From acfaf487426620e6dac212f38a1b589f0fd41e2a Mon Sep 17 00:00:00 2001 From: Taylor Courage Date: Mon, 3 Mar 2025 21:14:00 -0500 Subject: [PATCH] ANOTHER BIG "I need to commit more" UPDATE! - Users can now create their own accounts! Still needs to re-direct (home? user panel?) - Reformatted the folder structure again, trying to achieve more consistent file locations --- admin/admin_nav.php | 4 +- admin/data_management/add_game.php | 2 +- admin/data_management/add_tourney.php | 2 +- admin/data_management/game_form.php | 2 +- admin/data_management/tourney_form.php | 2 +- admin/db_config.php | 13 -- admin/db_management/conn_check.php | 2 +- .../{initialize.php => initialise.php} | 39 +----- .../{reinitialize.php => reinitialise.php} | 4 +- admin/user_management/add_safe_admin.php | 29 ++--- admin/user_management/add_user.php | 5 - admin/user_management/create_safe_admin.php | 51 ++++---- admin/user_management/user_form.php | 45 +++---- admin/user_management/user_management.js | 102 ---------------- create_account.php | 76 ++++++++++++ index.php | 1 + login.php | 4 +- login_page.php | 2 +- scripts/user_management.js | 112 ++++++++++++++++++ .../db_management.css | 0 .../game_management.css | 0 .../tourney_management.css | 0 .../user_management.css | 54 +++++++-- 23 files changed, 290 insertions(+), 261 deletions(-) rename admin/db_management/{initialize.php => initialise.php} (78%) rename admin/db_management/{reinitialize.php => reinitialise.php} (88%) delete mode 100644 admin/user_management/user_management.js create mode 100644 create_account.php create mode 100644 scripts/user_management.js rename {admin/db_management => styles}/db_management.css (100%) rename {admin/data_management => styles}/game_management.css (100%) rename {admin/data_management => styles}/tourney_management.css (100%) rename {admin/user_management => styles}/user_management.css (82%) diff --git a/admin/admin_nav.php b/admin/admin_nav.php index 261799a..c139fd1 100644 --- a/admin/admin_nav.php +++ b/admin/admin_nav.php @@ -24,14 +24,14 @@

DATA MANAGEMENT

 

!!!!! DANGER ZONE !!!!!

 

diff --git a/admin/data_management/add_game.php b/admin/data_management/add_game.php index 3dd3d59..b713471 100644 --- a/admin/data_management/add_game.php +++ b/admin/data_management/add_game.php @@ -6,7 +6,7 @@ - + no title diff --git a/admin/data_management/add_tourney.php b/admin/data_management/add_tourney.php index 641cbaf..0ed3323 100644 --- a/admin/data_management/add_tourney.php +++ b/admin/data_management/add_tourney.php @@ -6,7 +6,7 @@ - + no title diff --git a/admin/data_management/game_form.php b/admin/data_management/game_form.php index 8a5e80d..e6e929d 100644 --- a/admin/data_management/game_form.php +++ b/admin/data_management/game_form.php @@ -63,7 +63,7 @@ try { // Try opening the SQL database connection - + diff --git a/admin/data_management/tourney_form.php b/admin/data_management/tourney_form.php index dbf7589..0f522b5 100644 --- a/admin/data_management/tourney_form.php +++ b/admin/data_management/tourney_form.php @@ -60,7 +60,7 @@ try { // Try opening the SQL database connection - + diff --git a/admin/db_config.php b/admin/db_config.php index 0a3a6e4..5422fdf 100644 --- a/admin/db_config.php +++ b/admin/db_config.php @@ -27,7 +27,6 @@ include ("dev_db_config.php"); $userTableName = "users"; // name of the table containing user data $gameDataTableName = "games"; // table containing replay data $tournamentDataTableName = "tournaments"; // tournament data table -$trophyTableName = "trophies"; // trophy data table $adminUserTableName = "safeadmins"; $passwordLength = 8; // default minimum random password length @@ -126,16 +125,4 @@ updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP )"; -// TROPHY DATA TABLE -$sqlCreateTrophyTable = " -CREATE TABLE " . $trophyTableName . " ( -trophyID INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, -replayID INT UNSIGNED, -trophyType VARCHAR(25), -winner1 VARCHAR(30), -winner2 VARCHAR(30), -winner3 VARCHAR(30), -numPlayers TINYINT UNSIGNED, -notes VARCHAR(1000) -)"; ?> \ No newline at end of file diff --git a/admin/db_management/conn_check.php b/admin/db_management/conn_check.php index 464bb46..2722fd5 100644 --- a/admin/db_management/conn_check.php +++ b/admin/db_management/conn_check.php @@ -5,7 +5,7 @@ - + TROJAN'S GENERAL DATA SHIT diff --git a/admin/db_management/initialize.php b/admin/db_management/initialise.php similarity index 78% rename from admin/db_management/initialize.php rename to admin/db_management/initialise.php index f4dbe60..95d9a88 100644 --- a/admin/db_management/initialize.php +++ b/admin/db_management/initialise.php @@ -5,7 +5,7 @@ - + no title @@ -131,44 +131,9 @@ } } - -/* - //////// TROPHY DATA //////// - echo "

Creating trophy data table...

"; - - // Check if the replay data table exists already - $sqlCheckTrophyTable = $conn->prepare("SHOW TABLES LIKE '" . $trophyTableName . "'"); - - // Run the query - $sqlCheckTrophyTable->execute(); - - //Check if any rows exist - if not, create the table, if yes, destroy it first, then create it - $count = $sqlCheckTrophyTable->rowCount(); - - if ($count != 0) { - echo "

Deleting exsiting table '" . $trophyTableName . "'...

"; - // Create the query to drop the table - $sqlDropDataTable = "DROP TABLE " . $trophyTableName; - $conn->exec($sqlDropDataTable); // drop the table - echo "

Deleted!

Creating new table '" . $trophyTableName . "'...

"; - try { // Create the new table - $conn->query($sqlCreateTrophyTable); - echo "

Table '" . $trophyTableName . "' successfully created (trophy data)

"; - } catch (PDOException $e) { - echo $sqlCreateTrophyTable . "
" . $e->getMessage(); - } - } else { // If the table doesn't already exist, we'll just create it - try { - $conn->query($sqlCreateTrophyTable); - echo "

Table '" . $trophyTableName . "' successfully created (trophy data)

"; - } catch (PDOException $e) { - echo $sqlCreateTrophyTable . "
" . $e->getMessage(); - } - } -*/ $conn = null; // Close the connection - // Tell the use we're done + // Tell the user we're done echo "

DONE!

"; ?> diff --git a/admin/db_management/reinitialize.php b/admin/db_management/reinitialise.php similarity index 88% rename from admin/db_management/reinitialize.php rename to admin/db_management/reinitialise.php index d0815cd..71eb4a7 100644 --- a/admin/db_management/reinitialize.php +++ b/admin/db_management/reinitialise.php @@ -6,7 +6,7 @@ - + TROJAN'S GENERAL DATA SHIT @@ -25,7 +25,7 @@

ARE YOU ABSOLUTELY SURE?!

- YES + YES

 

diff --git a/admin/user_management/add_safe_admin.php b/admin/user_management/add_safe_admin.php index 53aad43..a43abb9 100644 --- a/admin/user_management/add_safe_admin.php +++ b/admin/user_management/add_safe_admin.php @@ -5,8 +5,7 @@ - - + no title @@ -20,7 +19,6 @@ $conn = new PDO("mysql:host=$servername; dbname=$dbName", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - echo "

Connected successfully

"; // Check if the users table exists already @@ -33,9 +31,11 @@ $count = $sqlCheckUserTable->rowCount(); if ($count == 0) { + echo "

Admins table not found! Probably initial setup. Creating...

"; try { $conn->query($sqlCreateAdminTable); - echo "

Table '" . $adminUserTableName . "' successfully created (user data)

"; + echo "

Table '" . $adminUserTableName . "' successfully created (safe admins)

"; + echo "

After we finish creating your user, you will need to use the \"Initialize Databases\" option in the admin panel before you can begin to use your server

"; } catch (PDOException $e) { echo $sqlCreateUserTable . "
" . $e->getMessage(); } @@ -49,38 +49,27 @@ $twitch = $_POST["twitch"]; $youtube = $_POST["youtube"]; + // Gotta check and make sure the user we're creating is an admin $isAdmin = 0; if (filter_has_var(INPUT_POST, "isAdmin")) { $isAdmin = 1; } - echo "
"; - echo $username . "
"; - echo $password . "
"; - echo $discord . "
"; - echo $twitch . "
"; - echo $youtube . "
"; - - echo $isAdmin . "
"; - + // Prepare the query $insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, twitch, youtube, isAdmin) VALUES (:username, :password, :discord, :twitch, :youtube, :isAdmin)"); - + // Bind parameters to the query $insert->bindParam(":username", $username); $insert->bindParam(":password", $password); $insert->bindParam(":discord", $discord); $insert->bindParam(":twitch", $twitch); $insert->bindParam(":youtube", $youtube); - $insert->bindParam(":isAdmin", $isAdmin); + // Execute $insert->execute(); - echo "New records created successfully?"; - - - - + echo "Safe Admin created successfully!"; } catch (PDOException $e) { // failed connection echo "Connection failed: " . $e->getMessage(); diff --git a/admin/user_management/add_user.php b/admin/user_management/add_user.php index 52544de..09684e5 100644 --- a/admin/user_management/add_user.php +++ b/admin/user_management/add_user.php @@ -44,7 +44,6 @@ $insert->bindParam(":isAdmin", $isAdmin); - $insert->execute(); if ($isAdmin == 1) { echo "New admin user \"" . $username . "\" created successfully"; @@ -52,10 +51,6 @@ echo "New user \"" . $username . "\" created successfully"; } - - - - } catch (PDOException $e) { // failed connection echo "Connection failed: " . $e->getMessage(); } diff --git a/admin/user_management/create_safe_admin.php b/admin/user_management/create_safe_admin.php index aa0bd1e..a8e38f1 100644 --- a/admin/user_management/create_safe_admin.php +++ b/admin/user_management/create_safe_admin.php @@ -6,9 +6,9 @@ - + - + ADMIN CREATION FORM @@ -20,33 +20,19 @@

-
- - - - - - - - - - -
-
- -
-

PASSWORD OPTIONS

-

- - -

- - - - -

- - +
+ + + + + + + + + + + +
@@ -55,7 +41,12 @@

 

-

This is a safe admin. You are forced to provide a password.

+

+ This is a safe admin. This person will have all of the privileges of a normal administrator, + in addition to surviving database deletes (ONLY THE USER ACCOUNT, any saved game or replay + data will NOT be saved!). Make absolutely certain this is the kind of account you want to create, + and that the person you give the credentials to is trustworthy. +

 

diff --git a/admin/user_management/user_form.php b/admin/user_management/user_form.php index d5d5aa5..3657352 100644 --- a/admin/user_management/user_form.php +++ b/admin/user_management/user_form.php @@ -6,9 +6,9 @@ - + - + USER CREATION FORM @@ -21,40 +21,25 @@
- - - - - - - - - - -
-
- -
-

PASSWORD OPTIONS

-

- - -

- - - - -

- - -

+ + + + + + + + + + + +

EXTRA OPTIONS

 

- +

An administrator will have FULL access to the administrator panel. In the hands of the wrong user, THIS COULD CAUSE SERIOUS DAMAGE AND IRREPARABLE HARM TO YOUR SERVER! Proceed with caution, and only with those you trust.

diff --git a/admin/user_management/user_management.js b/admin/user_management/user_management.js deleted file mode 100644 index 4eaf9ce..0000000 --- a/admin/user_management/user_management.js +++ /dev/null @@ -1,102 +0,0 @@ -function randomPassword() { - // Grab the length of password the user wants - var passwordLength = document.getElementById("passwordLength").value; - var password = ""; - - // The character set of the password. Modify this at your discretion - var charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; - - // Get random characters until we're at the desired length - for (var i = 0; i < passwordLength; i++) { - password += charset.charAt(Math.floor(Math.random() * charset.length)); - } - - // Set the password field to what we've generated - document.getElementById("password").value = password; -} - -function togglePassword() { - // This function features various 'toggles' for the checkboxes on the manual user creation screen - - // Check if the 'no password' option is checked. - // A password can be set later, if necessary - - if (document.getElementById("none").checked) { // IF WE HAVE NO PASSWORD OPTION CHECKED - var enabled = true; // enabled variable status set false - // Disable all the checkboxes and password length inputs - document.getElementById("password").disabled = true; - document.getElementById("showPassword").disabled = true; - document.getElementById("random").disabled = true; - document.getElementById("passwordLength").disabled = true; - // Uncheck the random password mark - document.getElementById("random").checked = false; - } else if (!(document.getElementById("none").checked)) { // IF WE UNCHECK THE OPTION, RE-ENABLE EVERYTHING - var enabled = false; // enabled variable set true! - // Re-enable inputs - document.getElementById("password").disabled = false; - document.getElementById("showPassword").disabled = false; - document.getElementById("random").disabled = false; - document.getElementById("passwordLength").disabled = false; - } - - // This will check to see if we want the password visible, and sets it as such - if (document.getElementById("showPassword").checked && !enabled) { - document.getElementById("password").type = "text"; - } else if (!(document.getElementById("showPassword").checked) && !enabled) { - document.getElementById("password").type = "password"; - } - - // This will remove the password from the field when 'random' is unchecked - if (!(document.getElementById("random").checked) && enabled) { - document.getElementById("password").value = ""; - } - -} - -function forcePassword() { - // This function forces the use of a password when we try to make the user an administrator - // An admin without a password could be bad news.... - - if (document.getElementById("isAdmin").checked) { // ensure the box is checked - document.getElementById("none").checked = false; // Force-uncheck the 'none' option - togglePassword(); // Generate a password - document.getElementById("none").disabled = true; // Disable the 'none' option - } else { - document.getElementById("none").disabled = false; // Re-enable the 'none' option - } -} - -function verifyInput() { - // This function ensures that the form was filled out properly. - // It seems way easier to do this through JS than PHP but I could be wrong - - // Check if the username is filled out - var username = document.forms["userForm"]["username"].value; - if (username == "") { - alert ("Must enter a username!"); - return false; - } - - // Check if a password is required, if so, make sure one is entered - var password = document.forms["userForm"]["password"].value; - if (!(document.getElementById("none").checked) && password == "") { - alert ("Must enter a password! Or select \"None\" for no password (not available for administrator accounts)."); - return false; - } - - // Ensure the password (if enabled) is at least 6 characters in length - if (!(document.getElementById("none").checked) && password.length < 6) { - alert ("Password must have a minimum length of 6 characters."); - return false; - } -} - -function displayPassword() { - // This will check to see if we want the password visible, and sets it as such - console.log("loaded usermanagement"); - if (document.getElementById("showPassword").checked) { - document.getElementById("password").type = "text"; - } else if (!(document.getElementById("showPassword").checked)) { - document.getElementById("password").type = "password"; - } -} \ No newline at end of file diff --git a/create_account.php b/create_account.php new file mode 100644 index 0000000..0036264 --- /dev/null +++ b/create_account.php @@ -0,0 +1,76 @@ +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + + // Grab the list of users from the user list + $sqlGetUserData = $conn->prepare("SELECT username FROM " . $userTableName . ""); + + + // Execute SQL query + $sqlGetUserData->execute(); + + // Get results from the USERS table + $results = $sqlGetUserData->fetchAll(PDO::FETCH_ASSOC); + + // Create array to store values + $userList = array(); + + // Move results to their own array, easier to convert for Javascript + foreach ($results as $result) { + $userList[] = $result["username"]; + } +} catch (PDOException $e) { // failed connection + echo "Connection failed: " . $e->getMessage(); +} + +?> + + + + + + + + + + + + + USER CREATION FORM + + + + +
+

Create An Account!

+

Get started on your trophy-winning journey with your very own TrojanDestinyRL account!

+
+

+ + +
+ + +

+ + + + + + +

+

+
+

 

+ + +

 

+
+ + \ No newline at end of file diff --git a/index.php b/index.php index 23ab820..b674dc3 100644 --- a/index.php +++ b/index.php @@ -40,6 +40,7 @@ session_start(); } } else { echo "SIGN IN"; + echo "CREATE AN ACCOUNT"; } ?>
diff --git a/login.php b/login.php index 691ba4c..b3c06b5 100644 --- a/login.php +++ b/login.php @@ -29,9 +29,7 @@ session_start(); $username = $_POST["username"]; $password = $_POST["password"]; - - // THIS SHOULD BE MADE MORE EFFICIENT WITH ONLY ONE QUERY IF POSSIBLE - // Grab the password hash for the username (if available) + // Get SQL data $sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\""); $sqlGetData->execute(); diff --git a/login_page.php b/login_page.php index 777efee..302fa96 100644 --- a/login_page.php +++ b/login_page.php @@ -17,7 +17,7 @@ $redirect = $_GET["redirect"];

Sign in to continue

-
+
diff --git a/scripts/user_management.js b/scripts/user_management.js new file mode 100644 index 0000000..0a156a9 --- /dev/null +++ b/scripts/user_management.js @@ -0,0 +1,112 @@ +function randomPassword() { + // Grab the length of password the user wants + var passwordLength = document.getElementById("passwordLength").value; + var password = ""; + + // The character set of the password. Modify this at your discretion + var charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; + + // Get random characters until we're at the desired length + for (var i = 0; i < passwordLength; i++) { + password += charset.charAt(Math.floor(Math.random() * charset.length)); + } + + // Set the password field to what we've generated + document.getElementById("password").value = password; +} + +function verifyInput() { + // This function ensures that the form was filled out properly. + // It seems way easier to do this through JS than PHP but I could be wrong + + // Check if the username is filled out + var username = document.forms["userForm"]["username"].value; + + if (username == "") { + alert ("Must enter a username!"); + return false; + } + + // Check if a password is required, if so, make sure one is entered + var password = document.forms["userForm"]["password"].value; + if (!(document.getElementById("none").checked) && password == "") { + alert ("Must enter a password! Or select \"None\" for no password (not available for administrator accounts)."); + return false; + } + + // Ensure the password (if enabled) is at least 6 characters in length + if (!(document.getElementById("none").checked) && password.length < 6) { + alert ("Password must have a minimum length of 6 characters."); + return false; + } + + // Make sure the passwords match + if (!passwordConfirm()) { + alert ("Passwords do not match!"); + return false; + } + + if (!usernameConfirm()) { + alert ("Username already taken!"); + return false; + } +} + +function displayPassword() { + // This will check to see if we want the password visible, and sets it as such + if (document.getElementById("showPassword").checked) { + document.getElementById("password").type = "text"; + } else if (!(document.getElementById("showPassword").checked)) { + document.getElementById("password").type = "password"; + } +} + +function passwordConfirm() { + // Check if the 'confirm' password matches the main one entered + var password = document.getElementById("password").value; + var confirmPassword = document.getElementById("confirmPassword").value; + + // If the field is empty we'll hide the results + if (confirmPassword == "") { + document.getElementById("matchingPasswords").style.visibility = "hidden"; + document.getElementById("matchingPasswordsText").style.visibility = "hidden"; + return false; + } else if (password == confirmPassword) { // If they match, show them green and return true + document.getElementById("matchingPasswords").style.visibility = "visible"; + document.getElementById("matchingPasswords").style.color = "green" ; + document.getElementById("matchingPasswords").innerHTML = "✓ "; + document.getElementById("matchingPasswordsText").style.visibility = "visible"; + document.getElementById("matchingPasswordsText").innerHTML = "Match!"; + return true; + } else if (password != confirmPassword) { + document.getElementById("matchingPasswords").style.visibility = "visible"; + document.getElementById("matchingPasswords").style.color = "red"; + document.getElementById("matchingPasswords").innerHTML = "Χ "; + document.getElementById("matchingPasswordsText").style.visibility = "visible"; + document.getElementById("matchingPasswordsText").innerHTML = "Not a match!"; + return false; + } +} + +function usernameConfirm() { + // Get the username entered + var username = document.getElementById("username").value; + + // If the username is blank, clear the notice + // Otherwise, we'll check the userlist created by PHP which was converted for JS + // If the name is there, return false + if (username == "") { + document.getElementById("confirmUsername").style.visibility = "hidden"; + return false; + } else if (userList.includes(username)) { + document.getElementById("confirmUsername").style.visibility = "visible"; + document.getElementById("confirmUsername").style.color = "red"; + document.getElementById("confirmUsername").innerHTML = "Name Taken"; + return false; // we return false for a match - a match is not what we want! + } else if (!userList.includes(username)) { + document.getElementById("confirmUsername").style.visibility = "visible"; + document.getElementById("confirmUsername").style.color = "green"; + document.getElementById("confirmUsername").innerHTML = "Name Available!"; + return true; // this means the user does not already exist and is good to go + } +} \ No newline at end of file diff --git a/admin/db_management/db_management.css b/styles/db_management.css similarity index 100% rename from admin/db_management/db_management.css rename to styles/db_management.css diff --git a/admin/data_management/game_management.css b/styles/game_management.css similarity index 100% rename from admin/data_management/game_management.css rename to styles/game_management.css diff --git a/admin/data_management/tourney_management.css b/styles/tourney_management.css similarity index 100% rename from admin/data_management/tourney_management.css rename to styles/tourney_management.css diff --git a/admin/user_management/user_management.css b/styles/user_management.css similarity index 82% rename from admin/user_management/user_management.css rename to styles/user_management.css index 54958b4..c66e7c7 100644 --- a/admin/user_management/user_management.css +++ b/styles/user_management.css @@ -42,11 +42,20 @@ text-align: center; } +#createAccountPanel { + width: 375px; +} + +#createAccountPanel { + margin: auto; + text-align: center; +} + #textInputArea { display: flex; flex-wrap: wrap; - flex-direction: column; + flex-direction: row; margin: auto; } @@ -95,17 +104,10 @@ padding: 7px 10px; margin: 1% 6%; } +.inputLabel { + width:100%; +} -#passwordOptions { - display: flex; - flex-wrap: wrap; - flex-direction: row; - margin: auto; -} -#passwordOptions h4 { - text-align: center; - margin: auto; -} #extraOptions { display: flex; flex-wrap: wrap; @@ -131,6 +133,19 @@ padding: 0 20px; } +#displayPassword { + display: flex; + flex-wrap: wrap; + flex-direction: row; + margin: auto 0; + font-size: 80%; + font-weight: normal !important; + padding: 0 20px 0 10px; +} +#displayPassword label { + font-weight: normal; +} + .extraOptions { display: flex; @@ -143,6 +158,23 @@ } +#matchingPasswords { + visibility: hidden; + height: 0px; +} + +#matchingPasswordsText { + visibility: hidden; + height: 0px; + font-size: 90%; +} + +#confirmUsername { + visibility: hidden; + height: 0px; + font-size: 90%; +} + .newLine { width: 100%;