tools
/
death-notifier
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Activity

Add very simplistic basic code

This commit is contained in:
Florine W. Dekker 2022-08-09 17:03:49 +02:00
commit a58548300a
Signed by: FWDekker
GPG Key ID: D3DCFAA8A4560BE0
5 changed files with 274 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
src/main/.death-notifier.db
src/main/config.ini
src/main/mailer

182
src/main/api.php Normal file
View File

@ -0,0 +1,182 @@
<?php
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require "mailer/Exception.php";
require "mailer/PHPMailer.php";
require "mailer/SMTP.php";
header("Content-type:application/json;charset=utf-8");
$config = parse_ini_file("config.default.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
if (file_exists("config.ini")) {
$config_custom = parse_ini_file("config.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
$config = array_merge($config, $config_custom);
}
// TODO: CSRF token check!
// TODO: GET should never modify state!!!
if (isset($_GET["action"]) && $_GET["action"] == "install") {
if (file_exists($config["database"]["filename"])) {
unlink($config["database"]["filename"]);
}
$db = new SQLite3($config["database"]["filename"]);
$db->exec("CREATE TABLE users(uuid text primary key not null, email text not null, password text not null);");
// TODO: Do email verification stuff: `current_email` and `email_is_verified` and stuff
$db->exec("CREATE TABLE trackings(user_uuid text not null, person_name text not null, is_deceased int not null)");
$db->close();
}
if (!file_exists($config["database"]["filename"])) {
exit();
}
session_start();
if (isset($_GET["postisget"])) {
$_POST = $_GET;
}
if (isset($_POST["action"])) {
switch ($_POST["action"]) {
case "add-user":
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
exit("missing inputs");
}
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
exit("invalid email");
}
if ($_POST["password"] !== $_POST["password_confirm"]) {
exit("differing passwords");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
if ($db->get_user_by_email($_POST["email"]) !== null) {
exit("email already in use");
}
$db->close();
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$uuid = bin2hex(random_bytes(16));
$db->add_user($uuid, $_POST["email"], $_POST["password"]);
$db->close();
break;
case "update-user-email":
if (!isset($_POST["email"])) {
exit("missing inputs");
}
if (!isset($_SESSION["uuid"])) {
exit("not logged in");
}
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
exit("invalid email");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
if ($db->get_user_by_email($_POST["email"]) !== null) {
exit("email already in use");
}
$db->close();
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
$db->close();
break;
case "update-user-password":
if (!isset($_POST["password"], $_POST["password_confirm"])) {
exit("missing inputs");
}
if (!isset($_SESSION["uuid"])) {
exit("not logged in");
}
if ($_POST["password"] !== $_POST["password_confirm"]) {
exit("differing passwords");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->set_user_password($_SESSION["uuid"], $_POST["password"]);
$db->close();
break;
case "delete-user":
if (!isset($_SESSION["uuid"])) {
exit("not logged in");
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->delete_user($_SESSION["uuid"]);
$db->close();
session_destroy();
break;
case "add-tracking":
break;
case "delete-tracking":
break;
case "send-test-email":
// TODO: Send this to logged-in user
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->CharSet = "UTF-8";
$mail->SMTPDebug = SMTP::DEBUG_OFF;
$mail->Host = $config["mail"]["host"];
$mail->SMTPAuth = true;
$mail->Port = $config["mail"]["port"];
$mail->Username = $config["mail"]["username"];
$mail->Password = $config["mail"]["password"];
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
try {
$mail->setFrom($config["mail"]["username"], $config["mail"]["from_name"]);
$mail->addAddress($config["mail"]["to_address_test"]);
} catch (Exception $exception) {
exit("false");
}
$mail->Subject = "Test mail";
$mail->Body = "This is a test mail from death-notifier!";
try {
$mail->send();
} catch (Exception $exception) {
exit("false");
}
exit("true");
}
} else if (isset($_GET["action"])) {
switch ($_GET["action"]) {
case "login":
if (!isset($_GET["email"], $_GET["password"])) {
exit();
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$user = $db->get_user_by_email($_GET["email"]);
$db->close();
if ($user === null || !password_verify($_GET["password"], $user["password"])) {
exit("false");
}
$_SESSION["uuid"] = $user["uuid"];
exit("true");
case "logout":
session_destroy();
break;
case "get-trackings":
// Returns list of people of this user
break;
}
}

10
src/main/config.default.ini Normal file
View File

@ -0,0 +1,10 @@
[database]
filename = .death-notifier.db
[mail]
host = TODO
port = TODO
username = TODO
password = TODO
from_name = TODO
to_address_test = TODO

70
src/main/db.php Normal file
View File

@ -0,0 +1,70 @@
<?php
http_response_code(404);
exit();
class Database
{
private $db;
function __construct($filename, $flags = SQLITE3_OPEN_READWRITE)
{
$this->db = new SQLite3($filename, $flags);
}
function close(): void
{
$this->db->close();
}
function install(): void
{
}
function add_user($uuid, $email, $password): bool
{
$stmt = $this->db->prepare("INSERT INTO users (uuid, email, password) VALUES (:uuid, :email, :password);");
$stmt->bindValue(":uuid", $uuid);
$stmt->bindValue(":email", $email);
$stmt->bindValue(":password", password_hash($password, PASSWORD_DEFAULT));
return $stmt->execute() !== false;
}
function delete_user($uuid): bool
{
$stmt = $this->db->prepare("DELETE FROM users WHERE uuid=:uuid;");
$stmt->bindValue(":uuid", $uuid);
return $stmt->execute() !== false;
}
function get_user_by_email($email): array|null
{
$stmt = $this->db->prepare("SELECT uuid, password FROM users WHERE email=:email;");
$stmt->bindValue(":email", $email);
$result = $stmt->execute();
if ($result->numColumns() === 0) {
return null;
}
return $stmt->execute()->fetchArray(SQLITE3_ASSOC);
}
function set_user_email($uuid, $email): bool
{
$stmt = $this->db->prepare("UPDATE users SET email=:email WHERE uuid=:uuid;");
$stmt->bindValue(":uuid", $uuid);
$stmt->bindValue(":email", $email);
return $stmt->execute() !== false;
}
function set_user_password($uuid, $password): bool
{
$stmt = $this->db->prepare("UPDATE users SET password=:password WHERE uuid=:uuid;");
$stmt->bindValue(":uuid", $uuid);
$stmt->bindValue(":password", $password);
return $stmt->execute() !== false;
}
}

9
src/main/index.php Normal file
View File

@ -0,0 +1,9 @@
<!---->
<!--Start the session and generate a random token.-->
<!--session_start();-->
<!--$_SESSION["token"] = bin2hex(random_bytes(32));-->
<!--Embed the CSRF token into the HTML form.-->
<!--<input type="hidden" name="token" value="--><?//=$_SESSION["token"]?><!--"/>-->
<!--When the form is submitted, cross-check the submitted token against the session.-->
<!--if (!isset($_POST["token"]) || !isset($_SESSION["token"])) { exit(); }-->
<!--if ($_POST["token"] == $_SESSION["token"]) { DO PROCESSING } -->