trinkey/tlm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

admin page + invite codes

Browse source
This commit is contained in:
trinkey 2025-03-27 13:06:13 -04:00
parent ce64465659
commit d8c35856de
8 changed files with 180 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
TODO.md
View file

@ -1,3 +1 @@
- account deletion
- admin page
- invite codes

72
admin.php Normal file
View file

@ -0,0 +1,72 @@
<?php
include "config.php";
include "helper.php";
$user = is_logged_in();
if (!$user || !in_array($user["username"], $admin_users, true)) {
http_response_code(404);
exit();
} else if ($_SERVER["REQUEST_METHOD"] === "POST") {
$intent = $_POST["intent"];
if ($intent === "generate-invite") {
pg_insert(
$db, "invites",
array("id" => generate_id())
);
} else {
$err = $lang["errors"]["intent"];
}
} else if ($_GET["del"]) {
$del_type = explode("-", $_GET["del"])[0];
$del_id = explode("-", $_GET["del"])[1];
if (strlen($del_id) === 64 && preg_match("/^[a-f0-9]{64}$/", $del_id) && $del_type === "invite") {
pg_delete(
$db, "invites",
array(
"id" => $del_id
)
);
}
}
$title = $lang["admin"]["title"];
include "boilerplate/head.php";
?>
<div id="container">
<h3><?php echo $lang["admin"]["invite"]["title"]; ?></h3>
<?php
if ($signups !== "invite") {
echo "<span class=\"yellow\">{$lang['admin']['invite']['disabled']}</span>";
}
?>
<ul>
<?php
$invites = pg_fetch_all(pg_query($db, "SELECT * FROM invites;"));
if (count($invites) === 0) {
echo "<li><i>{$lang['admin']['invite']['none']}</i></li>";
} else {
foreach ($invites as $invite) {
echo "<li>
<code>{$invite['id']}</code> -
<a class=\"plain\" href=\"admin.php?del=invite-{$invite['id']}\">
<button tabindex=\"-1\">{$lang['admin']['invite']['delete']}</button>
</a>
</li>";
}
}
?>
</ul>
<form method="POST">
<input type="hidden" name="intent" value="generate-invite">
<input type="submit" value="<?php echo $lang["admin"]["invite"]["new"]; ?>">
</form>
</div>
<?php include "boilerplate/foot.php"; ?>

6
config.php
View file

@ -5,7 +5,7 @@ $site_name = "Todo List Manager";
$signups = "invite"; // true, false, "invite" - treats it as true if no users currently exist, invite requires an admin to invite the user
$language = "en-US"; // an item from the lang folder. exclude the ".json"
$admin_users = array(
$admin_users = array("trinkey"
// "username1", "username2", ...
);
@ -39,4 +39,8 @@ $default_schema = array(
)
);
if ($signups !== true and pg_fetch_array(pg_query($db, "SELECT count(*) FROM users LIMIT 1;")) === "0") {
$signups = true;
}
?>

11
index.php
View file

@ -12,7 +12,7 @@ if ($user === false) {
$q = "SELECT count(*) FROM users LIMIT 1;";
if ($signups !== false || ($signups === false && pg_fetch_array(pg_query($db, $q))["count"] !== 0)) {
if ($signups !== false) {
echo " - <a href=\"signup.php\">{$lang['account']['sign_up']}</a>";
}
@ -433,7 +433,14 @@ foreach ($sections as $section) {
</form>
</div>
</div>
<p><a href="https://git.trinkey.com/trinkey/tlm"><?php echo $lang["settings"]["source_code"]; ?></a><p>
<p>
<a href="https://git.trinkey.com/trinkey/tlm"><?php echo $lang["settings"]["source_code"]; ?></a>
<?php
if (in_array($user["username"], $admin_users, true)) {
echo "- <a href=\"admin.php\">{$lang['admin']['title']}</a>";
}
?>
<p>
</details>
</div>

16
lang/en-US.json
View file

@ -12,13 +12,15 @@
"user_exists": "User '%u' already exists",
"incorrect_password": "Incorrect password",
"password_match": "Passwords don't match",
"password_changed": "Password changed"
"password_changed": "Password changed",
"invalid_invite": "Invalid invite code"
},
"log_in": "Log In",
"log_in_instead": "Log in instead?",
"sign_up": "Sign Up",
"sign_up_instead": "Sign up instead?",
"invite": "Invite code",
"username": "Username",
"password": "Password",
"verify": "Verify password"
@ -114,5 +116,17 @@
"title": "More options...",
"source_code": "Source code"
},
"admin": {
"invite": {
"title": "Invite Codes",
"disabled": "Invite codes are not required to sign up",
"delete": "Delete",
"none": "None",
"new": "Generate new code"
},
"title": "Admin Panel"
}
}

4
login.php
View file

@ -55,9 +55,7 @@
</form>
<?php
$q = "SELECT count(*) FROM users LIMIT 1;";
if ($signups !== false || ($signups === false && pg_fetch_array(pg_query($db, $q))["count"] !== 0)) {
if ($signups !== false) {
echo "<p><a href=\"signup.php\">{$lang['account']['sign_up_instead']}</a></p>";
}

5
logout.php Normal file
View file

@ -0,0 +1,5 @@
<?php
setcookie("token", "", -1);
header("Location: index.php");
exit();
?>

112
signup.php
View file

@ -2,6 +2,11 @@
include "config.php";
include "helper.php";
if ($signups === false) {
http_response_code(404);
exit();
}
if (is_logged_in()) {
header("Location: index.php");
exit();
@ -30,50 +35,74 @@
$c = pg_fetch_array($response)["count"];
if ($c === "0") {
$user_id = generate_id();
$pw_hash = password_hash($p, PASSWORD_DEFAULT);
$user_parameters = array(
"id" => $user_id,
"username" => $u,
"password_hash" => $pw_hash,
"enable_colors" => true,
"yellow_threshold" => 2,
"gray_threshold" => 60
);
$allow_signup = true;
if ($signups === "invite") {
$invite_code = $_POST["invite"];
pg_insert($db, "users", $user_parameters);
if (strlen($invite_code) !== 64 || !preg_match("/^[a-f0-9]{64}$/", $invite_code)) {
$allow_signup = false;
$err = $lang["account"]["errors"]["invalid_invite"];
} else {
$q = "SELECT count(*) FROM invites WHERE id='$invite_code' LIMIT 1;";
$invite_valid = pg_fetch_array(pg_query($db, $q))["count"] === "1";
echo json_encode(pg_fetch_array(pg_query($db, $q)));
foreach ($default_schema as $section_id => $section_data) {
$section_id = generate_id();
$section_parameters = array(
"id" => $section_id,
"users" => $user_id,
"name" => $section_data["name"],
"show_subtitle" => $section_data["show_subtitle"]
);
pg_insert($db, "section", $section_parameters);
foreach ($section_data["items"] as $row_id => $row_data) {
$row_id = generate_id();
$row_parameters = array(
"id" => $row_id,
"section" => $section_id,
"name" => $row_data["name"],
"display_format" => $row_data["display_format"]
);
pg_insert($db, "row", $row_parameters);
if (!$invite_valid) {
$allow_signup = false;
$err = $lang["account"]["errors"]["invalid_invite"];
} else {
$q = "DELETE FROM invites WHERE id='$invite_code';";
pg_query($db, $q);
}
}
}
$token = get_token($u, $pw_hash);
setcookie(
"token", $token,
time() + 60 * 60 * 24 * 365 // 1 year from now
);
header("Location: index.php");
exit();
if ($allow_signup) {
$user_id = generate_id();
$pw_hash = password_hash($p, PASSWORD_DEFAULT);
$user_parameters = array(
"id" => $user_id,
"username" => $u,
"password_hash" => $pw_hash,
"enable_colors" => true,
"yellow_threshold" => 2,
"gray_threshold" => 60
);
pg_insert($db, "users", $user_parameters);
foreach ($default_schema as $section_id => $section_data) {
$section_id = generate_id();
$section_parameters = array(
"id" => $section_id,
"users" => $user_id,
"name" => $section_data["name"],
"show_subtitle" => $section_data["show_subtitle"]
);
pg_insert($db, "section", $section_parameters);
foreach ($section_data["items"] as $row_id => $row_data) {
$row_id = generate_id();
$row_parameters = array(
"id" => $row_id,
"section" => $section_id,
"name" => $row_data["name"],
"display_format" => $row_data["display_format"]
);
pg_insert($db, "row", $row_parameters);
}
}
$token = get_token($u, $pw_hash);
setcookie(
"token", $token,
time() + 60 * 60 * 24 * 365 // 1 year from now
);
header("Location: index.php");
exit();
}
} else {
$err = str_replace("%u", htmlspecialchars($u), $lang["account"]["errors"]["user_exists"]);
}
@ -88,6 +117,11 @@
<div><input placeholder="<?php echo $lang["account"]["username"]; ?>" name="username" value="<?php echo htmlspecialchars($u); ?>" maxlength="64" required></div>
<div><input placeholder="<?php echo $lang["account"]["password"]; ?>" name="password" type="password" value="<?php echo htmlspecialchars($p); ?>" required></div>
<div><input placeholder="<?php echo $lang["account"]["verify"]; ?>" name="verify" type="password" required></div>
<?php
if ($signups === "invite") {
echo "<div><input placeholder=\"{$lang['account']['invite']}\" name=\"invite\" type=\"password\" maxlength=\"64\" required></div>";
}
?>
<div><input type="submit" value="<?php echo $lang["account"]["sign_up"]; ?>"></div>
<p><a href="login.php"><?php echo $lang["account"]["log_in_instead"]; ?></a></p>
</form>