user_to_log_in_as = db_execute('SELECT id, email, password FROM accounts WHERE email = ?', [$_POST['email']]);
if (!$user_to_log_in_as) {
$error_body = get_string('error.incorrectAuth');
goto skip;
}
if (password_verify($_POST['password'], $user_to_log_in_as['password'])) {
$_SESSION['auth'] = true;
$_SESSION['id'] = $user_to_log_in_as['id'];
if (key_exists('callback', $query)) {
header('Location: ' . $query['callback']);
} else {
header('Location: /dashboard');
}
exit();
}
}
skip:
?> ?>
<!doctype html> <!doctype html>
@ -23,18 +46,20 @@ if ($_SESSION['auth']) {
if ($_SESSION['auth']) { if ($_SESSION['auth']) {
$error_body = get_string('error.loggedIn'); $error_body = get_string('error.loggedIn');
include 'partials/error.php';
} }
?> ?>
<h1>Sign up</h1> <h1><?= get_string('page.login') ?></h1>
<?php
if (isset($error_body)) {
include 'partials/error.php';
}
?>
<form method="post"> <form method="post">
<p><label for="email">Email</label> <p><label for="email"><?= get_string("auth.email") ?></label>
<input type="email" name="email" id="email" /></p> <input type="email" name="email" id="email" /></p>
<p><label for="password">Password</label> <p><label for="password"><?= get_string("auth.password") ?></label>
<input type="password" name="password" id="password" /></p> <input type="password" name="password" id="password" /></p>
<p><label for="repeat_password">Confirm password</label>
<input type="password" name="repeat_password" id="repeat_password" /></p>
<button type="submit">Submit</button> <button type="submit">Submit</button>
</form> </form>

View File

@ -8,6 +8,6 @@ $error_body = $error_body ?? "No message provided.";
<div class="icon"> <div class="icon">
<span class="fa-solid fa-fw fa-circle-xmark"></span> <span class="fa-solid fa-fw fa-circle-xmark"></span>
</div> </div>
<h2>An error occurred.</h2> <h2><?= get_string("generic.error") ?></h2>
<p><?= htmlspecialchars($error_body) ?></p> <p><?= htmlspecialchars($error_body) ?></p>
</div> </div>

View File

@ -6,8 +6,16 @@
</a> </a>
</div> </div>
<div> <div class="section">
<a href="/auth/signup"><?= get_string("auth.signup") ?></a> <?php
<a href="/auth/login"><?= get_string("auth.login") ?></a> if ($_SESSION['auth']) {
echo '<div class="item">Hey hey ' . htmlspecialchars(get_user_display_name($_SESSION['id'])) . '!</div>';
echo '<div class="item"><a href="/auth/signout">'. get_string('auth.signout') .'</a></div>';
}
else {
echo '<a href="/auth/signup">' . get_string("auth.signup")
. '</a> <a href="/auth/login">'. get_string("auth.login") . '</a>';
}
?>
</div> </div>
</header> </header>

26
views/signedout.php Normal file
View File

@ -0,0 +1,26 @@
<?php
$_SESSION['auth'] = false;
session_destroy();
?>
<!doctype html>
<html lang="$lang_code">
<head>
<title>Signed out ~> ByeCorps ID</title>
<?php include 'partials/head.php'; ?>
</head>
<body>
<?php include 'partials/header.php'; ?>
<main>
<center>
<div class="largeicon">
<span class="fa-fw fa-solid fa-person-through-window"></span>
</div>
<p><?= get_string('auth.signedout'); ?></p>
</center>
</main>
<?php include 'partials/footer.php'; ?>
</body>
</html>

View File

@ -16,17 +16,18 @@
} }
?> ?>
<h1>Sign up</h1> <h1><?= get_string('page.signup'); ?></h1>
<form method="post"> <p>Sign ups are disabled.</p>
<p><label for="email">Email</label> <!-- <form method="post">-->
<input type="email" name="email" id="email" /></p> <!-- <p><label for="email">--><?php //= get_string("auth.email") ?><!--</label>-->
<p><label for="password">Password</label> <!-- <input type="email" name="email" id="email" /></p>-->
<input type="password" name="password" id="password" /></p> <!-- <p><label for="password">--><?php //= get_string("auth.password") ?><!--</label>-->
<p><label for="repeat_password">Confirm password</label> <!-- <input type="password" name="password" id="password" /></p>-->
<input type="password" name="repeat_password" id="repeat_password" /></p> <!-- <p><label for="repeat_password">--><?php //= get_string("auth.confirmPassword") ?><!--</label>-->
<!-- <input type="password" name="repeat_password" id="repeat_password" /></p>-->
<button type="submit">Submit</button> <!---->
</form> <!-- <button type="submit">Submit</button>-->
<!-- </form>-->
</main> </main>
<?php include 'partials/footer.php' ?> <?php include 'partials/footer.php' ?>