require_once 'config.php'; require_once 'auth.php'; require_once 'calendar_lib.php'; header("Content-Type: application/json"); if ($https && !isset($_SERVER['HTTPS'])) { // We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); exit; } if (!user_logged_in()) { exit(json_encode(array('error' => 'not_logged_in'))); } if (!isset($_POST['password'])) { exit(json_encode(array('error' => 'invalid_parameters'))); } $user = get_viewer_id(); $password = $_POST['password']; $result = $conn->query("SELECT hash FROM users WHERE id = {$user}"); $user_row = $result->fetch_assoc(); if (!$user_row) { exit(json_encode(array('error' => 'internal_error'))); } if (!password_verify($password, $user_row['hash'])) { exit(json_encode(array('error' => 'invalid_credentials'))); } $conn->query("DELETE u, iu, v, iv, c, ic, r FROM users u " . "LEFT JOIN ids iu ON iu.id = u.id " . "LEFT JOIN verifications v ON v.user = u.id " . "LEFT JOIN ids iv ON iv.id = v.id " . "LEFT JOIN cookies c ON c.user = u.id " . "LEFT JOIN ids ic ON ic.id = c.id " . "LEFT JOIN roles r ON r.user = u.id " . "WHERE u.id = {$user}"); // TODO figure out what to do what calendars this account admins delete_cookie('user'); $anonymous_viewer = init_anonymous_cookie(); exit(json_encode(array('success' => true, 'calendar_infos' => get_calendar_infos($anonymous_viewer))));
if ($verify_result) { list($verify_user, $verify_field) = $verify_result; if ($verify_field === VERIFY_FIELD_EMAIL) { $conn->query("UPDATE users SET email_verified = 1 WHERE id = {$verify_user}"); clear_verify_codes($verify_user, $verify_field); } else { if ($verify_field === VERIFY_FIELD_RESET_PASSWORD) { $result = $conn->query("SELECT username FROM users WHERE id = {$verify_user}"); $reset_password_user_row = $result->fetch_assoc(); $reset_password_username = $reset_password_user_row['username']; } } } } $viewer_id = get_viewer_id(); $calendar_infos = get_calendar_infos($viewer_id); $subscription_exists = false; foreach ($calendar_infos as $calendar_info) { if ($calendar_info['subscribed']) { $subscription_exists = true; break; } } if (!$home && $calendar === null) { if ($subscription_exists) { $home = true; } else { $calendar = 254; } } if ($home && !$subscription_exists) {
<?php require_once 'config.php'; require_once 'auth.php'; require_once 'calendar_lib.php'; header("Content-Type: application/json"); if ($https && !isset($_SERVER['HTTPS'])) { // We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen exit(json_encode(array('error' => 'tls_failure'))); } if (user_logged_in()) { exit(json_encode(array('error' => 'already_logged_in'))); } if (!isset($_POST['username']) || !isset($_POST['password'])) { exit(json_encode(array('error' => 'invalid_parameters'))); } $username = $conn->real_escape_string($_POST['username']); $password = $_POST['password']; $result = $conn->query("SELECT id, hash, username, email, email_verified " . "FROM users WHERE username = '******' OR email = '{$username}'"); $user_row = $result->fetch_assoc(); if (!$user_row) { exit(json_encode(array('error' => 'invalid_parameters'))); } if (!password_verify($password, $user_row['hash'])) { exit(json_encode(array('error' => 'invalid_credentials'))); } $id = intval($user_row['id']); create_user_cookie($id); exit(json_encode(array('success' => true, 'username' => $user_row['username'], 'email' => $user_row['email'], 'email_verified' => (bool) $user_row['email_verified'], 'calendar_infos' => get_calendar_infos($id))));