diff options
| author | hitlerrip <git@hitler.rip> | 2025-08-03 21:30:44 +0200 |
|---|---|---|
| committer | hitlerrip <git@hitler.rip> | 2025-08-03 21:30:44 +0200 |
| commit | db6cf438162897477317b7217d047fcf6bb393e0 (patch) | |
| tree | a831346ccce3e2e9c344a26035af6cc80dbcc272 /backend | |
| parent | 22981083025cd378585af8bdf8a50f57269de389 (diff) | |
| download | hitler-clicker-db6cf438162897477317b7217d047fcf6bb393e0.tar.gz hitler-clicker-db6cf438162897477317b7217d047fcf6bb393e0.tar.bz2 hitler-clicker-db6cf438162897477317b7217d047fcf6bb393e0.zip | |
account apis
- added api to change name and password
- added api to delete user account and anonymize clicks
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/change.php | 77 | ||||
| -rw-r--r-- | backend/forget.php | 71 |
2 files changed, 148 insertions, 0 deletions
diff --git a/backend/change.php b/backend/change.php new file mode 100644 index 0000000..faca0a5 --- /dev/null +++ b/backend/change.php @@ -0,0 +1,77 @@ +<?php +/* hitler-clicker + * api for account modification + * © 2025 hitler.rip <git@hitler.rip> + * licensed under AGPLv3-or-later; see LICENSE.md for more information + */ + +header('Content-Type: application/json; charset=UTF-8'); + +try { + $pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa"); +} catch(PDOException $e) { + die('{ "status": "database offline" }'); +}; + +$wrkarr = []; +$ifarr = [ "name", "password", "newname", "newpassword" ]; +$postjson = json_decode(file_get_contents('php://input'), true); +foreach ($ifarr as $i): + if (isset($postjson[$i])): + $newarr = [ + "$i" => "$postjson[$i]", + ]; + $wrkarr = array_merge($wrkarr, $newarr); + endif; +endforeach; + +if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""): + die('{ "status": "login (name) was not provided.\ncould not attempt to change account." }'); +elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""): + die('{ "status": "password was not provided.\ncould not attempt to change account." }'); +else: + + $query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found): + + if (!password_verify($wrkarr["password"], $found["password"])): + die('{ "status": "wrong password." }'); + else: + + if (!isset($wrkarr["newname"]) || trim($wrkarr["newname"]) == ""): + die('{ "status": "new name was not provided.\ncould not attempt to change account." }'); + elseif (!isset($wrkarr["newpassword"]) || trim($wrkarr["newpassword"]) == ""): + die('{ "status": "new password was not provided.\ncould not attempt to change account." }'); + else: + + $query = $pdo->prepare("SELECT name FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["newname"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found && $found["name"] != $wrkarr["name"]): + die('{ "status": "this name is already taken." }'); + endif; + + $query = $pdo->prepare("UPDATE users SET name = :newname , password = :newpassword WHERE users.name = :name"); + $query -> execute([ + "newname" => filter_var($wrkarr["newname"]), + "newpassword" => password_hash($wrkarr["newpassword"], PASSWORD_DEFAULT), + "name" => filter_var($wrkarr["name"]) + ]); + + echo '{ "status": "success" }'; + + + endif; + + + endif; + + else: + die('{ "status": "name does not exist in the database." }'); + endif; + +endif; + +?> diff --git a/backend/forget.php b/backend/forget.php new file mode 100644 index 0000000..9f6f543 --- /dev/null +++ b/backend/forget.php @@ -0,0 +1,71 @@ +<?php +/* hitler-clicker + * api for account deletion + * © 2025 hitler.rip <git@hitler.rip> + * licensed under AGPLv3-or-later; see LICENSE.md for more information + */ + +header('Content-Type: application/json; charset=UTF-8'); + +try { + $pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa"); +} catch(PDOException $e) { + die('{ "status": "database offline" }'); +}; + +$wrkarr = []; +$ifarr = [ "name", "password" ]; +$postjson = json_decode(file_get_contents('php://input'), true); +foreach ($ifarr as $i): + if (isset($postjson[$i])): + $newarr = [ + "$i" => "$postjson[$i]", + ]; + $wrkarr = array_merge($wrkarr, $newarr); + endif; +endforeach; + +if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""): + die('{ "status": "login (name) was not provided.\ncould not attempt to forget." }'); +elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""): + die('{ "status": "password was not provided.\ncould not attempt to forget." }'); +else: + + $query = $pdo->prepare("SELECT name, password, team, clicks FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found): + + if (!password_verify($wrkarr["password"], $found["password"])): + die('{ "status": "wrong password." }'); + else: + + $forgottenclicks = $found["clicks"]; + + $query = $pdo->prepare("SELECT team, clicks, fromanon FROM stats WHERE team LIKE ?"); + $query -> execute([$found["team"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + + $oldanonclicks = $found["fromanon"]; + $newanonclicks = $oldanonclicks + $forgottenclicks; + + $query = $pdo->prepare("UPDATE stats SET fromanon = :fromanon WHERE stats.team = :team"); + $query -> execute([ + "fromanon" => "$newanonclicks", + "team" => "$found[team]" + ]); + + $query = $pdo->prepare("DELETE FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + + die("{ \"status\": \"success\", \"fc\": \"$forgottenclicks\", \"nac\": \"$newanonclicks\" }"); + + endif; + + else: + die('{ "status": "name does not exist in the database." }'); + endif; + +endif; + +?> |