adding some code, still stesting it
This commit is contained in:
Janis Steiner
21
app-code/api/login/redirect.php
Normal file
21
app-code/api/login/redirect.php
Normal file
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
session_start();
|
||||
header('Content-Type: application/json');
|
||||
$send_to=$_SESSION["end_url"];
|
||||
//if allready authenticated
|
||||
if(($_SESSION["auth_passkey"]==="not_reauired" or $_SESSION["auth_passkey"]==="authenticated") and ($_SESSION["auth_password"]==="not_reauired" or $_SESSION["auth_password"]==="authenticated") and ($_SESSION["auth_2fa"]==="not_reauired" or $_SESSION["auth_2fa"]==="authenticated")){
|
||||
//user is fully authenticated, send him to the desired page
|
||||
$data = [
|
||||
'login' => true,
|
||||
'message' => 'fully_logged_in',
|
||||
'redirect' => $send_to
|
||||
];
|
||||
echo(json_encode($data));
|
||||
}else{
|
||||
//we have to send the user around :)
|
||||
//load his auth methods. then send the first one. if he auths there he will be send back here and we can send him to the next auth method
|
||||
$username=$_SESSION["username"];
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
4
app-code/api/login/set_username.php
Normal file
4
app-code/api/login/set_username.php
Normal file
@@ -0,0 +1,4 @@
|
||||
<?php
|
||||
session_start();
|
||||
$_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$_POST["username"]);
|
||||
?>
|
||||
111
app-code/api/register/register_user.php
Normal file
111
app-code/api/register/register_user.php
Normal file
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
// Set response headers to return JSON
|
||||
header('Content-Type: application/json');
|
||||
|
||||
include "../../config/config.php";
|
||||
// Connect to the database
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
|
||||
// Check the connection
|
||||
if ($conn === false) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Database connection failed: ' . mysqli_connect_error()
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check if the request method is POST
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// Get the JSON input
|
||||
$input = file_get_contents('php://input');
|
||||
$data = json_decode($input, true);
|
||||
|
||||
// Validate input
|
||||
if (!isset($data['username']) || !isset($data['password'])) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Invalid input. Username and password are required.'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
$username = trim($data['username']);
|
||||
$email = trim($data['email']);
|
||||
$password = trim($data['password']);
|
||||
$telegram_id = trim($data['telegram']);
|
||||
|
||||
// Check for empty fields
|
||||
if (empty($username) || empty($password)) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Username and password are required.'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check if the username already exists
|
||||
$sql = "SELECT id FROM users WHERE username = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_store_result($stmt);
|
||||
|
||||
if (mysqli_stmt_num_rows($stmt) > 0) {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Username already taken.'
|
||||
]);
|
||||
mysqli_stmt_close($stmt);
|
||||
exit;
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
// Check if the email already exists
|
||||
$sql = "SELECT id FROM users WHERE email = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $email);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_store_result($stmt);
|
||||
|
||||
if (mysqli_stmt_num_rows($stmt) > 0 && $email!="") {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Email already registered.'
|
||||
]);
|
||||
mysqli_stmt_close($stmt);
|
||||
exit;
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
$pepper=bin2hex(random_bytes(32));
|
||||
// Hash the password / a salt is added automaticly
|
||||
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
|
||||
|
||||
// Insert the user into the database
|
||||
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'message' => 'Registration successful!'
|
||||
]);
|
||||
} else {
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Registration failed. Please try again later.'
|
||||
]);
|
||||
}
|
||||
mysqli_stmt_close($stmt);
|
||||
} else {
|
||||
// Invalid request method
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Invalid request method. Only POST is allowed.'
|
||||
]);
|
||||
}
|
||||
|
||||
// Close the database connection
|
||||
mysqli_close($conn);
|
||||
?>
|
||||
Reference in New Issue
Block a user