@@ -40,6 +40,12 @@ try {
|
||||
case 'settings':
|
||||
handleSettings($method, $db);
|
||||
break;
|
||||
case 'login':
|
||||
handleLogin($method, $db);
|
||||
break;
|
||||
case 'logout':
|
||||
handleLogout();
|
||||
break;
|
||||
case 'teams':
|
||||
handleTeams($method, $id, $db);
|
||||
break;
|
||||
@@ -69,6 +75,10 @@ try {
|
||||
|
||||
function handleSession($method, $db) {
|
||||
$loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
|
||||
if (!$loggedin && $method === 'GET') {
|
||||
echo json_encode(['loggedin' => false]);
|
||||
return;
|
||||
}
|
||||
if ($loggedin) {
|
||||
$role = $_SESSION['neptune_role'] ?? 'user';
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_users WHERE role='admin'");
|
||||
@@ -85,6 +95,80 @@ function handleSession($method, $db) {
|
||||
}
|
||||
}
|
||||
|
||||
function handleLogin($method, $db) {
|
||||
if ($method !== 'POST') {
|
||||
http_response_code(405);
|
||||
echo json_encode(['error' => 'POST required']);
|
||||
return;
|
||||
}
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
$auth_token = $data['auth_token'] ?? '';
|
||||
if (!$auth_token) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'auth_token required']);
|
||||
return;
|
||||
}
|
||||
|
||||
$check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($auth_token);
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $check_url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
|
||||
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
|
||||
$response = curl_exec($ch);
|
||||
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
if ($http_code !== 200 || !$response) {
|
||||
http_response_code(502);
|
||||
echo json_encode(['error' => 'Failed to contact auth server']);
|
||||
return;
|
||||
}
|
||||
|
||||
$info = json_decode($response, true);
|
||||
if (!isset($info['status']) || $info['status'] !== 'success') {
|
||||
http_response_code(401);
|
||||
echo json_encode(['error' => $info['msg'] ?? 'Auth failed']);
|
||||
return;
|
||||
}
|
||||
|
||||
$user_token = $info['user_token'];
|
||||
$username = $info['username'];
|
||||
$email = $info['email'] ?? '';
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM neptune_users WHERE user_token = ?");
|
||||
$stmt->execute([$user_token]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if ($user) {
|
||||
$_SESSION['neptune_loggedin'] = true;
|
||||
$_SESSION['neptune_user_token'] = $user['user_token'];
|
||||
$_SESSION['neptune_username'] = $user['username'];
|
||||
$_SESSION['neptune_role'] = $user['role'];
|
||||
} else {
|
||||
$count = $db->query("SELECT COUNT(*) as c FROM neptune_users")->fetch()['c'];
|
||||
$role = ($count == 0) ? 'admin' : 'user';
|
||||
$stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$user_token, $username, $email, $role]);
|
||||
$_SESSION['neptune_loggedin'] = true;
|
||||
$_SESSION['neptune_user_token'] = $user_token;
|
||||
$_SESSION['neptune_username'] = $username;
|
||||
$_SESSION['neptune_role'] = $role;
|
||||
}
|
||||
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'username' => $_SESSION['neptune_username'],
|
||||
'role' => $_SESSION['neptune_role']
|
||||
]);
|
||||
}
|
||||
|
||||
function handleLogout() {
|
||||
$_SESSION = array();
|
||||
session_destroy();
|
||||
echo json_encode(['status' => 'success']);
|
||||
}
|
||||
|
||||
function handleSettings($method, $db) {
|
||||
$role = $_SESSION['neptune_role'] ?? 'user';
|
||||
if ($method === 'GET') {
|
||||
|
||||
Reference in New Issue
Block a user