This commit is contained in:
@@ -1,13 +1,14 @@
|
||||
<?php
|
||||
// Simulate fetching user data from a database
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
header('Content-Type: application/json');
|
||||
if($_SESSION["logged_in"]!==true){
|
||||
if(!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"]!==true){
|
||||
$data=[
|
||||
'status' => 'error',
|
||||
'message' => 'not logged in'
|
||||
];
|
||||
echo json_encode($user_data);
|
||||
echo json_encode($data);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
@@ -1,15 +1,11 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Not logged in'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
require_logged_in();
|
||||
|
||||
// Include database configuration
|
||||
include "../../config/config.php";
|
||||
@@ -34,6 +30,10 @@ $username = $_SESSION["username"];
|
||||
|
||||
// Get the raw POST data (JSON)
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
if(!isset($data->enable_2fa) || !is_bool($data->enable_2fa)){
|
||||
echo json_encode(['success' => false, 'message' => 'Missing required fields.']);
|
||||
exit();
|
||||
}
|
||||
if($data->enable_2fa==true){
|
||||
//create 2fa secret key
|
||||
$twofa_secret=generateBase32Secret();
|
||||
@@ -68,4 +68,3 @@ if($data->enable_2fa==false){
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -1,15 +1,11 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Not logged in'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
require_logged_in();
|
||||
|
||||
// Include database configuration
|
||||
include "../../config/config.php";
|
||||
@@ -32,6 +28,10 @@ $username = $_SESSION["username"];
|
||||
|
||||
// Get the raw POST data (JSON)
|
||||
$data = json_decode(file_get_contents("php://input"));
|
||||
if(!isset($data->enable_message) || !is_bool($data->enable_message)){
|
||||
echo json_encode(['success' => false, 'message' => 'Missing required fields.']);
|
||||
exit();
|
||||
}
|
||||
if($data->enable_message==true){
|
||||
$sql="UPDATE users SET login_message=1 WHERE id = ?";
|
||||
if ($update_stmt = $conn->prepare($sql)) {
|
||||
@@ -64,4 +64,3 @@ if($data->enable_message==false){
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
@@ -3,6 +3,9 @@
|
||||
header('Content-Type: application/json');
|
||||
|
||||
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
|
||||
require_once 'WebAuthn.php';
|
||||
|
||||
@@ -15,7 +18,6 @@ if ($conn->connect_error) {
|
||||
}
|
||||
|
||||
try {
|
||||
session_start();
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
@@ -168,4 +170,3 @@ try {
|
||||
print(json_encode($return));
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -1,15 +1,11 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Not logged in'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
require_logged_in();
|
||||
|
||||
// Include database configuration
|
||||
include "../../config/config.php";
|
||||
@@ -36,7 +32,6 @@ $data = json_decode(file_get_contents("php://input"));
|
||||
// Check if the required fields are present
|
||||
if (isset($data->old_password) && isset($data->new_password)) {
|
||||
// Get the user ID (this should be taken from the session or JWT token)
|
||||
session_start();
|
||||
$user_id = $_SESSION['id']; // Assuming user_id is stored in session
|
||||
|
||||
// Sanitize inputs
|
||||
@@ -95,4 +90,3 @@ if (isset($data->old_password) && isset($data->new_password)) {
|
||||
echo json_encode(['success' => false, 'message' => 'Missing required fields.']);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
@@ -1,15 +1,11 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
require_same_origin_request();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// Check if the user is logged in
|
||||
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Not logged in'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
require_logged_in();
|
||||
|
||||
// Include database configuration
|
||||
include "../../config/config.php";
|
||||
@@ -47,7 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
|
||||
// Sanitize and validate the input
|
||||
$name = preg_replace("/[^a-zA-Z0-9_]/", "", $data['name']); // Allow only letters, numbers, and underscores
|
||||
$email = filter_var($data['email'], FILTER_SANITIZE_EMAIL); // Sanitize email
|
||||
$email = trim((string) $data['email']);
|
||||
if ($email !== "" && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Invalid email address'
|
||||
]);
|
||||
exit();
|
||||
}
|
||||
$telegram_id = htmlspecialchars($data['telegram_id'], ENT_QUOTES, 'UTF-8'); // Escape special characters
|
||||
|
||||
//check if username is allready taken
|
||||
|
||||
Reference in New Issue
Block a user