summaryrefslogtreecommitdiff
path: root/public/account
diff options
context:
space:
mode:
Diffstat (limited to 'public/account')
-rw-r--r--public/account/change_emoteset.php36
-rw-r--r--public/account/delete.php50
-rw-r--r--public/account/index.php306
-rw-r--r--public/account/login/index.php99
-rw-r--r--public/account/login/twitch.php175
-rw-r--r--public/account/register.php111
-rw-r--r--public/account/security.php52
-rw-r--r--public/account/signout.php16
8 files changed, 0 insertions, 845 deletions
diff --git a/public/account/change_emoteset.php b/public/account/change_emoteset.php
deleted file mode 100644
index c2fc209..0000000
--- a/public/account/change_emoteset.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-include_once "../../src/config.php";
-include_once "../../src/alert.php";
-include_once "../../src/accounts.php";
-
-if (!authorize_user(true)) {
- generate_alert("/404.php", "Unauthorized", 401);
- exit;
-}
-
-if ($_SERVER["REQUEST_METHOD"] != "POST") {
- generate_alert("/404.php", "Method not allowed", 405);
- exit;
-}
-
-if (!isset($_POST["id"])) {
- generate_alert("/404.php", "Emote set ID is not provided");
- exit;
-}
-
-$emote_set_id = $_POST["id"];
-$user_id = $_SESSION["user_id"];
-
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-$stmt = $db->prepare("SELECT id FROM acquired_emote_sets WHERE emote_set_id = ? AND user_id = ?");
-$stmt->execute([$emote_set_id, $user_id]);
-
-if ($stmt->rowCount() == 0) {
- generate_alert("/404.php", "You don't own emote set ID $emote_set_id", 403);
- exit;
-}
-
-$_SESSION["user_active_emote_set_id"] = $emote_set_id;
-
-header("Location: " . $_POST["redirect"] ?? "/"); \ No newline at end of file
diff --git a/public/account/delete.php b/public/account/delete.php
deleted file mode 100644
index ec8c040..0000000
--- a/public/account/delete.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-include "../../src/utils.php";
-include_once "../../src/config.php";
-
-session_start();
-
-if (!isset($_SESSION["user_id"])) {
- header("Location: /account");
- exit;
-}
-
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-$id = $_SESSION["user_id"];
-
-$profile = ($_GET["profile"] ?? "false") == "true";
-$pfp = ($_GET["pfp"] ?? "false") == "true";
-$banner = ($_GET["banner"] ?? "false") == "true";
-$badge = ($_GET["badge"] ?? "false") == "true";
-
-if ($pfp || $profile) {
- $path = "../static/userdata/avatars/$id";
- if (is_dir($path)) {
- array_map("unlink", glob("$path/*.*"));
- rmdir($path);
- }
-}
-
-if ($banner || $profile) {
- $path = "../static/userdata/banners/$id";
- if (is_dir($path)) {
- array_map("unlink", glob("$path/*.*"));
- rmdir($path);
- }
-}
-
-if ($badge || $profile) {
- $db->prepare("DELETE FROM user_badges WHERE user_id = ?")->execute([$id]);
-}
-
-if ($profile) {
- $db->prepare("DELETE FROM users WHERE id = ?")->execute([$id]);
-
- session_unset();
- session_destroy();
-
- setcookie("secret_key", "", time() - 1000);
-}
-
-header("Location: /account"); \ No newline at end of file
diff --git a/public/account/index.php b/public/account/index.php
deleted file mode 100644
index 2b9e790..0000000
--- a/public/account/index.php
+++ /dev/null
@@ -1,306 +0,0 @@
-<?php
-include_once "../../src/alert.php";
-include "../../src/accounts.php";
-include "../../src/partials.php";
-include_once "../../src/config.php";
-include_once "../../src/utils.php";
-include_once "../../src/images.php";
-
-authorize_user();
-
-if (!isset($_SESSION["user_id"], $_SESSION["user_name"])) {
- header("Location: /account/login");
- exit;
-}
-
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-if ($_SERVER['REQUEST_METHOD'] == "POST") {
- $username = str_safe($_POST["username"] ?? "", ACCOUNT_USERNAME_LENGTH[1]);
-
- if (!empty($username) && $username != $_SESSION["user_name"]) {
- if (!preg_match(ACCOUNT_USERNAME_REGEX, $username)) {
- generate_alert("/account", "Bad username");
- exit;
- }
-
- $stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
- $stmt->execute([$username]);
-
- if ($stmt->rowCount() == 0) {
- $stmt = $db->prepare("UPDATE users SET username = ? WHERE id = ?");
- $stmt->execute([$username, $_SESSION["user_id"]]);
- } else {
- generate_alert("/account", "The username has already taken");
- exit;
- }
- }
-
- if (isset($_FILES["pfp"]) && !empty($_FILES["pfp"]["tmp_name"])) {
- $pfp = $_FILES["pfp"];
-
- if (
- $err = create_image_bundle(
- $pfp["tmp_name"],
- $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/avatars/" . $_SESSION["user_id"],
- ACCOUNT_PFP_MAX_SIZE[0],
- ACCOUNT_PFP_MAX_SIZE[1],
- true,
- true
- )
- ) {
- generate_alert("/account", sprintf("Error occurred while processing the profile picture (%d)", $err));
- exit;
- }
- }
-
- if (isset($_FILES["banner"]) && !empty($_FILES["banner"]["tmp_name"])) {
- $banner = $_FILES["banner"];
-
- if (
- $err = create_image_bundle(
- $banner["tmp_name"],
- $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/banners/" . $_SESSION["user_id"],
- ACCOUNT_BANNER_MAX_SIZE[0],
- ACCOUNT_BANNER_MAX_SIZE[1],
- true,
- true
- )
- ) {
- generate_alert("/account", sprintf("Error occurred while processing the profile banner (%d)", $err));
- exit;
- }
- }
-
- if (isset($_FILES["badge"]) && !empty($_FILES["badge"]["tmp_name"])) {
- $badge = $_FILES["badge"];
- $badge_id = bin2hex(random_bytes(16));
- if (
- $err = create_image_bundle(
- $badge["tmp_name"],
- $_SERVER["DOCUMENT_ROOT"] . "/static/userdata/badges/" . $badge_id,
- ACCOUNT_BADGE_MAX_SIZE[0],
- ACCOUNT_BADGE_MAX_SIZE[1],
- true,
- true
- )
- ) {
- generate_alert("/account", sprintf("Error occurred while processing the personal badge (%d)", $err));
- exit;
- }
-
- $db->prepare("DELETE FROM user_badges WHERE badge_id != ? AND user_id = ?")->execute([$badge_id, $_SESSION["user_id"]]);
- $db->prepare("INSERT INTO badges(id, uploaded_by) VALUES (?, ?)")->execute([$badge_id, $_SESSION["user_id"]]);
- $db->prepare("INSERT INTO user_badges(badge_id, user_id) VALUES (?, ?)")->execute([$badge_id, $_SESSION["user_id"]]);
- }
-
- $db = null;
- generate_alert("/account", "Your changes have been applied!", 200);
- exit;
-}
-
-?>
-
-<html>
-
-<head>
- <title>Account management - <?php echo INSTANCE_NAME ?></title>
- <link rel="stylesheet" href="/static/style.css">
- <link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
-</head>
-
-<body>
- <div class="container">
- <div class="wrapper">
- <?php html_navigation_bar() ?>
-
- <section class="content">
- <?php display_alert() ?>
- <section class="box accman">
- <h1>Account management</h1>
-
- <form action="/account/" method="POST" enctype="multipart/form-data">
- <h2>Profile</h2>
- <h3>Profile picture</h3>
- <?php
- $has_pfp = is_dir("../static/userdata/avatars/" . $_SESSION["user_id"]);
- if ($has_pfp) {
- echo '<img src="/static/userdata/avatars/' . $_SESSION["user_id"] . '/2x.webp" id="pfp" width="64" height="64">';
- } else {
- echo "<p>You don't have profile picture</p>";
- }
- ?>
- <div>
- <input type="file" name="pfp">
- <?php if ($has_pfp): ?>
- <a href="/account/delete.php?pfp=true">
- <img src="/static/img/icons/bin.png" alt="Remove profile picture"
- title="Remove profile picture">
- </a>
- <?php endif; ?>
- </div>
-
- <h3>Profile banner</h3>
- <?php
- $has_banner = is_dir("../static/userdata/banners/" . $_SESSION["user_id"]);
- if ($has_banner) {
- echo '<img src="/static/userdata/banners/' . $_SESSION["user_id"] . '/2x.webp" id="banner" width="256">';
- } else {
- echo "<p>You don't have profile banner</p>";
- }
- ?>
- <div>
- <input type="file" name="banner">
- <?php if ($has_banner): ?>
- <a href="/account/delete.php?banner=true">
- <img src="/static/img/icons/bin.png" alt="Remove banner" title="Remove banner">
- </a>
- <?php endif; ?>
- </div>
-
- <h3>Personal badge</h3>
- <?php
- $stmt = $db->prepare("SELECT badge_id FROM user_badges WHERE user_id = ?");
- $stmt->execute([$_SESSION["user_id"]]);
-
- $has_badge = false;
-
- if ($row = $stmt->fetch()) {
- echo '<div class="box row items-center justify-between">';
- echo '<img src="/static/userdata/badges/' . $row["badge_id"] . '/1x.webp" id="badge">';
- echo '<img src="/static/userdata/badges/' . $row["badge_id"] . '/2x.webp" id="badge">';
- echo '<img src="/static/userdata/badges/' . $row["badge_id"] . '/3x.webp" id="badge">';
- echo '</div>';
- $has_badge = true;
- } else {
- echo "<p>You don't have personal badge</p>";
- }
- ?>
- <div>
- <input type="file" name="badge">
- <?php if ($has_badge): ?>
- <a href="/account/delete.php?badge=true">
- <img src="/static/img/icons/bin.png" alt="Remove badge" title="Remove badge">
- </a>
- <?php endif; ?>
- </div>
-
- <h3>Username</h3>
- <input type="text" name="username" id="username" value="<?php echo $_SESSION["user_name"] ?>">
-
- <button type="submit">Save</button>
- </form>
-
- <hr>
-
- <div>
- <h2>Connections</h2>
- <div>
- <?php
- $stmt = $db->prepare("SELECT * FROM connections WHERE user_id = ?");
- $stmt->execute([$_SESSION["user_id"]]);
- $connections = $stmt->fetchAll();
- $platforms = ["twitch"];
-
- foreach ($platforms as $platform) {
- $connection = null;
- $key = array_search($platform, array_column($connections, "platform"));
-
- if (!is_bool($key)) {
- $connection = $connections[$key];
- }
-
- echo "<div class='box $platform row small-gap items-center'>";
- echo "<div><img src='/static/img/icons/connections/$platform.webp' alt='' width='52' height='52' /></div>";
-
- echo "<div class='column grow'>";
- echo "<b>" . ucfirst($platform) . "</b>";
-
- // TODO: check if connection is still alive
- if ($connection == null) {
- echo "<i>Not connected</i>";
- } else {
- echo "<i>" . $connection["alias_id"] . "</i>";
- }
-
- echo "</div>";
-
- echo "<div class='column'>";
-
- if ($connection == null) {
- echo "<a href='/account/login/$platform.php'>";
- echo '<img src="/static/img/icons/disconnect.png" alt="Connect" title="Connect" />';
- echo "</a>";
- } else {
- echo "<a href='/account/login/$platform.php?disconnect'>";
- echo '<img src="/static/img/icons/connect.png" alt="Disconnect" title="Disconnect" />';
- echo "</a>";
- }
-
- echo "</div></div>";
- }
- ?>
- </div>
- </div>
-
- <hr>
-
- <form action="/account/security.php" method="post">
- <h2>Security & Privacy</h2>
- <div>
- <?php
- $stmt = $db->prepare("SELECT CASE WHEN password IS NOT NULL THEN 1 ELSE 0 END as set_password FROM users WHERE id = ?");
- $stmt->execute([$_SESSION["user_id"]]);
- $set_password = $stmt->fetch()[0];
- if ($set_password): ?>
- <label for="password-current">Current password:</label>
- <input type="password" name="password-current" id="form-password-current" required>
- <?php endif; ?>
- <label for="password-new">New password:</label>
- <input type="password" name="password-new" id="form-password-new">
- </div>
- <div>
- <input type="checkbox" name="make-private" value="1" id="form-make-private" <?php
- $stmt = $db->prepare("SELECT private_profile FROM user_preferences WHERE id = ?");
- $stmt->execute([$_SESSION["user_id"]]);
- if (intval($stmt->fetch()[0]) == 1) {
- echo 'checked';
- }
- ?>>
- <label for="make-private" class="inline">Make profile private</label>
- <p class="font-small">Enabling this feature will hide your authorship of uploaded emotes and
- actions.</p>
-
- </div>
- <div>
- <input type="checkbox" name="signout-everywhere" value="1" id="form-signout-everywhere">
- <label for="signout-everywhere" class="inline">Sign out everywhere</label>
- </div>
-
- <button type="submit">Apply</button>
- </form>
-
- <a href="/account/delete.php?profile=true" class="red button" style="text-align: center;">Delete
- me</a>
- </section>
- </section>
- </div>
- </div>
-</body>
-
-<script>
- const username = document.getElementById("username");
- let validUsername = "";
-
- username.addEventListener("input", (e) => {
- const regex = <?php echo ACCOUNT_USERNAME_REGEX ?>;
-
- if (regex.test(e.target.value) && e.target.value.length <= <?php echo ACCOUNT_USERNAME_LENGTH[1] ?>) {
- validUsername = e.target.value;
- } else {
- e.target.value = validUsername;
- }
- });
-</script>
-
-</html> \ No newline at end of file
diff --git a/public/account/login/index.php b/public/account/login/index.php
deleted file mode 100644
index ace116d..0000000
--- a/public/account/login/index.php
+++ /dev/null
@@ -1,99 +0,0 @@
-<?php
-include "../../../src/accounts.php";
-
-if (authorize_user()) {
- header("Location: /account");
- exit;
-}
-
-include "../../../src/partials.php";
-include_once "../../../src/config.php";
-include_once "../../../src/alert.php";
-include_once "../../../src/utils.php";
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!isset($_POST["username"], $_POST["password"])) {
- generate_alert("/account/login", "Not enough POST fields");
- exit;
- }
-
- $username = $_POST["username"];
- $password = $_POST["password"];
- $remember = intval($_POST["remember"] ?? "0") != 0;
-
- $db = new PDO(DB_URL, DB_USER, DB_PASS);
- $stmt = $db->prepare("SELECT secret_key, password FROM users WHERE username = ? AND password IS NOT NULL");
- $stmt->execute([$username]);
-
- if ($row = $stmt->fetch()) {
- if (password_verify($password, $row["password"])) {
- setcookie("secret_key", $row["secret_key"], $remember ? (time() + ACCOUNT_COOKIE_MAX_LIFETIME) : 0, "/");
- header("Location: /account");
- exit;
- } else {
- generate_alert("/account/login", "Passwords do not match!", 403);
- exit;
- }
- } else {
- generate_alert("/account/login", "User not found or is not accessable", 404);
- exit;
- }
-}
-?>
-
-<html>
-
-<head>
- <title>Login - <?php echo INSTANCE_NAME ?></title>
- <link rel="stylesheet" href="/static/style.css">
- <link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
-</head>
-
-<body>
- <div class="container">
- <div class="wrapper">
- <?php html_navigation_bar(); ?>
- <section class="content" style="width: 400px;">
- <?php display_alert() ?>
- <section class="box">
- <div class="box navtab">
- <p>Log in to <?php echo INSTANCE_NAME ?></p>
- </div>
- <div class="box content">
- <form action="/account/login/" method="post">
- <div>
- <label for="username">Username</label>
- <input type="text" name="username" id="form-username" required>
- </div>
- <div>
- <label for="password">Password</label>
- <input type="password" name="password" id="form-password" required>
- </div>
- <div>
- <input type="checkbox" name="remember" value="1" id="form-remember">
- <label for="remember" class="inline">Remember me</label>
- </div>
- <div>
- <button type="submit">Log in</button>
- <?php if (ACCOUNT_REGISTRATION_ENABLE): ?>
- <a href="/account/register.php">Register</a>
- <?php endif; ?>
- </div>
- </form>
- </div>
- </section>
-
- <?php if (TWITCH_REGISTRATION_ENABLE): ?>
- <section class="box column">
- <a href="/account/login/twitch.php" class="button purple big">Login with Twitch</a>
- <p style="font-size: 12px;">Logging in via Twitch gives you the ability to use
- <?php echo INSTANCE_NAME ?> emotes in your Twitch chat.
- </p>
- </section>
- <?php endif; ?>
- </section>
- </div>
- </div>
-</body>
-
-</html> \ No newline at end of file
diff --git a/public/account/login/twitch.php b/public/account/login/twitch.php
deleted file mode 100644
index 38fd6cc..0000000
--- a/public/account/login/twitch.php
+++ /dev/null
@@ -1,175 +0,0 @@
-<?php
-include_once "../../../src/config.php";
-include_once "../../../src/utils.php";
-include_once "../../../src/alert.php";
-
-if (!TWITCH_REGISTRATION_ENABLE) {
- generate_alert("/404.php", "Registration via Twitch is disabled", 405);
- exit;
-}
-
-session_start();
-
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-if (isset($_GET["disconnect"], $_SESSION["user_id"])) {
- $stmt = $db->prepare("SELECT c.id,
- CASE WHEN (
- SELECT u.password FROM users u WHERE u.id = c.user_id
- ) IS NOT NULL
- THEN 1 ELSE 0
- END AS set_password
- FROM connections c
- WHERE c.user_id = ?
- ");
- $stmt->execute([$_SESSION["user_id"]]);
-
- if ($row = $stmt->fetch()) {
- if ($row["set_password"]) {
- $db->prepare("DELETE FROM connections WHERE user_id = ? AND platform = 'twitch'")->execute([$_SESSION["user_id"]]);
- generate_alert("/account", "Successfully disconnected from Twitch!", 200);
- } else {
- generate_alert("/account", "You must set a password before deleting any connections", 403);
- }
- } else {
- generate_alert("/account", "No Twitch connection found", 404);
- }
- exit;
-}
-
-$client_id = TWITCH_CLIENT_ID;
-$client_secret = TWITCH_SECRET_KEY;
-$redirect_uri = TWITCH_REDIRECT_URI;
-
-if (isset($_GET["error"])) {
- header("Location: /account/login");
- exit;
-}
-
-if (!isset($_GET["code"])) {
- header("Location: https://id.twitch.tv/oauth2/authorize?client_id=$client_id&redirect_uri=$redirect_uri&response_type=code");
- exit;
-}
-
-$code = $_GET["code"];
-
-// obtaining twitch token
-$request = curl_init();
-curl_setopt($request, CURLOPT_URL, "https://id.twitch.tv/oauth2/token");
-curl_setopt($request, CURLOPT_POST, 1);
-curl_setopt(
- $request,
- CURLOPT_POSTFIELDS,
- "client_id=$client_id&client_secret=$client_secret&code=$code&grant_type=authorization_code&redirect_uri=$redirect_uri"
-);
-curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
-
-$response = curl_exec($request);
-curl_close($request);
-
-$response = json_decode($response, true);
-
-if (array_key_exists("status", $response)) {
- header("Location: /account/login");
- exit;
-}
-
-// identifying user
-$request = curl_init();
-curl_setopt($request, CURLOPT_URL, "https://api.twitch.tv/helix/users");
-curl_setopt($request, CURLOPT_HTTPHEADER, [
- "Authorization: Bearer " . $response["access_token"],
- "Client-Id: $client_id"
-]);
-curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
-
-$twitch_user = curl_exec($request);
-curl_close($request);
-
-$twitch_user = json_decode($twitch_user, true);
-
-if (empty($twitch_user["data"])) {
- generate_alert("/account", "Failed to identify Twitch user", 500);
- exit;
-}
-
-$twitch_user = $twitch_user["data"][0];
-
-// saving it
-$twitch_access_token = $response["access_token"];
-$twitch_refresh_token = $response["refresh_token"];
-$twitch_expires_on = time() + intval($response["expires_in"]);
-
-// creating user if not exists
-$stmt = $db->prepare("SELECT * FROM users u
- INNER JOIN connections c ON c.alias_id = ?
- WHERE c.user_id = u.id AND c.platform = 'twitch'
-");
-$stmt->execute([$twitch_user["id"]]);
-
-$user_id = "";
-$user_secret_key = "";
-$user_name = "";
-
-if ($row = $stmt->fetch()) {
- if (isset($_SESSION["user_id"]) && $_SESSION["user_id"] != $row["id"]) {
- generate_alert("/account", "There is another " . INSTANCE_NAME . " account associated with that Twitch account", 409);
- exit;
- }
-
- $user_name = $row["username"];
- $user_secret_key = $row["secret_key"];
- $user_id = $row["id"];
-} else {
- $user_secret_key = generate_random_string(32);
- $user_name = $twitch_user["login"];
- $user_id = bin2hex(random_bytes(16));
-
- list($user_secret_key, $user_name, $user_id) = match (isset($_SESSION["user_id"])) {
- true => [$_COOKIE["secret_key"], $_SESSION["user_name"], $_SESSION["user_id"]],
- default => [generate_random_string(32), $twitch_user["login"], bin2hex(random_bytes(16))]
- };
-
- if (!isset($_SESSION["user_id"])) {
- // checking for duplicates
- $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
- $stmt->execute([$user_name]);
- $duplicates = intval($stmt->fetch()[0]);
- if ($duplicates > 0) {
- $i = 1;
- while (true) {
- $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
- $stmt->execute(["$user_name$i"]);
-
- if ($stmt->fetch()[0] == 0) {
- break;
- }
-
- $i++;
- }
- $user_name .= $i;
- }
-
- $stmt = $db->prepare("INSERT INTO users(id, username, secret_key) VALUES (?, ?, ?)");
- if (!$stmt->execute([$user_id, $user_name, $user_secret_key])) {
- $db = null;
- echo "Failed to create a user";
- exit;
- }
- }
-
- $stmt = $db->prepare("INSERT INTO connections(user_id, alias_id, platform, data) VALUES (?, ?, 'twitch', ?)");
- $stmt->execute([
- $user_id,
- $twitch_user["id"],
- sprintf("%s:%s:%s", $twitch_access_token, $twitch_refresh_token, $twitch_expires_on)
- ]);
-}
-
-$_SESSION["user_id"] = $user_id;
-$_SESSION["user_name"] = $user_name;
-setcookie("secret_key", $user_secret_key, time() + ACCOUNT_COOKIE_MAX_LIFETIME, "/");
-
-$db = null;
-
-header("Location: /account"); \ No newline at end of file
diff --git a/public/account/register.php b/public/account/register.php
deleted file mode 100644
index 1da89a0..0000000
--- a/public/account/register.php
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-include "../../src/accounts.php";
-include_once "../../src/alert.php";
-
-if (authorize_user()) {
- header("Location: /account");
- exit;
-}
-
-if (!ACCOUNT_REGISTRATION_ENABLE) {
- generate_alert("/404.php", "Account registration is disabled", 403);
- exit;
-}
-
-include "../../src/partials.php";
-include_once "../../src/config.php";
-include_once "../../src/utils.php";
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!isset($_POST["username"], $_POST["password"])) {
- generate_alert("/account/register.php", "Not enough POST fields");
- exit;
- }
-
- $username = $_POST["username"];
- $username_length = strlen($username);
- if (ACCOUNT_USERNAME_LENGTH[0] > $username_length || $username_length > ACCOUNT_USERNAME_LENGTH[1]) {
- generate_alert("/account/register.php", sprintf("Username must be between %d-%d characters long", ACCOUNT_USERNAME_LENGTH[0], ACCOUNT_USERNAME_LENGTH[1]));
- exit;
- }
-
- if (!preg_match(ACCOUNT_USERNAME_REGEX, $username)) {
- generate_alert("/account/register.php", "Bad username");
- exit;
- }
-
- $password = $_POST["password"];
- if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) {
- generate_alert("/account/register.php", "Password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters");
- exit;
- }
-
- $db = new PDO(DB_URL, DB_USER, DB_PASS);
-
- $stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
- $stmt->execute([$username]);
-
- if ($stmt->rowCount() != 0) {
- generate_alert("/account/register.php", "The username has already been taken");
- exit;
- }
-
- $secret_key = generate_random_string(ACCOUNT_SECRET_KEY_LENGTH);
- $password = password_hash($password, PASSWORD_DEFAULT);
-
- $id = bin2hex(random_bytes(16));
-
- $stmt = $db->prepare("INSERT INTO users(id, username, password, secret_key) VALUES (?, ?, ?, ?)");
- $stmt->execute([$id, $username, $password, $secret_key]);
-
- setcookie("secret_key", $secret_key, time() + ACCOUNT_COOKIE_MAX_LIFETIME, "/");
- header("Location: /account");
- exit;
-}
-?>
-
-<html>
-
-<head>
- <title>Register an account - <?php echo INSTANCE_NAME ?></title>
- <link rel="stylesheet" href="/static/style.css">
- <link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
-</head>
-
-<body>
- <div class="container">
- <div class="wrapper">
- <?php html_navigation_bar(); ?>
-
- <section class="content" style="width: 400px;">
- <?php display_alert() ?>
- <section class="box">
- <div class="box navtab">
- <p>Register an account in <?php echo INSTANCE_NAME ?></p>
- </div>
- <div class="box content">
- <form action="/account/register.php" method="post">
- <div>
- <label for="username">Username</label>
- <input type="text" name="username" id="form-username" required>
- </div>
- <div>
- <label for="password">Password</label>
- <input type="password" name="password" id="form-password" required>
- </div>
- <div>
- <button type="submit">Register</button>
- </div>
- </form>
- <p style="font-size: 12px;">
- Since <?php echo INSTANCE_NAME ?> doesn't require email and password reset via email is
- not supported, please remember your passwords!
- </p>
- </div>
- </section>
- </section>
- </div>
- </div>
-</body>
-
-</html> \ No newline at end of file
diff --git a/public/account/security.php b/public/account/security.php
deleted file mode 100644
index 5545b60..0000000
--- a/public/account/security.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-
-include_once "../../src/accounts.php";
-include_once "../../src/alert.php";
-include_once "../../src/config.php";
-include_once "../../src/utils.php";
-
-if ($_SERVER["REQUEST_METHOD"] != "POST" || !authorize_user(true)) {
- header("Location: /account");
- exit;
-}
-
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
-$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
-$stmt->execute([$_SESSION["user_id"]]);
-
-$user = $stmt->fetch();
-$current_password = $_POST["password-current"] ?? "";
-
-if ($user["password"] != null && !password_verify($current_password, $user["password"])) {
- generate_alert("/account", "Password is required to apply changes in 'Security' section");
- exit;
-}
-
-if (!empty($_POST["password-new"])) {
- $password = $_POST["password-new"];
- if (ACCOUNT_PASSWORD_MIN_LENGTH > strlen($password)) {
- generate_alert("/account", "Your password must be at least " . ACCOUNT_PASSWORD_MIN_LENGTH . " characters");
- exit;
- }
-
- $db->prepare("UPDATE users SET password = ? WHERE id = ?")
- ->execute([password_hash($password, PASSWORD_DEFAULT), $user["id"]]);
-}
-
-$private_profile = (int) (intval($_POST["make-private"] ?? "0") == 1);
-
-$db->prepare("UPDATE user_preferences SET private_profile = ? WHERE id = ?")
- ->execute([$private_profile, $user["id"]]);
-
-if (intval($_POST["signout-everywhere"] ?? "0") == 1) {
- $db->prepare("UPDATE users SET secret_key = ? WHERE id = ?")
- ->execute([generate_random_string(ACCOUNT_SECRET_KEY_LENGTH), $_SESSION["user_id"]]);
-
- session_unset();
- session_destroy();
-
- setcookie("secret_key", "", time() - 1000);
-}
-
-generate_alert("/account", "Your changes have been applied!", 200); \ No newline at end of file
diff --git a/public/account/signout.php b/public/account/signout.php
deleted file mode 100644
index f971d4a..0000000
--- a/public/account/signout.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-include_once $_SERVER["DOCUMENT_ROOT"] . '/../src/accounts.php';
-include_once $_SERVER["DOCUMENT_ROOT"] . '/../src/alert.php';
-
-if (!isset($_GET["local"])) {
- header("Location: /");
- exit;
-}
-
-session_start();
-
-setcookie("secret_key", "", time() - 1000, "/");
-session_unset();
-session_destroy();
-
-generate_alert("/", "Signed out!", 200); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-13 20:45:02 +0000