diff --git a/src/main/Database.php b/src/main/Database.php
index b00915c..944992f 100644
--- a/src/main/Database.php
+++ b/src/main/Database.php
@@ -74,4 +74,41 @@ class Database
$stmt->bindValue(":password", $password);
return $stmt->execute() !== false;
}
+
+ function add_tracking($user_uuid, $person_name): bool
+ {
+ $stmt = $this->db->prepare("INSERT INTO trackings (user_uuid, person_name) VALUES (:user_uuid, :person_name);");
+ $stmt->bindValue(":user_uuid", $user_uuid);
+ $stmt->bindValue(":person_name", $person_name);
+ return $stmt->execute() !== false;
+ }
+
+ function remove_tracking($user_uuid, $person_name): bool
+ {
+ $stmt = $this->db->prepare("DELETE FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
+ $stmt->bindValue(":user_uuid", $user_uuid);
+ $stmt->bindValue(":person_name", $person_name);
+ return $stmt->execute() !== false;
+ }
+
+ function has_tracking($user_uuid, $person_name): bool
+ {
+ $stmt = $this->db->prepare("SELECT 1 FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
+ $stmt->bindValue(":user_uuid", $user_uuid);
+ $stmt->bindValue(":person_name", $person_name);
+ return $stmt->execute()->fetchArray(SQLITE3_ASSOC) !== false;
+ }
+
+ function list_trackings($user_uuid): array
+ {
+ $stmt = $this->db->prepare("SELECT * FROM trackings WHERE user_uuid=:user_uuid;");
+ $stmt->bindValue(":user_uuid", $user_uuid);
+ $results = $stmt->execute();
+
+ $trackings = [];
+ while ($row = $results->fetchArray(SQLITE3_ASSOC))
+ $trackings[] = $row;
+
+ return $trackings;
+ }
}
diff --git a/src/main/api.php b/src/main/api.php
index 6d36742..a74880c 100644
--- a/src/main/api.php
+++ b/src/main/api.php
@@ -12,7 +12,7 @@ require_once __DIR__ . "/vendor/autoload.php";
require_once __DIR__ . "/Database.php";
-//header("Content-type:application/json;charset=utf-8");
+header("Content-type:application/json;charset=utf-8");
// Load config
@@ -39,30 +39,31 @@ if (isset($_POST["action"])) {
switch ($_POST["action"]) {
case "register":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
if (isset($_SESSION["uuid"])) {
- exit("already logged in");
+ exit("\"already logged in\"");
}
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
- exit("missing inputs");
+ exit("\"missing inputs\"");
}
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
- exit("invalid email");
+ exit("\"invalid email\"");
}
if ($_POST["password"] !== $_POST["password_confirm"]) {
- exit("differing passwords");
+ exit("\"differing passwords\"");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
- if ($db->get_user_by_email($_POST["email"]) !== null) {
- exit("email already in use");
- }
+ $email_is_in_use = $db->get_user_by_email($_POST["email"]) !== null;
$db->close();
+ if ($email_is_in_use) {
+ exit("\"email already in use\"");
+ }
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
try {
@@ -75,11 +76,11 @@ if (isset($_POST["action"])) {
exit("true");
case "login":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
if (!isset($_POST["email"], $_POST["password"])) {
- exit("missing inputs");
+ exit("\"missing inputs\"");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
@@ -87,68 +88,72 @@ if (isset($_POST["action"])) {
$db->close();
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
- exit("wrong password");
+ exit("\"wrong password\"");
}
$_SESSION["uuid"] = $user["uuid"];
exit("true");
case "logout":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
session_destroy();
exit("true");
case "user-update-email":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
if (!isset($_SESSION["uuid"])) {
- exit("not logged in");
+ exit("\"not logged in\"");
}
if (!isset($_POST["email"])) {
- exit("missing inputs");
+ exit("\"missing inputs\"");
}
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
- exit("invalid email");
+ exit("\"invalid email\"");
}
+ // TODO: Check if user exists
+
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
if ($db->get_user_by_email($_POST["email"]) !== null) {
- exit("email already in use");
+ exit("\"email already in use\"");
}
$db->close();
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
$db->close();
- exit("true");
+ exit("\"true\"");
case "user-update-password":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
if (!isset($_SESSION["uuid"])) {
- exit("not logged in");
+ exit("\"not logged in\"");
}
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
- exit("missing inputs");
+ exit("\"missing inputs\"");
}
+ // TODO: Check if user exists
+
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
$db->close();
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
- exit("wrong password");
+ exit("\"wrong password\"");
}
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
- exit("differing passwords");
+ exit("\"differing passwords\"");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
@@ -157,29 +162,69 @@ if (isset($_POST["action"])) {
exit("true");
case "user-delete":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
if (!isset($_SESSION["uuid"])) {
- exit("not logged in");
+ exit("\"not logged in\"");
}
+ // TODO: Check if user exists
+
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->delete_user($_SESSION["uuid"]);
$db->close();
session_destroy();
- break;
+ exit("true");
case "add-tracking":
- case "delete-tracking":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
- break;
+ if (!isset($_SESSION["uuid"])) {
+ exit("\"not logged in\"");
+ }
+
+ if (!isset($_POST["person_name"])) {
+ exit("\"missing inputs\"");
+ }
+
+ $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
+ $tracking_already_exists = $db->has_tracking($_SESSION["uuid"], $_POST["person_name"]);
+ $db->close();
+ if ($tracking_already_exists) {
+ exit("\"tracking already exists\"");
+ }
+
+ $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+ $db->add_tracking($_SESSION["uuid"], $_POST["person_name"]);
+ $db->close();
+
+ exit("true");
+ case "delete-tracking":
+ if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
+ exit("\"no token, or invalid token\"");
+ }
+
+ if (!isset($_SESSION["uuid"])) {
+ exit("\"not logged in\"");
+ }
+
+ if (!isset($_POST["person_name"])) {
+ exit("\"missing inputs\"");
+ }
+
+ // TODO: Check if tracking exists
+
+ $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+ $db->remove_tracking($_SESSION["uuid"], $_POST["person_name"]);
+ $db->close();
+
+ exit("true");
case "send-test-email":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
- exit("no token, or invalid token");
+ exit("\"no token, or invalid token\"");
}
// TODO: Send this to logged-in user
@@ -215,8 +260,17 @@ if (isset($_POST["action"])) {
}
} else if (isset($_GET["action"])) {
// Process GET
- if ($_GET["action"] == "get-trackings") {
- // Returns list of people of this user
- exit("false");
+ if ($_GET["action"] == "list-trackings") {
+ if (!isset($_SESSION["uuid"])) {
+ exit("\"not logged in\"");
+ }
+
+ $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
+ $trackings = $db->list_trackings($_SESSION["uuid"], $_SESSION["uuid"]);
+ $db->close();
+
+ exit(json_encode($trackings));
}
}
+
+exit("\"unknown action\"");
diff --git a/src/main/index.php b/src/main/index.php
index bff9deb..3937010 100644
--- a/src/main/index.php
+++ b/src/main/index.php
@@ -114,6 +114,32 @@ $_SESSION["token"] = bin2hex(random_bytes(32));
+
+ Add tracking
+
+
+ Remove tracking
+
+
+ Trackings
+
+
diff --git a/src/main/js/Main.ts b/src/main/js/Main.ts
index dde0c1e..1988945 100644
--- a/src/main/js/Main.ts
+++ b/src/main/js/Main.ts
@@ -14,4 +14,8 @@ doAfterLoad(() => {
version: "v%%VERSION_NUMBER%%"
}));
$("main").classList.remove("hidden");
+
+ fetch("api.php?action=list-trackings")
+ .then(it => it.text())
+ .then(it => $("#trackings").innerText = it);
});