diff options
| -rw-r--r-- | apache/sites/nowayforward_human.conf.tpl | 4 | ||||
| -rw-r--r-- | controllers/user.php | 9 | ||||
| -rw-r--r-- | models/cookies.php | 8 | ||||
| -rw-r--r-- | views/authenticate.js | 19 | ||||
| -rw-r--r-- | views/footer.php | 13 | ||||
| -rw-r--r-- | views/header.php | 18 | ||||
| -rw-r--r-- | views/profile/authenticate.php | 27 | ||||
| -rw-r--r-- | views/styles.css | 4 |
8 files changed, 99 insertions, 3 deletions
diff --git a/apache/sites/nowayforward_human.conf.tpl b/apache/sites/nowayforward_human.conf.tpl index 72ed808..ba010c7 100644 --- a/apache/sites/nowayforward_human.conf.tpl +++ b/apache/sites/nowayforward_human.conf.tpl @@ -10,4 +10,8 @@ RedirectMatch "^/$" /home/index.php RedirectMatch "^/index.html$" /home/index.php RedirectMatch "^/index.php$" /home/index.php + + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] </VirtualHost> diff --git a/controllers/user.php b/controllers/user.php index f26103e..78797db 100644 --- a/controllers/user.php +++ b/controllers/user.php @@ -7,3 +7,12 @@ function on_get() { } catch(Exception $e) {} } + +function on_post() { + global $user; + try { + $headers = apache_request_headers(); + $user = Database\Cookie::fromDB($headers["Authorization"]); + } + catch(Exception $e) {} +} diff --git a/models/cookies.php b/models/cookies.php index 8a7ea42..a181022 100644 --- a/models/cookies.php +++ b/models/cookies.php @@ -16,6 +16,14 @@ class Cookie extends Table { ); return $Token; } + + static function fromDB(string $token) : User { + $UID = Table::_fromDB( + "SELECT UID FROM Cookies WHERE Token = \"$token\"", + "Database\Cookie" + )->UID; + return User::fromDBuid($UID); + } } // Taken from https://stackoverflow.com/a/15875555 diff --git a/views/authenticate.js b/views/authenticate.js new file mode 100644 index 0000000..5e1371a --- /dev/null +++ b/views/authenticate.js @@ -0,0 +1,19 @@ +var authentication_response = null; +var authentication_callbacks = []; + +function requestAuthentication() { + var request = new XMLHttpRequest(); + request.onreadystatechange = function() { + if (request.readyState < 4) return; + + authentication_response = (request.status == 200) ? request.responseText : ""; + } + request.open("POST", "/profile/authenticate.php", true); + request.setRequestHeader("Authorization", sessionStorage.getItem("token")); + request.send(null); +} +requestAuthentication(); + +function authenticated(callback) { + authentication_callbacks.push(callback); +} diff --git a/views/footer.php b/views/footer.php index b457da8..22c4631 100644 --- a/views/footer.php +++ b/views/footer.php @@ -1,3 +1,16 @@ </article> </body> +<script type="text/javascript"> + function eval_callbacks() { + if (authentication_response === null) { + setTimeout(eval_callbacks, 50); + } + else if (authentication_response !== "") { + for (callback of authentication_callbacks) { + callback(authentication_response); + } + } + } + eval_callbacks(); +</script> </html> diff --git a/views/header.php b/views/header.php index 7a874d4..3835dfb 100644 --- a/views/header.php +++ b/views/header.php @@ -9,16 +9,28 @@ <title><?= htmlspecialchars($title ?? "No Way Forward Human");?></title> </head> <body> + <script type="text/javascript" src="/authenticate.js"></script> <header> <nav> <div class="fadeout-left"></div> <a href="/home/index.php">Home</a> - <a href="/test/index.php">Test</a> <a href="/sample_archive/index.php">Sample Archive</a> <div class="flex-expand"></div> - <a href="/login/index.php">Login</a> - <a href="/register/index.php">Register</a> + <a id="login" href="/login/index.php">Login</a> + <a id="register" href="/register/index.php">Register</a> + <a id="profile" href="/profile/index.php" hidden>Profile</a> <div class="fadeout-right"></div> </nav> + <script type="text/javascript"> + function updateNavbar(response) { + document.getElementById('login').hidden = true; + document.getElementById('register').hidden = true; + + const profile = document.getElementById('profile'); + profile.hidden = false; + profile.href += '?user=' + response; + } + authenticated(updateNavbar); + </script> </header> <article> diff --git a/views/profile/authenticate.php b/views/profile/authenticate.php new file mode 100644 index 0000000..540d4a3 --- /dev/null +++ b/views/profile/authenticate.php @@ -0,0 +1,27 @@ +<?php + +if ($_SERVER['REQUEST_METHOD'] !== 'POST') { + header('Allow: POST'); + http_response_code(405); + header('Content-Type: text/plain'); + echo $_SERVER['REQUEST_METHOD'] . " request not allowed!"; + exit; +} + +include '../meta.php'; + +$user = null; +runController('user'); + +if ($user !== null) { + http_response_code(200); + header('Content-Type: text/plain'); + echo $user->Username; +} +else { + http_response_code(401); + header('Content-Type: text/plain'); + echo 'Bad token!'; +} + +exit; diff --git a/views/styles.css b/views/styles.css index f1a24fe..5058854 100644 --- a/views/styles.css +++ b/views/styles.css @@ -70,6 +70,10 @@ input[type=submit]:hover { cursor: pointer; } +[hidden] { + display: none !important; +} + /* Generic */ .float-right { |