require_once 'config.php';
require_once 'auth.php';
require_once 'calendar_lib.php';
header("Content-Type: application/json");
if ($https && !isset($_SERVER['HTTPS'])) {
// We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen
header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
exit;
}
if (!user_logged_in()) {
exit(json_encode(array('error' => 'not_logged_in')));
}
if (!isset($_POST['password'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$user = get_viewer_id();
$password = $_POST['password'];
$result = $conn->query("SELECT hash FROM users WHERE id = {$user}");
$user_row = $result->fetch_assoc();
if (!$user_row) {
exit(json_encode(array('error' => 'internal_error')));
}
if (!password_verify($password, $user_row['hash'])) {
exit(json_encode(array('error' => 'invalid_credentials')));
}
$conn->query("DELETE u, iu, v, iv, c, ic, r FROM users u " . "LEFT JOIN ids iu ON iu.id = u.id " . "LEFT JOIN verifications v ON v.user = u.id " . "LEFT JOIN ids iv ON iv.id = v.id " . "LEFT JOIN cookies c ON c.user = u.id " . "LEFT JOIN ids ic ON ic.id = c.id " . "LEFT JOIN roles r ON r.user = u.id " . "WHERE u.id = {$user}");
// TODO figure out what to do what calendars this account admins
delete_cookie('user');
$anonymous_viewer = init_anonymous_cookie();
exit(json_encode(array('success' => true, 'calendar_infos' => get_calendar_infos($anonymous_viewer))));
if ($verify_result) {
list($verify_user, $verify_field) = $verify_result;
if ($verify_field === VERIFY_FIELD_EMAIL) {
$conn->query("UPDATE users SET email_verified = 1 WHERE id = {$verify_user}");
clear_verify_codes($verify_user, $verify_field);
} else {
if ($verify_field === VERIFY_FIELD_RESET_PASSWORD) {
$result = $conn->query("SELECT username FROM users WHERE id = {$verify_user}");
$reset_password_user_row = $result->fetch_assoc();
$reset_password_username = $reset_password_user_row['username'];
}
}
}
}
$viewer_id = get_viewer_id();
$calendar_infos = get_calendar_infos($viewer_id);
$subscription_exists = false;
foreach ($calendar_infos as $calendar_info) {
if ($calendar_info['subscribed']) {
$subscription_exists = true;
break;
}
}
if (!$home && $calendar === null) {
if ($subscription_exists) {
$home = true;
} else {
$calendar = 254;
}
}
if ($home && !$subscription_exists) {
<?php
require_once 'config.php';
require_once 'auth.php';
require_once 'calendar_lib.php';
header("Content-Type: application/json");
if ($https && !isset($_SERVER['HTTPS'])) {
// We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen
exit(json_encode(array('error' => 'tls_failure')));
}
if (user_logged_in()) {
exit(json_encode(array('error' => 'already_logged_in')));
}
if (!isset($_POST['username']) || !isset($_POST['password'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$username = $conn->real_escape_string($_POST['username']);
$password = $_POST['password'];
$result = $conn->query("SELECT id, hash, username, email, email_verified " . "FROM users WHERE username = '******' OR email = '{$username}'");
$user_row = $result->fetch_assoc();
if (!$user_row) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
if (!password_verify($password, $user_row['hash'])) {
exit(json_encode(array('error' => 'invalid_credentials')));
}
$id = intval($user_row['id']);
create_user_cookie($id);
exit(json_encode(array('success' => true, 'username' => $user_row['username'], 'email' => $user_row['email'], 'email_verified' => (bool) $user_row['email_verified'], 'calendar_infos' => get_calendar_infos($id))));
