diff --git a/.idea/dataSources.local.xml b/.idea/dataSources.local.xml
index 92eddc14193925b7418efdefafc7f6faa542583f..9c2db00b09f68801a765b5a3db36bdd33fb9bf35 100644
--- a/.idea/dataSources.local.xml
+++ b/.idea/dataSources.local.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
- <component name="dataSourceStorageLocal" created-in="PS-232.10072.32">
+ <component name="dataSourceStorageLocal" created-in="PS-233.13135.108">
<data-source name="ByeCorps ID (local)" uuid="5bc27beb-c8ab-420d-bdbc-055b37ae9e39">
<database-info product="MariaDB" version="10.6.12-MariaDB-0ubuntu0.22.04.1" jdbc-version="4.2" driver-name="MariaDB Connector/J" driver-version="3.0.7" dbms="MARIADB" exact-version="10.6.12" exact-driver-version="3.0">
<extra-name-characters>#@</extra-name-characters>
diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml
index b7c12c5fe86eee2208104781ad3ba74ebc248c04..dfaf86df5c14200a08cd644b0bfe8dc25a5c4329 100644
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -5,7 +5,7 @@
<driver-ref>mariadb</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
- <jdbc-url>jdbc:mariadb://id:3306/id</jdbc-url>
+ <jdbc-url>jdbc:mariadb://id.local:3306/id.local</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir>
</data-source>
</component>
diff --git a/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml b/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
index f35c05106109d72e05aa060297dbcb7e2b9f7b19..627b796dea329f4ef2959316b6cb88a6347b4de4 100644
--- a/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
+++ b/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
@@ -1,205 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<dataSource name="ByeCorps ID (local)">
- <database-model serializer="dbm" dbms="MARIADB" family-id="MARIADB" format-version="4.49">
- <root id="1">
- <DefaultCasing>exact</DefaultCasing>
- <DefaultEngine>InnoDB</DefaultEngine>
- <Grants>|root||bye||ALTER|G
-|root||bye|100.12.43.1|ALTER|G
-|root||mysql|localhost|ALTER|G
-|root||root|localhost|ALTER|G
-|root||bye||ALTER ROUTINE|G
-|root||bye|100.12.43.1|ALTER ROUTINE|G
-|root||mysql|localhost|ALTER ROUTINE|G
-|root||root|localhost|ALTER ROUTINE|G
-|root||bye||BINLOG ADMIN|G
-|root||bye|100.12.43.1|BINLOG ADMIN|G
-|root||mysql|localhost|BINLOG ADMIN|G
-|root||root|localhost|BINLOG ADMIN|G
-|root||bye||BINLOG MONITOR|G
-|root||bye|100.12.43.1|BINLOG MONITOR|G
-|root||mysql|localhost|BINLOG MONITOR|G
-|root||root|localhost|BINLOG MONITOR|G
-|root||bye||BINLOG REPLAY|G
-|root||bye|100.12.43.1|BINLOG REPLAY|G
-|root||mysql|localhost|BINLOG REPLAY|G
-|root||root|localhost|BINLOG REPLAY|G
-|root||bye||CONNECTION ADMIN|G
-|root||bye|100.12.43.1|CONNECTION ADMIN|G
-|root||mysql|localhost|CONNECTION ADMIN|G
-|root||root|localhost|CONNECTION ADMIN|G
-|root||bye||CREATE|G
-|root||bye|100.12.43.1|CREATE|G
-|root||mysql|localhost|CREATE|G
-|root||root|localhost|CREATE|G
-|root||bye||CREATE ROUTINE|G
-|root||bye|100.12.43.1|CREATE ROUTINE|G
-|root||mysql|localhost|CREATE ROUTINE|G
-|root||root|localhost|CREATE ROUTINE|G
-|root||bye||CREATE TABLESPACE|G
-|root||bye|100.12.43.1|CREATE TABLESPACE|G
-|root||mysql|localhost|CREATE TABLESPACE|G
-|root||root|localhost|CREATE TABLESPACE|G
-|root||bye||CREATE TEMPORARY TABLES|G
-|root||bye|100.12.43.1|CREATE TEMPORARY TABLES|G
-|root||mysql|localhost|CREATE TEMPORARY TABLES|G
-|root||root|localhost|CREATE TEMPORARY TABLES|G
-|root||bye||CREATE USER|G
-|root||bye|100.12.43.1|CREATE USER|G
-|root||mysql|localhost|CREATE USER|G
-|root||root|localhost|CREATE USER|G
-|root||bye||CREATE VIEW|G
-|root||bye|100.12.43.1|CREATE VIEW|G
-|root||mysql|localhost|CREATE VIEW|G
-|root||root|localhost|CREATE VIEW|G
-|root||bye||DELETE|G
-|root||bye|100.12.43.1|DELETE|G
-|root||mysql|localhost|DELETE|G
-|root||root|localhost|DELETE|G
-|root||bye||DELETE HISTORY|G
-|root||bye|100.12.43.1|DELETE HISTORY|G
-|root||mysql|localhost|DELETE HISTORY|G
-|root||root|localhost|DELETE HISTORY|G
-|root||bye||DROP|G
-|root||bye|100.12.43.1|DROP|G
-|root||mysql|localhost|DROP|G
-|root||root|localhost|DROP|G
-|root||bye||EVENT|G
-|root||bye|100.12.43.1|EVENT|G
-|root||mysql|localhost|EVENT|G
-|root||root|localhost|EVENT|G
-|root||bye||EXECUTE|G
-|root||bye|100.12.43.1|EXECUTE|G
-|root||mysql|localhost|EXECUTE|G
-|root||root|localhost|EXECUTE|G
-|root||bye||FEDERATED ADMIN|G
-|root||bye|100.12.43.1|FEDERATED ADMIN|G
-|root||mysql|localhost|FEDERATED ADMIN|G
-|root||root|localhost|FEDERATED ADMIN|G
-|root||bye||FILE|G
-|root||bye|100.12.43.1|FILE|G
-|root||mysql|localhost|FILE|G
-|root||root|localhost|FILE|G
-|root||bye||INDEX|G
-|root||bye|100.12.43.1|INDEX|G
-|root||mysql|localhost|INDEX|G
-|root||root|localhost|INDEX|G
-|root||bye||INSERT|G
-|root||bye|100.12.43.1|INSERT|G
-|root||mysql|localhost|INSERT|G
-|root||root|localhost|INSERT|G
-|root||bye||LOCK TABLES|G
-|root||bye|100.12.43.1|LOCK TABLES|G
-|root||mysql|localhost|LOCK TABLES|G
-|root||root|localhost|LOCK TABLES|G
-|root||bye||PROCESS|G
-|root||bye|100.12.43.1|PROCESS|G
-|root||mysql|localhost|PROCESS|G
-|root||root|localhost|PROCESS|G
-|root||bye||READ_ONLY ADMIN|G
-|root||bye|100.12.43.1|READ_ONLY ADMIN|G
-|root||mysql|localhost|READ_ONLY ADMIN|G
-|root||root|localhost|READ_ONLY ADMIN|G
-|root||bye||REFERENCES|G
-|root||bye|100.12.43.1|REFERENCES|G
-|root||mysql|localhost|REFERENCES|G
-|root||root|localhost|REFERENCES|G
-|root||bye||RELOAD|G
-|root||bye|100.12.43.1|RELOAD|G
-|root||mysql|localhost|RELOAD|G
-|root||root|localhost|RELOAD|G
-|root||bye||REPLICATION MASTER ADMIN|G
-|root||bye|100.12.43.1|REPLICATION MASTER ADMIN|G
-|root||mysql|localhost|REPLICATION MASTER ADMIN|G
-|root||root|localhost|REPLICATION MASTER ADMIN|G
-|root||bye||REPLICATION SLAVE|G
-|root||bye|100.12.43.1|REPLICATION SLAVE|G
-|root||mysql|localhost|REPLICATION SLAVE|G
-|root||root|localhost|REPLICATION SLAVE|G
-|root||bye||REPLICATION SLAVE ADMIN|G
-|root||bye|100.12.43.1|REPLICATION SLAVE ADMIN|G
-|root||mysql|localhost|REPLICATION SLAVE ADMIN|G
-|root||root|localhost|REPLICATION SLAVE ADMIN|G
-|root||bye||SELECT|G
-|root||bye|100.12.43.1|SELECT|G
-|root||mysql|localhost|SELECT|G
-|root||root|localhost|SELECT|G
-|root||bye||SET USER|G
-|root||bye|100.12.43.1|SET USER|G
-|root||mysql|localhost|SET USER|G
-|root||root|localhost|SET USER|G
-|root||bye||SHOW DATABASES|G
-|root||bye|100.12.43.1|SHOW DATABASES|G
-|root||mysql|localhost|SHOW DATABASES|G
-|root||root|localhost|SHOW DATABASES|G
-|root||bye||SHOW VIEW|G
-|root||bye|100.12.43.1|SHOW VIEW|G
-|root||mysql|localhost|SHOW VIEW|G
-|root||root|localhost|SHOW VIEW|G
-|root||bye||SHUTDOWN|G
-|root||bye|100.12.43.1|SHUTDOWN|G
-|root||mysql|localhost|SHUTDOWN|G
-|root||root|localhost|SHUTDOWN|G
-|root||bye||SLAVE MONITOR|G
-|root||bye|100.12.43.1|SLAVE MONITOR|G
-|root||mysql|localhost|SLAVE MONITOR|G
-|root||root|localhost|SLAVE MONITOR|G
-|root||bye||SUPER|G
-|root||bye|100.12.43.1|SUPER|G
-|root||mysql|localhost|SUPER|G
-|root||root|localhost|SUPER|G
-|root||bye||TRIGGER|G
-|root||bye|100.12.43.1|TRIGGER|G
-|root||mysql|localhost|TRIGGER|G
-|root||root|localhost|TRIGGER|G
-|root||bye||UPDATE|G
-|root||bye|100.12.43.1|UPDATE|G
-|root||mysql|localhost|UPDATE|G
-|root||root|localhost|UPDATE|G
-|root||bye||grant option|G
-|root||bye|100.12.43.1|grant option|G
-|root||mysql|localhost|grant option|G
-|root||root|localhost|grant option|G
-id|schema||id||ALTER|G
-id|schema||id||ALTER ROUTINE|G
-id|schema||id||CREATE|G
-id|schema||id||CREATE ROUTINE|G
-id|schema||id||CREATE TEMPORARY TABLES|G
-id|schema||id||CREATE VIEW|G
-id|schema||id||DELETE|G
-id|schema||id||DELETE HISTORY|G
-id|schema||id||DROP|G
-id|schema||id||EVENT|G
-id|schema||id||EXECUTE|G
-id|schema||id||INDEX|G
-id|schema||id||INSERT|G
-id|schema||id||LOCK TABLES|G
-id|schema||id||REFERENCES|G
-id|schema||id||SELECT|G
-id|schema||id||SHOW VIEW|G
-id|schema||id||TRIGGER|G
-id|schema||id||UPDATE|G
-phpmyadmin|schema||phpmyadmin|localhost|ALTER|G
-phpmyadmin|schema||phpmyadmin|localhost|ALTER ROUTINE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE ROUTINE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE TEMPORARY TABLES|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE VIEW|G
-phpmyadmin|schema||phpmyadmin|localhost|DELETE|G
-phpmyadmin|schema||phpmyadmin|localhost|DELETE HISTORY|G
-phpmyadmin|schema||phpmyadmin|localhost|DROP|G
-phpmyadmin|schema||phpmyadmin|localhost|EVENT|G
-phpmyadmin|schema||phpmyadmin|localhost|EXECUTE|G
-phpmyadmin|schema||phpmyadmin|localhost|INDEX|G
-phpmyadmin|schema||phpmyadmin|localhost|INSERT|G
-phpmyadmin|schema||phpmyadmin|localhost|LOCK TABLES|G
-phpmyadmin|schema||phpmyadmin|localhost|REFERENCES|G
-phpmyadmin|schema||phpmyadmin|localhost|SELECT|G
-phpmyadmin|schema||phpmyadmin|localhost|SHOW VIEW|G
-phpmyadmin|schema||phpmyadmin|localhost|TRIGGER|G
-phpmyadmin|schema||phpmyadmin|localhost|UPDATE|G</Grants>
- <ServerVersion>10.6.12</ServerVersion>
- </root>
+ <database-model serializer="dbm" dbms="MARIADB" family-id="MARIADB" format-version="4.51">
+ <root id="1"/>
<collation id="2" parent="1" name="big5_chinese_ci">
<Charset>big5</Charset>
<DefaultForCharset>1</DefaultForCharset>
@@ -1217,8 +1019,7 @@ phpmyadmin|schema||phpmyadmin|localhost|UPDATE|G</Grants>
</schema>
<schema id="327" parent="1" name="id">
<Current>1</Current>
- <IntrospectionTimestamp>2023-11-16.19:58:39</IntrospectionTimestamp>
- <LocalIntrospectionTimestamp>2023-11-16.19:58:50</LocalIntrospectionTimestamp>
+ <LastIntrospectionLocalTimestamp>2023-11-16.19:58:50</LastIntrospectionLocalTimestamp>
<CollationName>utf8mb4_general_ci</CollationName>
</schema>
<schema id="328" parent="1" name="phpmyadmin">
diff --git a/.idea/id.iml b/.idea/id.iml
index 21a8ff4b05fa6e1993a2919d515f5b660518e8f9..7267852f3a63b79873cf96ee72724d6ceb5af5e6 100644
--- a/.idea/id.iml
+++ b/.idea/id.iml
@@ -19,6 +19,10 @@
<excludeFolder url="file://$MODULE_DIR$/vendor/erusev/parsedown" />
<excludeFolder url="file://$MODULE_DIR$/vendor/erusev/parsedown-extra" />
<excludeFolder url="file://$MODULE_DIR$/vendor/kornrunner/blurhash" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/guzzle" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/promises" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-client" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/resend/resend-php" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
diff --git a/.idea/php.xml b/.idea/php.xml
index 4c1495a2e80694338714628e426051ed65559ca4..a30690cdaf32fda0fa81ce7d9375c0f316212419 100644
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -26,6 +26,10 @@
<path value="$PROJECT_DIR$/vendor/erusev/parsedown" />
<path value="$PROJECT_DIR$/vendor/erusev/parsedown-extra" />
<path value="$PROJECT_DIR$/vendor/kornrunner/blurhash" />
+ <path value="$PROJECT_DIR$/vendor/guzzlehttp/guzzle" />
+ <path value="$PROJECT_DIR$/vendor/guzzlehttp/promises" />
+ <path value="$PROJECT_DIR$/vendor/resend/resend-php" />
+ <path value="$PROJECT_DIR$/vendor/psr/http-client" />
</include_path>
</component>
<component name="PhpProjectSharedConfiguration" php_language_level="8.1" />
diff --git a/account.php b/account.php
index d4408c1338ae23c3bca986486bac7695cd9cf054..30fa20f46d907dc30f04a17bbcf80093c0b0576b 100644
--- a/account.php
+++ b/account.php
@@ -78,7 +78,7 @@ if (isset($message )) {
<div id="wrapper">
<div id="profile">
- <img src="<?= get_avatar_url($user['id']); ?>">
+ <img src="<?= get_gravatar_url($user['email']); ?>">
<div class="details">
<span class="displayname"><?= $user['display_name'] ?></span>
<span class="bcid"><?= format_bcid($user['id']); ?></span>
diff --git a/accounts_handler.php b/accounts_handler.php
index c262cac6b5403ffae8a5b8f1ead96687083b9b9d..9add2f527a7c7dde64d58d3bbc580c01f4129549 100644
--- a/accounts_handler.php
+++ b/accounts_handler.php
@@ -25,9 +25,12 @@ function get_avatar_url($bcid):string {
}
-function get_display_name($bcid, $use_bcid_fallback=true):string {
+function get_display_name($bcid, $use_bcid_fallback=true, $put_bcid_in_parenthesis=false):string {
$display_name = db_execute("SELECT display_name FROM accounts WHERE id = ?", [$bcid])['display_name'];
if (!empty($display_name)) {
+ if ($put_bcid_in_parenthesis) {
+ return $display_name . " ($bcid)";
+ }
return $display_name;
}
@@ -38,6 +41,66 @@ function get_display_name($bcid, $use_bcid_fallback=true):string {
return "";
}
+// Tokens so apps can get VERY BASIC information
+
+function generate_basic_access_token($bcid): array
+{
+ // Returns an access token, a refresh token and an expiry timestamp.
+
+ $access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
+ $refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
+
+ $valid_time = 12; // in hours
+ $expiry = time() + ($valid_time * 60 * 60);
+
+// echo $access_token . ":" . $refresh_token;
+
+ db_execute(
+ "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id) VALUES (?,?,?,?)",
+ [$access_token, $refresh_token, $expiry, $bcid]
+ );
+
+ return [
+ "access" => $access_token,
+ "refresh" => $refresh_token,
+ "expiry" => $expiry,
+ "id" => $bcid
+ ];
+}
+
+function generate_cookie_access_token($bcid) {
+ $access_token = md5(uniqid(prefix: "COOKIECOOKIECOOKIE", more_entropy: true).rand(1000000, 9999999));
+
+ $valid_time = 365 * 24; // 1 year
+ $expiry = time() + ($valid_time * 60 * 60);
+
+// echo $access_token . ":" . $refresh_token;
+
+ db_execute(
+ "INSERT INTO tokens (access_token, expiry, owner_id, type) VALUES (?,?,?,'cookie')",
+ [$access_token, $expiry, $bcid]
+ );
+
+ return [
+ "access" => $access_token,
+ "expiry" => $expiry,
+ "id" => $bcid
+ ];
+}
+
+function validate_access_token($access_token): bool
+{
+ $token_details = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
+ if (null == $token_details) {
+ return false;
+ }
+ if (time() > $token_details['expiry']) {
+ db_execute("DELETE FROM tokens where access_token = ?", [$access_token]);
+ return false;
+ }
+ return true;
+}
+
// Password resets
const PASSWORD_RESET_VALIDITY = 300; // in seconds.
function create_password_reset($bcid):string {
diff --git a/admin_apps_create.php b/admin_apps_create.php
index bc3bec97b7531471e3155d7918b2187ea5739d08..0de29ff1157b0834a42dc7724ba3569f49fa02d6 100644
--- a/admin_apps_create.php
+++ b/admin_apps_create.php
@@ -13,7 +13,7 @@ function check_app_id($app_id): bool
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$app_id = generate_app_id();
- db_execute("INSERT INTO apps (id, owner_id, title, description) VALUES (?, ?, ?, ?)", [$app_id, $_POST['owner'], $_POST['title'], $_POST['description']]);
+ db_execute("INSERT INTO apps (id, owner_id, title, description, type) VALUES (?, ?, ?, ?, ?)", [$app_id, $_POST['owner'], $_POST['title'], $_POST['description'], $_POST['type']]);
die();
}
@@ -35,5 +35,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
}
?>
</select>
+ <label for="type">App type</label>
+ <select name="type" id="type">
+ <option value="null">None</option>
+ <option value="basic_login">Basic login</option>
+ </select>
<button type="submit">Create app</button>
</form>
\ No newline at end of file
diff --git a/admin_initdatabase.php b/admin_initdatabase.php
index 2a61acc5578dd9e1ca54f3dbd66ea4f33a4b9a00..fec3bb93c0bf89b5506fbafabd2896df42ce00f7 100644
--- a/admin_initdatabase.php
+++ b/admin_initdatabase.php
@@ -12,7 +12,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
created_date date default current_timestamp() not null,
display_name text null,
password text not null,
- verified tinyint(1) not null,
+ verified tinyint(1) default 0 not null,
+ has_pfp tinyint(1) default 0 not null,
+ is_admin tinyint(1) default 0 not null,
constraint email
unique (email) using hash
);');
@@ -23,7 +25,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo('<p>An error occurred: '. $e->getMessage() .'. Will skip. (Most likely the table already exists.)');
}
- echo '<p>Create the `password_resets` table</p>';
+ echo '<p>Create the `password_resets` table';
$stmt = $pdo->prepare('create table password_resets
(
id int auto_increment
@@ -33,11 +35,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
expiration int not null,
constraint password_resets_ibfk_1
foreign key (owner_id) references accounts (id)
-);
-
-create index owner_id
- on password_resets (owner_id);
-');
+);');
try {
$stmt->execute();
@@ -45,13 +43,66 @@ create index owner_id
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
+ echo '<p>Create the `apps` table';
+
+ try {
+ db_execute('create table apps (
+ id int auto_increment
+ primary key,
+ owner_id varchar(7) not null,
+ title text not null,
+ description text,
+ image text default "https://id.byecorps.com/assets/default.png" not null,
+ type text null,
+ callback text null,
+ constraint apps_ibfk_1
+ foreign key (owner_id) references accounts (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+
+ echo '<p>Create the `badges` table';
+
+ try {
+ db_execute('create table badges (
+ id int auto_increment
+ primary key,
+ app_id int not null,
+ title text not null,
+ description text,
+ image text default "https://id.byecorps.com/assets/default.png" not null,
+ constraint badges_ibfk_1
+ foreign key (app_id) references apps (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+ echo '<p>Create the `profiles` table';
+
+ try {
+ db_execute('create table profiles (
+ id varchar(7)
+ primary key,
+ description text null,
+ public_avatar tinyint(1) default 0,
+ public_display_name tinyint(1) default 0,
+ constraint profiles_ibfk_1
+ foreign key (id) references accounts (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+
echo "<p>Database initialised.</p>";
}
}
?>
-<h2 class="subheading">Admin</h2>
<h1>Init database</h1>
<p>Assuming you have the database config configured, you can click this button to create the tables required for this thing to function.</p>
diff --git a/admin_purge.php b/admin_purge.php
new file mode 100644
index 0000000000000000000000000000000000000000..691e75738b73dec82f6badbdf16cb9ce13ee759c
--- /dev/null
+++ b/admin_purge.php
@@ -0,0 +1,29 @@
+<?php
+
+
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
+ if ($_POST['purge'] == 'purge') {
+ db_execute("DELETE FROM `password_resets` WHERE expiration < ?", [time()]);
+ db_execute("DELETE FROM `tokens` WHERE expiry < ?", [time()]);
+ }
+}
+
+$expired_password_resets = db_execute("SELECT * FROM `password_resets` WHERE expiration < ?", [time()]);
+$expired_tokens = db_execute("SELECT * FROM `tokens` WHERE expiry < ?", [time()]);
+
+?>
+
+
+
+<h1>Purge</h1>
+<form method="post">
+ <p>
+ <button name="purge" value="purge" type="submit" class="primary">Purge</button>
+ </p>
+</form>
+
+<h2>Expired password resets</h2>
+<pre><?php print_r($expired_password_resets) ?></pre>
+
+<h2>Expired Login tokens</h2>
+<pre><?php print_r($expired_tokens) ?></pre>
diff --git a/api_handler.php b/api_handler.php
new file mode 100644
index 0000000000000000000000000000000000000000..64e3c59e5a803c766bcb7ad715b1261bbc8e13c6
--- /dev/null
+++ b/api_handler.php
@@ -0,0 +1,117 @@
+<?php
+
+$output_format = "json";
+header('Content-type: application/json');
+
+if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
+ $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
+}
+
+if (!empty($access_token)) {
+ // Check who the access token belongs to
+ $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
+ // if the token doesn't exist...
+ if (empty($token)) {
+ $invalid_token = true; // We won't tell this to the end-user immediately because I'd prefer to tell them about
+ // 404 first.
+ } else {
+ $token_owner = $token['owner_id'];
+ }
+}
+
+function check_authorisation($token): int
+{
+ // Validate token
+ if (!validate_access_token($token)) {
+ return 0; // Unauthorised
+ }
+
+ // Check the type of token
+ $token_row = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$token]);
+
+ if (null == $token_row) {
+ return 0;
+ }
+
+ return match ($token_row['type']) {
+ "basic" => 1,
+ default => 0,
+ };
+}
+
+// Misc (unauthorised)
+
+function redirect_to_documentation(): void
+{
+ header('Location: /docs/api');
+}
+
+// Health check
+
+function api_health_check(): array
+{
+ return ["message" => "Science compels us to explode the sun!", "time" => time(), "response_code" => 200];
+}
+
+// User (REQUIRES AUTHORISATION)
+
+function api_user_info() {
+ global $access_token, $token_owner;
+ // Authorisation levels:
+ // `display_name` = 1 (basic)
+ // `id` = 1 (basic)
+ // `email` = 1 (basic)
+
+ $level = check_authorisation($access_token);
+
+ $data = null;
+
+ if ($level == 1) {
+ $data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
+ }
+
+ if (null != $data) {
+ return [
+ "response_code" => 200,
+ "id" => $data['id'],
+ "email" => $data['email'],
+ "display_name" => $data['display_name']
+ ];
+ }
+
+ http_response_code(401);
+ return [
+ "response_code" => 401,
+ "message" => "Unauthorized."
+ ];
+
+}
+
+$api_routes = [ // base url is base_url.'/api'
+ // "/path" => "function_name"
+ // Misc
+ "" => "redirect_to_documentation",
+ "/status" => "api_health_check",
+
+ // Account stuff
+ "/account/me" => "api_user_info"
+];
+
+$path = str_replace("/api", "", $path);
+
+if (isset($api_routes[$path])) {
+ if (isset($invalid_token)) {
+ http_response_code(498);
+ echo (json_encode([
+ "response_code" => "498",
+ "message" => "Token expired or invalid."
+ ]));
+ }
+ echo json_encode($api_routes[$path]());
+} else {
+ http_response_code(404);
+ echo (json_encode([
+ "response_code" => "404",
+ "message" => "Route not found."
+ ]));
+}
diff --git a/assets/bcid.svg b/assets/bcid.svg
new file mode 100644
index 0000000000000000000000000000000000000000..8911001a67c1a5b078bc56a3f1c5c2c4aa5931d3
--- /dev/null
+++ b/assets/bcid.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 -0.5 32 32" shape-rendering="crispEdges">
+ <metadata>Made with Pixels to Svg https://codepen.io/shshaw/pen/XbxvNj</metadata>
+ <path stroke="#cbdbfc" d="M2 4h28M2 5h1M29 5h1M0 6h3M29 6h3M0 7h1M31 7h1M0 8h1M31 8h1M0 9h1M31 9h1M0 10h1M31 10h1M0 11h1M31 11h1M0 12h1M31 12h1M0 13h1M31 13h1M0 14h1M31 14h1M0 15h1M31 15h1M0 16h1M31 16h1M0 17h1M31 17h1M0 18h1M31 18h1M0 19h1M31 19h1M0 20h1M31 20h1M0 21h1M31 21h1M0 22h1M31 22h1M0 23h1M31 23h1M0 24h1M31 24h1M0 25h3M29 25h3M2 26h1M29 26h1M2 27h28" />
+ <path stroke="#ffffff" d="M3 5h26M3 6h26M1 7h30M1 8h30M1 9h30M1 10h6M8 10h1M10 10h6M21 10h1M25 10h6M1 11h7M9 11h9M19 11h3M23 11h2M26 11h5M1 12h6M12 12h6M19 12h3M23 12h2M26 12h5M1 13h6M12 13h6M19 13h3M23 13h2M26 13h5M1 14h6M12 14h6M19 14h3M23 14h2M26 14h5M1 15h6M12 15h6M19 15h3M23 15h2M26 15h5M1 16h15M21 16h1M25 16h6M1 17h6M12 17h19M1 18h5M13 18h18M1 19h5M13 19h3M24 19h1M26 19h5M1 20h5M13 20h18M1 21h5M13 21h3M17 21h1M21 21h1M26 21h5M1 22h30M1 23h30M1 24h30M3 25h26M3 26h26" />
+ <path stroke="#000000" d="M7 10h1M9 10h1M16 10h5M22 10h3M8 11h1M18 11h1M22 11h1M25 11h1M7 12h5M18 12h1M22 12h1M25 12h1M7 13h5M18 13h1M22 13h1M25 13h1M7 14h5M18 14h1M22 14h1M25 14h1M7 15h5M18 15h1M22 15h1M25 15h1M16 16h5M22 16h3M7 17h5M6 18h7M6 19h7M16 19h8M25 19h1M6 20h7M6 21h7M16 21h1M18 21h3M22 21h4" />
+</svg>
\ No newline at end of file
diff --git a/assets/default.png b/assets/default.png
new file mode 100644
index 0000000000000000000000000000000000000000..a1d6ae44f844f01c7b4191bf3bff9c6d05f59555
Binary files /dev/null and b/assets/default.png differ
diff --git a/composer.json b/composer.json
index 7e441b34ff42f544cd93c87640f7c2914adc8602..96cd7b57eb7a4c8da4745e36e233bbf52c72f83c 100644
--- a/composer.json
+++ b/composer.json
@@ -1,9 +1,8 @@
{
"require": {
"sentry/sdk": "^4.0",
- "phpmailer/phpmailer": "^6.8",
"erusev/parsedown": "^1.7",
"erusev/parsedown-extra": "^0.8.1",
- "kornrunner/blurhash": "^1.2"
+ "resend/resend-php": "^0.11.0"
}
}
diff --git a/composer.lock b/composer.lock
index 1f2897815808ceccf9e2e9bde58e3c1d0ca6f7b6..7dfa69b57a4e64c8b9f24b5ab7f26afbc503ca04 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "9baad85ecd1e18878c3fe588203305a1",
+ "content-hash": "7cbb1a410be00f937b47c45077c89f9a",
"packages": [
{
"name": "erusev/parsedown",
@@ -107,6 +107,215 @@
},
"time": "2019-12-30T23:20:37+00:00"
},
+ {
+ "name": "guzzlehttp/guzzle",
+ "version": "7.8.1",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/guzzle/guzzle.git",
+ "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
+ "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
+ "shasum": ""
+ },
+ "require": {
+ "ext-json": "*",
+ "guzzlehttp/promises": "^1.5.3 || ^2.0.1",
+ "guzzlehttp/psr7": "^1.9.1 || ^2.5.1",
+ "php": "^7.2.5 || ^8.0",
+ "psr/http-client": "^1.0",
+ "symfony/deprecation-contracts": "^2.2 || ^3.0"
+ },
+ "provide": {
+ "psr/http-client-implementation": "1.0"
+ },
+ "require-dev": {
+ "bamarni/composer-bin-plugin": "^1.8.2",
+ "ext-curl": "*",
+ "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
+ "php-http/message-factory": "^1.1",
+ "phpunit/phpunit": "^8.5.36 || ^9.6.15",
+ "psr/log": "^1.1 || ^2.0 || ^3.0"
+ },
+ "suggest": {
+ "ext-curl": "Required for CURL handler support",
+ "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+ "psr/log": "Required for using the Log middleware"
+ },
+ "type": "library",
+ "extra": {
+ "bamarni-bin": {
+ "bin-links": true,
+ "forward-command": false
+ }
+ },
+ "autoload": {
+ "files": [
+ "src/functions_include.php"
+ ],
+ "psr-4": {
+ "GuzzleHttp\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Graham Campbell",
+ "email": "hello@gjcampbell.co.uk",
+ "homepage": "https://github.com/GrahamCampbell"
+ },
+ {
+ "name": "Michael Dowling",
+ "email": "mtdowling@gmail.com",
+ "homepage": "https://github.com/mtdowling"
+ },
+ {
+ "name": "Jeremy Lindblom",
+ "email": "jeremeamia@gmail.com",
+ "homepage": "https://github.com/jeremeamia"
+ },
+ {
+ "name": "George Mponos",
+ "email": "gmponos@gmail.com",
+ "homepage": "https://github.com/gmponos"
+ },
+ {
+ "name": "Tobias Nyholm",
+ "email": "tobias.nyholm@gmail.com",
+ "homepage": "https://github.com/Nyholm"
+ },
+ {
+ "name": "Márk Sági-Kazár",
+ "email": "mark.sagikazar@gmail.com",
+ "homepage": "https://github.com/sagikazarmark"
+ },
+ {
+ "name": "Tobias Schultze",
+ "email": "webmaster@tubo-world.de",
+ "homepage": "https://github.com/Tobion"
+ }
+ ],
+ "description": "Guzzle is a PHP HTTP client library",
+ "keywords": [
+ "client",
+ "curl",
+ "framework",
+ "http",
+ "http client",
+ "psr-18",
+ "psr-7",
+ "rest",
+ "web service"
+ ],
+ "support": {
+ "issues": "https://github.com/guzzle/guzzle/issues",
+ "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
+ },
+ "funding": [
+ {
+ "url": "https://github.com/GrahamCampbell",
+ "type": "github"
+ },
+ {
+ "url": "https://github.com/Nyholm",
+ "type": "github"
+ },
+ {
+ "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+ "type": "tidelift"
+ }
+ ],
+ "time": "2023-12-03T20:35:24+00:00"
+ },
+ {
+ "name": "guzzlehttp/promises",
+ "version": "2.0.2",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/guzzle/promises.git",
+ "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
+ "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
+ "shasum": ""
+ },
+ "require": {
+ "php": "^7.2.5 || ^8.0"
+ },
+ "require-dev": {
+ "bamarni/composer-bin-plugin": "^1.8.2",
+ "phpunit/phpunit": "^8.5.36 || ^9.6.15"
+ },
+ "type": "library",
+ "extra": {
+ "bamarni-bin": {
+ "bin-links": true,
+ "forward-command": false
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "GuzzleHttp\\Promise\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Graham Campbell",
+ "email": "hello@gjcampbell.co.uk",
+ "homepage": "https://github.com/GrahamCampbell"
+ },
+ {
+ "name": "Michael Dowling",
+ "email": "mtdowling@gmail.com",
+ "homepage": "https://github.com/mtdowling"
+ },
+ {
+ "name": "Tobias Nyholm",
+ "email": "tobias.nyholm@gmail.com",
+ "homepage": "https://github.com/Nyholm"
+ },
+ {
+ "name": "Tobias Schultze",
+ "email": "webmaster@tubo-world.de",
+ "homepage": "https://github.com/Tobion"
+ }
+ ],
+ "description": "Guzzle promises library",
+ "keywords": [
+ "promise"
+ ],
+ "support": {
+ "issues": "https://github.com/guzzle/promises/issues",
+ "source": "https://github.com/guzzle/promises/tree/2.0.2"
+ },
+ "funding": [
+ {
+ "url": "https://github.com/GrahamCampbell",
+ "type": "github"
+ },
+ {
+ "url": "https://github.com/Nyholm",
+ "type": "github"
+ },
+ {
+ "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+ "type": "tidelift"
+ }
+ ],
+ "time": "2023-12-03T20:19:20+00:00"
+ },
{
"name": "guzzlehttp/psr7",
"version": "2.6.1",
@@ -410,6 +619,58 @@
],
"time": "2023-08-29T08:26:30+00:00"
},
+ {
+ "name": "psr/http-client",
+ "version": "1.0.3",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/php-fig/http-client.git",
+ "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
+ "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
+ "shasum": ""
+ },
+ "require": {
+ "php": "^7.0 || ^8.0",
+ "psr/http-message": "^1.0 || ^2.0"
+ },
+ "type": "library",
+ "extra": {
+ "branch-alias": {
+ "dev-master": "1.0.x-dev"
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "Psr\\Http\\Client\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "PHP-FIG",
+ "homepage": "https://www.php-fig.org/"
+ }
+ ],
+ "description": "Common interface for HTTP clients",
+ "homepage": "https://github.com/php-fig/http-client",
+ "keywords": [
+ "http",
+ "http-client",
+ "psr",
+ "psr-18"
+ ],
+ "support": {
+ "source": "https://github.com/php-fig/http-client"
+ },
+ "time": "2023-09-23T14:17:50+00:00"
+ },
{
"name": "psr/http-factory",
"version": "1.0.2",
@@ -612,6 +873,63 @@
},
"time": "2019-03-08T08:55:37+00:00"
},
+ {
+ "name": "resend/resend-php",
+ "version": "v0.11.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/resend/resend-php.git",
+ "reference": "31ec02fc2d16b3badc10612289a3325afe68147c"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/resend/resend-php/zipball/31ec02fc2d16b3badc10612289a3325afe68147c",
+ "reference": "31ec02fc2d16b3badc10612289a3325afe68147c",
+ "shasum": ""
+ },
+ "require": {
+ "guzzlehttp/guzzle": "^7.5",
+ "php": "^8.1.0"
+ },
+ "require-dev": {
+ "friendsofphp/php-cs-fixer": "^3.13",
+ "mockery/mockery": "^1.6",
+ "pestphp/pest": "^2.0"
+ },
+ "type": "library",
+ "autoload": {
+ "files": [
+ "src/Resend.php"
+ ],
+ "psr-4": {
+ "Resend\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Resend and contributors",
+ "homepage": "https://github.com/resend/resend-php/contributors"
+ }
+ ],
+ "description": "Resend PHP library.",
+ "homepage": "https://resend.com/",
+ "keywords": [
+ "api",
+ "client",
+ "php",
+ "resend",
+ "sdk"
+ ],
+ "support": {
+ "issues": "https://github.com/resend/resend-php/issues",
+ "source": "https://github.com/resend/resend-php/tree/v0.11.0"
+ },
+ "time": "2024-02-01T18:06:15+00:00"
+ },
{
"name": "sentry/sdk",
"version": "4.0.0",
diff --git a/credits.html b/credits.php
similarity index 100%
rename from credits.html
rename to credits.php
diff --git a/docs/hosting/errors.md b/docs/hosting/errors.md
new file mode 100644
index 0000000000000000000000000000000000000000..f7adbffcfb1d4e770b845872b4300b39e2740078
--- /dev/null
+++ b/docs/hosting/errors.md
@@ -0,0 +1,7 @@
+# Errors
+
+Here's all the error codes and what they mean.
+
+| Error Code | Explanation |
+|-----------:|:----------------------------|
+| 12 | A generic error explaing something went wrong adding a password reset
diff --git a/forgot_password.php b/forgot_password.php
index f96d8ee59f87faa2d6f3c38162cfbda277ebae6a..f8180ea8ce54e0f4884763b3982bc886ca79ad21 100644
--- a/forgot_password.php
+++ b/forgot_password.php
@@ -1,7 +1,4 @@
<?php
-use PHPMailer\PHPMailer\SMTP;
-use PHPMailer\PHPMailer\PHPMailer;
-use PHPMailer\PHPMailer\Exception;
if ($_SESSION['auth']) {
header('Location: /account');
@@ -29,29 +26,20 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$safe_display_name = $user['display_name'];
}
- $mail = new PHPMailer();
try {
- //Server settings
-// $mail->SMTPDebug = SMTP::DEBUG_SERVER; Verbose output
- $mail->isSMTP(); //Send using SMTP
- $mail->Host = MAIL_HOST; //Set the SMTP server to send through
- $mail->SMTPAuth = true; //Enable SMTP authentication
- $mail->Username = MAIL_USERNAME; //SMTP username
- $mail->Password = MAIL_PASSWORD; //SMTP password
- $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS; //Enable implicit TLS encryption
- $mail->Port = 465;
-
- $mail->setFrom('id@byecorps.com', 'ByeCorps ID');
- $mail->addAddress($user['email'], $safe_display_name);
- $mail->addReplyTo('hello@byecorps.com', 'ByeCorps Support');
-
- $mail->Subject = 'Reset your password';
- $mail->Body = 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
+ $resend->emails->send([
+ 'from' => 'ByeCorps ID <noreply@id.byecorps.com>',
+ 'to' => [$safe_display_name . "<" . $user['email']. ">"],
+ 'subject' => 'Reset your password',
+ 'text' => 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
'.$password_reset_link.'
-This link expires in 5 minutes.';
- $mail->send();
+This link expires in 5 minutes.
+
+If you did not request this password reset, please ignore it (or tighten your account\'s security)']);
+
+// echo("<a href='$password_reset_link'>This is a security issue.</a>");
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
@@ -65,7 +53,7 @@ This link expires in 5 minutes.';
<?php if(isset($message)) echo "<p>".$message."</p>"; ?>
-<p>Forgot your password? We'll send you an email to reset it.</p>
+<p>Forgot your password? We'll email you to reset it.</p>
<form method="post">
<input placeholder="a.dent@squornshellous.cloud" name="email" id="email" type="email">
diff --git a/index.php b/index.php
index 843ce30d869bc3c92e529361dc9e55c393996903..3c9f9b93cb8a5c74dee7d533fc04fbeda73bbab3 100644
--- a/index.php
+++ b/index.php
@@ -3,38 +3,46 @@ require_once __DIR__ . '/vendor/autoload.php';
session_start();
-use kornrunner\Blurhash\Blurhash;
-
if (empty($_SESSION)) {
$_SESSION['auth'] = false;
}
-include("config.php");
+include "config.php";
+// MySQL
$pdo = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD, PDO_OPTIONS);
+// Email
+if (defined("RESEND_API_KEY")) {
+ $resend = Resend::client(RESEND_API_KEY);
+}
-include("time_handler.php");
require "misc_functions.php";
require "database.php";
+include("time_handler.php");
include("id_handler.php");
include("accounts_handler.php");
-if ($_SESSION['auth']) {
- $user = db_execute("SELECT * FROM `accounts` WHERE id = ? LIMIT 1", [$_SESSION['id']]);
-}
-
-\Sentry\init([
- 'dsn' => SENTRY_DSN,
- // Specify a fixed sample rate
- 'traces_sample_rate' => 1.0,
- // Set a sampling rate for profiling - this is relative to traces_sample_rate
- 'profiles_sample_rate' => 1.0,
-]);
+// Attempt to log the user in using their cookie if auth isn't set.
+if (!$_SESSION['auth']) {
+ if (key_exists('keep_me_logged_in', $_COOKIE)) {
+ if (validate_access_token($_COOKIE['keep_me_logged_in'])) {
+ // Work out who the key belongs to
+ $cookie_owner = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$_COOKIE['keep_me_logged_in']]);
+ if ($cookie_owner['type'] != "cookie") {
+ setcookie('keep_me_logged_in', '', time()-3600);
+ goto skip_cookie;
+ }
+ $_SESSION['auth'] = true;
+ $_SESSION['id'] = $cookie_owner['owner_id'];
-function does_variable_exists( $variable ) {
- return (isset($$variable)) ? "true" : "false";
+ } else {
+ setcookie('keep_me_logged_in', '', time()-3600);
+ }
+ }
}
+skip_cookie:
+
$host_string = $_SERVER['HTTP_HOST'];
$host = explode('.', $host_string);
$uri_string = $_SERVER['REQUEST_URI'];
@@ -45,6 +53,45 @@ if (str_ends_with($path,'/') && $path != "/") {
exit;
}
$uri = array_values(array_filter(explode('/', $uri_string)));
+try {
+ if ($_SESSION['auth']) {
+ $user = db_execute("SELECT * FROM `accounts` WHERE id = ? LIMIT 1", [$_SESSION['id']]);
+ if (!$user) {
+ // Account doesn't exist. Log the user out.
+
+ // We won't redirect to the logout endpoint because if this is going off there's something
+ // broken anyway.
+ session_destroy();
+ die("Your session was invalid so we've logged you out.");
+ }
+ }
+}
+catch (Exception) {
+ echo('<header>Database is broken. Please tell an admin.</header>');
+ if ($uri_string == "/admin/init/database") { // Allows access to this page even if user doesn't have admin rights
+ // because you can't check the rights.
+ echo "<main>";
+ include "admin_initdatabase.php";
+ die ("</main>");
+
+ }
+}
+
+
+if (defined("SENTRY_DSN")) {
+ \Sentry\init([
+ 'dsn' => SENTRY_DSN,
+ // Specify a fixed sample rate
+ 'traces_sample_rate' => 1.0,
+ // Set a sampling rate for profiling - this is relative to traces_sample_rate
+ 'profiles_sample_rate' => 1.0,
+ ]);
+}
+
+
+function does_variable_exists( $variable ) {
+ return (isset($$variable)) ? "true" : "false";
+}
if(isset($query_string[1])) {
$uri_string = $query_string[0];
@@ -65,11 +112,13 @@ $include = "404.html";
$paths = array(
"/" => ["landing.php"],
+
"/admin" => ['admin.php'],
"/admin/init/database" => ["admin_initdatabase.php"],
"/admin/list/accounts" => ["admin_accounts.php"],
"/admin/list/apps" => ["admin_apps.php"],
"/admin/create/app" => ["admin_apps_create.php"],
+ "/admin/purge" => ["admin_purge.php"],
"/account" => ["account.php", "Your account"],
"/signin" => ["signin.php", "Sign in"],
@@ -79,10 +128,19 @@ $paths = array(
"/admin/signinas" => ["signinas.php"],
"/reset/password" => ["reset_password.php", "Reset password"],
"/docs" => ["docs.php", "Docs"],
- "/credits" => ["credits.html", "Credits"],
+ "/credits" => ["credits.php", "Credits"],
"/profile" => ["profile.php", "Profile"],
+
+ "/signin/external/basic" => ["login_external_basic.php"]
);
+if (!empty($uri) ) { // Go to jail. Go directly to jail. Do not pass Go.
+ if ($uri[0] == "api") {
+ include("api_handler.php");
+ exit(); // fuck this shit i'm out
+ }
+}
+
if (isset($paths[$path])) {
$include = $paths[$path][0];
if (isset($paths[$path][1])) {
@@ -95,6 +153,10 @@ else {
http_response_code(404);
}
+if ($include == "login_external_basic.php") {
+ goto skip_formalities;
+}
+
?>
<!DOCTYPE html>
@@ -116,14 +178,15 @@ else {
if ($uri[0] == "admin" && !$user['is_admin']) {
http_response_code(401);
- die("<img src='https://http.cat/401.jpg'>");
+ die("<img src='https://http.cat/401.jpg' alt='A cat standing in front of a door with a No Cats Allowed sign on it.' />");
}
+
if ($uri[0] == "docs") {
$include = "docs.php";
}
}
-
+ skip_formalities:
include($include); ?>
</main>
<?php include("footer.php"); ?>
diff --git a/landing.php b/landing.php
index 6e59f94a6ac4b5fe7cf9a5481ced1200f3341640..a4ea89bf66db115db06a5a2ebca33ac571e20057 100644
--- a/landing.php
+++ b/landing.php
@@ -1,6 +1,6 @@
<div class="hero">
<div class="hero-text">
- <img src="https://byecorps.b-cdn.net/id/bcid.svg" alt="ByeCorps ID Logo" class="logo">
+ <img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
<h1><span class="bc-1">Bye</span><span class="bc-2">Corps</span><span class="bc-3"> ID</span></h1>
<p>Log into ByeCorps and beyond with a single ID.</p>
<!-- <p><input type="email" name="loginEmail" id="loginEmail" placeholder="Email" /></p> -->
diff --git a/login_external_basic.php b/login_external_basic.php
new file mode 100644
index 0000000000000000000000000000000000000000..916921193f1a20fb04f6e2206a1a0b2a49c12348
--- /dev/null
+++ b/login_external_basic.php
@@ -0,0 +1,147 @@
+
+<?php
+
+// Disable warnings lol
+error_reporting(E_ALL ^ E_WARNING);
+
+// Determine the app we are dealing with.
+
+$flash = "";
+$error = "";
+
+if (null != $query['appid']) {
+ $app_id = $query['appid'];
+} else {
+ $error = ["No app ID specified.", 200];
+ goto login;
+}
+
+$app = db_execute("SELECT * FROM apps WHERE id = ? LIMIT 1", [$app_id]);
+$doc_title = "Sign in to " . $app['title'];
+
+// Lets check that the callback matches the app...
+if (null == $query['callback']) {
+ $disable_logging_in = true;
+ $error = ["No callback URL.", 400];
+ goto login;
+}
+if ($query['callback'] != $app['callback']) {
+ $disable_logging_in = true;
+ $error = ["Callback URL doesn't match our records.", 400];
+ goto login;
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ // Here's a few easy steps to figure out if we should give the other party a token or not.
+ print_r($_POST);
+
+ // First: match the session ids. If they aren't the same it's probably Not Ok.
+ if (session_id() != $_POST['sessionid']) {
+ echo "<h1>401 Unauthorised</h1><p>You are not permitted to view this content.</p>";
+ exit(401);
+ }
+
+ // Now let's determine if we're logged in or not. We can use the session for this, and verify using the
+ // `bcid` value (which only appears if youre logged in!!!)
+ if ($_SESSION['auth']) {
+ if (null == $_POST['bcid'] || $_SESSION['id'] != $_POST['bcid']) {
+ // Both of these suggest tampering,
+ // let's log the user out and throw an error.
+ $_SESSION['auth'] = false;
+ $_SESSION['id'] = null;
+
+ $flash = "Sorry, something went wrong. Please sign in again.";
+
+ goto login;
+ }
+ }
+ else { // of course, there's also the case that you WERENT logged in. Let's verify if you're logged in or not.
+ $user_db_version = db_execute("SELECT * FROM accounts WHERE email = ?", [$_POST['email']]);
+ if (!password_verify($_POST['password'], $user_db_version['password']) || null == $user_db_version) {
+ // INCORRECT PASSWORD!!!!
+ // or the account doesn't exist. we don't care either way.
+
+ $flash = "Incorrect email or password.";
+ } else {
+ // if it's correct, we'll still force them to click log in again anyway. I'll also be nice and set the
+ // cookies properly.
+
+ $_SESSION['id'] = $user_db_version['id'];
+ $_SESSION['auth'] = true;
+ $user = $user_db_version;
+ goto login;
+ }
+ }
+
+ // The following gets run assuming we know the client is the one CLICKING the button.
+ $tokens = generate_basic_access_token($_POST['bcid']);
+
+ header('Location: '. $_POST['callback'].'?access_token='.$tokens['access'].'&refresh='.$tokens['refresh']
+ .'&expiry='.$tokens['expiry']);
+ exit();
+
+}
+
+login:
+
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+ <?php include ("head.php"); ?>
+</head>
+<body>
+ <?php include("header.php"); ?>
+ <main>
+ <div id="loginform">
+ <?php if ("" != $error) {goto error_no_app;} ?>
+ <h1>Sign into <?= $app['title'] ?></h1>
+ <p class="subtitle">Owned by <strong><?= get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ?></strong></p>
+ <p><?= $app['description'] ?></p>
+ <?php
+ error_no_app:
+ if ($error) {
+ http_response_code($error[1]);
+ echo "
+<div class='error center'>
+<span class='fa-regular fa-2xl center fa-xmark-circle'></span>
+<h2>Something went wrong!</h2>
+<p>Server returned error:<br /><code>$error[0]</code> (HTTP response code $error[1])</p>
+</div>
+";
+ goto dont_show_form;
+ }
+ ?>
+ <p><strong><?= $app['title'] ?></strong> uses ByeCorps ID for authentication.</p>
+ <p>Please double-check the information and avoid signing in with your BCID if you do not trust this app.</p>
+ <p>Please confirm that you'd like to sign into <strong><?= $app['title'] ?></strong>.</p>
+ <?php
+ if (null != $flash) {
+ echo "<p class='flash'>$flash</p>";
+ } else {
+ echo "<br />";
+ }
+ ?>
+ <form class="login" method="post" action="">
+ <input type="hidden" name="sessionid" value="<?= session_id() ?>" />
+ <?php if ($_SESSION['auth'])
+ { $bcid = $user['id']; echo "<input type='hidden' name='bcid' value='$bcid' />";
+ echo "<p class='subtitle'>You are signed in as ". get_display_name($_SESSION['id'],
+ put_bcid_in_parenthesis: true) . ". <a>Not you?</a>.";
+ goto signedin; } ?>
+ <p class="subtitle">You will need to sign in first.</p>
+ <input type="email" autocomplete="email" name="email" id="email" placeholder="Email" />
+ <input type="password" name="password" id="password" placeholder="Password" />
+ <?php signedin: ?>
+ <button class="primary" type="submit">Sign into <?= $app['title']; ?></button>
+ <button class="secondary" type="reset">GET ME OUT OF HERE</button>
+ <p class="subtitle center">
+ You will be brought to <strong><?= $query['callback'] ?></strong>.
+ <br /><?= $app['title'] ?> will be able to see your email and display name.
+ </p>
+ <input type="hidden" name="callback" value="<?= $query['callback'] ?>" />
+ </form>
+ <?php dont_show_form: ?>
+
+ </div>
diff --git a/signin.php b/signin.php
index 6de8f741c52a6ce6bd4d8db377db6631b1d77308..a1904f54a50caaa3048120c472dd7bcdbb828875 100644
--- a/signin.php
+++ b/signin.php
@@ -25,14 +25,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (password_verify($password, $user["password"])) {
$_SESSION["id"] = $user["id"];
$_SESSION["auth"] = true;
+//
+// print_r($_POST);
+// echo(is_string($_POST['keep_logged_in']));
+
+ if ($_POST['keep_logged_in'] == "on") {
+ $token = generate_cookie_access_token($user['id']);
+// print_r($token);
+ setcookie("keep_me_logged_in", $token['access']);
+ }
+//
if (isset($query['callback'])) {
header("Location: ".$query['callback']);
} else {
header("Location: /profile");
-// echo "<pre>";
-// var_dump($user);
-// var_dump($_SESSION);
-// die();
}
exit;
@@ -44,17 +50,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
?>
-<h2>Sign in to ByeCorps ID</h2>
-<?php
-if (isset($message)) {
- echo "<div class='flash'>$message</div>";
-}?>
-<form method="post">
- <input type="email" name="email" id="email" placeholder="Email">
- <input type="password" name="password" id="password" placeholder="Password">
- <button type="submit">Sign in</button>
-</form>
-
-<p class="center">
- <a href="/forgot/password">Forgot password?</a> • New? <a href="/register">Register</a> for a ByeCorps ID.
-</p>
\ No newline at end of file
+<div id="loginform">
+ <h2>Sign in to ByeCorps ID</h2>
+ <?php
+ if (isset($message)) {
+ echo "<div class='flash'>$message</div>";
+ }?>
+ <form class="login" method="post">
+ <input type="email" name="email" id="email" placeholder="Email" />
+ <input type="password" name="password" id="password" placeholder="Password" />
+ <div class="checkbox"><input type="checkbox" name="keep_logged_in" id="keep_logged_in" />
+ <label for="keep_logged_in">Keep me logged in (for 365 days)</label></div>
+ <button class="primary" type="submit">Sign in</button>
+ </form>
+
+ <p class="center">
+ <a href="/forgot/password">Forgot password?</a> • New? <a href="/register">Register</a> for a ByeCorps ID.
+ </p>
+</div>
\ No newline at end of file
diff --git a/signout.php b/signout.php
index c128d187c90ee6a85e9f665ce23bfa91ebfd7d60..03f7dbe20fc9022de9c8956a63e06c0f58e6289e 100644
--- a/signout.php
+++ b/signout.php
@@ -2,6 +2,7 @@
$_SESSION['id'] = null;
$_SESSION['auth'] = false;
+setcookie('keep_me_logged_in', '', time()-3600);
session_destroy();
?>
diff --git a/styles/colours.css b/styles/colours.css
index f11cb9708f1cd8b01925623b41f061fc3d7058de..287d9f0328960bec98207b17b04a15b9c89aa35c 100644
--- a/styles/colours.css
+++ b/styles/colours.css
@@ -101,6 +101,11 @@ input[data-com-onepassword-filled="dark"] {
margin: 0;
}
+.flash {
+ background: var(--red-5);
+ color: black;
+}
+
@media screen and (prefers-color-scheme: dark) {
html {
background: var(--background-dark, #121212);
diff --git a/styles/design.css b/styles/design.css
index acdac55c5340f0e32ad8b62a212f6581ee661db9..c6748d9dee138b643d42228d3aacd2f7639553b8 100644
--- a/styles/design.css
+++ b/styles/design.css
@@ -46,6 +46,11 @@ input:disabled {
cursor: not-allowed;
}
+.flash {
+ padding: 1rem;
+ border-radius: 1rem;
+}
+
table {
background-color: var(--grey-2);
width: 100%;
diff --git a/styles/layout.css b/styles/layout.css
index 03d20f2a0b881c6c8df2e87b83b25253943c7639..9e8927730b11268459ca6d2113f5217071c065e6 100644
--- a/styles/layout.css
+++ b/styles/layout.css
@@ -148,3 +148,8 @@ form {
display: flex;
}
+#loginform {
+ max-width: 500px;
+ margin: auto;
+}
+
diff --git a/styles/types.css b/styles/types.css
index 7b09f26aead241523cc6cdeedb456bb5e5495706..10cea6075c88c511f32962d272554f5b00baaf42 100644
--- a/styles/types.css
+++ b/styles/types.css
@@ -42,6 +42,12 @@ h2.subheading + h1 {
font-family: 'Courier Prime', monospace;
}
+p.subtitle {
+ font-size: 0.9rem;
+ margin: 0;
+ opacity: 0.8;
+}
+
.center {
text-align: center;
}