Allow basic registration of people to track
This commit is contained in:
parent
01d8b657b3
commit
64485bbacb
GPG Key ID:
D3DCFAA8A4560BE0
|
|
@ -74,4 +74,41 @@ class Database
|
||||||
$stmt->bindValue(":password", $password);
|
$stmt->bindValue(":password", $password);
|
||||||
return $stmt->execute() !== false;
|
return $stmt->execute() !== false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function add_tracking($user_uuid, $person_name): bool
|
||||||
|
{
|
||||||
|
$stmt = $this->db->prepare("INSERT INTO trackings (user_uuid, person_name) VALUES (:user_uuid, :person_name);");
|
||||||
|
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||||
|
$stmt->bindValue(":person_name", $person_name);
|
||||||
|
return $stmt->execute() !== false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function remove_tracking($user_uuid, $person_name): bool
|
||||||
|
{
|
||||||
|
$stmt = $this->db->prepare("DELETE FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
|
||||||
|
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||||
|
$stmt->bindValue(":person_name", $person_name);
|
||||||
|
return $stmt->execute() !== false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function has_tracking($user_uuid, $person_name): bool
|
||||||
|
{
|
||||||
|
$stmt = $this->db->prepare("SELECT 1 FROM trackings WHERE user_uuid=:user_uuid AND person_name=:person_name;");
|
||||||
|
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||||
|
$stmt->bindValue(":person_name", $person_name);
|
||||||
|
return $stmt->execute()->fetchArray(SQLITE3_ASSOC) !== false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function list_trackings($user_uuid): array
|
||||||
|
{
|
||||||
|
$stmt = $this->db->prepare("SELECT * FROM trackings WHERE user_uuid=:user_uuid;");
|
||||||
|
$stmt->bindValue(":user_uuid", $user_uuid);
|
||||||
|
$results = $stmt->execute();
|
||||||
|
|
||||||
|
$trackings = [];
|
||||||
|
while ($row = $results->fetchArray(SQLITE3_ASSOC))
|
||||||
|
$trackings[] = $row;
|
||||||
|
|
||||||
|
return $trackings;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
122
src/main/api.php
122
src/main/api.php
|
|
@ -12,7 +12,7 @@ require_once __DIR__ . "/vendor/autoload.php";
|
||||||
require_once __DIR__ . "/Database.php";
|
require_once __DIR__ . "/Database.php";
|
||||||
|
|
||||||
|
|
||||||
//header("Content-type:application/json;charset=utf-8");
|
header("Content-type:application/json;charset=utf-8");
|
||||||
|
|
||||||
|
|
||||||
// Load config
|
// Load config
|
||||||
|
|
@ -39,30 +39,31 @@ if (isset($_POST["action"])) {
|
||||||
switch ($_POST["action"]) {
|
switch ($_POST["action"]) {
|
||||||
case "register":
|
case "register":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_SESSION["uuid"])) {
|
if (isset($_SESSION["uuid"])) {
|
||||||
exit("already logged in");
|
exit("\"already logged in\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
|
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
|
||||||
exit("missing inputs");
|
exit("\"missing inputs\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
||||||
exit("invalid email");
|
exit("\"invalid email\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_POST["password"] !== $_POST["password_confirm"]) {
|
if ($_POST["password"] !== $_POST["password_confirm"]) {
|
||||||
exit("differing passwords");
|
exit("\"differing passwords\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||||
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
$email_is_in_use = $db->get_user_by_email($_POST["email"]) !== null;
|
||||||
exit("email already in use");
|
|
||||||
}
|
|
||||||
$db->close();
|
$db->close();
|
||||||
|
if ($email_is_in_use) {
|
||||||
|
exit("\"email already in use\"");
|
||||||
|
}
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
try {
|
try {
|
||||||
|
|
@ -75,11 +76,11 @@ if (isset($_POST["action"])) {
|
||||||
exit("true");
|
exit("true");
|
||||||
case "login":
|
case "login":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_POST["email"], $_POST["password"])) {
|
if (!isset($_POST["email"], $_POST["password"])) {
|
||||||
exit("missing inputs");
|
exit("\"missing inputs\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
|
|
@ -87,68 +88,72 @@ if (isset($_POST["action"])) {
|
||||||
$db->close();
|
$db->close();
|
||||||
|
|
||||||
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
|
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
|
||||||
exit("wrong password");
|
exit("\"wrong password\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
$_SESSION["uuid"] = $user["uuid"];
|
$_SESSION["uuid"] = $user["uuid"];
|
||||||
exit("true");
|
exit("true");
|
||||||
case "logout":
|
case "logout":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
session_destroy();
|
session_destroy();
|
||||||
exit("true");
|
exit("true");
|
||||||
case "user-update-email":
|
case "user-update-email":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_SESSION["uuid"])) {
|
if (!isset($_SESSION["uuid"])) {
|
||||||
exit("not logged in");
|
exit("\"not logged in\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_POST["email"])) {
|
if (!isset($_POST["email"])) {
|
||||||
exit("missing inputs");
|
exit("\"missing inputs\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
||||||
exit("invalid email");
|
exit("\"invalid email\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Check if user exists
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||||
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
||||||
exit("email already in use");
|
exit("\"email already in use\"");
|
||||||
}
|
}
|
||||||
$db->close();
|
$db->close();
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
|
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
|
||||||
$db->close();
|
$db->close();
|
||||||
exit("true");
|
exit("\"true\"");
|
||||||
case "user-update-password":
|
case "user-update-password":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_SESSION["uuid"])) {
|
if (!isset($_SESSION["uuid"])) {
|
||||||
exit("not logged in");
|
exit("\"not logged in\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
|
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
|
||||||
exit("missing inputs");
|
exit("\"missing inputs\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Check if user exists
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
|
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
|
||||||
$db->close();
|
$db->close();
|
||||||
|
|
||||||
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
|
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
|
||||||
exit("wrong password");
|
exit("\"wrong password\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
|
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
|
||||||
exit("differing passwords");
|
exit("\"differing passwords\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
|
|
@ -157,29 +162,69 @@ if (isset($_POST["action"])) {
|
||||||
exit("true");
|
exit("true");
|
||||||
case "user-delete":
|
case "user-delete":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($_SESSION["uuid"])) {
|
if (!isset($_SESSION["uuid"])) {
|
||||||
exit("not logged in");
|
exit("\"not logged in\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Check if user exists
|
||||||
|
|
||||||
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
$db->delete_user($_SESSION["uuid"]);
|
$db->delete_user($_SESSION["uuid"]);
|
||||||
$db->close();
|
$db->close();
|
||||||
|
|
||||||
session_destroy();
|
session_destroy();
|
||||||
break;
|
exit("true");
|
||||||
case "add-tracking":
|
case "add-tracking":
|
||||||
case "delete-tracking":
|
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
if (!isset($_SESSION["uuid"])) {
|
||||||
|
exit("\"not logged in\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($_POST["person_name"])) {
|
||||||
|
exit("\"missing inputs\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||||
|
$tracking_already_exists = $db->has_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||||
|
$db->close();
|
||||||
|
if ($tracking_already_exists) {
|
||||||
|
exit("\"tracking already exists\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
|
$db->add_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||||
|
$db->close();
|
||||||
|
|
||||||
|
exit("true");
|
||||||
|
case "delete-tracking":
|
||||||
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
|
exit("\"no token, or invalid token\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($_SESSION["uuid"])) {
|
||||||
|
exit("\"not logged in\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($_POST["person_name"])) {
|
||||||
|
exit("\"missing inputs\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Check if tracking exists
|
||||||
|
|
||||||
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
||||||
|
$db->remove_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
||||||
|
$db->close();
|
||||||
|
|
||||||
|
exit("true");
|
||||||
case "send-test-email":
|
case "send-test-email":
|
||||||
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
||||||
exit("no token, or invalid token");
|
exit("\"no token, or invalid token\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Send this to logged-in user
|
// TODO: Send this to logged-in user
|
||||||
|
|
@ -215,8 +260,17 @@ if (isset($_POST["action"])) {
|
||||||
}
|
}
|
||||||
} else if (isset($_GET["action"])) {
|
} else if (isset($_GET["action"])) {
|
||||||
// Process GET
|
// Process GET
|
||||||
if ($_GET["action"] == "get-trackings") {
|
if ($_GET["action"] == "list-trackings") {
|
||||||
// Returns list of people of this user
|
if (!isset($_SESSION["uuid"])) {
|
||||||
exit("false");
|
exit("\"not logged in\"");
|
||||||
|
}
|
||||||
|
|
||||||
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
||||||
|
$trackings = $db->list_trackings($_SESSION["uuid"], $_SESSION["uuid"]);
|
||||||
|
$db->close();
|
||||||
|
|
||||||
|
exit(json_encode($trackings));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exit("\"unknown action\"");
|
||||||
|
|
|
||||||
|
|
@ -114,6 +114,32 @@ $_SESSION["token"] = bin2hex(random_bytes(32));
|
||||||
</label>
|
</label>
|
||||||
<input type="submit" />
|
<input type="submit" />
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
<h1>Add tracking</h1>
|
||||||
|
<form action="api.php" method="post">
|
||||||
|
<input type="hidden" name="action" value="add-tracking" />
|
||||||
|
<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>" />
|
||||||
|
<label>
|
||||||
|
Person name
|
||||||
|
<input name="person_name" />
|
||||||
|
</label>
|
||||||
|
<input type="submit" />
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<h1>Remove tracking</h1>
|
||||||
|
<form action="api.php" method="post">
|
||||||
|
<input type="hidden" name="action" value="delete-tracking" />
|
||||||
|
<input type="hidden" name="token" value="<?= $_SESSION["token"] ?>" />
|
||||||
|
<label>
|
||||||
|
Person name
|
||||||
|
<input name="person_name" />
|
||||||
|
</label>
|
||||||
|
<input type="submit" />
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<h1>Trackings</h1>
|
||||||
|
<pre id="trackings">
|
||||||
|
</pre>
|
||||||
</section>
|
</section>
|
||||||
</div>
|
</div>
|
||||||
<div id="footer"></div>
|
<div id="footer"></div>
|
||||||
|
|
|
||||||
|
|
@ -14,4 +14,8 @@ doAfterLoad(() => {
|
||||||
version: "v%%VERSION_NUMBER%%"
|
version: "v%%VERSION_NUMBER%%"
|
||||||
}));
|
}));
|
||||||
$("main").classList.remove("hidden");
|
$("main").classList.remove("hidden");
|
||||||
|
|
||||||
|
fetch("api.php?action=list-trackings")
|
||||||
|
.then(it => it.text())
|
||||||
|
.then(it => $("#trackings").innerText = it);
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue