Skip to content
Snippets Groups Projects
Commit 359471da authored by Bye's avatar Bye
Browse files

Rip out everything 

Deleted every file for a full rewrite.
parent 5436336b
Branches
No related tags found
2 merge requests!4Draft: Merge rewrite branch into main,!3Rewrite the entirety of ByeCorps ID to hopefully be better.
Show whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1081 deletions
.github/FUNDING.yml deleted 100644 → 0
+ 0
1
View file @ 5436336b
github: byemc
404.html deleted 100644 → 0
+ 0
3
View file @ 5436336b
<h1>404</h1>
<p>Sorry, that page couldn't be found.</p>
README.md deleted 100644 → 0
+ 0
24
View file @ 5436336b
# id
OAuth authentication service for ByeCorps &amp; other services
## Development & deployment
## FAQ
### What is a ByeCorps ID?
A ByeCorps ID (BCID) is a seven digit alphanumeric (non-case sensitive) code used to identify a person. It is used to reduce the need of multiple accounts across ByeCorps services, as well as third-party services using OAuth (though a password alternative is recommended instead of BCID only)
Example of a BCID:
```txt
123 ABC4
```
## Canonical domain names
Only input your BCID on the following domain names ONLY on a HTTPS connection:
- https://id.byecorps.com
Any other domain name or an insecure connection might be a phishing attempt, so be careful. **NEVER** input your BCID password on any other domain.
account.php deleted 100644 → 0
+ 0
143
View file @ 5436336b
<?php
if (!$_SESSION['auth']) {
header('Location: /signin?callback=/account');
exit;
}
function get_gravatar_url( $email ) {
// Trim leading and trailing whitespace from
// an email address and force all characters
// to lower case
$address = strtolower( trim( $email ) );
// Create an SHA256 hash of the final string
$hash = hash( 'sha256', $address );
// Grab the actual image URL
return 'https://www.gravatar.com/avatar/' . $hash;
}
$stmt = $pdo->prepare('SELECT * FROM accounts WHERE id = ? LIMIT 1');
$stmt->execute([$_SESSION['id']]);
$user = $stmt->fetch();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (isset($_POST["old_password"]) && $_POST["old_password"] != "") {
// means password reset is wanted.
if (!password_verify($_POST["old_password"], $user["password"])) {
$password_error = "Incorrect password. (Error 901)";
}
if (password_verify($_POST['new_password'], $user["password"])) {
$password_error = "New password may not be same as old password. (Error 902)";
}
if ($_POST['new_password'] != $_POST['repeat_new_password']) {
$password_error = "The passwords must match. (Error 900)";
}
if (isset($password_error)) {
$message = $password_error;
goto skip_submit;
}
$new_password = password_hash($_POST["new_password"], PASSWORD_DEFAULT);
$sql = "UPDATE accounts SET password = ? WHERE id = ?";
$pdo->prepare($sql)->execute([$new_password, $user["id"]]);
}
if (isset($_POST["display_name"])) {
$sql = "UPDATE accounts SET display_name = ? WHERE id = ?";
$pdo->prepare($sql)->execute([$_POST["display_name"], $user["id"]]);
}
$message = "Updated sucessfully. Changes might take a few minutes to take effect.";
header('Location: /profile');
die("Redirecting...");
}
skip_submit:
?>
<h1>Your account</h1>
<?php
if (isset($message )) {
echo "<div class='flash'>".$message."</div>";
}
?>
<div id="wrapper">
<div id="mini_profile">
<img src="<?= get_gravatar_url($user['email']); ?>">
<div class="details">
<span class="displayname"><?= $user['display_name'] ?></span>
<span class="bcid"><?= format_bcid($user['id']); ?></span>
<time datetime="<?= $user["created_date"] ?>">Since <?= $user["created_date"]; ?></time>
</div>
</div>
<aside>
<form method="post">
<fieldset>
<legend>Profile</legend>
<div class="container">
<label>BCID</label>
<input type="text" disabled value="<?= format_bcid($user['id']) ?>">
</div>
<div class="container">
<input type="checkbox" disabled checked="<?= $user['verified'] ?>" >
<label> Verified email</label>
</div>
<div class="container">
<label for="email">Email address</label>
<input type="email" name="email" id="email" value="<?= $user['email'] ?>">
</div>
<div class="container">
<label for="display_name">Display name</label>
<input type="text" name="display_name" id="display_name" value="<?= $user['display_name'] ?>">
</div>
</fieldset>
<fieldset>
<legend>Password</legend>
<p>You only need to insert values here if you're resetting your password.</p>
<div class="container">
<label for="old_password">Current password</label>
<input type="password" name="old_password" id="old_password">
</div>
<div class="container">
<label for="new_password">New password</label>
<input type="password" name="new_password" id="new_password">
</div>
<div class="container">
<label for="repeat_new_password">Repeat new password</label>
<input type="password" name="repeat_new_password" id="repeat_new_password">
</div>
</fieldset>
<button class="primary" type="submit"><i class="fa-fw fa-solid fa-floppy-disk"></i> Save</button>
</form>
<div class="dangerzone">
<h2>Danger Zone</h2>
<p><a href="/signout" class="button"><i class="fa-fw fa-solid fa-person-through-window"></i> Sign out</a>
<a href="/dangerous/delete_account" class="button danger"><i class="fa-fw fa-solid fa-trash"></i> Delete account</a></p>
</div>
</aside>
</div>
accounts_handler.php deleted 100644 → 0
+ 0
218
View file @ 5436336b
<?php
// This file carries functions related to accounts.
function get_avatar_url($bcid):string {
$exists = db_execute('SELECT public FROM avatars WHERE id = ? LIMIT 1', [$bcid]);
if (empty($exists)) {
return '/assets/default.png';
}
return '/public/avatars/' . $bcid;
}
function get_display_name($bcid, $use_bcid_fallback=true, $put_bcid_in_parenthesis=false, $format_bcid=false):string {
$display_name = db_execute("SELECT display_name FROM accounts WHERE id = ?", [$bcid])['display_name'];
if (!empty($display_name)) {
if ($put_bcid_in_parenthesis) {
return $display_name . " ($bcid)";
}
return $display_name;
}
if ($use_bcid_fallback) {
return $bcid;
}
return "";
}
// Tokens so apps can get VERY BASIC information
function generate_basic_access_token($bcid, $application_id=""): array
{
// Returns an access token, a refresh token and an expiry timestamp.
$access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
$refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
$valid_time = 12; // in hours
$expiry = time() + ($valid_time * 60 * 60);
// echo $access_token . ":" . $refresh_token;
if ($application_id) {
db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions) VALUES (?,?,?,?,?, (1<<0 | 1<<1))",
[$access_token, $refresh_token, $expiry, $bcid, $application_id]
);
} else {
db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, permissions) VALUES (?,?,?,?, (1<<0 | 1<<1))",
[$access_token, $refresh_token, $expiry, $bcid]
);
}
return [
"access" => $access_token,
"refresh" => $refresh_token,
"expiry" => $expiry,
"id" => $bcid
];
}
function generate_token($bcid, $application_id=null, $permissions=0): array {
$access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
$refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
$valid_time = 12; // in hours
$expiry = time() + ($valid_time * 60 * 60);
db_execute(
"INSERT INTO tokens (access_token, refresh_token, expiry, owner_id, application_id, permissions, type) VALUES (?,?,?,?,?,?, 'oauth')",
[$access_token, $refresh_token, $expiry, $bcid, $application_id, $permissions]
);
return [
"access" => $access_token,
"refresh" => $refresh_token,
"permissions" => $permissions,
"expiry" => $expiry,
"id" => $bcid
];
}
function generate_cookie_access_token($bcid) {
$access_token = md5(uniqid(prefix: "COOKIECOOKIECOOKIE", more_entropy: true).rand(1000000, 9999999));
$valid_time = 365 * 24; // 1 year
$expiry = time() + ($valid_time * 60 * 60);
// echo $access_token . ":" . $refresh_token;
db_execute(
"INSERT INTO tokens (access_token, expiry, owner_id, type) VALUES (?,?,?,'cookie')",
[$access_token, $expiry, $bcid]
);
return [
"access" => $access_token,
"expiry" => $expiry,
"id" => $bcid
];
}
function validate_access_token($access_token): bool
{
$token_details = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
if (null == $token_details) {
return false;
}
if (time() > $token_details['expiry']) {
db_execute("DELETE FROM tokens where access_token = ?", [$access_token]);
return false;
}
return true;
}
// Password resets
const PASSWORD_RESET_VALIDITY = 300; // in seconds.
function create_password_reset($bcid):string {
// Returns a password reset link.
global $pdo;
$reset_time = time() + PASSWORD_RESET_VALIDITY;
$auth_token = generateRandomString(65);
$sql = 'INSERT INTO `password_resets` (auth_id, owner_id, expiration) VALUES (?, ?, ?)';
try{
$stmt = $pdo->prepare($sql);
$stmt->execute([$auth_token, $bcid, $reset_time]);
$reset_id = $pdo->lastInsertId();
} catch (PDOException $e) {
http_response_code(500);
die("An error occurred with the database. (12)");
}
return BASE_URL.'/reset/password?reset_id='.$reset_id.'&reset_token='.$auth_token;
}
function validate_password_reset($reset_id, $reset_token):bool {
global $pdo;
$sql = 'SELECT * FROM password_resets WHERE id = ?';
try {
$stmt = $pdo->prepare($sql);
$stmt->execute([$reset_id]);
$result = $stmt->fetch();
} catch (PDOException $e) {
http_response_code(500);
die("An error occurred fetching data from the database. (11)
$e");
}
if (empty($result)) {
echo "<pre>";
throw new Exception('Todokete setsuna sa ni wa
Namae wo tsukeyou ka "Snow halation"
Omoi ga kasanaru made matezu ni
Kuyashii kedo sukitte junjou
Binetsu no naka tameratte mo dame da ne
Tobikomu yuuki ni sansei mamonaku start!');
}
if ($result['auth_id'] == $reset_token && !hasTimePassed($result['expiration'])) {
return true;
} elseif ($result['auth_id'] == $reset_token && hasTimePassed($result['expiration'])) {
$sql = 'DELETE FROM password_resets WHERE id = ?';
try {
$stmt = $pdo -> prepare(($sql));
$stmt->execute([$reset_id]);
die("Sorry, that link expired. Please request a new one.");
} catch (PDOException $e) {
http_response_code(500);
die("An error occurred deleting data from the database. That link was expired anyway, so request a new one. (13b)
$e");
}
}
return false;
}
function get_id_for_password_reset($reset_id, $reset_token):string {
global $pdo;
$sql = 'SELECT * FROM password_resets WHERE id = ?';
try {
$stmt = $pdo->prepare($sql);
$stmt->execute([$reset_id]);
$result = $stmt->fetch();
} catch (PDOException $e) {
http_response_code(500);
die("An error occurred fetching data from the database. (11)
$e");
}
return $result['owner_id'];
}
function delete_password_reset($reset_id, $reset_token): void
{
global $pdo;
$sql = 'DELETE FROM password_resets WHERE id = ?';
try {
$stmt = $pdo->prepare(($sql));
$stmt->execute([$reset_id]);
header("Location: /signin");
die();
} catch (PDOException $e) {
http_response_code(500);
die("An error occurred deleting data from the database. (13)
$e");
}
}
\ No newline at end of file
admin.php deleted 100644 → 0
+ 0
31
View file @ 5436336b
<h1>Admin panel</h1>
<p>If you're not Bye and you're seeing this, I'm fucked!</p>
<h2>Accounts</h2>
<ul>
<li>
<a href="/admin/list/accounts">List of accounts</a>
</li>
</ul>
<h2>Apps</h2>
<ul>
<li>
<a href="/admin/list/apps">List of applications</a>
</li>
<li>
<a href="/admin/create/app">App creator</a>
</li>
</ul>
<h2>API</h2>
<ul>
<li><a href="/admin/create/token">Token generator</a></li>
</ul>
<h2>Init</h2>
<ul>
<li>
<a href="/admin/init/database">Init database</a>
</li>
</ul>
admin_accounts.php deleted 100644 → 0
+ 0
29
View file @ 5436336b
<?php
$sql = "SELECT * FROM accounts";
$result = $pdo-> query($sql);
if (!$result) {
http_response_code(500);
die("<img src='https://http.cat/500.jpg'>");
}
$count_req = $pdo->query("SELECT COUNT(*) FROM accounts");
$count = $count_req->fetchColumn();
?>
<h1>Accounts</h1>
<p>There is currently <?= $count ?> accounts registered.</p>
<ul>
<?php
foreach ($result as $row) {
echo "<li>";
echo $row['id'];
echo "<p><a href='/admin/signinas?id=".$row['id']."'>Sign in as ".htmlspecialchars($row['display_name'])."</a></li>";
}
?>
</ul>
admin_apps.php deleted 100644 → 0
+ 0
23
View file @ 5436336b
<?php
$result = db_query("SELECT * FROM apps");
$count_req = db_query("SELECT COUNT(*) FROM apps");
$count = $count_req->fetchColumn();
?>
<h1>Apps</h1>
<p>There is currently <?= $count ?> apps registered.</p>
<ul>
<?php
foreach ($result as $row) {
echo "<li><pre>";
print_r($row);
echo "</li>";
}
?>
</ul>
admin_apps_create.php deleted 100644 → 0
+ 0
50
View file @ 5436336b
<?php
function generate_app_id(): int
{
return mt_rand(100000000, 999999999);
}
function check_app_id($app_id): bool
{
$app = db_execute("SELECT * FROM apps WHERE id = ? LIMIT 1", [$app_id]);
return empty($app);
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$app_id = generate_app_id();
db_execute("INSERT INTO apps (id, owner_id, title, description, type, callback) VALUES (?, ?, ?, ?, ?, ?)", [$app_id, $_POST['owner'], $_POST['title'], $_POST['description'], $_POST['type'], $_POST['callback']]);
die();
}
?>
<h1>App Creator</h1>
<form method="post">
<label for="title">Title</label>
<input type="text" required name="title" id="title">
<label for="description">Description</label>
<textarea name="description" id="description" cols="30" rows="10"></textarea>
<label for="owner">App owner</label>
<select name="owner" required id="owner">
<?php
$users = db_query("SELECT * FROM accounts");
foreach ($users as $row) {
echo "<option value='".$row['id']."'>".get_display_name($row['id'])." (".$row['id'].") </option>";
}
?>
</select>
<label for="type">App type</label>
<select name="type" required id="type">
<option value="null">None</option>
<option value="basic_login">Basic login</option>
</select>
<label for="app_icon">App icon</label>
<input type="file" id="app_icon" name="app_icon" />
<label for="callback">Callback</label>
<input type="url" id="callback" name="callback" />
<button type="submit" class="primary">Create app</button>
</form>
\ No newline at end of file
admin_create_token.php deleted 100644 → 0
+ 0
86
View file @ 5436336b
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo "<pre>";
print_r($_POST);
echo "</pre>";
$token = generate_token($_POST['owner'], $_POST['application'], $_POST['permissions']);
echo "<p>Created token. Access token: <code>". $token['access'] ."</code></p>";
}
?>
<h1>Token generator</h1>
<form method="post">
<div class="container">
<label for="owner">Token owner</label>
<select name="owner" required id="owner">
<?php
$users = db_query("SELECT * FROM accounts");
foreach ($users as $row) {
echo "<option value='".$row['id']."'>".get_display_name($row['id'])." (".$row['id'].") </option>";
}
?>
</select>
</div>
<div class="container">
<label for="app">Token app</label>
<select name="app" id="app">
<option value="null">None</option>
<?php
$users = db_query("SELECT * FROM apps");
foreach ($users as $row) {
echo "<option value='".$row['id']."'>". $row['title'] ."</option>";
}
?>
</select>
</div>
<input type="hidden" id="permissions" name="permissions" value="0" />
<h2>Permissions</h2>
<p>Permission number: <span id="permissionnumber"></span></p>
<div class="checkboxes container">
<input type="checkbox" id="account.email" value="1" /><label for="account.email"><code>account.email</code></label>
<input type="checkbox" id="account.settings" value="2" /><label for="account.settings"><code>account.settings</code></label>
</div>
<button type="submit">Generate!</button>
</form>
<style>
form .container {
display: unset;
}
</style>
<script>
const displayNumber = document.getElementById("permissionnumber");
const permissionsInput = document.getElementById("permissions");
const checkboxes = document.querySelectorAll("input[type='checkbox']");
console.log(checkboxes);
function updateCheckboxes() {
let permissions = 0;
for (let checkbox of checkboxes) {
if (checkbox.checked) {
permissions += Number(checkbox.value);
}
}
displayNumber.innerText = permissions.toString();
permissionsInput.value = permissions;
}
for (let checkbox of checkboxes) {
checkbox.onchange = updateCheckboxes;
}
updateCheckboxes();
</script>
admin_initdatabase.php deleted 100644 → 0
+ 0
152
View file @ 5436336b
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['init'] == 'Init') {
echo("<p>Initialising DB...");
echo "<p>Create table `accounts`";
$stmt = $pdo->prepare('create table accounts
(
id varchar(7) not null
primary key,
email text not null,
created_date datetime default current_timestamp() not null,
display_name text null,
password text not null,
verified tinyint(1) default 0 not null,
has_pfp tinyint(1) default 0 not null,
is_admin tinyint(1) default 0 not null,
constraint email
unique (email) using hash
);');
try {
$stmt->execute();
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Will skip. (Most likely the table already exists.)');
}
echo '<p>Create the `password_resets` table';
$stmt = $pdo->prepare('create table password_resets
(
id int auto_increment
primary key,
auth_id tinytext not null,
owner_id varchar(7) not null,
expiration int not null,
constraint password_resets_ibfk_1
foreign key (owner_id) references accounts (id)
);');
try {
$stmt->execute();
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
echo '<p>Create the `apps` table';
try {
db_execute('create table apps (
id int auto_increment
primary key,
owner_id varchar(7) not null,
title text not null,
description text,
image text default "https://id.byecorps.com/assets/default.png" not null,
type text null,
callback text null,
constraint apps_ibfk_1
foreign key (owner_id) references accounts (id)
);');
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
echo '<p>Create the `badges` table';
try {
db_execute('create table badges (
id int auto_increment
primary key,
app_id int not null,
title text not null,
description text,
image text default "https://id.byecorps.com/assets/default.png" not null,
type text null,
callback text null,
constraint badges_ibfk_1
foreign key (app_id) references apps (id)
);');
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
echo '<p>Create the `profiles` table';
try {
db_execute('create table profiles (
id varchar(7)
primary key,
description text null,
public_avatar tinyint(1) default 0,
public_display_name tinyint(1) default 0,
constraint profiles_ibfk_1
foreign key (id) references accounts (id)
);');
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
echo '<p>Create the `tokens` table';
try {
db_execute('create table tokens (
id int auto_increment primary key,
access_token text unique,
refresh_token text null,
expiry int not null,
owner_id varchar(7),
application_id int(10) null,
constraint tokens_application_id
foreign key (application_id) references apps (id),
constraint tokens_owner_id
foreign key (owner_id) references accounts (id)
);');
} catch (PDOException $e) {
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
echo '<p>Create the `tokens` table';
try {
db_query('CREATE TABLE `badge_owners` (
`badge_id` int(11) NOT NULL,
`owner_id` varchar(7) NOT NULL,
`earned` timestamp NULL DEFAULT current_timestamp(),
`info` text DEFAULT NULL COMMENT \'App may attach more info about how the badge was won (Killed "CoolGamer69 in battle!")\',
constraint badges_owners_badge
foreign key (badge_id) references badges (id),
constraint badges_owners_owner
foreign key (owner_id) references accounts (id)
);');
} catch (PDOException $e) {
echo('<p>An error occurred: ' . $e->getMessage() . '. Most likely this is already set.');
}
echo "<p>Database initialised.</p>";
}
}
?>
<h1>Init database</h1>
<p>Assuming you have the database config configured, you can click this button to create the tables required for this thing to function.</p>
<form method="post">
<button name="init" value="Init" class="primary">Init DB</button>
</form>
admin_purge.php deleted 100644 → 0
+ 0
29
View file @ 5436336b
<?php
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if ($_POST['purge'] == 'purge') {
db_execute("DELETE FROM `password_resets` WHERE expiration < ?", [time()]);
db_execute("DELETE FROM `tokens` WHERE expiry < ?", [time()]);
}
}
$expired_password_resets = db_execute("SELECT * FROM `password_resets` WHERE expiration < ?", [time()]);
$expired_tokens = db_execute("SELECT * FROM `tokens` WHERE expiry < ?", [time()]);
?>
<h1>Purge</h1>
<form method="post">
<p>
<button name="purge" value="purge" type="submit" class="primary">Purge</button>
</p>
</form>
<h2>Expired password resets</h2>
<pre><?php print_r($expired_password_resets) ?></pre>
<h2>Expired Login tokens</h2>
<pre><?php print_r($expired_tokens) ?></pre>
api_handler.php deleted 100644 → 0
+ 0
198
View file @ 5436336b
<?php
$output_format = "json";
header('Content-type: application/json');
if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
$access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
}
if (!empty($access_token)) {
// Check who the access token belongs to
$token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
// if the token doesn't exist...
if (empty($token)) {
$invalid_token = true; // We won't tell this to the end-user immediately because I'd prefer to tell them about
// 404 first.
} else {
$token_owner = $token['owner_id'];
}
}
function check_authorisation($token=""): int
{
global $token_owner;
// Validate token
if (!validate_access_token($token) && "" != $token) {
return 0; // Unauthorised
}
// Check the type of token
$token_row = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$token]);
if (null == $token_row) {
if (array_key_exists('auth', $_SESSION)) {
if ($_SESSION['auth']) {
$token_row = [
"type" => "dangerous"
];
$token_owner = $_SESSION['id'];
} else {
return 0;
}
} else {
return 0;
}
}
return match ($token_row['type']) {
"dangerous" => 1<<0 | 1<<1, // Everything
"basic" => 1<<1, // Basic
"oauth" => $token_row['permissions'],
default => 0,
};
}
// Misc (unauthorised)
function redirect_to_documentation(): void
{
header('Location: /docs/api');
}
// Health check
function api_health_check(): array
{
return ["message" => "Science compels us to explode the sun!", "time" => time(), "response_code" => 200];
}
// Potentially authenticated image endpoints
function get_avatar(): array
{
if (!array_key_exists('id', $query)) {
return [
'response_code' => 404,
'message' => 'ID not assigned/found'
];
}
$user_id = $query['id'];
return [];
}
// User (REQUIRES AUTHORISATION)
function api_user_info(): array
{
global $access_token, $token_owner;
// Authorisation levels:
// `display_name` = 1 (basic)
// `id` = 1 (basic)
// `email` = 1 (basic)
$level = check_authorisation($access_token);
$data = null;
if ($level & (1 << 0)) {
$data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
} else {
$data = db_execute("SELECT id, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
}
if (null != $data) {
return [
"response_code" => 200,
"data" => $data
];
}
http_response_code(401);
return [
"response_code" => 401,
"message" => "Unauthorized."
];
}
function api_settings(): array
{
// GET: Return all settings
// POST/PATCH: Update settings
global $access_token, $token_owner;
$level = check_authorisation($access_token);
if (!($level & (1 << 1))) { // account.settings
http_response_code(401);
return [
"response_code" => 401,
"message" => "Unauthorized."
];
}
if ($_SERVER['REQUEST_METHOD'] === "POST") {
// Now for the fucking worstest code ever
$settings_changed = json_decode(file_get_contents('php://input'), true);
if (isset($settings_changed['account'])) {
if (isset($settings_changed['account']['display_name'])) {
$display_name = db_execute('UPDATE accounts SET display_name = ? WHERE id = ?',
[$settings_changed['account']['display_name'], $token_owner]);
}
}
}
// Get account settings
$display_name = db_execute('SELECT display_name FROM accounts WHERE id = ?', [$token_owner])["display_name"];
return [
"response_code" => 200,
"settings" => [
"account" => [
"display_name" => $display_name,
]
]
];
}
$api_routes = [ // base url is base_url.'/api'
// "/path" => "function_name"
// Misc
"" => "redirect_to_documentation",
"/status" => "api_health_check",
// Account stuff
"/account/me" => "api_user_info",
// Settings
"/settings" => "api_settings",
// Get avatar
"/avatars/get" => "get_avatar"
];
$path = str_replace("/api", "", $path);
if (isset($api_routes[$path])) {
if (isset($invalid_token)) {
http_response_code(498);
echo (json_encode([
"response_code" => "498",
"message" => "Token expired or invalid."
]));
exit();
}
$response = $api_routes[$path]();
if (array_key_exists('response_code', $response)) {
http_response_code($response['response_code']);
}
echo json_encode($response);
} else {
http_response_code(404);
echo (json_encode([
"response_code" => "404",
"message" => "Route not found."
]));
}
assets/bcid.svg deleted 100644 → 0
+ 0
6
View file @ 5436336b
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 -0.5 32 32" shape-rendering="crispEdges">
<metadata>Made with Pixels to Svg https://codepen.io/shshaw/pen/XbxvNj</metadata>
<path stroke="#cbdbfc" d="M2 4h28M2 5h1M29 5h1M0 6h3M29 6h3M0 7h1M31 7h1M0 8h1M31 8h1M0 9h1M31 9h1M0 10h1M31 10h1M0 11h1M31 11h1M0 12h1M31 12h1M0 13h1M31 13h1M0 14h1M31 14h1M0 15h1M31 15h1M0 16h1M31 16h1M0 17h1M31 17h1M0 18h1M31 18h1M0 19h1M31 19h1M0 20h1M31 20h1M0 21h1M31 21h1M0 22h1M31 22h1M0 23h1M31 23h1M0 24h1M31 24h1M0 25h3M29 25h3M2 26h1M29 26h1M2 27h28" />
<path stroke="#ffffff" d="M3 5h26M3 6h26M1 7h30M1 8h30M1 9h30M1 10h6M8 10h1M10 10h6M21 10h1M25 10h6M1 11h7M9 11h9M19 11h3M23 11h2M26 11h5M1 12h6M12 12h6M19 12h3M23 12h2M26 12h5M1 13h6M12 13h6M19 13h3M23 13h2M26 13h5M1 14h6M12 14h6M19 14h3M23 14h2M26 14h5M1 15h6M12 15h6M19 15h3M23 15h2M26 15h5M1 16h15M21 16h1M25 16h6M1 17h6M12 17h19M1 18h5M13 18h18M1 19h5M13 19h3M24 19h1M26 19h5M1 20h5M13 20h18M1 21h5M13 21h3M17 21h1M21 21h1M26 21h5M1 22h30M1 23h30M1 24h30M3 25h26M3 26h26" />
<path stroke="#000000" d="M7 10h1M9 10h1M16 10h5M22 10h3M8 11h1M18 11h1M22 11h1M25 11h1M7 12h5M18 12h1M22 12h1M25 12h1M7 13h5M18 13h1M22 13h1M25 13h1M7 14h5M18 14h1M22 14h1M25 14h1M7 15h5M18 15h1M22 15h1M25 15h1M16 16h5M22 16h3M7 17h5M6 18h7M6 19h7M16 19h8M25 19h1M6 20h7M6 21h7M16 21h1M18 21h3M22 21h4" />
</svg>
\ No newline at end of file
assets/buttons/signinwith.svg deleted 100644 → 0
+ 0
88
View file @ 5436336b
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="300.858"
height="50"
viewBox="0 0 79.602012 13.229167"
version="1.1"
id="svg1"
xml:space="preserve"
inkscape:export-filename="bitmap.png"
inkscape:export-xdpi="192"
inkscape:export-ydpi="192"
inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
sodipodi:docname="bcidsignin.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
id="namedview1"
pagecolor="#ffffff"
bordercolor="#000000"
borderopacity="0.25"
inkscape:showpageshadow="true"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="true"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="px"
showborder="false"
labelstyle="default"
inkscape:zoom="2.8649832"
inkscape:cx="165.446"
inkscape:cy="-36.300388"
inkscape:window-width="1920"
inkscape:window-height="1008"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="layer2" /><defs
id="defs1" /><g
inkscape:groupmode="layer"
id="layer2"
inkscape:label="Layer 2"><rect
style="display:inline;opacity:1;fill:#efdd8d;fill-opacity:1;stroke:#dcc455;stroke-width:0.261525;stroke-dasharray:none;stroke-opacity:1"
id="rect35"
width="79.340492"
height="12.967643"
x="0.13076229"
y="0.13076213"
ry="2.0748229"
rx="2.1097128"
inkscape:label="Background" /><g
style="shape-rendering:crispEdges"
id="g32"
transform="matrix(0.52916667,0,0,0.52916667,9.5250001,3.7041667)"
inkscape:label="BCID person"><g
id="layer1-5"
inkscape:label="BCID logo"><g
id="g27"
inkscape:label="Body"
style="opacity:1"><path
id="rect26"
style="opacity:1;fill:#000000;fill-opacity:1"
d="M 1.0058594,6.5 C 1.0026133,6.5 1,6.5026133 1,6.5058594 V 7.4941406 C 1,7.4973867 1.0026133,7.5 1.0058594,7.5 H 0.00585938 C 0.00261328,7.5 0,7.5026133 0,7.5058594 V 11.494141 C 0,11.497387 0.00261328,11.5 0.00585938,11.5 H 7.9941406 C 7.9973867,11.5 8,11.497387 8,11.494141 V 7.5058594 C 8,7.5026133 7.9973867,7.5 7.9941406,7.5 h -1 C 6.9973867,7.5 7,7.4973867 7,7.4941406 V 6.5058594 C 7,6.5026133 6.9973867,6.5 6.9941406,6.5 Z"
inkscape:label="Body" /></g><g
id="g31"
inkscape:label="Head"><path
id="rect28"
style="opacity:1;fill:#000000;fill-opacity:1"
d="M 1.0058594,-0.5 C 1.0026133,-0.5 1,-0.49738672 1,-0.49414062 V 0.49414062 C 1,0.49738672 1.0026133,0.5 1.0058594,0.5 H 1.9941406 C 1.9973867,0.5 2,0.49738672 2,0.49414062 V -0.49414062 C 2,-0.49738672 1.9973867,-0.5 1.9941406,-0.5 Z m 2,0 C 3.0026133,-0.5 3,-0.49738672 3,-0.49414062 V 0.49414062 C 3,0.49738672 3.0026133,0.5 3.0058594,0.5 H 4.9941406 C 4.9973867,0.5 5,0.49738672 5,0.49414062 V -0.49414062 C 5,-0.49738672 4.9973867,-0.5 4.9941406,-0.5 Z m -1,1 C 2.0026133,0.5 2,0.50261328 2,0.50585938 V 1.4941406 C 2,1.4973867 2.0026133,1.5 2.0058594,1.5 h -1 C 1.0026133,1.5 1,1.5026133 1,1.5058594 V 5.4941406 C 1,5.4973867 1.0026133,5.5 1.0058594,5.5 H 6.9941406 C 6.9973867,5.5 7,5.4973867 7,5.4941406 V 1.5058594 C 7,1.5026133 6.9973867,1.5 6.9941406,1.5 h -4 C 2.9973867,1.5 3,1.4973867 3,1.4941406 V 0.50585938 C 3,0.50261328 2.9973867,0.5 2.9941406,0.5 Z"
inkscape:label="Head" /></g></g></g><g
id="text32"
style="font-weight:500;font-size:4.58611px;font-family:Montserrat;-inkscape-font-specification:'Montserrat, Medium';letter-spacing:-0.079375px;word-spacing:0.0926042px;stroke-width:0;stroke-miterlimit:8.7"
inkscape:label="Sign in"
transform="scale(0.95030748,1.052291)"
aria-label="Sign in with ByeCorps ID"><path
style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
d="m 19.328294,7.9399255 c 0.820914,0 1.196975,-0.4035777 1.196975,-0.875947 0,-1.1694581 -1.976613,-0.6374693 -1.976613,-1.5180025 0,-0.3210277 0.261408,-0.582436 0.84843,-0.582436 0.284339,0 0.605367,0.087136 0.880533,0.2659944 L 20.392272,4.9589539 C 20.13545,4.7800956 19.759389,4.6746151 19.397086,4.6746151 c -0.816327,0 -1.183216,0.4081638 -1.183216,0.8805331 0,1.1878025 1.976613,0.6466416 1.976613,1.5271747 0,0.3164416 -0.261408,0.5686777 -0.862189,0.5686777 -0.421922,0 -0.830085,-0.1651 -1.059391,-0.3898194 l -0.132997,0.2614083 c 0.238478,0.2476499 0.710847,0.417336 1.192388,0.417336 z m 1.952271,-2.9672133 c 0.137584,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238477,0.1054806 -0.238477,0.2293055 0,0.1284111 0.10548,0.2338916 0.238477,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 21.115465 V 7.9124088 Z M 24.19133,5.963312 C 23.989541,5.6468704 23.640997,5.4817705 23.237419,5.4817705 c -0.687917,0 -1.210733,0.4723693 -1.210733,1.1648719 0,0.6925027 0.522816,1.1740442 1.210733,1.1740442 0.394405,0 0.738364,-0.1605138 0.940153,-0.4677832 v 0.3072694 c 0,0.5961943 -0.279753,0.875947 -0.889706,0.875947 -0.371475,0 -0.720019,-0.123825 -0.949325,-0.3301999 l -0.1651,0.2476499 c 0.252236,0.2384777 0.683331,0.3714749 1.123597,0.3714749 0.797984,0 1.206147,-0.376061 1.206147,-1.2061469 V 5.5001149 H 24.19133 Z m -0.921808,1.5684497 c -0.531989,0 -0.912636,-0.3623027 -0.912636,-0.8851193 0,-0.5228165 0.380647,-0.8805331 0.912636,-0.8805331 0.531989,0 0.917222,0.3577166 0.917222,0.8805331 0,0.5228166 -0.385233,0.8851193 -0.917222,0.8851193 z m 3.296006,-2.0499912 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 H 25.33645 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z m 3.17623,-0.5090583 c 0.137583,0 0.238478,-0.1054805 0.238478,-0.2384777 0,-0.123825 -0.105481,-0.2247194 -0.238478,-0.2247194 -0.132997,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.105481,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 H 29.576658 V 7.9124088 Z M 31.96002,5.4817705 c -0.417336,0 -0.74295,0.169686 -0.917222,0.4631971 V 5.5001149 h -0.311856 v 2.4122939 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 V 7.9124088 H 32.95062 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z M 37.447649,7.5501061 36.677182,5.5001149 H 36.397429 L 35.622377,7.5501061 34.865669,5.5001149 h -0.311856 l 0.90805,2.4122939 h 0.307269 l 0.761295,-1.9766134 0.761294,1.9766134 h 0.307269 l 0.912636,-2.4122939 h -0.298097 z m 1.640415,-2.5773939 c 0.137583,0 0.238477,-0.1054805 0.238477,-0.2384777 0,-0.123825 -0.10548,-0.2247194 -0.238477,-0.2247194 -0.132998,0 -0.238478,0.1054806 -0.238478,0.2293055 0,0.1284111 0.10548,0.2338916 0.238478,0.2338916 z m 0.160514,2.9396966 V 5.5001149 h -0.325614 v 2.4122939 z m 1.984371,-0.3806471 c -0.09172,0.08255 -0.224719,0.123825 -0.357717,0.123825 -0.27058,0 -0.417336,-0.1559278 -0.417336,-0.4402666 V 5.7752815 h 0.733778 V 5.5001149 H 40.457896 V 4.9727122 h -0.325614 v 0.5274027 h -0.431094 v 0.2751666 h 0.431094 v 1.458383 c 0,0.4448527 0.252237,0.7016749 0.706261,0.7016749 0.188031,0 0.380648,-0.055033 0.509059,-0.1696861 z m 1.855963,-2.0499912 c -0.408164,0 -0.724606,0.1605138 -0.903464,0.4402665 V 4.5095151 h -0.325614 v 3.4028937 h 0.325614 V 6.6466424 c 0,-0.5503332 0.325614,-0.8713609 0.843844,-0.8713609 0.458611,0 0.724606,0.2614083 0.724606,0.7704665 v 1.3666608 h 0.325614 V 6.5136452 c 0,-0.6925026 -0.403578,-1.0318747 -0.9906,-1.0318747 z"
id="path40" /><path
style="font-weight:bold;-inkscape-font-specification:'Montserrat, Bold'"
d="m 48.383925,6.2430647 c 0.261408,-0.1375833 0.426508,-0.3852332 0.426508,-0.7062609 0,-0.499886 -0.41275,-0.8346721 -1.215319,-0.8346721 h -1.56845 v 3.2102771 h 1.660172 c 0.843844,0 1.284111,-0.3210277 1.284111,-0.875947 0,-0.4035777 -0.229306,-0.6787443 -0.587022,-0.7933971 z M 47.503392,5.2616372 c 0.362302,0 0.559505,0.123825 0.559505,0.376061 0,0.2522361 -0.197203,0.3806472 -0.559505,0.3806472 H 46.765028 V 5.2616372 Z M 46.765028,7.3529034 V 6.5595063 h 0.866775 c 0.385233,0 0.591608,0.1284111 0.591608,0.3989916 0,0.2751666 -0.206375,0.3944055 -0.591608,0.3944055 z M 50.469192,7.1190118 49.776689,5.4450816 h -0.738364 l 1.068564,2.4856717 -0.0092,0.022931 c -0.09631,0.2201333 -0.206375,0.3072694 -0.403578,0.3072694 -0.142169,0 -0.293511,-0.059619 -0.403578,-0.1559277 l -0.261408,0.5090582 c 0.160514,0.1421694 0.43568,0.2247194 0.687917,0.2247194 0.444852,0 0.784224,-0.1788583 1.022702,-0.7750526 L 51.854197,5.4450816 H 51.16628 Z m 3.947232,-0.4310944 c 0,-0.793397 -0.559506,-1.2795247 -1.284111,-1.2795247 -0.752122,0 -1.316214,0.5319888 -1.316214,1.2703525 0,0.7337776 0.55492,1.2703525 1.407936,1.2703525 0.444853,0 0.788811,-0.1375833 1.018117,-0.3989916 L 53.861505,7.1373562 c -0.169686,0.1605139 -0.357717,0.2384777 -0.619125,0.2384777 -0.376061,0 -0.63747,-0.1880305 -0.706261,-0.4952998 h 1.866547 c 0.0046,-0.05962 0.01376,-0.1375834 0.01376,-0.1926167 z M 53.136899,5.9495537 c 0.321028,0 0.55492,0.2017888 0.605367,0.5136443 h -1.215319 c 0.05045,-0.3164416 0.284338,-0.5136443 0.609952,-0.5136443 z"
id="path41" /><path
style="font-weight:600;-inkscape-font-specification:'Montserrat, Semi-Bold'"
d="m 56.400799,7.9582699 c 0.527402,0 0.976841,-0.1880305 1.274938,-0.5365749 L 57.290504,7.0548062 c -0.233892,0.2568222 -0.522816,0.3806472 -0.857602,0.3806472 -0.664986,0 -1.146528,-0.4677833 -1.146528,-1.1281831 0,-0.6603999 0.481542,-1.1281831 1.146528,-1.1281831 0.334786,0 0.62371,0.123825 0.857602,0.376061 L 57.675737,5.1928455 C 57.37764,4.8443012 56.928201,4.6562706 56.405385,4.6562706 c -0.986014,0 -1.719791,0.6925027 -1.719791,1.6509997 0,0.958497 0.733777,1.6509996 1.715205,1.6509996 z m 2.722731,-0.013758 c 0.761295,0 1.307042,-0.5228166 1.307042,-1.2565942 0,-0.7337776 -0.545747,-1.252008 -1.307042,-1.252008 -0.752122,0 -1.302455,0.5182304 -1.302455,1.252008 0,0.7337776 0.550333,1.2565942 1.302455,1.2565942 z m 0,-0.4907138 c -0.41275,0 -0.724605,-0.2980971 -0.724605,-0.7658804 0,-0.4677832 0.311855,-0.7658804 0.724605,-0.7658804 0.417336,0 0.729192,0.2980972 0.729192,0.7658804 0,0.4677833 -0.311856,0.7658804 -0.729192,0.7658804 z M 61.447281,5.463426 h -0.545747 v 2.4489828 h 0.573263 V 6.7246063 c 0,-0.499886 0.275167,-0.7567082 0.710848,-0.7567082 0.04127,0 0.08255,0.00459 0.132997,0.013758 V 5.4359094 c -0.408164,0 -0.706261,0.128411 -0.871361,0.3852332 z m 2.635605,-0.027517 c -0.334786,0 -0.619125,0.1146527 -0.811741,0.3485443 V 5.463426 h -0.545747 v 3.3386882 h 0.573263 V 7.6143117 c 0.197203,0.2247194 0.47237,0.3301999 0.784225,0.3301999 0.715433,0 1.242836,-0.4952999 1.242836,-1.2565942 0,-0.7567081 -0.527403,-1.252008 -1.242836,-1.252008 z m -0.06421,2.0178884 c -0.41275,0 -0.729192,-0.2980971 -0.729192,-0.7658804 0,-0.4677832 0.316442,-0.7658804 0.729192,-0.7658804 0.41275,0 0.724605,0.2980972 0.724605,0.7658804 0,0.4677833 -0.311855,0.7658804 -0.724605,0.7658804 z m 2.530125,0.4907138 c 0.687916,0 1.109838,-0.2980972 1.109838,-0.7567082 0,-0.958497 -1.513416,-0.5182304 -1.513416,-1.0135303 0,-0.1605139 0.1651,-0.2751666 0.513644,-0.2751666 0.233892,0 0.467784,0.045861 0.701675,0.1834444 l 0.220134,-0.4356805 c -0.220134,-0.1329972 -0.591609,-0.210961 -0.917222,-0.210961 -0.6604,0 -1.077736,0.3026832 -1.077736,0.7658804 0,0.9768414 1.513416,0.5365748 1.513416,1.0043581 0,0.169686 -0.151342,0.2705805 -0.513644,0.2705805 -0.30727,0 -0.63747,-0.1008945 -0.853017,-0.2430639 L 65.512345,7.669345 c 0.220133,0.1559277 0.628297,0.2751666 1.036461,0.2751666 z"
id="path42" /><path
style="font-weight:normal;-inkscape-font-specification:'Montserrat, Normal';opacity:1"
d="M 69.775483,7.9124088 V 4.7021317 H 69.43611 v 3.2102771 z m 2.273299,0 c 1.027288,0 1.719791,-0.6603998 1.719791,-1.6051385 0,-0.9447387 -0.692503,-1.6051386 -1.719791,-1.6051386 H 70.74174 v 3.2102771 z m -0.96767,-2.916766 h 0.949325 c 0.853017,0 1.40335,0.541161 1.40335,1.3116275 0,0.7704665 -0.550333,1.3116275 -1.40335,1.3116275 h -0.949325 z"
id="path43" /></g></g></svg>
assets/default.png deleted 100644 → 0
+ 0
0
View file @ 5436336b
assets/default.png

1.2 KiB

assets/icons/apple-icon-180.png deleted 100644 → 0
+ 0
0
View file @ 5436336b
assets/icons/apple-icon-180.png

698 B

assets/icons/apple-splash-1125-2436.png deleted 100644 → 0
+ 0
0
View file @ 5436336b
assets/icons/apple-splash-1125-2436.png

16 KiB

assets/icons/apple-splash-1136-640.png deleted 100644 → 0
+ 0
0
View file @ 5436336b
assets/icons/apple-splash-1136-640.png

4.45 KiB

assets/icons/apple-splash-1170-2532.png deleted 100644 → 0
+ 0
0
View file @ 5436336b
assets/icons/apple-splash-1170-2532.png

16.9 KiB

0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment