diff options
| -rw-r--r-- | README.md | 5 | ||||
| -rw-r--r-- | backend/change.php | 77 | ||||
| -rw-r--r-- | backend/forget.php | 71 |
3 files changed, 149 insertions, 4 deletions
@@ -26,13 +26,10 @@ it might still be relevant to find out what is to be done. ## To-Do -### Backend +### Frontend - add name and password change - add account removal - -### Frontend - - sort landing page team clicks by amount - play page: preload active image - play page: click on any key press diff --git a/backend/change.php b/backend/change.php new file mode 100644 index 0000000..faca0a5 --- /dev/null +++ b/backend/change.php @@ -0,0 +1,77 @@ +<?php +/* hitler-clicker + * api for account modification + * © 2025 hitler.rip <git@hitler.rip> + * licensed under AGPLv3-or-later; see LICENSE.md for more information + */ + +header('Content-Type: application/json; charset=UTF-8'); + +try { + $pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa"); +} catch(PDOException $e) { + die('{ "status": "database offline" }'); +}; + +$wrkarr = []; +$ifarr = [ "name", "password", "newname", "newpassword" ]; +$postjson = json_decode(file_get_contents('php://input'), true); +foreach ($ifarr as $i): + if (isset($postjson[$i])): + $newarr = [ + "$i" => "$postjson[$i]", + ]; + $wrkarr = array_merge($wrkarr, $newarr); + endif; +endforeach; + +if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""): + die('{ "status": "login (name) was not provided.\ncould not attempt to change account." }'); +elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""): + die('{ "status": "password was not provided.\ncould not attempt to change account." }'); +else: + + $query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found): + + if (!password_verify($wrkarr["password"], $found["password"])): + die('{ "status": "wrong password." }'); + else: + + if (!isset($wrkarr["newname"]) || trim($wrkarr["newname"]) == ""): + die('{ "status": "new name was not provided.\ncould not attempt to change account." }'); + elseif (!isset($wrkarr["newpassword"]) || trim($wrkarr["newpassword"]) == ""): + die('{ "status": "new password was not provided.\ncould not attempt to change account." }'); + else: + + $query = $pdo->prepare("SELECT name FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["newname"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found && $found["name"] != $wrkarr["name"]): + die('{ "status": "this name is already taken." }'); + endif; + + $query = $pdo->prepare("UPDATE users SET name = :newname , password = :newpassword WHERE users.name = :name"); + $query -> execute([ + "newname" => filter_var($wrkarr["newname"]), + "newpassword" => password_hash($wrkarr["newpassword"], PASSWORD_DEFAULT), + "name" => filter_var($wrkarr["name"]) + ]); + + echo '{ "status": "success" }'; + + + endif; + + + endif; + + else: + die('{ "status": "name does not exist in the database." }'); + endif; + +endif; + +?> diff --git a/backend/forget.php b/backend/forget.php new file mode 100644 index 0000000..9f6f543 --- /dev/null +++ b/backend/forget.php @@ -0,0 +1,71 @@ +<?php +/* hitler-clicker + * api for account deletion + * © 2025 hitler.rip <git@hitler.rip> + * licensed under AGPLv3-or-later; see LICENSE.md for more information + */ + +header('Content-Type: application/json; charset=UTF-8'); + +try { + $pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa"); +} catch(PDOException $e) { + die('{ "status": "database offline" }'); +}; + +$wrkarr = []; +$ifarr = [ "name", "password" ]; +$postjson = json_decode(file_get_contents('php://input'), true); +foreach ($ifarr as $i): + if (isset($postjson[$i])): + $newarr = [ + "$i" => "$postjson[$i]", + ]; + $wrkarr = array_merge($wrkarr, $newarr); + endif; +endforeach; + +if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""): + die('{ "status": "login (name) was not provided.\ncould not attempt to forget." }'); +elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""): + die('{ "status": "password was not provided.\ncould not attempt to forget." }'); +else: + + $query = $pdo->prepare("SELECT name, password, team, clicks FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + if ($found): + + if (!password_verify($wrkarr["password"], $found["password"])): + die('{ "status": "wrong password." }'); + else: + + $forgottenclicks = $found["clicks"]; + + $query = $pdo->prepare("SELECT team, clicks, fromanon FROM stats WHERE team LIKE ?"); + $query -> execute([$found["team"]]); + $found = $query->fetch(PDO::FETCH_ASSOC); + + $oldanonclicks = $found["fromanon"]; + $newanonclicks = $oldanonclicks + $forgottenclicks; + + $query = $pdo->prepare("UPDATE stats SET fromanon = :fromanon WHERE stats.team = :team"); + $query -> execute([ + "fromanon" => "$newanonclicks", + "team" => "$found[team]" + ]); + + $query = $pdo->prepare("DELETE FROM users WHERE name LIKE ?"); + $query -> execute([$wrkarr["name"]]); + + die("{ \"status\": \"success\", \"fc\": \"$forgottenclicks\", \"nac\": \"$newanonclicks\" }"); + + endif; + + else: + die('{ "status": "name does not exist in the database." }'); + endif; + +endif; + +?> |