summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
Diffstat (limited to 'public')
-rw-r--r--public/account/index.php52
-rw-r--r--public/account/login/twitch.php105
-rw-r--r--public/static/img/icons/connect.pngbin0 -> 748 bytes
-rw-r--r--public/static/img/icons/connections/twitch.webpbin0 -> 5142 bytes
-rw-r--r--public/static/img/icons/disconnect.pngbin0 -> 796 bytes
-rw-r--r--public/static/style.css7
6 files changed, 128 insertions, 36 deletions
diff --git a/public/account/index.php b/public/account/index.php
index 48bfb8d..97c5942 100644
--- a/public/account/index.php
+++ b/public/account/index.php
@@ -135,6 +135,58 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<hr>
+ <div>
+ <h2>Connections</h2>
+ <div>
+ <?php
+ $stmt = $db->prepare("SELECT * FROM connections WHERE user_id = ?");
+ $stmt->execute([$_SESSION["user_id"]]);
+ $connections = $stmt->fetchAll();
+ $platforms = ["twitch"];
+
+ foreach ($platforms as $platform) {
+ $connection = null;
+ $key = array_search($platform, array_column($connections, "platform"));
+
+ if (!is_bool($key)) {
+ $connection = $connections[$key];
+ }
+
+ echo "<div class='box $platform row small-gap items-center'>";
+ echo "<div><img src='/static/img/icons/connections/$platform.webp' alt='' width='52' height='52' /></div>";
+
+ echo "<div class='column grow'>";
+ echo "<b>" . ucfirst($platform) . "</b>";
+
+ // TODO: check if connection is still alive
+ if ($connection == null) {
+ echo "<i>Not connected</i>";
+ } else {
+ echo "<i>" . $connection["alias_id"] . "</i>";
+ }
+
+ echo "</div>";
+
+ echo "<div class='column'>";
+
+ if ($connection == null) {
+ echo "<a href='/account/login/$platform.php'>";
+ echo '<img src="/static/img/icons/disconnect.png" alt="Connect" title="Connect" />';
+ echo "</a>";
+ } else {
+ echo "<a href='/account/login/$platform.php?disconnect'>";
+ echo '<img src="/static/img/icons/connect.png" alt="Disconnect" title="Disconnect" />';
+ echo "</a>";
+ }
+
+ echo "</div></div>";
+ }
+ ?>
+ </div>
+ </div>
+
+ <hr>
+
<form action="/account/security.php" method="post">
<h2>Security & Privacy</h2>
<div>
diff --git a/public/account/login/twitch.php b/public/account/login/twitch.php
index e3fe57a..af9802e 100644
--- a/public/account/login/twitch.php
+++ b/public/account/login/twitch.php
@@ -1,13 +1,42 @@
<?php
-include "../../../src/utils.php";
include_once "../../../src/config.php";
include_once "../../../src/utils.php";
+include_once "../../../src/alert.php";
if (!TWITCH_REGISTRATION_ENABLE) {
generate_alert("/404.php", "Registration via Twitch is disabled", 405);
exit;
}
+session_start();
+
+$db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+if (isset($_GET["disconnect"], $_SESSION["user_id"])) {
+ $stmt = $db->prepare("SELECT c.id,
+ CASE WHEN (
+ SELECT u.password FROM users u WHERE u.id = c.user_id
+ ) IS NOT NULL
+ THEN 1 ELSE 0
+ END AS set_password
+ FROM connections c
+ WHERE c.user_id = ?
+ ");
+ $stmt->execute([$_SESSION["user_id"]]);
+
+ if ($row = $stmt->fetch()) {
+ if ($row["set_password"]) {
+ $db->prepare("DELETE FROM connections WHERE user_id = ? AND platform = 'twitch'")->execute([$_SESSION["user_id"]]);
+ generate_alert("/account", "Successfully disconnected from Twitch!", 200);
+ } else {
+ generate_alert("/account", "You must set a password before deleting any connections", 403);
+ }
+ } else {
+ generate_alert("/account", "No Twitch connection found", 404);
+ }
+ exit;
+}
+
$client_id = TWITCH_CLIENT_ID;
$client_secret = TWITCH_SECRET_KEY;
$redirect_uri = TWITCH_REDIRECT_URI;
@@ -46,8 +75,6 @@ if (array_key_exists("status", $response)) {
}
// identifying user
-session_start();
-
$request = curl_init();
curl_setopt($request, CURLOPT_URL, "https://api.twitch.tv/helix/users");
curl_setopt($request, CURLOPT_HTTPHEADER, [
@@ -62,7 +89,7 @@ curl_close($request);
$twitch_user = json_decode($twitch_user, true);
if (empty($twitch_user["data"])) {
- echo "Failed to identify";
+ generate_alert("/account", "Failed to identify Twitch user", 500);
exit;
}
@@ -73,10 +100,11 @@ $twitch_access_token = $response["access_token"];
$twitch_refresh_token = $response["refresh_token"];
$twitch_expires_on = time() + intval($response["expires_in"]);
-$db = new PDO(DB_URL, DB_USER, DB_PASS);
-
// creating user if not exists
-$stmt = $db->prepare("SELECT id, user_id FROM connections WHERE alias_id = ? AND platform = 'twitch'");
+$stmt = $db->prepare("SELECT * FROM users u
+ INNER JOIN connections c ON c.alias_id = ?
+ WHERE c.user_id = u.id AND c.platform = 'twitch'
+");
$stmt->execute([$twitch_user["id"]]);
$user_id = "";
@@ -84,39 +112,50 @@ $user_secret_key = "";
$user_name = "";
if ($row = $stmt->fetch()) {
- $id = $row["id"];
- $user_id = $row["user_id"];
-
- $stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
- $stmt->execute([$user_id]);
-
- if ($row = $stmt->fetch()) {
- $user_name = $row["username"];
- $user_secret_key = $row["secret_key"];
- $user_id = $row["id"];
- } else {
- $db = null;
- echo "Connection found, but not user?";
+ if (isset($_SESSION["user_id"]) && $_SESSION["user_id"] != $row["id"]) {
+ generate_alert("/account", "There is another " . INSTANCE_NAME . " account associated with that Twitch account", 409);
exit;
}
+
+ $user_name = $row["username"];
+ $user_secret_key = $row["secret_key"];
+ $user_id = $row["id"];
} else {
$user_secret_key = generate_random_string(32);
$user_name = $twitch_user["login"];
$user_id = bin2hex(random_bytes(16));
- // checking for duplicates
- $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
- $stmt->execute([$user_name]);
- $duplicates = intval($stmt->fetch()[0]);
- if ($duplicates > 0) {
- $user_name .= $duplicates + 1;
- }
-
- $stmt = $db->prepare("INSERT INTO users(id, username, secret_key) VALUES (?, ?, ?)");
- if (!$stmt->execute([$user_id, $user_name, $user_secret_key])) {
- $db = null;
- echo "Failed to create a user";
- exit;
+ list($user_secret_key, $user_name, $user_id) = match (isset($_SESSION["user_id"])) {
+ true => [$_COOKIE["secret_key"], $_SESSION["user_name"], $_SESSION["user_id"]],
+ default => [generate_random_string(32), $twitch_user["login"], bin2hex(random_bytes(16))]
+ };
+
+ if (!isset($_SESSION["user_id"])) {
+ // checking for duplicates
+ $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
+ $stmt->execute([$user_name]);
+ $duplicates = intval($stmt->fetch()[0]);
+ if ($duplicates > 0) {
+ $i = 1;
+ while (true) {
+ $stmt = $db->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
+ $stmt->execute(["$user_name$i"]);
+
+ if ($stmt->fetch()[0] == 0) {
+ break;
+ }
+
+ $i++;
+ }
+ $user_name .= $i;
+ }
+
+ $stmt = $db->prepare("INSERT INTO users(id, username, secret_key) VALUES (?, ?, ?)");
+ if (!$stmt->execute([$user_id, $user_name, $user_secret_key])) {
+ $db = null;
+ echo "Failed to create a user";
+ exit;
+ }
}
$stmt = $db->prepare("INSERT INTO connections(user_id, alias_id, platform, data) VALUES (?, ?, 'twitch', ?)");
diff --git a/public/static/img/icons/connect.png b/public/static/img/icons/connect.png
new file mode 100644
index 0000000..024138e
--- /dev/null
+++ b/public/static/img/icons/connect.png
Binary files differ
diff --git a/public/static/img/icons/connections/twitch.webp b/public/static/img/icons/connections/twitch.webp
new file mode 100644
index 0000000..c2882b4
--- /dev/null
+++ b/public/static/img/icons/connections/twitch.webp
Binary files differ
diff --git a/public/static/img/icons/disconnect.png b/public/static/img/icons/disconnect.png
new file mode 100644
index 0000000..b335cb1
--- /dev/null
+++ b/public/static/img/icons/disconnect.png
Binary files differ
diff --git a/public/static/style.css b/public/static/style.css
index f5a87e1..bc8ab61 100644
--- a/public/static/style.css
+++ b/public/static/style.css
@@ -251,9 +251,10 @@ button.green:hover,
}
button.purple,
-.button.purple {
- background: #9a7ad2;
- border-color: #6d5595;
+.button.purple,
+.twitch {
+ background: #9a7ad2 !important;
+ border-color: #6d5595 !important;
}
button.purple:hover,
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-12 21:12:06 +0000