feat: Logout button

8 files changed, 69 insertions, 17 deletions

diff --git a/controllers/login.php b/controllers/login.php
index 7502b03..8b640ce 100644
--- a/controllers/login.php
+++ b/controllers/login.php
@@ -21,3 +21,11 @@ function on_post() {
         $user_status = "User \"" . $_POST["username"] . "\" doesn't exist!";
     }
 }
+
+function on_delete() {
+    try {
+        $headers = apache_request_headers();
+        Database\Cookie::delete($headers["Authorization"]);
+    }
+    catch(Exception $e) {}
+}
diff --git a/models/cookies.php b/models/cookies.php
index a181022..ddc7d1c 100644
--- a/models/cookies.php
+++ b/models/cookies.php
@@ -24,6 +24,13 @@ class Cookie extends Table {
         )->UID;
         return User::fromDBuid($UID);
     }
+
+    static function delete(string $token) {
+        Table::_delete(
+            'Cookies',
+            "Token = \"$token\""
+        );
+    }
 }
 
 // Taken from https://stackoverflow.com/a/15875555
diff --git a/models/database.php b/models/database.php
index f472dbb..dc177e8 100644
--- a/models/database.php
+++ b/models/database.php
@@ -33,6 +33,12 @@ abstract class Table {
         return $id;
     }
 
+    static protected function _delete(string $table, string $condition) {
+        $conn = Table::connect();
+        $query = $conn->query("DELETE FROM $table WHERE $condition");
+        $conn = null;
+    }
+
     static protected function _get_entries_count(string $table) : int {
         $conn = Table::connect();
         $query = $conn->query("SELECT count(*) FROM $table");
diff --git a/views/global/header.php b/views/global/header.php
index a00c528..863ba10 100644
--- a/views/global/header.php
+++ b/views/global/header.php
@@ -17,7 +17,8 @@
             <div class="flex-expand"></div>
             <a id="login" href="/login">Login</a>
             <a id="register" href="/register">Register</a>
-            <a id="profile" href="/profile/" hidden>Profile</a>
+            <a id="profile" href="/profile" hidden>Profile</a>
+            <a id="logout" href="/logout" hidden>Logout</a>
             <div class="fadeout-right"></div>
         </nav>
         <script type="text/javascript">
@@ -25,9 +26,10 @@
                 document.getElementById('login').hidden = true;
                 document.getElementById('register').hidden = true;
 
+                document.getElementById('logout').hidden = false;
                 const profile = document.getElementById('profile');
                 profile.hidden = false;
-                profile.href += response;
+                profile.href += '/' + response;
             }
             authenticated(updateNavbar);
         </script>
diff --git a/views/global/router.php b/views/global/router.php
index 8986dfe..d77fcda 100644
--- a/views/global/router.php
+++ b/views/global/router.php
@@ -16,6 +16,7 @@ function route_view() {
         case '/profile': return '/profile';
         case '/register': return '/register';
         case '/login': return '/login';
+        case '/logout': return '/logout';
     }
 
     switch ($uri) {
diff --git a/views/login/index.php b/views/login/index.php
index 1013874..94faafe 100644
--- a/views/login/index.php
+++ b/views/login/index.php
@@ -1,20 +1,21 @@
-<?php if (isset($user_status)): ?>
-    <?php if ($user_status !== ""): ?>
-        <p>
-            Fail: <?= $user_status ?>
-        </p>
-    <?php else: ?>
-        <p>
-            Success!
-        </p>
-        <script type="text/javascript">
-            sessionStorage.setItem("token", "<?= $token ?>");
-            window.location.href = "/";
-        </script>
+<h1>Login</h1>
+
+<hr class="new-section"/>
+
+<form action="#" method="POST" class="font-115 flex-col-centered max-width-20 center-margin">
+    <?php if (isset($user_status)): ?>
+        <?php if ($user_status !== ""): ?>
+            <p class="item error"><span>
+                <strong>Error:</strong> <?= $user_status ?>
+            </span></p>
+        <?php else: ?>
+            <script type="text/javascript">
+                sessionStorage.setItem("token", "<?= $token ?>");
+                window.location.href = "/";
+            </script>
+        <?php endif; ?>
     <?php endif; ?>
-<?php endif; ?>
 
-<form action="#" method="POST">
     <input type="text" name="username" placeholder="Username" minlength="1" pattern="[A-Za-z][A-Za-z_0-9]*">
     <input type="password" name="password" placeholder="Password" minlength="4">
     <input type="submit" value="Login">
diff --git a/views/logout/index.php b/views/logout/index.php
new file mode 100644
index 0000000..fc9af5a
--- /dev/null
+++ b/views/logout/index.php
@@ -0,0 +1,23 @@
+<h2>Logging you out...</h2>
+
+<script type="text/javascript">
+    if (!sessionStorage.getItem('token')) {
+        window.location.href = '/';
+    }
+
+    function deleteToken(response) {
+        let token = sessionStorage.getItem('token');
+        sessionStorage.removeItem('token');
+
+        let request = new XMLHttpRequest();
+        request.onreadystatechange = function() {
+            if (request.readyState < 4) return;
+
+            window.location.href = '/';
+        }
+        request.open("DELETE", "#", true);
+        request.setRequestHeader("Authorization", token);
+        request.send(null);
+    }
+    authenticated(deleteToken);
+</script>
diff --git a/views/logout/meta.php b/views/logout/meta.php
new file mode 100644
index 0000000..be189c2
--- /dev/null
+++ b/views/logout/meta.php
@@ -0,0 +1,4 @@
+<?php
+
+$title = 'Logging out';
+$controller = 'login';