From c6a1637dee2aea3b56587f0048d627d5a0718e53 Mon Sep 17 00:00:00 2001
From: Bye <bye@byecorps.com>
Date: Sat, 17 Feb 2024 12:04:47 +0000
Subject: [PATCH] Upload a lot of changes
---
.idea/dataSources.local.xml | 2 +-
.idea/dataSources.xml | 2 +-
.../5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml | 205 +----------
.idea/id.iml | 4 +
.idea/php.xml | 4 +
account.php | 2 +-
accounts_handler.php | 65 +++-
admin_apps_create.php | 7 +-
admin_initdatabase.php | 67 +++-
admin_purge.php | 29 ++
api_handler.php | 117 +++++++
assets/bcid.svg | 6 +
assets/default.png | Bin 0 -> 1228 bytes
composer.json | 3 +-
composer.lock | 320 +++++++++++++++++-
credits.html => credits.php | 0
docs/hosting/errors.md | 7 +
forgot_password.php | 34 +-
index.php | 103 ++++--
landing.php | 2 +-
login_external_basic.php | 147 ++++++++
signin.php | 46 ++-
signout.php | 1 +
styles/colours.css | 5 +
styles/design.css | 5 +
styles/layout.css | 5 +
styles/types.css | 6 +
27 files changed, 914 insertions(+), 280 deletions(-)
create mode 100644 admin_purge.php
create mode 100644 api_handler.php
create mode 100644 assets/bcid.svg
create mode 100644 assets/default.png
rename credits.html => credits.php (100%)
create mode 100644 docs/hosting/errors.md
create mode 100644 login_external_basic.php
diff --git a/.idea/dataSources.local.xml b/.idea/dataSources.local.xml
index 92eddc1..9c2db00 100644
--- a/.idea/dataSources.local.xml
+++ b/.idea/dataSources.local.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
- <component name="dataSourceStorageLocal" created-in="PS-232.10072.32">
+ <component name="dataSourceStorageLocal" created-in="PS-233.13135.108">
<data-source name="ByeCorps ID (local)" uuid="5bc27beb-c8ab-420d-bdbc-055b37ae9e39">
<database-info product="MariaDB" version="10.6.12-MariaDB-0ubuntu0.22.04.1" jdbc-version="4.2" driver-name="MariaDB Connector/J" driver-version="3.0.7" dbms="MARIADB" exact-version="10.6.12" exact-driver-version="3.0">
<extra-name-characters>#@</extra-name-characters>
diff --git a/.idea/dataSources.xml b/.idea/dataSources.xml
index b7c12c5..dfaf86d 100644
--- a/.idea/dataSources.xml
+++ b/.idea/dataSources.xml
@@ -5,7 +5,7 @@
<driver-ref>mariadb</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
- <jdbc-url>jdbc:mariadb://id:3306/id</jdbc-url>
+ <jdbc-url>jdbc:mariadb://id.local:3306/id.local</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir>
</data-source>
</component>
diff --git a/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml b/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
index f35c051..627b796 100644
--- a/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
+++ b/.idea/dataSources/5bc27beb-c8ab-420d-bdbc-055b37ae9e39.xml
@@ -1,205 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<dataSource name="ByeCorps ID (local)">
- <database-model serializer="dbm" dbms="MARIADB" family-id="MARIADB" format-version="4.49">
- <root id="1">
- <DefaultCasing>exact</DefaultCasing>
- <DefaultEngine>InnoDB</DefaultEngine>
- <Grants>|root||bye||ALTER|G
-|root||bye|100.12.43.1|ALTER|G
-|root||mysql|localhost|ALTER|G
-|root||root|localhost|ALTER|G
-|root||bye||ALTER ROUTINE|G
-|root||bye|100.12.43.1|ALTER ROUTINE|G
-|root||mysql|localhost|ALTER ROUTINE|G
-|root||root|localhost|ALTER ROUTINE|G
-|root||bye||BINLOG ADMIN|G
-|root||bye|100.12.43.1|BINLOG ADMIN|G
-|root||mysql|localhost|BINLOG ADMIN|G
-|root||root|localhost|BINLOG ADMIN|G
-|root||bye||BINLOG MONITOR|G
-|root||bye|100.12.43.1|BINLOG MONITOR|G
-|root||mysql|localhost|BINLOG MONITOR|G
-|root||root|localhost|BINLOG MONITOR|G
-|root||bye||BINLOG REPLAY|G
-|root||bye|100.12.43.1|BINLOG REPLAY|G
-|root||mysql|localhost|BINLOG REPLAY|G
-|root||root|localhost|BINLOG REPLAY|G
-|root||bye||CONNECTION ADMIN|G
-|root||bye|100.12.43.1|CONNECTION ADMIN|G
-|root||mysql|localhost|CONNECTION ADMIN|G
-|root||root|localhost|CONNECTION ADMIN|G
-|root||bye||CREATE|G
-|root||bye|100.12.43.1|CREATE|G
-|root||mysql|localhost|CREATE|G
-|root||root|localhost|CREATE|G
-|root||bye||CREATE ROUTINE|G
-|root||bye|100.12.43.1|CREATE ROUTINE|G
-|root||mysql|localhost|CREATE ROUTINE|G
-|root||root|localhost|CREATE ROUTINE|G
-|root||bye||CREATE TABLESPACE|G
-|root||bye|100.12.43.1|CREATE TABLESPACE|G
-|root||mysql|localhost|CREATE TABLESPACE|G
-|root||root|localhost|CREATE TABLESPACE|G
-|root||bye||CREATE TEMPORARY TABLES|G
-|root||bye|100.12.43.1|CREATE TEMPORARY TABLES|G
-|root||mysql|localhost|CREATE TEMPORARY TABLES|G
-|root||root|localhost|CREATE TEMPORARY TABLES|G
-|root||bye||CREATE USER|G
-|root||bye|100.12.43.1|CREATE USER|G
-|root||mysql|localhost|CREATE USER|G
-|root||root|localhost|CREATE USER|G
-|root||bye||CREATE VIEW|G
-|root||bye|100.12.43.1|CREATE VIEW|G
-|root||mysql|localhost|CREATE VIEW|G
-|root||root|localhost|CREATE VIEW|G
-|root||bye||DELETE|G
-|root||bye|100.12.43.1|DELETE|G
-|root||mysql|localhost|DELETE|G
-|root||root|localhost|DELETE|G
-|root||bye||DELETE HISTORY|G
-|root||bye|100.12.43.1|DELETE HISTORY|G
-|root||mysql|localhost|DELETE HISTORY|G
-|root||root|localhost|DELETE HISTORY|G
-|root||bye||DROP|G
-|root||bye|100.12.43.1|DROP|G
-|root||mysql|localhost|DROP|G
-|root||root|localhost|DROP|G
-|root||bye||EVENT|G
-|root||bye|100.12.43.1|EVENT|G
-|root||mysql|localhost|EVENT|G
-|root||root|localhost|EVENT|G
-|root||bye||EXECUTE|G
-|root||bye|100.12.43.1|EXECUTE|G
-|root||mysql|localhost|EXECUTE|G
-|root||root|localhost|EXECUTE|G
-|root||bye||FEDERATED ADMIN|G
-|root||bye|100.12.43.1|FEDERATED ADMIN|G
-|root||mysql|localhost|FEDERATED ADMIN|G
-|root||root|localhost|FEDERATED ADMIN|G
-|root||bye||FILE|G
-|root||bye|100.12.43.1|FILE|G
-|root||mysql|localhost|FILE|G
-|root||root|localhost|FILE|G
-|root||bye||INDEX|G
-|root||bye|100.12.43.1|INDEX|G
-|root||mysql|localhost|INDEX|G
-|root||root|localhost|INDEX|G
-|root||bye||INSERT|G
-|root||bye|100.12.43.1|INSERT|G
-|root||mysql|localhost|INSERT|G
-|root||root|localhost|INSERT|G
-|root||bye||LOCK TABLES|G
-|root||bye|100.12.43.1|LOCK TABLES|G
-|root||mysql|localhost|LOCK TABLES|G
-|root||root|localhost|LOCK TABLES|G
-|root||bye||PROCESS|G
-|root||bye|100.12.43.1|PROCESS|G
-|root||mysql|localhost|PROCESS|G
-|root||root|localhost|PROCESS|G
-|root||bye||READ_ONLY ADMIN|G
-|root||bye|100.12.43.1|READ_ONLY ADMIN|G
-|root||mysql|localhost|READ_ONLY ADMIN|G
-|root||root|localhost|READ_ONLY ADMIN|G
-|root||bye||REFERENCES|G
-|root||bye|100.12.43.1|REFERENCES|G
-|root||mysql|localhost|REFERENCES|G
-|root||root|localhost|REFERENCES|G
-|root||bye||RELOAD|G
-|root||bye|100.12.43.1|RELOAD|G
-|root||mysql|localhost|RELOAD|G
-|root||root|localhost|RELOAD|G
-|root||bye||REPLICATION MASTER ADMIN|G
-|root||bye|100.12.43.1|REPLICATION MASTER ADMIN|G
-|root||mysql|localhost|REPLICATION MASTER ADMIN|G
-|root||root|localhost|REPLICATION MASTER ADMIN|G
-|root||bye||REPLICATION SLAVE|G
-|root||bye|100.12.43.1|REPLICATION SLAVE|G
-|root||mysql|localhost|REPLICATION SLAVE|G
-|root||root|localhost|REPLICATION SLAVE|G
-|root||bye||REPLICATION SLAVE ADMIN|G
-|root||bye|100.12.43.1|REPLICATION SLAVE ADMIN|G
-|root||mysql|localhost|REPLICATION SLAVE ADMIN|G
-|root||root|localhost|REPLICATION SLAVE ADMIN|G
-|root||bye||SELECT|G
-|root||bye|100.12.43.1|SELECT|G
-|root||mysql|localhost|SELECT|G
-|root||root|localhost|SELECT|G
-|root||bye||SET USER|G
-|root||bye|100.12.43.1|SET USER|G
-|root||mysql|localhost|SET USER|G
-|root||root|localhost|SET USER|G
-|root||bye||SHOW DATABASES|G
-|root||bye|100.12.43.1|SHOW DATABASES|G
-|root||mysql|localhost|SHOW DATABASES|G
-|root||root|localhost|SHOW DATABASES|G
-|root||bye||SHOW VIEW|G
-|root||bye|100.12.43.1|SHOW VIEW|G
-|root||mysql|localhost|SHOW VIEW|G
-|root||root|localhost|SHOW VIEW|G
-|root||bye||SHUTDOWN|G
-|root||bye|100.12.43.1|SHUTDOWN|G
-|root||mysql|localhost|SHUTDOWN|G
-|root||root|localhost|SHUTDOWN|G
-|root||bye||SLAVE MONITOR|G
-|root||bye|100.12.43.1|SLAVE MONITOR|G
-|root||mysql|localhost|SLAVE MONITOR|G
-|root||root|localhost|SLAVE MONITOR|G
-|root||bye||SUPER|G
-|root||bye|100.12.43.1|SUPER|G
-|root||mysql|localhost|SUPER|G
-|root||root|localhost|SUPER|G
-|root||bye||TRIGGER|G
-|root||bye|100.12.43.1|TRIGGER|G
-|root||mysql|localhost|TRIGGER|G
-|root||root|localhost|TRIGGER|G
-|root||bye||UPDATE|G
-|root||bye|100.12.43.1|UPDATE|G
-|root||mysql|localhost|UPDATE|G
-|root||root|localhost|UPDATE|G
-|root||bye||grant option|G
-|root||bye|100.12.43.1|grant option|G
-|root||mysql|localhost|grant option|G
-|root||root|localhost|grant option|G
-id|schema||id||ALTER|G
-id|schema||id||ALTER ROUTINE|G
-id|schema||id||CREATE|G
-id|schema||id||CREATE ROUTINE|G
-id|schema||id||CREATE TEMPORARY TABLES|G
-id|schema||id||CREATE VIEW|G
-id|schema||id||DELETE|G
-id|schema||id||DELETE HISTORY|G
-id|schema||id||DROP|G
-id|schema||id||EVENT|G
-id|schema||id||EXECUTE|G
-id|schema||id||INDEX|G
-id|schema||id||INSERT|G
-id|schema||id||LOCK TABLES|G
-id|schema||id||REFERENCES|G
-id|schema||id||SELECT|G
-id|schema||id||SHOW VIEW|G
-id|schema||id||TRIGGER|G
-id|schema||id||UPDATE|G
-phpmyadmin|schema||phpmyadmin|localhost|ALTER|G
-phpmyadmin|schema||phpmyadmin|localhost|ALTER ROUTINE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE ROUTINE|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE TEMPORARY TABLES|G
-phpmyadmin|schema||phpmyadmin|localhost|CREATE VIEW|G
-phpmyadmin|schema||phpmyadmin|localhost|DELETE|G
-phpmyadmin|schema||phpmyadmin|localhost|DELETE HISTORY|G
-phpmyadmin|schema||phpmyadmin|localhost|DROP|G
-phpmyadmin|schema||phpmyadmin|localhost|EVENT|G
-phpmyadmin|schema||phpmyadmin|localhost|EXECUTE|G
-phpmyadmin|schema||phpmyadmin|localhost|INDEX|G
-phpmyadmin|schema||phpmyadmin|localhost|INSERT|G
-phpmyadmin|schema||phpmyadmin|localhost|LOCK TABLES|G
-phpmyadmin|schema||phpmyadmin|localhost|REFERENCES|G
-phpmyadmin|schema||phpmyadmin|localhost|SELECT|G
-phpmyadmin|schema||phpmyadmin|localhost|SHOW VIEW|G
-phpmyadmin|schema||phpmyadmin|localhost|TRIGGER|G
-phpmyadmin|schema||phpmyadmin|localhost|UPDATE|G</Grants>
- <ServerVersion>10.6.12</ServerVersion>
- </root>
+ <database-model serializer="dbm" dbms="MARIADB" family-id="MARIADB" format-version="4.51">
+ <root id="1"/>
<collation id="2" parent="1" name="big5_chinese_ci">
<Charset>big5</Charset>
<DefaultForCharset>1</DefaultForCharset>
@@ -1217,8 +1019,7 @@ phpmyadmin|schema||phpmyadmin|localhost|UPDATE|G</Grants>
</schema>
<schema id="327" parent="1" name="id">
<Current>1</Current>
- <IntrospectionTimestamp>2023-11-16.19:58:39</IntrospectionTimestamp>
- <LocalIntrospectionTimestamp>2023-11-16.19:58:50</LocalIntrospectionTimestamp>
+ <LastIntrospectionLocalTimestamp>2023-11-16.19:58:50</LastIntrospectionLocalTimestamp>
<CollationName>utf8mb4_general_ci</CollationName>
</schema>
<schema id="328" parent="1" name="phpmyadmin">
diff --git a/.idea/id.iml b/.idea/id.iml
index 21a8ff4..7267852 100644
--- a/.idea/id.iml
+++ b/.idea/id.iml
@@ -19,6 +19,10 @@
<excludeFolder url="file://$MODULE_DIR$/vendor/erusev/parsedown" />
<excludeFolder url="file://$MODULE_DIR$/vendor/erusev/parsedown-extra" />
<excludeFolder url="file://$MODULE_DIR$/vendor/kornrunner/blurhash" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/guzzle" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/promises" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-client" />
+ <excludeFolder url="file://$MODULE_DIR$/vendor/resend/resend-php" />
</content>
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
diff --git a/.idea/php.xml b/.idea/php.xml
index 4c1495a..a30690c 100644
--- a/.idea/php.xml
+++ b/.idea/php.xml
@@ -26,6 +26,10 @@
<path value="$PROJECT_DIR$/vendor/erusev/parsedown" />
<path value="$PROJECT_DIR$/vendor/erusev/parsedown-extra" />
<path value="$PROJECT_DIR$/vendor/kornrunner/blurhash" />
+ <path value="$PROJECT_DIR$/vendor/guzzlehttp/guzzle" />
+ <path value="$PROJECT_DIR$/vendor/guzzlehttp/promises" />
+ <path value="$PROJECT_DIR$/vendor/resend/resend-php" />
+ <path value="$PROJECT_DIR$/vendor/psr/http-client" />
</include_path>
</component>
<component name="PhpProjectSharedConfiguration" php_language_level="8.1" />
diff --git a/account.php b/account.php
index d4408c1..30fa20f 100644
--- a/account.php
+++ b/account.php
@@ -78,7 +78,7 @@ if (isset($message )) {
<div id="wrapper">
<div id="profile">
- <img src="<?= get_avatar_url($user['id']); ?>">
+ <img src="<?= get_gravatar_url($user['email']); ?>">
<div class="details">
<span class="displayname"><?= $user['display_name'] ?></span>
<span class="bcid"><?= format_bcid($user['id']); ?></span>
diff --git a/accounts_handler.php b/accounts_handler.php
index c262cac..9add2f5 100644
--- a/accounts_handler.php
+++ b/accounts_handler.php
@@ -25,9 +25,12 @@ function get_avatar_url($bcid):string {
}
-function get_display_name($bcid, $use_bcid_fallback=true):string {
+function get_display_name($bcid, $use_bcid_fallback=true, $put_bcid_in_parenthesis=false):string {
$display_name = db_execute("SELECT display_name FROM accounts WHERE id = ?", [$bcid])['display_name'];
if (!empty($display_name)) {
+ if ($put_bcid_in_parenthesis) {
+ return $display_name . " ($bcid)";
+ }
return $display_name;
}
@@ -38,6 +41,66 @@ function get_display_name($bcid, $use_bcid_fallback=true):string {
return "";
}
+// Tokens so apps can get VERY BASIC information
+
+function generate_basic_access_token($bcid): array
+{
+ // Returns an access token, a refresh token and an expiry timestamp.
+
+ $access_token = md5(uniqid(more_entropy: true).rand(1000000, 9999999));
+ $refresh_token = md5(uniqid("rfish").rand(1000000, 9999999));
+
+ $valid_time = 12; // in hours
+ $expiry = time() + ($valid_time * 60 * 60);
+
+// echo $access_token . ":" . $refresh_token;
+
+ db_execute(
+ "INSERT INTO tokens (access_token, refresh_token, expiry, owner_id) VALUES (?,?,?,?)",
+ [$access_token, $refresh_token, $expiry, $bcid]
+ );
+
+ return [
+ "access" => $access_token,
+ "refresh" => $refresh_token,
+ "expiry" => $expiry,
+ "id" => $bcid
+ ];
+}
+
+function generate_cookie_access_token($bcid) {
+ $access_token = md5(uniqid(prefix: "COOKIECOOKIECOOKIE", more_entropy: true).rand(1000000, 9999999));
+
+ $valid_time = 365 * 24; // 1 year
+ $expiry = time() + ($valid_time * 60 * 60);
+
+// echo $access_token . ":" . $refresh_token;
+
+ db_execute(
+ "INSERT INTO tokens (access_token, expiry, owner_id, type) VALUES (?,?,?,'cookie')",
+ [$access_token, $expiry, $bcid]
+ );
+
+ return [
+ "access" => $access_token,
+ "expiry" => $expiry,
+ "id" => $bcid
+ ];
+}
+
+function validate_access_token($access_token): bool
+{
+ $token_details = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
+ if (null == $token_details) {
+ return false;
+ }
+ if (time() > $token_details['expiry']) {
+ db_execute("DELETE FROM tokens where access_token = ?", [$access_token]);
+ return false;
+ }
+ return true;
+}
+
// Password resets
const PASSWORD_RESET_VALIDITY = 300; // in seconds.
function create_password_reset($bcid):string {
diff --git a/admin_apps_create.php b/admin_apps_create.php
index bc3bec9..0de29ff 100644
--- a/admin_apps_create.php
+++ b/admin_apps_create.php
@@ -13,7 +13,7 @@ function check_app_id($app_id): bool
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$app_id = generate_app_id();
- db_execute("INSERT INTO apps (id, owner_id, title, description) VALUES (?, ?, ?, ?)", [$app_id, $_POST['owner'], $_POST['title'], $_POST['description']]);
+ db_execute("INSERT INTO apps (id, owner_id, title, description, type) VALUES (?, ?, ?, ?, ?)", [$app_id, $_POST['owner'], $_POST['title'], $_POST['description'], $_POST['type']]);
die();
}
@@ -35,5 +35,10 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
}
?>
</select>
+ <label for="type">App type</label>
+ <select name="type" id="type">
+ <option value="null">None</option>
+ <option value="basic_login">Basic login</option>
+ </select>
<button type="submit">Create app</button>
</form>
\ No newline at end of file
diff --git a/admin_initdatabase.php b/admin_initdatabase.php
index 2a61acc..fec3bb9 100644
--- a/admin_initdatabase.php
+++ b/admin_initdatabase.php
@@ -12,7 +12,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
created_date date default current_timestamp() not null,
display_name text null,
password text not null,
- verified tinyint(1) not null,
+ verified tinyint(1) default 0 not null,
+ has_pfp tinyint(1) default 0 not null,
+ is_admin tinyint(1) default 0 not null,
constraint email
unique (email) using hash
);');
@@ -23,7 +25,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo('<p>An error occurred: '. $e->getMessage() .'. Will skip. (Most likely the table already exists.)');
}
- echo '<p>Create the `password_resets` table</p>';
+ echo '<p>Create the `password_resets` table';
$stmt = $pdo->prepare('create table password_resets
(
id int auto_increment
@@ -33,11 +35,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
expiration int not null,
constraint password_resets_ibfk_1
foreign key (owner_id) references accounts (id)
-);
-
-create index owner_id
- on password_resets (owner_id);
-');
+);');
try {
$stmt->execute();
@@ -45,13 +43,66 @@ create index owner_id
echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
}
+ echo '<p>Create the `apps` table';
+
+ try {
+ db_execute('create table apps (
+ id int auto_increment
+ primary key,
+ owner_id varchar(7) not null,
+ title text not null,
+ description text,
+ image text default "https://id.byecorps.com/assets/default.png" not null,
+ type text null,
+ callback text null,
+ constraint apps_ibfk_1
+ foreign key (owner_id) references accounts (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+
+ echo '<p>Create the `badges` table';
+
+ try {
+ db_execute('create table badges (
+ id int auto_increment
+ primary key,
+ app_id int not null,
+ title text not null,
+ description text,
+ image text default "https://id.byecorps.com/assets/default.png" not null,
+ constraint badges_ibfk_1
+ foreign key (app_id) references apps (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+ echo '<p>Create the `profiles` table';
+
+ try {
+ db_execute('create table profiles (
+ id varchar(7)
+ primary key,
+ description text null,
+ public_avatar tinyint(1) default 0,
+ public_display_name tinyint(1) default 0,
+ constraint profiles_ibfk_1
+ foreign key (id) references accounts (id)
+ );');
+ } catch (PDOException $e) {
+ echo('<p>An error occurred: '. $e->getMessage() .'. Most likely this is already set.');
+ }
+
+
echo "<p>Database initialised.</p>";
}
}
?>
-<h2 class="subheading">Admin</h2>
<h1>Init database</h1>
<p>Assuming you have the database config configured, you can click this button to create the tables required for this thing to function.</p>
diff --git a/admin_purge.php b/admin_purge.php
new file mode 100644
index 0000000..691e757
--- /dev/null
+++ b/admin_purge.php
@@ -0,0 +1,29 @@
+<?php
+
+
+if ($_SERVER['REQUEST_METHOD'] == "POST") {
+ if ($_POST['purge'] == 'purge') {
+ db_execute("DELETE FROM `password_resets` WHERE expiration < ?", [time()]);
+ db_execute("DELETE FROM `tokens` WHERE expiry < ?", [time()]);
+ }
+}
+
+$expired_password_resets = db_execute("SELECT * FROM `password_resets` WHERE expiration < ?", [time()]);
+$expired_tokens = db_execute("SELECT * FROM `tokens` WHERE expiry < ?", [time()]);
+
+?>
+
+
+
+<h1>Purge</h1>
+<form method="post">
+ <p>
+ <button name="purge" value="purge" type="submit" class="primary">Purge</button>
+ </p>
+</form>
+
+<h2>Expired password resets</h2>
+<pre><?php print_r($expired_password_resets) ?></pre>
+
+<h2>Expired Login tokens</h2>
+<pre><?php print_r($expired_tokens) ?></pre>
diff --git a/api_handler.php b/api_handler.php
new file mode 100644
index 0000000..64e3c59
--- /dev/null
+++ b/api_handler.php
@@ -0,0 +1,117 @@
+<?php
+
+$output_format = "json";
+header('Content-type: application/json');
+
+if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
+ $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
+}
+
+if (!empty($access_token)) {
+ // Check who the access token belongs to
+ $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
+ // if the token doesn't exist...
+ if (empty($token)) {
+ $invalid_token = true; // We won't tell this to the end-user immediately because I'd prefer to tell them about
+ // 404 first.
+ } else {
+ $token_owner = $token['owner_id'];
+ }
+}
+
+function check_authorisation($token): int
+{
+ // Validate token
+ if (!validate_access_token($token)) {
+ return 0; // Unauthorised
+ }
+
+ // Check the type of token
+ $token_row = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$token]);
+
+ if (null == $token_row) {
+ return 0;
+ }
+
+ return match ($token_row['type']) {
+ "basic" => 1,
+ default => 0,
+ };
+}
+
+// Misc (unauthorised)
+
+function redirect_to_documentation(): void
+{
+ header('Location: /docs/api');
+}
+
+// Health check
+
+function api_health_check(): array
+{
+ return ["message" => "Science compels us to explode the sun!", "time" => time(), "response_code" => 200];
+}
+
+// User (REQUIRES AUTHORISATION)
+
+function api_user_info() {
+ global $access_token, $token_owner;
+ // Authorisation levels:
+ // `display_name` = 1 (basic)
+ // `id` = 1 (basic)
+ // `email` = 1 (basic)
+
+ $level = check_authorisation($access_token);
+
+ $data = null;
+
+ if ($level == 1) {
+ $data = db_execute("SELECT id, email, display_name FROM accounts WHERE id = ? LIMIT 1", [$token_owner]);
+ }
+
+ if (null != $data) {
+ return [
+ "response_code" => 200,
+ "id" => $data['id'],
+ "email" => $data['email'],
+ "display_name" => $data['display_name']
+ ];
+ }
+
+ http_response_code(401);
+ return [
+ "response_code" => 401,
+ "message" => "Unauthorized."
+ ];
+
+}
+
+$api_routes = [ // base url is base_url.'/api'
+ // "/path" => "function_name"
+ // Misc
+ "" => "redirect_to_documentation",
+ "/status" => "api_health_check",
+
+ // Account stuff
+ "/account/me" => "api_user_info"
+];
+
+$path = str_replace("/api", "", $path);
+
+if (isset($api_routes[$path])) {
+ if (isset($invalid_token)) {
+ http_response_code(498);
+ echo (json_encode([
+ "response_code" => "498",
+ "message" => "Token expired or invalid."
+ ]));
+ }
+ echo json_encode($api_routes[$path]());
+} else {
+ http_response_code(404);
+ echo (json_encode([
+ "response_code" => "404",
+ "message" => "Route not found."
+ ]));
+}
diff --git a/assets/bcid.svg b/assets/bcid.svg
new file mode 100644
index 0000000..8911001
--- /dev/null
+++ b/assets/bcid.svg
@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 -0.5 32 32" shape-rendering="crispEdges">
+ <metadata>Made with Pixels to Svg https://codepen.io/shshaw/pen/XbxvNj</metadata>
+ <path stroke="#cbdbfc" d="M2 4h28M2 5h1M29 5h1M0 6h3M29 6h3M0 7h1M31 7h1M0 8h1M31 8h1M0 9h1M31 9h1M0 10h1M31 10h1M0 11h1M31 11h1M0 12h1M31 12h1M0 13h1M31 13h1M0 14h1M31 14h1M0 15h1M31 15h1M0 16h1M31 16h1M0 17h1M31 17h1M0 18h1M31 18h1M0 19h1M31 19h1M0 20h1M31 20h1M0 21h1M31 21h1M0 22h1M31 22h1M0 23h1M31 23h1M0 24h1M31 24h1M0 25h3M29 25h3M2 26h1M29 26h1M2 27h28" />
+ <path stroke="#ffffff" d="M3 5h26M3 6h26M1 7h30M1 8h30M1 9h30M1 10h6M8 10h1M10 10h6M21 10h1M25 10h6M1 11h7M9 11h9M19 11h3M23 11h2M26 11h5M1 12h6M12 12h6M19 12h3M23 12h2M26 12h5M1 13h6M12 13h6M19 13h3M23 13h2M26 13h5M1 14h6M12 14h6M19 14h3M23 14h2M26 14h5M1 15h6M12 15h6M19 15h3M23 15h2M26 15h5M1 16h15M21 16h1M25 16h6M1 17h6M12 17h19M1 18h5M13 18h18M1 19h5M13 19h3M24 19h1M26 19h5M1 20h5M13 20h18M1 21h5M13 21h3M17 21h1M21 21h1M26 21h5M1 22h30M1 23h30M1 24h30M3 25h26M3 26h26" />
+ <path stroke="#000000" d="M7 10h1M9 10h1M16 10h5M22 10h3M8 11h1M18 11h1M22 11h1M25 11h1M7 12h5M18 12h1M22 12h1M25 12h1M7 13h5M18 13h1M22 13h1M25 13h1M7 14h5M18 14h1M22 14h1M25 14h1M7 15h5M18 15h1M22 15h1M25 15h1M16 16h5M22 16h3M7 17h5M6 18h7M6 19h7M16 19h8M25 19h1M6 20h7M6 21h7M16 21h1M18 21h3M22 21h4" />
+</svg>
\ No newline at end of file
diff --git a/assets/default.png b/assets/default.png
new file mode 100644
index 0000000000000000000000000000000000000000..a1d6ae44f844f01c7b4191bf3bff9c6d05f59555
GIT binary patch
literal 1228
zcmeAS@N?(olHy`uVBq!ia0y~yU~~Xs4mJh`hO-lvu3}(dU@Q)DcVbv~PUa;8152By
zi(^Q|oVRz+@-{k3xCPcP)o}dJdx3GOz_n>fDQfR5S!*g)i;Q=tSMR$wU%Fwz-8ak(
zX@U+4-VBX8j4Yd21WpKzFwUC8Z<s5}t=_fQy)UZf`FrohZ#U_`)j#v&8XTrEFhw$P
zq;M)sP$iXflO^)ZD``11^B?Mz8}x#=|6<tw{8F>fYmZpTa}POw7?gUhC4OVvv-^(R
zX8#5reTtH5PLs~Fk~`<^8s#_r+$2V+Sv4oy*yl_9t>0+)NtQCRhCv>Ti&K}=wPnj+
R&A`CG;OXk;vd$@?2>|5nKs^8e
literal 0
HcmV?d00001
diff --git a/composer.json b/composer.json
index 7e441b3..96cd7b5 100644
--- a/composer.json
+++ b/composer.json
@@ -1,9 +1,8 @@
{
"require": {
"sentry/sdk": "^4.0",
- "phpmailer/phpmailer": "^6.8",
"erusev/parsedown": "^1.7",
"erusev/parsedown-extra": "^0.8.1",
- "kornrunner/blurhash": "^1.2"
+ "resend/resend-php": "^0.11.0"
}
}
diff --git a/composer.lock b/composer.lock
index 1f28978..7dfa69b 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "9baad85ecd1e18878c3fe588203305a1",
+ "content-hash": "7cbb1a410be00f937b47c45077c89f9a",
"packages": [
{
"name": "erusev/parsedown",
@@ -107,6 +107,215 @@
},
"time": "2019-12-30T23:20:37+00:00"
},
+ {
+ "name": "guzzlehttp/guzzle",
+ "version": "7.8.1",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/guzzle/guzzle.git",
+ "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
+ "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
+ "shasum": ""
+ },
+ "require": {
+ "ext-json": "*",
+ "guzzlehttp/promises": "^1.5.3 || ^2.0.1",
+ "guzzlehttp/psr7": "^1.9.1 || ^2.5.1",
+ "php": "^7.2.5 || ^8.0",
+ "psr/http-client": "^1.0",
+ "symfony/deprecation-contracts": "^2.2 || ^3.0"
+ },
+ "provide": {
+ "psr/http-client-implementation": "1.0"
+ },
+ "require-dev": {
+ "bamarni/composer-bin-plugin": "^1.8.2",
+ "ext-curl": "*",
+ "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
+ "php-http/message-factory": "^1.1",
+ "phpunit/phpunit": "^8.5.36 || ^9.6.15",
+ "psr/log": "^1.1 || ^2.0 || ^3.0"
+ },
+ "suggest": {
+ "ext-curl": "Required for CURL handler support",
+ "ext-intl": "Required for Internationalized Domain Name (IDN) support",
+ "psr/log": "Required for using the Log middleware"
+ },
+ "type": "library",
+ "extra": {
+ "bamarni-bin": {
+ "bin-links": true,
+ "forward-command": false
+ }
+ },
+ "autoload": {
+ "files": [
+ "src/functions_include.php"
+ ],
+ "psr-4": {
+ "GuzzleHttp\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Graham Campbell",
+ "email": "hello@gjcampbell.co.uk",
+ "homepage": "https://github.com/GrahamCampbell"
+ },
+ {
+ "name": "Michael Dowling",
+ "email": "mtdowling@gmail.com",
+ "homepage": "https://github.com/mtdowling"
+ },
+ {
+ "name": "Jeremy Lindblom",
+ "email": "jeremeamia@gmail.com",
+ "homepage": "https://github.com/jeremeamia"
+ },
+ {
+ "name": "George Mponos",
+ "email": "gmponos@gmail.com",
+ "homepage": "https://github.com/gmponos"
+ },
+ {
+ "name": "Tobias Nyholm",
+ "email": "tobias.nyholm@gmail.com",
+ "homepage": "https://github.com/Nyholm"
+ },
+ {
+ "name": "Márk Sági-Kazár",
+ "email": "mark.sagikazar@gmail.com",
+ "homepage": "https://github.com/sagikazarmark"
+ },
+ {
+ "name": "Tobias Schultze",
+ "email": "webmaster@tubo-world.de",
+ "homepage": "https://github.com/Tobion"
+ }
+ ],
+ "description": "Guzzle is a PHP HTTP client library",
+ "keywords": [
+ "client",
+ "curl",
+ "framework",
+ "http",
+ "http client",
+ "psr-18",
+ "psr-7",
+ "rest",
+ "web service"
+ ],
+ "support": {
+ "issues": "https://github.com/guzzle/guzzle/issues",
+ "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
+ },
+ "funding": [
+ {
+ "url": "https://github.com/GrahamCampbell",
+ "type": "github"
+ },
+ {
+ "url": "https://github.com/Nyholm",
+ "type": "github"
+ },
+ {
+ "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/guzzle",
+ "type": "tidelift"
+ }
+ ],
+ "time": "2023-12-03T20:35:24+00:00"
+ },
+ {
+ "name": "guzzlehttp/promises",
+ "version": "2.0.2",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/guzzle/promises.git",
+ "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
+ "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
+ "shasum": ""
+ },
+ "require": {
+ "php": "^7.2.5 || ^8.0"
+ },
+ "require-dev": {
+ "bamarni/composer-bin-plugin": "^1.8.2",
+ "phpunit/phpunit": "^8.5.36 || ^9.6.15"
+ },
+ "type": "library",
+ "extra": {
+ "bamarni-bin": {
+ "bin-links": true,
+ "forward-command": false
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "GuzzleHttp\\Promise\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Graham Campbell",
+ "email": "hello@gjcampbell.co.uk",
+ "homepage": "https://github.com/GrahamCampbell"
+ },
+ {
+ "name": "Michael Dowling",
+ "email": "mtdowling@gmail.com",
+ "homepage": "https://github.com/mtdowling"
+ },
+ {
+ "name": "Tobias Nyholm",
+ "email": "tobias.nyholm@gmail.com",
+ "homepage": "https://github.com/Nyholm"
+ },
+ {
+ "name": "Tobias Schultze",
+ "email": "webmaster@tubo-world.de",
+ "homepage": "https://github.com/Tobion"
+ }
+ ],
+ "description": "Guzzle promises library",
+ "keywords": [
+ "promise"
+ ],
+ "support": {
+ "issues": "https://github.com/guzzle/promises/issues",
+ "source": "https://github.com/guzzle/promises/tree/2.0.2"
+ },
+ "funding": [
+ {
+ "url": "https://github.com/GrahamCampbell",
+ "type": "github"
+ },
+ {
+ "url": "https://github.com/Nyholm",
+ "type": "github"
+ },
+ {
+ "url": "https://tidelift.com/funding/github/packagist/guzzlehttp/promises",
+ "type": "tidelift"
+ }
+ ],
+ "time": "2023-12-03T20:19:20+00:00"
+ },
{
"name": "guzzlehttp/psr7",
"version": "2.6.1",
@@ -410,6 +619,58 @@
],
"time": "2023-08-29T08:26:30+00:00"
},
+ {
+ "name": "psr/http-client",
+ "version": "1.0.3",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/php-fig/http-client.git",
+ "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/php-fig/http-client/zipball/bb5906edc1c324c9a05aa0873d40117941e5fa90",
+ "reference": "bb5906edc1c324c9a05aa0873d40117941e5fa90",
+ "shasum": ""
+ },
+ "require": {
+ "php": "^7.0 || ^8.0",
+ "psr/http-message": "^1.0 || ^2.0"
+ },
+ "type": "library",
+ "extra": {
+ "branch-alias": {
+ "dev-master": "1.0.x-dev"
+ }
+ },
+ "autoload": {
+ "psr-4": {
+ "Psr\\Http\\Client\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "PHP-FIG",
+ "homepage": "https://www.php-fig.org/"
+ }
+ ],
+ "description": "Common interface for HTTP clients",
+ "homepage": "https://github.com/php-fig/http-client",
+ "keywords": [
+ "http",
+ "http-client",
+ "psr",
+ "psr-18"
+ ],
+ "support": {
+ "source": "https://github.com/php-fig/http-client"
+ },
+ "time": "2023-09-23T14:17:50+00:00"
+ },
{
"name": "psr/http-factory",
"version": "1.0.2",
@@ -612,6 +873,63 @@
},
"time": "2019-03-08T08:55:37+00:00"
},
+ {
+ "name": "resend/resend-php",
+ "version": "v0.11.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/resend/resend-php.git",
+ "reference": "31ec02fc2d16b3badc10612289a3325afe68147c"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/resend/resend-php/zipball/31ec02fc2d16b3badc10612289a3325afe68147c",
+ "reference": "31ec02fc2d16b3badc10612289a3325afe68147c",
+ "shasum": ""
+ },
+ "require": {
+ "guzzlehttp/guzzle": "^7.5",
+ "php": "^8.1.0"
+ },
+ "require-dev": {
+ "friendsofphp/php-cs-fixer": "^3.13",
+ "mockery/mockery": "^1.6",
+ "pestphp/pest": "^2.0"
+ },
+ "type": "library",
+ "autoload": {
+ "files": [
+ "src/Resend.php"
+ ],
+ "psr-4": {
+ "Resend\\": "src/"
+ }
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "MIT"
+ ],
+ "authors": [
+ {
+ "name": "Resend and contributors",
+ "homepage": "https://github.com/resend/resend-php/contributors"
+ }
+ ],
+ "description": "Resend PHP library.",
+ "homepage": "https://resend.com/",
+ "keywords": [
+ "api",
+ "client",
+ "php",
+ "resend",
+ "sdk"
+ ],
+ "support": {
+ "issues": "https://github.com/resend/resend-php/issues",
+ "source": "https://github.com/resend/resend-php/tree/v0.11.0"
+ },
+ "time": "2024-02-01T18:06:15+00:00"
+ },
{
"name": "sentry/sdk",
"version": "4.0.0",
diff --git a/credits.html b/credits.php
similarity index 100%
rename from credits.html
rename to credits.php
diff --git a/docs/hosting/errors.md b/docs/hosting/errors.md
new file mode 100644
index 0000000..f7adbff
--- /dev/null
+++ b/docs/hosting/errors.md
@@ -0,0 +1,7 @@
+# Errors
+
+Here's all the error codes and what they mean.
+
+| Error Code | Explanation |
+|-----------:|:----------------------------|
+| 12 | A generic error explaing something went wrong adding a password reset
diff --git a/forgot_password.php b/forgot_password.php
index f96d8ee..f8180ea 100644
--- a/forgot_password.php
+++ b/forgot_password.php
@@ -1,7 +1,4 @@
<?php
-use PHPMailer\PHPMailer\SMTP;
-use PHPMailer\PHPMailer\PHPMailer;
-use PHPMailer\PHPMailer\Exception;
if ($_SESSION['auth']) {
header('Location: /account');
@@ -29,29 +26,20 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$safe_display_name = $user['display_name'];
}
- $mail = new PHPMailer();
try {
- //Server settings
-// $mail->SMTPDebug = SMTP::DEBUG_SERVER; Verbose output
- $mail->isSMTP(); //Send using SMTP
- $mail->Host = MAIL_HOST; //Set the SMTP server to send through
- $mail->SMTPAuth = true; //Enable SMTP authentication
- $mail->Username = MAIL_USERNAME; //SMTP username
- $mail->Password = MAIL_PASSWORD; //SMTP password
- $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS; //Enable implicit TLS encryption
- $mail->Port = 465;
-
- $mail->setFrom('id@byecorps.com', 'ByeCorps ID');
- $mail->addAddress($user['email'], $safe_display_name);
- $mail->addReplyTo('hello@byecorps.com', 'ByeCorps Support');
-
- $mail->Subject = 'Reset your password';
- $mail->Body = 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
+ $resend->emails->send([
+ 'from' => 'ByeCorps ID <noreply@id.byecorps.com>',
+ 'to' => [$safe_display_name . "<" . $user['email']. ">"],
+ 'subject' => 'Reset your password',
+ 'text' => 'Hey there '.$safe_display_name.'! Here is that password reset you requested. Just click the following link and you\'ll be sorted:
'.$password_reset_link.'
-This link expires in 5 minutes.';
- $mail->send();
+This link expires in 5 minutes.
+
+If you did not request this password reset, please ignore it (or tighten your account\'s security)']);
+
+// echo("<a href='$password_reset_link'>This is a security issue.</a>");
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
@@ -65,7 +53,7 @@ This link expires in 5 minutes.';
<?php if(isset($message)) echo "<p>".$message."</p>"; ?>
-<p>Forgot your password? We'll send you an email to reset it.</p>
+<p>Forgot your password? We'll email you to reset it.</p>
<form method="post">
<input placeholder="a.dent@squornshellous.cloud" name="email" id="email" type="email">
diff --git a/index.php b/index.php
index 843ce30..3c9f9b9 100644
--- a/index.php
+++ b/index.php
@@ -3,38 +3,46 @@ require_once __DIR__ . '/vendor/autoload.php';
session_start();
-use kornrunner\Blurhash\Blurhash;
-
if (empty($_SESSION)) {
$_SESSION['auth'] = false;
}
-include("config.php");
+include "config.php";
+// MySQL
$pdo = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD, PDO_OPTIONS);
+// Email
+if (defined("RESEND_API_KEY")) {
+ $resend = Resend::client(RESEND_API_KEY);
+}
-include("time_handler.php");
require "misc_functions.php";
require "database.php";
+include("time_handler.php");
include("id_handler.php");
include("accounts_handler.php");
-if ($_SESSION['auth']) {
- $user = db_execute("SELECT * FROM `accounts` WHERE id = ? LIMIT 1", [$_SESSION['id']]);
-}
-
-\Sentry\init([
- 'dsn' => SENTRY_DSN,
- // Specify a fixed sample rate
- 'traces_sample_rate' => 1.0,
- // Set a sampling rate for profiling - this is relative to traces_sample_rate
- 'profiles_sample_rate' => 1.0,
-]);
+// Attempt to log the user in using their cookie if auth isn't set.
+if (!$_SESSION['auth']) {
+ if (key_exists('keep_me_logged_in', $_COOKIE)) {
+ if (validate_access_token($_COOKIE['keep_me_logged_in'])) {
+ // Work out who the key belongs to
+ $cookie_owner = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$_COOKIE['keep_me_logged_in']]);
+ if ($cookie_owner['type'] != "cookie") {
+ setcookie('keep_me_logged_in', '', time()-3600);
+ goto skip_cookie;
+ }
+ $_SESSION['auth'] = true;
+ $_SESSION['id'] = $cookie_owner['owner_id'];
-function does_variable_exists( $variable ) {
- return (isset($$variable)) ? "true" : "false";
+ } else {
+ setcookie('keep_me_logged_in', '', time()-3600);
+ }
+ }
}
+skip_cookie:
+
$host_string = $_SERVER['HTTP_HOST'];
$host = explode('.', $host_string);
$uri_string = $_SERVER['REQUEST_URI'];
@@ -45,6 +53,45 @@ if (str_ends_with($path,'/') && $path != "/") {
exit;
}
$uri = array_values(array_filter(explode('/', $uri_string)));
+try {
+ if ($_SESSION['auth']) {
+ $user = db_execute("SELECT * FROM `accounts` WHERE id = ? LIMIT 1", [$_SESSION['id']]);
+ if (!$user) {
+ // Account doesn't exist. Log the user out.
+
+ // We won't redirect to the logout endpoint because if this is going off there's something
+ // broken anyway.
+ session_destroy();
+ die("Your session was invalid so we've logged you out.");
+ }
+ }
+}
+catch (Exception) {
+ echo('<header>Database is broken. Please tell an admin.</header>');
+ if ($uri_string == "/admin/init/database") { // Allows access to this page even if user doesn't have admin rights
+ // because you can't check the rights.
+ echo "<main>";
+ include "admin_initdatabase.php";
+ die ("</main>");
+
+ }
+}
+
+
+if (defined("SENTRY_DSN")) {
+ \Sentry\init([
+ 'dsn' => SENTRY_DSN,
+ // Specify a fixed sample rate
+ 'traces_sample_rate' => 1.0,
+ // Set a sampling rate for profiling - this is relative to traces_sample_rate
+ 'profiles_sample_rate' => 1.0,
+ ]);
+}
+
+
+function does_variable_exists( $variable ) {
+ return (isset($$variable)) ? "true" : "false";
+}
if(isset($query_string[1])) {
$uri_string = $query_string[0];
@@ -65,11 +112,13 @@ $include = "404.html";
$paths = array(
"/" => ["landing.php"],
+
"/admin" => ['admin.php'],
"/admin/init/database" => ["admin_initdatabase.php"],
"/admin/list/accounts" => ["admin_accounts.php"],
"/admin/list/apps" => ["admin_apps.php"],
"/admin/create/app" => ["admin_apps_create.php"],
+ "/admin/purge" => ["admin_purge.php"],
"/account" => ["account.php", "Your account"],
"/signin" => ["signin.php", "Sign in"],
@@ -79,10 +128,19 @@ $paths = array(
"/admin/signinas" => ["signinas.php"],
"/reset/password" => ["reset_password.php", "Reset password"],
"/docs" => ["docs.php", "Docs"],
- "/credits" => ["credits.html", "Credits"],
+ "/credits" => ["credits.php", "Credits"],
"/profile" => ["profile.php", "Profile"],
+
+ "/signin/external/basic" => ["login_external_basic.php"]
);
+if (!empty($uri) ) { // Go to jail. Go directly to jail. Do not pass Go.
+ if ($uri[0] == "api") {
+ include("api_handler.php");
+ exit(); // fuck this shit i'm out
+ }
+}
+
if (isset($paths[$path])) {
$include = $paths[$path][0];
if (isset($paths[$path][1])) {
@@ -95,6 +153,10 @@ else {
http_response_code(404);
}
+if ($include == "login_external_basic.php") {
+ goto skip_formalities;
+}
+
?>
<!DOCTYPE html>
@@ -116,14 +178,15 @@ else {
if ($uri[0] == "admin" && !$user['is_admin']) {
http_response_code(401);
- die("<img src='https://http.cat/401.jpg'>");
+ die("<img src='https://http.cat/401.jpg' alt='A cat standing in front of a door with a No Cats Allowed sign on it.' />");
}
+
if ($uri[0] == "docs") {
$include = "docs.php";
}
}
-
+ skip_formalities:
include($include); ?>
</main>
<?php include("footer.php"); ?>
diff --git a/landing.php b/landing.php
index 6e59f94..a4ea89b 100644
--- a/landing.php
+++ b/landing.php
@@ -1,6 +1,6 @@
<div class="hero">
<div class="hero-text">
- <img src="https://byecorps.b-cdn.net/id/bcid.svg" alt="ByeCorps ID Logo" class="logo">
+ <img src="/assets/bcid.svg" alt="ByeCorps ID Logo" class="logo">
<h1><span class="bc-1">Bye</span><span class="bc-2">Corps</span><span class="bc-3"> ID</span></h1>
<p>Log into ByeCorps and beyond with a single ID.</p>
<!-- <p><input type="email" name="loginEmail" id="loginEmail" placeholder="Email" /></p> -->
diff --git a/login_external_basic.php b/login_external_basic.php
new file mode 100644
index 0000000..9169211
--- /dev/null
+++ b/login_external_basic.php
@@ -0,0 +1,147 @@
+
+<?php
+
+// Disable warnings lol
+error_reporting(E_ALL ^ E_WARNING);
+
+// Determine the app we are dealing with.
+
+$flash = "";
+$error = "";
+
+if (null != $query['appid']) {
+ $app_id = $query['appid'];
+} else {
+ $error = ["No app ID specified.", 200];
+ goto login;
+}
+
+$app = db_execute("SELECT * FROM apps WHERE id = ? LIMIT 1", [$app_id]);
+$doc_title = "Sign in to " . $app['title'];
+
+// Lets check that the callback matches the app...
+if (null == $query['callback']) {
+ $disable_logging_in = true;
+ $error = ["No callback URL.", 400];
+ goto login;
+}
+if ($query['callback'] != $app['callback']) {
+ $disable_logging_in = true;
+ $error = ["Callback URL doesn't match our records.", 400];
+ goto login;
+}
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ // Here's a few easy steps to figure out if we should give the other party a token or not.
+ print_r($_POST);
+
+ // First: match the session ids. If they aren't the same it's probably Not Ok.
+ if (session_id() != $_POST['sessionid']) {
+ echo "<h1>401 Unauthorised</h1><p>You are not permitted to view this content.</p>";
+ exit(401);
+ }
+
+ // Now let's determine if we're logged in or not. We can use the session for this, and verify using the
+ // `bcid` value (which only appears if youre logged in!!!)
+ if ($_SESSION['auth']) {
+ if (null == $_POST['bcid'] || $_SESSION['id'] != $_POST['bcid']) {
+ // Both of these suggest tampering,
+ // let's log the user out and throw an error.
+ $_SESSION['auth'] = false;
+ $_SESSION['id'] = null;
+
+ $flash = "Sorry, something went wrong. Please sign in again.";
+
+ goto login;
+ }
+ }
+ else { // of course, there's also the case that you WERENT logged in. Let's verify if you're logged in or not.
+ $user_db_version = db_execute("SELECT * FROM accounts WHERE email = ?", [$_POST['email']]);
+ if (!password_verify($_POST['password'], $user_db_version['password']) || null == $user_db_version) {
+ // INCORRECT PASSWORD!!!!
+ // or the account doesn't exist. we don't care either way.
+
+ $flash = "Incorrect email or password.";
+ } else {
+ // if it's correct, we'll still force them to click log in again anyway. I'll also be nice and set the
+ // cookies properly.
+
+ $_SESSION['id'] = $user_db_version['id'];
+ $_SESSION['auth'] = true;
+ $user = $user_db_version;
+ goto login;
+ }
+ }
+
+ // The following gets run assuming we know the client is the one CLICKING the button.
+ $tokens = generate_basic_access_token($_POST['bcid']);
+
+ header('Location: '. $_POST['callback'].'?access_token='.$tokens['access'].'&refresh='.$tokens['refresh']
+ .'&expiry='.$tokens['expiry']);
+ exit();
+
+}
+
+login:
+
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+ <?php include ("head.php"); ?>
+</head>
+<body>
+ <?php include("header.php"); ?>
+ <main>
+ <div id="loginform">
+ <?php if ("" != $error) {goto error_no_app;} ?>
+ <h1>Sign into <?= $app['title'] ?></h1>
+ <p class="subtitle">Owned by <strong><?= get_display_name($app['owner_id'], put_bcid_in_parenthesis: true) ?></strong></p>
+ <p><?= $app['description'] ?></p>
+ <?php
+ error_no_app:
+ if ($error) {
+ http_response_code($error[1]);
+ echo "
+<div class='error center'>
+<span class='fa-regular fa-2xl center fa-xmark-circle'></span>
+<h2>Something went wrong!</h2>
+<p>Server returned error:<br /><code>$error[0]</code> (HTTP response code $error[1])</p>
+</div>
+";
+ goto dont_show_form;
+ }
+ ?>
+ <p><strong><?= $app['title'] ?></strong> uses ByeCorps ID for authentication.</p>
+ <p>Please double-check the information and avoid signing in with your BCID if you do not trust this app.</p>
+ <p>Please confirm that you'd like to sign into <strong><?= $app['title'] ?></strong>.</p>
+ <?php
+ if (null != $flash) {
+ echo "<p class='flash'>$flash</p>";
+ } else {
+ echo "<br />";
+ }
+ ?>
+ <form class="login" method="post" action="">
+ <input type="hidden" name="sessionid" value="<?= session_id() ?>" />
+ <?php if ($_SESSION['auth'])
+ { $bcid = $user['id']; echo "<input type='hidden' name='bcid' value='$bcid' />";
+ echo "<p class='subtitle'>You are signed in as ". get_display_name($_SESSION['id'],
+ put_bcid_in_parenthesis: true) . ". <a>Not you?</a>.";
+ goto signedin; } ?>
+ <p class="subtitle">You will need to sign in first.</p>
+ <input type="email" autocomplete="email" name="email" id="email" placeholder="Email" />
+ <input type="password" name="password" id="password" placeholder="Password" />
+ <?php signedin: ?>
+ <button class="primary" type="submit">Sign into <?= $app['title']; ?></button>
+ <button class="secondary" type="reset">GET ME OUT OF HERE</button>
+ <p class="subtitle center">
+ You will be brought to <strong><?= $query['callback'] ?></strong>.
+ <br /><?= $app['title'] ?> will be able to see your email and display name.
+ </p>
+ <input type="hidden" name="callback" value="<?= $query['callback'] ?>" />
+ </form>
+ <?php dont_show_form: ?>
+
+ </div>
diff --git a/signin.php b/signin.php
index 6de8f74..a1904f5 100644
--- a/signin.php
+++ b/signin.php
@@ -25,14 +25,20 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (password_verify($password, $user["password"])) {
$_SESSION["id"] = $user["id"];
$_SESSION["auth"] = true;
+//
+// print_r($_POST);
+// echo(is_string($_POST['keep_logged_in']));
+
+ if ($_POST['keep_logged_in'] == "on") {
+ $token = generate_cookie_access_token($user['id']);
+// print_r($token);
+ setcookie("keep_me_logged_in", $token['access']);
+ }
+//
if (isset($query['callback'])) {
header("Location: ".$query['callback']);
} else {
header("Location: /profile");
-// echo "<pre>";
-// var_dump($user);
-// var_dump($_SESSION);
-// die();
}
exit;
@@ -44,17 +50,21 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
?>
-<h2>Sign in to ByeCorps ID</h2>
-<?php
-if (isset($message)) {
- echo "<div class='flash'>$message</div>";
-}?>
-<form method="post">
- <input type="email" name="email" id="email" placeholder="Email">
- <input type="password" name="password" id="password" placeholder="Password">
- <button type="submit">Sign in</button>
-</form>
-
-<p class="center">
- <a href="/forgot/password">Forgot password?</a> • New? <a href="/register">Register</a> for a ByeCorps ID.
-</p>
\ No newline at end of file
+<div id="loginform">
+ <h2>Sign in to ByeCorps ID</h2>
+ <?php
+ if (isset($message)) {
+ echo "<div class='flash'>$message</div>";
+ }?>
+ <form class="login" method="post">
+ <input type="email" name="email" id="email" placeholder="Email" />
+ <input type="password" name="password" id="password" placeholder="Password" />
+ <div class="checkbox"><input type="checkbox" name="keep_logged_in" id="keep_logged_in" />
+ <label for="keep_logged_in">Keep me logged in (for 365 days)</label></div>
+ <button class="primary" type="submit">Sign in</button>
+ </form>
+
+ <p class="center">
+ <a href="/forgot/password">Forgot password?</a> • New? <a href="/register">Register</a> for a ByeCorps ID.
+ </p>
+</div>
\ No newline at end of file
diff --git a/signout.php b/signout.php
index c128d18..03f7dbe 100644
--- a/signout.php
+++ b/signout.php
@@ -2,6 +2,7 @@
$_SESSION['id'] = null;
$_SESSION['auth'] = false;
+setcookie('keep_me_logged_in', '', time()-3600);
session_destroy();
?>
diff --git a/styles/colours.css b/styles/colours.css
index f11cb97..287d9f0 100644
--- a/styles/colours.css
+++ b/styles/colours.css
@@ -101,6 +101,11 @@ input[data-com-onepassword-filled="dark"] {
margin: 0;
}
+.flash {
+ background: var(--red-5);
+ color: black;
+}
+
@media screen and (prefers-color-scheme: dark) {
html {
background: var(--background-dark, #121212);
diff --git a/styles/design.css b/styles/design.css
index acdac55..c6748d9 100644
--- a/styles/design.css
+++ b/styles/design.css
@@ -46,6 +46,11 @@ input:disabled {
cursor: not-allowed;
}
+.flash {
+ padding: 1rem;
+ border-radius: 1rem;
+}
+
table {
background-color: var(--grey-2);
width: 100%;
diff --git a/styles/layout.css b/styles/layout.css
index 03d20f2..9e89277 100644
--- a/styles/layout.css
+++ b/styles/layout.css
@@ -148,3 +148,8 @@ form {
display: flex;
}
+#loginform {
+ max-width: 500px;
+ margin: auto;
+}
+
diff --git a/styles/types.css b/styles/types.css
index 7b09f26..10cea60 100644
--- a/styles/types.css
+++ b/styles/types.css
@@ -42,6 +42,12 @@ h2.subheading + h1 {
font-family: 'Courier Prime', monospace;
}
+p.subtitle {
+ font-size: 0.9rem;
+ margin: 0;
+ opacity: 0.8;
+}
+
.center {
text-align: center;
}
--
GitLab