commit a58548300a5fae1b1c638abf7d340d003c768de8
Author: Florine W. Dekker <florine@fwdekker.com>
Date:   Tue Aug 9 17:03:49 2022 +0200

    Add very simplistic basic code

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..33dec3a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+src/main/.death-notifier.db
+src/main/config.ini
+src/main/mailer
diff --git a/src/main/api.php b/src/main/api.php
new file mode 100644
index 0000000..6546d86
--- /dev/null
+++ b/src/main/api.php
@@ -0,0 +1,182 @@
+<?php
+use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\SMTP;
+
+require "mailer/Exception.php";
+require "mailer/PHPMailer.php";
+require "mailer/SMTP.php";
+
+
+header("Content-type:application/json;charset=utf-8");
+
+
+$config = parse_ini_file("config.default.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
+if (file_exists("config.ini")) {
+    $config_custom = parse_ini_file("config.ini", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
+    $config = array_merge($config, $config_custom);
+}
+
+// TODO: CSRF token check!
+// TODO: GET should never modify state!!!
+
+if (isset($_GET["action"]) && $_GET["action"] == "install") {
+    if (file_exists($config["database"]["filename"])) {
+        unlink($config["database"]["filename"]);
+    }
+
+    $db = new SQLite3($config["database"]["filename"]);
+
+    $db->exec("CREATE TABLE users(uuid text primary key not null, email text not null, password text not null);");
+    // TODO: Do email verification stuff: `current_email` and `email_is_verified` and stuff
+    $db->exec("CREATE TABLE trackings(user_uuid text not null, person_name text not null, is_deceased int not null)");
+
+    $db->close();
+}
+if (!file_exists($config["database"]["filename"])) {
+    exit();
+}
+
+session_start();
+if (isset($_GET["postisget"])) {
+    $_POST = $_GET;
+}
+
+if (isset($_POST["action"])) {
+    switch ($_POST["action"]) {
+        case "add-user":
+            if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
+                exit("missing inputs");
+            }
+
+            if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+                exit("invalid email");
+            }
+
+            if ($_POST["password"] !== $_POST["password_confirm"]) {
+                exit("differing passwords");
+            }
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
+            if ($db->get_user_by_email($_POST["email"]) !== null) {
+                exit("email already in use");
+            }
+            $db->close();
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+            $uuid = bin2hex(random_bytes(16));
+            $db->add_user($uuid, $_POST["email"], $_POST["password"]);
+            $db->close();
+            break;
+        case "update-user-email":
+            if (!isset($_POST["email"])) {
+                exit("missing inputs");
+            }
+
+            if (!isset($_SESSION["uuid"])) {
+                exit("not logged in");
+            }
+
+            if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+                exit("invalid email");
+            }
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
+            if ($db->get_user_by_email($_POST["email"]) !== null) {
+                exit("email already in use");
+            }
+            $db->close();
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+            $db->set_user_email($_SESSION["uuid"], $_POST["email"]);
+            $db->close();
+            break;
+        case "update-user-password":
+            if (!isset($_POST["password"], $_POST["password_confirm"])) {
+                exit("missing inputs");
+            }
+
+            if (!isset($_SESSION["uuid"])) {
+                exit("not logged in");
+            }
+
+            if ($_POST["password"] !== $_POST["password_confirm"]) {
+                exit("differing passwords");
+            }
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+            $db->set_user_password($_SESSION["uuid"], $_POST["password"]);
+            $db->close();
+            break;
+        case "delete-user":
+            if (!isset($_SESSION["uuid"])) {
+                exit("not logged in");
+            }
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+            $db->delete_user($_SESSION["uuid"]);
+            $db->close();
+
+            session_destroy();
+            break;
+        case "add-tracking":
+            break;
+        case "delete-tracking":
+            break;
+        case "send-test-email":
+            // TODO: Send this to logged-in user
+
+            $mail = new PHPMailer();
+            $mail->IsSMTP();
+            $mail->CharSet = "UTF-8";
+
+            $mail->SMTPDebug = SMTP::DEBUG_OFF;
+            $mail->Host = $config["mail"]["host"];
+            $mail->SMTPAuth = true;
+            $mail->Port = $config["mail"]["port"];
+            $mail->Username = $config["mail"]["username"];
+            $mail->Password = $config["mail"]["password"];
+            $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
+            try {
+                $mail->setFrom($config["mail"]["username"], $config["mail"]["from_name"]);
+                $mail->addAddress($config["mail"]["to_address_test"]);
+            } catch (Exception $exception) {
+                exit("false");
+            }
+
+            $mail->Subject = "Test mail";
+            $mail->Body = "This is a test mail from death-notifier!";
+
+            try {
+                $mail->send();
+            } catch (Exception $exception) {
+                exit("false");
+            }
+
+            exit("true");
+    }
+} else if (isset($_GET["action"])) {
+    switch ($_GET["action"]) {
+        case "login":
+            if (!isset($_GET["email"], $_GET["password"])) {
+                exit();
+            }
+
+            $db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
+            $user = $db->get_user_by_email($_GET["email"]);
+            $db->close();
+
+            if ($user === null || !password_verify($_GET["password"], $user["password"])) {
+                exit("false");
+            }
+
+            $_SESSION["uuid"] = $user["uuid"];
+            exit("true");
+        case "logout":
+            session_destroy();
+            break;
+        case "get-trackings":
+            // Returns list of people of this user
+            break;
+    }
+}
diff --git a/src/main/config.default.ini b/src/main/config.default.ini
new file mode 100644
index 0000000..7e4dad6
--- /dev/null
+++ b/src/main/config.default.ini
@@ -0,0 +1,10 @@
+[database]
+filename = .death-notifier.db
+
+[mail]
+host = TODO
+port = TODO
+username = TODO
+password = TODO
+from_name = TODO
+to_address_test = TODO
diff --git a/src/main/db.php b/src/main/db.php
new file mode 100644
index 0000000..f592425
--- /dev/null
+++ b/src/main/db.php
@@ -0,0 +1,70 @@
+<?php
+http_response_code(404);
+exit();
+
+
+class Database
+{
+    private $db;
+
+
+    function __construct($filename, $flags = SQLITE3_OPEN_READWRITE)
+    {
+        $this->db = new SQLite3($filename, $flags);
+    }
+
+    function close(): void
+    {
+        $this->db->close();
+    }
+
+
+    function install(): void
+    {
+
+    }
+
+    function add_user($uuid, $email, $password): bool
+    {
+        $stmt = $this->db->prepare("INSERT INTO users (uuid, email, password) VALUES (:uuid, :email, :password);");
+        $stmt->bindValue(":uuid", $uuid);
+        $stmt->bindValue(":email", $email);
+        $stmt->bindValue(":password", password_hash($password, PASSWORD_DEFAULT));
+        return $stmt->execute() !== false;
+    }
+
+    function delete_user($uuid): bool
+    {
+        $stmt = $this->db->prepare("DELETE FROM users WHERE uuid=:uuid;");
+        $stmt->bindValue(":uuid", $uuid);
+        return $stmt->execute() !== false;
+    }
+
+    function get_user_by_email($email): array|null
+    {
+        $stmt = $this->db->prepare("SELECT uuid, password FROM users WHERE email=:email;");
+        $stmt->bindValue(":email", $email);
+        $result = $stmt->execute();
+
+        if ($result->numColumns() === 0) {
+            return null;
+        }
+        return $stmt->execute()->fetchArray(SQLITE3_ASSOC);
+    }
+
+    function set_user_email($uuid, $email): bool
+    {
+        $stmt = $this->db->prepare("UPDATE users SET email=:email WHERE uuid=:uuid;");
+        $stmt->bindValue(":uuid", $uuid);
+        $stmt->bindValue(":email", $email);
+        return $stmt->execute() !== false;
+    }
+
+    function set_user_password($uuid, $password): bool
+    {
+        $stmt = $this->db->prepare("UPDATE users SET password=:password WHERE uuid=:uuid;");
+        $stmt->bindValue(":uuid", $uuid);
+        $stmt->bindValue(":password", $password);
+        return $stmt->execute() !== false;
+    }
+}
diff --git a/src/main/index.php b/src/main/index.php
new file mode 100644
index 0000000..c3f8ba1
--- /dev/null
+++ b/src/main/index.php
@@ -0,0 +1,9 @@
+<!---->
+<!--Start the session and generate a random token.-->
+<!--session_start();-->
+<!--$_SESSION["token"] = bin2hex(random_bytes(32));-->
+<!--Embed the CSRF token into the HTML form.-->
+<!--<input type="hidden" name="token" value="--><?//=$_SESSION["token"]?><!--"/>-->
+<!--When the form is submitted, cross-check the submitted token against the session.-->
+<!--if (!isset($_POST["token"]) || !isset($_SESSION["token"])) { exit(); }-->
+<!--if ($_POST["token"] == $_SESSION["token"]) { DO PROCESSING } -->