From 551b95fa58bf62b4a0780e09b9cba434eae52786 Mon Sep 17 00:00:00 2001
From: hitlerrip <git@hitler.rip>
Date: Tue, 29 Jul 2025 19:44:31 +0200
Subject: basic auth

added basic authentication apis
---
 README.md        | 12 ++++++++++++
 backend/auth.php | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 backend/join.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 107 insertions(+)
 create mode 100644 backend/auth.php
 create mode 100644 backend/join.php

diff --git a/README.md b/README.md
index d1eaec3..d84686f 100644
--- a/README.md
+++ b/README.md
@@ -23,3 +23,15 @@ php -S localhost:8000
 # start frontend
 # coming soon...
 ```
+
+You send requests to the API like this:
+
+```sh
+curl -X POST -d '{ "key": "value" }' http://localhost:8000/yourapifile.php
+```
+
+`index.php` automatically creates the required database tables if they do not already exist, so just request that API to have everything set up for you.
+
+## To-Do
+
+- add name and password change
diff --git a/backend/auth.php b/backend/auth.php
new file mode 100644
index 0000000..cf646d8
--- /dev/null
+++ b/backend/auth.php
@@ -0,0 +1,49 @@
+<?php
+header('Content-Type: application/json; charset=UTF-8');
+
+try {
+	$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
+} catch(PDOException $e) {
+	die('{ "status": "database offline" }');
+};
+
+$wrkarr = [];
+$ifarr = [ "name", "password" ];
+$postjson = json_decode(file_get_contents('php://input'), true);
+foreach ($ifarr as $i):
+	if (isset($postjson[$i])):
+		$newarr = [
+			"$i" => "$postjson[$i]",
+		];
+		$wrkarr = array_merge($wrkarr, $newarr);
+	endif;
+endforeach;
+
+if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
+	die('{ "status": "login (name) was not provided.\ncould not attempt to log in." }');
+elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
+	die('{ "status": "password was not provided.\ncould not attempt to log in." }');
+else:
+
+	$query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?");
+	$query -> execute([$wrkarr["name"]]);
+	$found = $query->fetch(PDO::FETCH_ASSOC);
+	if ($found):
+
+		if (!password_verify($wrkarr["password"], $found["password"])):
+			die('{ "status": "wrong password." }');
+		else:
+
+			die('{ "status": "success" }');
+
+		endif;
+
+	else:
+		die('{ "status": "name does not exist in the database." }');
+	endif;
+
+endif;
+
+echo '{ "status": "online" }';
+
+?>
diff --git a/backend/join.php b/backend/join.php
new file mode 100644
index 0000000..2290f26
--- /dev/null
+++ b/backend/join.php
@@ -0,0 +1,46 @@
+<?php
+header('Content-Type: application/json; charset=UTF-8');
+
+try {
+	$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
+} catch(PDOException $e) {
+	die('{ "status": "database offline" }');
+};
+
+$wrkarr = [];
+$ifarr = [ "name", "password" ];
+$postjson = json_decode(file_get_contents('php://input'), true);
+foreach ($ifarr as $i):
+	if (isset($postjson[$i])):
+		$newarr = [
+			"$i" => "$postjson[$i]",
+		];
+		$wrkarr = array_merge($wrkarr, $newarr);
+	endif;
+endforeach;
+
+if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
+	die('{ "status": "login (name) was not provided.\ncould not attempt to join." }');
+elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
+	die('{ "status": "password was not provided.\ncould not attempt to join." }');
+else:
+
+	$query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?");
+	$query -> execute([$wrkarr["name"]]);
+	$found = $query->fetch(PDO::FETCH_ASSOC);
+	if ($found) {
+		die('{ "status": "name already exists in the database." }');
+	}
+
+	$query = $pdo->prepare("INSERT INTO users (name, password) VALUES (:name, :password)");
+	$query->execute([
+		"name" => filter_var($wrkarr["name"]),
+		"password" => password_hash($wrkarr["password"], PASSWORD_DEFAULT),
+	]);
+	die('{ "status": "success" }');
+
+endif;
+
+echo '{ "status": "online" }';
+
+?>
-- 
cgit v1.2.3