277 lines
9.5 KiB
PHP
277 lines
9.5 KiB
PHP
<?php
|
|
|
|
namespace main;
|
|
|
|
use PHPMailer\PHPMailer\Exception;
|
|
use PHPMailer\PHPMailer\PHPMailer;
|
|
use PHPMailer\PHPMailer\SMTP;
|
|
use SQLite3;
|
|
|
|
/** @noinspection PhpIncludeInspection Exists after `npm run deploy` */
|
|
require_once __DIR__ . "/vendor/autoload.php";
|
|
require_once __DIR__ . "/Database.php";
|
|
|
|
|
|
header("Content-type:application/json;charset=utf-8");
|
|
|
|
|
|
// Load config
|
|
$config = parse_ini_file("config.default.ini.php", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
|
|
if (file_exists("config.ini.php")) {
|
|
$config_custom = parse_ini_file("config.ini.php", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
|
|
$config = array_merge($config, $config_custom);
|
|
}
|
|
|
|
// Create db if it does not exist
|
|
if (!file_exists($config["database"]["filename"])) {
|
|
(new SQLite3($config["database"]["filename"]))->close();
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->install();
|
|
$db->close();
|
|
}
|
|
|
|
// Start session
|
|
session_start();
|
|
|
|
if (isset($_POST["action"])) {
|
|
// Process POST
|
|
switch ($_POST["action"]) {
|
|
case "register":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (isset($_SESSION["uuid"])) {
|
|
exit("\"already logged in\"");
|
|
}
|
|
|
|
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
|
exit("\"invalid email\"");
|
|
}
|
|
|
|
if ($_POST["password"] !== $_POST["password_confirm"]) {
|
|
exit("\"differing passwords\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
|
$email_is_in_use = $db->get_user_by_email($_POST["email"]) !== null;
|
|
$db->close();
|
|
if ($email_is_in_use) {
|
|
exit("\"email already in use\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
try {
|
|
$uuid = bin2hex(random_bytes(16));
|
|
} catch (\Exception) {
|
|
exit("false");
|
|
}
|
|
$db->add_user($uuid, $_POST["email"], $_POST["password"]);
|
|
$db->close();
|
|
exit("true");
|
|
case "login":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_POST["email"], $_POST["password"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$user = $db->get_user_by_email($_POST["email"]);
|
|
$db->close();
|
|
|
|
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
|
|
exit("\"wrong password\"");
|
|
}
|
|
|
|
$_SESSION["uuid"] = $user["uuid"];
|
|
exit("true");
|
|
case "logout":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
session_destroy();
|
|
exit("true");
|
|
case "user-update-email":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
if (!isset($_POST["email"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
|
|
exit("\"invalid email\"");
|
|
}
|
|
|
|
// TODO: Check if user exists
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
|
if ($db->get_user_by_email($_POST["email"]) !== null) {
|
|
exit("\"email already in use\"");
|
|
}
|
|
$db->close();
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
|
|
$db->close();
|
|
exit("\"true\"");
|
|
case "user-update-password":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
// TODO: Check if user exists
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
|
|
$db->close();
|
|
|
|
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
|
|
exit("\"wrong password\"");
|
|
}
|
|
|
|
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
|
|
exit("\"differing passwords\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->set_user_password($_SESSION["uuid"], $_POST["password"]);
|
|
$db->close();
|
|
exit("true");
|
|
case "user-delete":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
// TODO: Check if user exists
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->delete_user($_SESSION["uuid"]);
|
|
$db->close();
|
|
|
|
session_destroy();
|
|
exit("true");
|
|
case "add-tracking":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
if (!isset($_POST["person_name"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
|
$tracking_already_exists = $db->has_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
|
$db->close();
|
|
if ($tracking_already_exists) {
|
|
exit("\"tracking already exists\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->add_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
|
$db->close();
|
|
|
|
exit("true");
|
|
case "delete-tracking":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
if (!isset($_POST["person_name"])) {
|
|
exit("\"missing inputs\"");
|
|
}
|
|
|
|
// TODO: Check if tracking exists
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
|
|
$db->remove_tracking($_SESSION["uuid"], $_POST["person_name"]);
|
|
$db->close();
|
|
|
|
exit("true");
|
|
case "send-test-email":
|
|
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
|
|
exit("\"no token, or invalid token\"");
|
|
}
|
|
|
|
// TODO: Send this to logged-in user
|
|
|
|
$mail = new PHPMailer();
|
|
$mail->IsSMTP();
|
|
$mail->CharSet = "UTF-8";
|
|
|
|
$mail->SMTPDebug = SMTP::DEBUG_OFF;
|
|
$mail->Host = $config["mail"]["host"];
|
|
$mail->SMTPAuth = true;
|
|
$mail->Port = $config["mail"]["port"];
|
|
$mail->Username = $config["mail"]["username"];
|
|
$mail->Password = $config["mail"]["password"];
|
|
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
|
|
try {
|
|
$mail->setFrom($config["mail"]["username"], $config["mail"]["from_name"]);
|
|
$mail->addAddress($config["mail"]["to_address_test"]);
|
|
} catch (Exception) {
|
|
exit("false");
|
|
}
|
|
|
|
$mail->Subject = "Test mail";
|
|
$mail->Body = "This is a test mail from death-notifier!";
|
|
|
|
try {
|
|
$mail->send();
|
|
} catch (Exception) {
|
|
exit("false");
|
|
}
|
|
|
|
exit("true");
|
|
}
|
|
} else if (isset($_GET["action"])) {
|
|
// Process GET
|
|
if ($_GET["action"] == "list-trackings") {
|
|
if (!isset($_SESSION["uuid"])) {
|
|
exit("\"not logged in\"");
|
|
}
|
|
|
|
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
|
|
$trackings = $db->list_trackings($_SESSION["uuid"], $_SESSION["uuid"]);
|
|
$db->close();
|
|
|
|
exit(json_encode($trackings));
|
|
}
|
|
}
|
|
|
|
exit("\"unknown action\"");
|