Продолжение разработки 23.10.31
Добавлен .gitignore, скрыты несколько нинужных файлов, в целом продолжен запил основных частей функционала, начат микрорефакторинг (теперь концентрация индусского кода будет чуть меньше).
This commit is contained in:
@@ -1,23 +1,26 @@
|
||||
<?php // Start session as any user
|
||||
// ATTENTION: FOR DEBUG PURPOSES ONLY!
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
if (!$Config["debug"])
|
||||
ReturnJSONError(null, "you need to enable debug mode in configuration file first");
|
||||
JSON_ReturnError(code: E_UNS_INTERNAL, desc: "you need to enable debug mode in configuration file first");
|
||||
|
||||
if (!isset($_REQUEST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "valid id must be specified");
|
||||
JSON_ReturnError(code: E_UIN_WRONGID, desc: "valid id must be specified");
|
||||
|
||||
if (!isset($_SESSION["userid"]))
|
||||
session_start();
|
||||
|
||||
$_SESSION["userid"] = intval($_REQUEST["id"]);
|
||||
ReturnJSONData($_SESSION);
|
||||
JSON_ReturnData($_SESSION);
|
||||
}
|
||||
?>
|
||||
@@ -1,16 +1,85 @@
|
||||
<?php // Creating account
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("./index.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("index.php");
|
||||
|
||||
|
||||
|
||||
// Create new user account
|
||||
function User_Create ($login, $password, $email = null, $invite_id = null, $avatar_path = null): bool {
|
||||
global $db;
|
||||
// Methods
|
||||
|
||||
$salt = GenerateRandomString(8);
|
||||
/*
|
||||
* METHOD
|
||||
* Create new user account
|
||||
*/
|
||||
function User_Create_Method (array $req): ReturnT {
|
||||
global $db, $Config, $LOGGED_IN;
|
||||
|
||||
$login = null;
|
||||
$password = null;
|
||||
$email = null;
|
||||
$invite_id = null;
|
||||
$avatar_path = null;
|
||||
|
||||
// Input sanity checks
|
||||
|
||||
// If registration turned off
|
||||
if (!$Config["registration"]["active"])
|
||||
return new ReturnT(err_code: E_AUT_REGCLOSED);
|
||||
|
||||
// If user is logged in, then we should not allow creation of account
|
||||
if ($LOGGED_IN)
|
||||
return new ReturnT(err_code: E_AUT_ALRLOGIN);
|
||||
|
||||
// If we have some base data
|
||||
if (isset($req["login"]) && isset($req["password"])) {
|
||||
$login = $req["login"];
|
||||
$password = $req["password"];
|
||||
|
||||
// If password is too weak
|
||||
if (strlen($password) < 8)
|
||||
return new ReturnT(err_code: E_AUT_PWD2WEAK);
|
||||
|
||||
// If we need email but it isnt supplied
|
||||
if ($Config["registration"]["need_email"] && !isset($req["email"])) {
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "email is necessary");
|
||||
} elseif (isset($req["email"])) {
|
||||
// Validation of email
|
||||
if (!filter_var($req["email"], FILTER_VALIDATE_EMAIL))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "email is invalid");
|
||||
$email = $req["email"];
|
||||
}
|
||||
// If we need invite but it isnt supplied
|
||||
if ($Config["registration"]["need_invite"] && !isset($req["invite_id"])) {
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "registrations are invite-only, you need to specify invite ID");
|
||||
} elseif (isset($req["invite_id"])) {
|
||||
// TODO: check invite and reject if it invalid
|
||||
//$invite_id = $req["invite_id"];
|
||||
return new ReturnT(err_code: E_UNS_NOTIMPL, err_desc: "invitations are not implemented");
|
||||
}
|
||||
|
||||
// Check login and password for pattern match
|
||||
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
|
||||
if (preg_match($preg_str, $login) || preg_match($preg_str, $password))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
|
||||
|
||||
// Check if login already exists
|
||||
if (User_LoginExist($login))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "login already exists");
|
||||
|
||||
// TODO: check $avatar_path
|
||||
} else { // Not enough arguments
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "not enough or no arguments were supplied");
|
||||
}
|
||||
|
||||
// Actions
|
||||
|
||||
$result = null;
|
||||
|
||||
$salt = Utils_GenerateRandomString(8);
|
||||
$pwd_hash = hash("sha256", $password . $salt, true);
|
||||
|
||||
// TODO: process invite
|
||||
@@ -18,71 +87,31 @@ function User_Create ($login, $password, $email = null, $invite_id = null, $avat
|
||||
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
|
||||
$role = "newbie";
|
||||
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
|
||||
return $s->execute() !== false;
|
||||
$result = ($s->execute() !== false);
|
||||
|
||||
if (!$result)
|
||||
return new ReturnT(err_code: E_DBE_INSERTFAIL, err_desc: "cant insert record to users DB");
|
||||
|
||||
return new ReturnT(data: $result);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// Dirty hack for debugging purposes. Will be removed later
|
||||
// HACK: for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
// If registration turned off
|
||||
if (!$Config["registration"]["active"]) {
|
||||
ReturnJSONError($Err_DP_RegClosed, "registrations are closed");
|
||||
}
|
||||
// Create account
|
||||
$result = User_Create_Method($_POST);
|
||||
|
||||
// If user is logged in, then we should not allow creation of account
|
||||
if ($LOGGED_IN)
|
||||
ReturnJSONError($Err_DP_AlreadyLoggedIn, "you are already logged in");
|
||||
|
||||
// If we have some POST data
|
||||
if (isset($_POST["login"]) && isset($_POST["password"])) {
|
||||
$login = $_POST["login"];
|
||||
$password = $_POST["password"];
|
||||
$email = null;
|
||||
$invite = null;
|
||||
|
||||
// If password is too weak
|
||||
if (strlen($password) < 8)
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "password too weak");
|
||||
|
||||
// If we need email but it isnt supplied
|
||||
if ($Config["registration"]["need_email"] && !isset($_POST["email"])) {
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
|
||||
} elseif (isset($_POST["email"])) {
|
||||
// Validation of email
|
||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
|
||||
$email = $_POST["email"];
|
||||
}
|
||||
// If we need invite but it isnt supplied
|
||||
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) {
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
|
||||
} elseif (isset($_POST["invite_id"])) {
|
||||
// TODO: check invite and reject if it invalid
|
||||
//$invite = $_POST["invite_id"];
|
||||
}
|
||||
|
||||
// Check login and password for pattern match
|
||||
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
|
||||
if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) {
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
|
||||
}
|
||||
|
||||
// Check if login already exists
|
||||
if (User_LoginExist($login))
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "login already exists");
|
||||
|
||||
// Create account
|
||||
$result = User_Create($login, $password, $email, $invite);
|
||||
ReturnJSONData(["success" => $result]);
|
||||
} else { // Not enough arguments
|
||||
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
|
||||
}
|
||||
// Checking result
|
||||
if ($result->IsError())
|
||||
$result->ThrowJSONError();
|
||||
else
|
||||
JSON_ReturnData(["success" => $result->GetData()]);
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -1,48 +1,66 @@
|
||||
<?php // Deleting existing account
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("./index.php");
|
||||
|
||||
|
||||
|
||||
// Delete existing account
|
||||
function User_Delete ($id) {
|
||||
global $db;
|
||||
$s = $db->prepare("delete from users where id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
return $s->execute() !== false;
|
||||
}
|
||||
// Methods
|
||||
|
||||
/*
|
||||
* METHOD
|
||||
* Delete existing account
|
||||
*/
|
||||
function User_Delete_Method (array $req): ReturnT {
|
||||
global $db, $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$id = null;
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
// Input sanity checks
|
||||
|
||||
// Dirty hack for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
if (isset($_POST["id"]) && $LOGGED_IN) {
|
||||
if (!ctype_digit($_POST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$UserID = intval($_POST["id"]);
|
||||
} elseif (!isset($_POST["id"]) && $LOGGED_IN) {
|
||||
$UserID = $_SESSION["userid"];
|
||||
if (isset($req["id"]) && $LOGGED_IN) {
|
||||
if (!ctype_digit($req["id"]))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
||||
$id = intval($req["id"]);
|
||||
} elseif (!isset($req["id"]) && $LOGGED_IN) {
|
||||
$id = $THIS_USER;
|
||||
} else {
|
||||
ReturnJSONError($Err_RDP_InvalidID, "valid session must be provided");
|
||||
return new ReturnT(err_code: E_AUT_NOTAUTHED, err_desc: "valid session must be provided");
|
||||
}
|
||||
|
||||
// If its attempt to delete other account
|
||||
if (!User_HasRole($_SESSION["userid"], "admin") && $_SESSION["userid"] !== $UserID)
|
||||
ReturnJSONError($Err_DP_NotEnoughRole, "you need to be admin to delete other accounts");
|
||||
if (!User_HasRole($THIS_USER, "admin") && $THIS_USER !== $id)
|
||||
return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
|
||||
|
||||
$result = User_Delete($UserID);
|
||||
// Actions
|
||||
|
||||
// If it was self-deletion
|
||||
if ($UserID === $_SESSION["userid"])
|
||||
EndSession();
|
||||
$s = $db->prepare("delete from users where id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
|
||||
ReturnJSONData(["success" => $result]);
|
||||
return new ReturnT(data: ($s->execute() !== false));
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// HACK: for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
$result = User_Delete_Method($_POST);
|
||||
|
||||
if ($result->IsError()) {
|
||||
$result->ThrowJSONError();
|
||||
} else {
|
||||
// If it was self-deletion
|
||||
if ($id === $THIS_USER)
|
||||
EndSession();
|
||||
JSON_ReturnData(["success" => $result->GetData()]);
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -1,11 +1,19 @@
|
||||
<?php // Viewing account data
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
|
||||
|
||||
|
||||
// Check if user with supplied login exists
|
||||
// Functions
|
||||
|
||||
/*
|
||||
* FUNCTION
|
||||
* Check if user with supplied login exists
|
||||
*/
|
||||
function User_LoginExist ($login): bool {
|
||||
global $db;
|
||||
|
||||
@@ -16,7 +24,24 @@ function User_LoginExist ($login): bool {
|
||||
return (bool)$s->get_result()->fetch_assoc();
|
||||
}
|
||||
|
||||
// Check if user has specified role
|
||||
/*
|
||||
* FUNCTION
|
||||
* Check if user with supplied ID exists
|
||||
*/
|
||||
function User_IDExist ($id): bool {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
|
||||
return (bool)$s->get_result()->fetch_assoc();
|
||||
}
|
||||
|
||||
/*
|
||||
* FUNCTION
|
||||
* Check if user has specified role
|
||||
*/
|
||||
function User_HasRole ($id, $role) {
|
||||
global $db;
|
||||
|
||||
@@ -25,18 +50,19 @@ function User_HasRole ($id, $role) {
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
if (!(bool)$d)
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($d["role"] == $role) {
|
||||
if ($d["role"] == $role)
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if user is moderator
|
||||
/*
|
||||
* FUNCTION
|
||||
* Check if user is moderator (or higher)
|
||||
*/
|
||||
function User_IsMod ($id) {
|
||||
global $db;
|
||||
|
||||
@@ -52,9 +78,32 @@ function User_IsMod ($id) {
|
||||
return in_array($d["role"], array("mod", "admin"));
|
||||
}
|
||||
|
||||
// Get user information from DB
|
||||
function User_GetInfoByID ($id) {
|
||||
global $db, $THIS_USER;
|
||||
|
||||
|
||||
// Methods
|
||||
|
||||
/*
|
||||
* METHOD
|
||||
* Get user information from DB
|
||||
*/
|
||||
function User_GetInfoByID_Method (array $req): ReturnT {
|
||||
global $db, $THIS_USER, $LOGGED_IN;
|
||||
|
||||
// Input sanity checks
|
||||
|
||||
$id = null;
|
||||
if (isset($req["id"])) {
|
||||
if (!ctype_digit($req["id"]))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
||||
$id = intval($req["id"]);
|
||||
} else {
|
||||
if ($LOGGED_IN)
|
||||
$id = $THIS_USER;
|
||||
else
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
// Actions
|
||||
|
||||
$result = array();
|
||||
|
||||
@@ -63,9 +112,9 @@ function User_GetInfoByID ($id) {
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
if (!(bool)$d)
|
||||
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
|
||||
//return new ReturnT(err_code: E_DBE_SELECTFAIL, err_desc: "failed to get user record");
|
||||
|
||||
$result["id"] = $d["id"];
|
||||
$result["created_at"] = $d["created_at"];
|
||||
@@ -78,32 +127,22 @@ function User_GetInfoByID ($id) {
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
|
||||
return $result;
|
||||
return new ReturnT(data: $result);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
$UserID = null;
|
||||
$result = User_GetInfoByID_Method($_REQUEST);
|
||||
|
||||
if (isset($_REQUEST["id"])) {
|
||||
if (!ctype_digit($_REQUEST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$UserID = intval($_REQUEST["id"]);
|
||||
} else {
|
||||
if ($LOGGED_IN)
|
||||
$UserID = $THIS_USER;
|
||||
else
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
$ResponseData = User_GetInfoByID($UserID);
|
||||
if ($ResponseData)
|
||||
ReturnJSONData($ResponseData);
|
||||
if ($result->IsError())
|
||||
$result->ThrowJSONError();
|
||||
else
|
||||
ReturnJSONError($Err_DP_IDNotFound, "wrong id");
|
||||
JSON_ReturnData($result->GetData());
|
||||
}
|
||||
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user