Allow basic registration of people to track
This commit is contained in:
parent
01d8b657b3
commit
64485bbacb
|
@ -74,4 +74,41 @@ class Database
|
|||
$stmt->bindValue(":password", $password);
|
||||
return $stmt->execute() !== false;
|
||||
}
|
||||
|
||||
function add_tracking($user_uuid, $person_name): bool
|
||||
{
|
||||
$stmt = $this->db->prepare("INSERT INTO trackings (user_uuid, person_name) VALUES (:user_uuid, :person_name);");
|
||||
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||
$stmt->bindValue(":person_name", $person_name);
|
||||
return $stmt->execute() !== false;
|
||||
}
|
||||
|
||||
function remove_tracking($user_uuid, $person_name): bool
|
||||
{
|
||||
$stmt = $this->db->prepare("DELETE FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
|
||||
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||
$stmt->bindValue(":person_name", $person_name);
|
||||
return $stmt->execute() !== false;
|
||||
}
|
||||
|
||||
function has_tracking($user_uuid, $person_name): bool
|
||||
{
|
||||
$stmt = $this->db->prepare("SELECT 1 FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
|
||||
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||
$stmt->bindValue(":person_name", $person_name);
|
||||
return $stmt->execute()->fetchArray(SQLITE3_ASSOC) !== false;
|
||||
}
|
||||
|
||||
function list_trackings($user_uuid): array
|
||||
{
|
||||
$stmt = $this->db->prepare("SELECT * FROM trackings WHERE user_uuid=:user_uuid;");
|
||||
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||
$results = $stmt->execute();
|
||||
|
||||
$trackings = [];
|
||||
while ($row = $results->fetchArray(SQLITE3_ASSOC))
|
||||
$trackings[] = $row;
|
||||
|
||||
return $trackings;
|
||||
}
|
||||
}
|
||||
|
|
122
src/main/api.php
122
src/main/api.php
|
@ -12,7 +12,7 @@ require_once __DIR__ . "/vendor/autoload.php";
|
|||
require_once __DIR__ . "/Database.php";
|
||||
|
||||
|
||||
//header("Content-type:application/json;charset=utf-8");
|
||||
header("Content-type:application/json;charset=utf-8");
|
||||
|
||||
|
||||
// Load config
|
||||
|
@ -39,30 +39,31 @@ if (isset($_POST["action"])) {
|
|||
switch ($_POST["action"]) {
|
||||
case "register":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (isset($_SESSION["uuid"])) {
|
||||
exit("already logged in");
|
||||
exit("\"already logged in\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
|
||||
exit("missing inputs");
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
||||
exit("invalid email");
|
||||
exit("\"invalid email\"");
|
||||
}
|
||||
|
||||
if ($_POST["password"] !== $_POST["password_confirm"]) {
|
||||
exit("differing passwords");
|
||||
exit("\"differing passwords\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
||||
exit("email already in use");
|
||||
}
|
||||
$email_is_in_use = $db->get_user_by_email($_POST["email"]) !== null;
|
||||
$db->close();
|
||||
if ($email_is_in_use) {
|
||||
exit("\"email already in use\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
try {
|
||||
|
@ -75,11 +76,11 @@ if (isset($_POST["action"])) {
|
|||
exit("true");
|
||||
case "login":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["email"], $_POST["password"])) {
|
||||
exit("missing inputs");
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
|
@ -87,68 +88,72 @@ if (isset($_POST["action"])) {
|
|||
$db->close();
|
||||
|
||||
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
|
||||
exit("wrong password");
|
||||
exit("\"wrong password\"");
|
||||
}
|
||||
|
||||
$_SESSION["uuid"] = $user["uuid"];
|
||||
exit("true");
|
||||
case "logout":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
session_destroy();
|
||||
exit("true");
|
||||
case "user-update-email":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("not logged in");
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["email"])) {
|
||||
exit("missing inputs");
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
||||
exit("invalid email");
|
||||
exit("\"invalid email\"");
|
||||
}
|
||||
|
||||
// TODO: Check if user exists
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
||||
exit("email already in use");
|
||||
exit("\"email already in use\"");
|
||||
}
|
||||
$db->close();
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
|
||||
$db->close();
|
||||
exit("true");
|
||||
exit("\"true\"");
|
||||
case "user-update-password":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("not logged in");
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
|
||||
exit("missing inputs");
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
// TODO: Check if user exists
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
|
||||
$db->close();
|
||||
|
||||
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
|
||||
exit("wrong password");
|
||||
exit("\"wrong password\"");
|
||||
}
|
||||
|
||||
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
|
||||
exit("differing passwords");
|
||||
exit("\"differing passwords\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
|
@ -157,29 +162,69 @@ if (isset($_POST["action"])) {
|
|||
exit("true");
|
||||
case "user-delete":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("not logged in");
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
// TODO: Check if user exists
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
$db->delete_user($_SESSION["uuid"]);
|
||||
$db->close();
|
||||
|
||||
session_destroy();
|
||||
break;
|
||||
exit("true");
|
||||
case "add-tracking":
|
||||
case "delete-tracking":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
break;
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["person_name"])) {
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||
$tracking_already_exists = $db->has_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||
$db->close();
|
||||
if ($tracking_already_exists) {
|
||||
exit("\"tracking already exists\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
$db->add_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||
$db->close();
|
||||
|
||||
exit("true");
|
||||
case "delete-tracking":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
if (!isset($_POST["person_name"])) {
|
||||
exit("\"missing inputs\"");
|
||||
}
|
||||
|
||||
// TODO: Check if tracking exists
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||
$db->remove_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||
$db->close();
|
||||
|
||||
exit("true");
|
||||
case "send-test-email":
|
||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||
exit("no token, or invalid token");
|
||||
exit("\"no token, or invalid token\"");
|
||||
}
|
||||
|
||||
// TODO: Send this to logged-in user
|
||||
|
@ -215,8 +260,17 @@ if (isset($_POST["action"])) {
|
|||
}
|
||||
} else if (isset($_GET["action"])) {
|
||||
// Process GET
|
||||
if ($_GET["action"] == "get-trackings") {
|
||||
// Returns list of people of this user
|
||||
exit("false");
|
||||
if ($_GET["action"] == "list-trackings") {
|
||||
if (!isset($_SESSION["uuid"])) {
|
||||
exit("\"not logged in\"");
|
||||
}
|
||||
|
||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||
$trackings = $db->list_trackings($_SESSION["uuid"], $_SESSION["uuid"]);
|
||||
$db->close();
|
||||
|
||||
exit(json_encode($trackings));
|
||||
}
|
||||
}
|
||||
|
||||
exit("\"unknown action\"");
|
||||
|
|
|
@ -114,6 +114,32 @@ $_SESSION["token"] = bin2hex(random_bytes(32));
|
|||
</label>
|
||||
<input type="submit" />
|
||||
</form>
|
||||
|
||||
<h1>Add tracking</h1>
|
||||
<form action="api.php" method="post">
|
||||
<input type="hidden" name="action" value="add-tracking" />
|
||||
<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>" />
|
||||
<label>
|
||||
Person name
|
||||
<input name="person_name" />
|
||||
</label>
|
||||
<input type="submit" />
|
||||
</form>
|
||||
|
||||
<h1>Remove tracking</h1>
|
||||
<form action="api.php" method="post">
|
||||
<input type="hidden" name="action" value="delete-tracking" />
|
||||
<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>" />
|
||||
<label>
|
||||
Person name
|
||||
<input name="person_name" />
|
||||
</label>
|
||||
<input type="submit" />
|
||||
</form>
|
||||
|
||||
<h1>Trackings</h1>
|
||||
<pre id="trackings">
|
||||
</pre>
|
||||
</section>
|
||||
</div>
|
||||
<div id="footer"></div>
|
||||
|
|
|
@ -14,4 +14,8 @@ doAfterLoad(() => {
|
|||
version: "v%%VERSION_NUMBER%%"
|
||||
}));
|
||||
$("main").classList.remove("hidden");
|
||||
|
||||
fetch("api.php?action=list-trackings")
|
||||
.then(it => it.text())
|
||||
.then(it => $("#trackings").innerText = it);
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue