Init

2024-12-25 20:02:52 +01:00
commit 5309acd356
64 changed files with 86647 additions and 0 deletions
--- a/taca/_conf/db_con.php
+++ b/taca/_conf/db_con.php
@@ -0,0 +1,17 @@
+<?php
+
+$hostname = $_SERVER['HTTP_HOST'];
+
+if($hostname == 'api.stellaamor.com.local'){
+    $server = 'localhost';
+    $username = "root";
+    $db = "stella_amor";
+    $db_con = new pdo("mysql:host=$server;dbname=$db;charset=utf8mb4", $username);
+}else{
+    $server = 'localhost';
+    $username = 'mysinfu1_stella';
+    $db_pass = 'E1#j#W4Y4UcV'; 
+    $db = 'mysinfu1_stella';
+    
+    $db_con = new pdo("mysql:host=$server;dbname=$db;charset=utf8mb4", $username, $db_pass);
+}
--- a/taca/_conf/globals.php
+++ b/taca/_conf/globals.php
@@ -0,0 +1,14 @@
+<?php
+$hostname = $_SERVER['HTTP_HOST'];
+
+if ($hostname === 'api.stellaamor.com') {
+    // Production environment
+    header("Access-Control-Allow-Origin: https://taca.stellaamor.com");
+} else {
+    // Local environment
+    header("Access-Control-Allow-Origin: http://admin.stellaamor.com.local");
+}
+header("Access-Control-Allow-Credentials: true");
+header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
+header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
+?>
--- a/taca/settings.php
+++ b/taca/settings.php
@@ -0,0 +1,61 @@
+<?php
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+require_once('_conf/globals.php');
+require_once('_conf/db_con.php');
+
+if(isset($_GET['allowedFilter']) && $_GET['allowedFilter'] == true){
+    require_once('../includes/allowedFilter.php');
+    $allowedFilter = new stdClass();
+    $allowedFilter->sexualities = $sexualities; 
+    $allowedFilter->lookingFor = $lookingFor;  
+    $allowedFilter->hairs = $hairs;  
+    $allowedFilter->hairColors = $hairColors;  
+    $allowedFilter->facialHairs = $facialHairs;  
+    $allowedFilter->pubicHairs = $pubicHairs;  
+    $allowedFilter->bodyHairs = $bodyHairs;  
+    $allowedFilter->tattoos = $tattoos;  
+    $allowedFilter->piercings = $piercings;  
+    $allowedFilter->eyeColors = $eyeColors;  
+    $allowedFilter->breastSizes = $breastSizes;  
+    $allowedFilter->abs = $abs;  
+    $allowedFilter->bottomSizes = $bottomSizes;  
+    $allowedFilter->bodyTypes = $bodyTypes;  
+    $allowedFilter->ethnicities = $ethnicities;  
+    $allowedFilter->fitnessLevels = $fitnessLevels;  
+    $allowedFilter->dietaryPreferences = $dietaryPreferences;  
+    $allowedFilter->healthHabits = $healthHabits;  
+    $allowedFilter->exerciseFrequency = $exerciseFrequency;  
+    $allowedFilter->sleepingHabits = $sleepingHabits;  
+    $allowedFilter->foodAllergies = $foodAllergies;  
+    $allowedFilter->alcoholConsumptions = $alcoholConsumptions;  
+    $allowedFilter->smoking = $smoking;  
+    $allowedFilter->jobs = $jobs;  
+    $allowedFilter->mainLiving = $mainLiving;  
+    $allowedFilter->financialGoals = $financialGoals;  
+    $allowedFilter->spendingHabits = $spendingHabits;  
+    $allowedFilter->financialIndependence = $financialIndependence;  
+    $allowedFilter->fetishes = $fetishes;  
+    $allowedFilter->personalities = $personalities;  
+    $allowedFilter->hobbiesAndActivities = $hobbiesAndActivities;  
+    $allowedFilter->movieGenres = $movieGenres;  
+    $allowedFilter->bookGenres = $bookGenres;  
+    $allowedFilter->highestGraduation = $highestGraduation;  
+    $allowedFilter->education = $education;  
+    $allowedFilter->travelPreferences = $travelPreferences;  
+    $allowedFilter->communicationPreferences = $communicationPreferences;  
+    $allowedFilter->religion = $religion;  
+    $allowedFilter->languages = $languages;  
+    $allowedFilter->currentSituation = $currentSituation;  
+    $allowedFilter->pets = $pets;
+    $allowedFilter->sexualActivity = $sexualActivity;
+    header('Content-Type: application/json');
+    echo json_encode($allowedFilter);
+}
+
+if(isset($_GET) && !empty($_GET) && isset($_GET['countries']) && $_GET['countries']  == 'true'){
+    $countries = file_get_contents('../includes/countries.json');
+    echo $countries;
+}
--- a/taca/users.php
+++ b/taca/users.php
@@ -0,0 +1,235 @@
+<?php
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+require_once('_conf/globals.php');
+require_once('_conf/db_con.php');
+
+
+$postData = file_get_contents('php://input');
+$postData = json_decode($postData);
+$postAction = isset($postData->action) && !empty($postData->action) ? $postData->action : 'custom';
+if($postAction == 'login'){
+    $sql = $db_con->prepare('SELECT * FROM admins WHERE username = :username');
+    $sql->bindValue(':username', $postData->userData->username);
+    $sql->execute();
+    $numRows =  $sql->rowCount();
+    if($numRows){
+        $user = $sql->fetch(PDO::FETCH_ASSOC);
+        if(password_verify($postData->userData->password, $user['psw'])){
+            $hex = bin2hex(random_bytes(36 / 2));
+            $_SESSION['admin'] = true;
+            $_SESSION['auth'] = $hex;
+            $_SESSION['userid'] = $user['ID'];
+            $response = new stdClass();
+            $response->status = true;
+            $sql = $db_con->prepare('UPDATE admins SET session_hex = :hex WHERE ID = :id');
+            $sql->bindValue(':hex', $hex);
+            $sql->bindValue(':id', $user['ID']);
+            $sql->execute();
+        }else{
+            $response = new stdClass();
+            $response->status = false;
+        }
+    }else{
+        $response = new stdClass();
+        $response->status = false;
+    }
+    echo json_encode($response);
+}
+
+if($postAction == 'isAuth'){
+    if (session_status() === PHP_SESSION_ACTIVE) {
+        $session_hex = isset($_SESSION['auth']) && !empty($_SESSION['auth']) ? $_SESSION['auth'] : '';
+        $user_id = isset($_SESSION['userid']) && !empty($_SESSION['userid']) ? $_SESSION['userid'] : '';
+
+        $sql = $db_con->prepare('SELECT * FROM admins WHERE ID = :id AND session_hex = :hex');
+        $sql->bindValue(':id', $user_id);
+        $sql->bindValue(':hex', $session_hex);
+        $sql->execute();
+        $rowC = $sql->rowCount();
+        if($rowC){
+            $response = new stdClass();
+            $response->status = true;
+        }else{
+            session_destroy();
+            $response = new stdClass();
+            $response->status = false;
+        }
+        echo json_encode($response);
+    }
+}
+
+function privAuth(){
+    global $db_con;
+    if (session_status() === PHP_SESSION_ACTIVE) {
+        $session_hex = isset($_SESSION['auth']) && !empty($_SESSION['auth']) ? $_SESSION['auth'] : '';
+        $user_id = isset($_SESSION['userid']) && !empty($_SESSION['userid']) ? $_SESSION['userid'] : '';
+
+        $sql = $db_con->prepare('SELECT * FROM admins WHERE ID = :id AND session_hex = :hex');
+        $sql->bindValue(':id', $user_id);
+        $sql->bindValue(':hex', $session_hex);
+        $sql->execute();
+        $rowC = $sql->rowCount();
+        if($rowC){
+            return true;
+        }else{
+            session_destroy();
+            return false;
+        }
+    }
+}
+
+
+if($postAction == 'logout'){
+    if (session_status() === PHP_SESSION_ACTIVE) {
+        $session_hex = isset($_SESSION['auth']) && !empty($_SESSION['auth']) ? $_SESSION['auth'] : '';
+        $user_id = isset($_SESSION['userid']) && !empty($_SESSION['userid']) ? $_SESSION['userid'] : '';
+
+        $sql = $db_con->prepare('UPDATE admins SET session_hex = "" WHERE ID = :id AND session_hex = :hex');
+        $sql->bindValue(':id', $user_id);
+        $sql->bindValue(':hex', '');
+        $sql->execute();
+        $rowC = $sql->rowCount();
+        session_destroy();
+    }
+}
+
+if($postAction == 'getUsers'){
+    if(privAuth()){
+        $sql = $db_con->prepare('SELECT * FROM users');
+        $sql->execute();
+        $_users = $sql->fetchAll(PDO::FETCH_ASSOC);
+        $users = array();
+        foreach($_users as $user){
+            $_user = new stdClass();
+            $_user->usid = isset($user['id']) && !empty($user['id']) ? $user['id'] : '';
+            $_user->email = isset($user['u_email']) && !empty($user['u_email']) ? $user['u_email'] : '';
+            $_user->username = isset($user['uname']) && !empty($user['uname']) ? $user['uname'] : '';
+            $_user->regDate = isset($user['date_signed_up']) && !empty($user['date_signed_up']) ? $user['date_signed_up'] : '';
+            $_user->stripe_cu = isset($user['stripe_cu']) && !empty($user['stripe_cu']) ? $user['stripe_cu'] : '';
+            $users[] = $_user;
+        }
+        echo json_encode($users);
+    }
+}
+
+if(isset($_POST['action']) && $_POST['action'] == 'insertUser'){
+    $userData = json_decode($_POST['userData'], true);
+    $username = isset($userData['username']) && !empty($userData['username']) ? $userData['username'] : '';
+    $email = isset($userData['email']) && !empty($userData['email']) ? $userData['email'] : ''; 
+    $password = isset($userData['password']) && !empty($userData['password']) ? $userData['password'] : '';
+    $bio = isset($userData['bio']) && !empty($userData['bio']) ? $userData['bio'] : '';
+
+
+    $pass = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
+
+    if(isset($username) && !empty($username) && isset($email) && !empty($email) && isset($password) && !empty($password)){
+        $sql = $db_con->prepare('INSERT INTO users (uname, psw, u_email, bio) VALUES (:uname, :psw, :email, :bio)');
+        $sql->bindValue(':uname', $username);
+        $sql->bindValue(':psw', $pass);
+        $sql->bindValue(':email', $email);
+        $sql->bindValue(':bio', $bio);
+        $sql->execute();
+
+        $rowC = $sql->rowCount();
+        if($rowC > 0){
+            $user_id = $db_con->lastInsertId();
+
+            if(isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK){
+                $avatar = $_FILES['avatar']['tmp_name'];
+                $image_name = $_FILES['avatar']['name'];
+                $image_size = $_FILES['avatar']['size'];
+                $ext = strtolower(pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION));
+                $image_content = file_get_contents($avatar);
+
+                $allowedPhotos = array('jpg', 'jpeg', 'png', 'gif');
+                $name = generateRandomName();
+                $name = $name . '.' . $ext;
+                $path = $_SERVER['DOCUMENT_ROOT'] . '/uploads/';        
+                if (in_array($ext, $allowedPhotos)) {
+                    move_uploaded_file($avatar, $path . $name);
+                }
+        
+                $stmt = $db_con->prepare('UPDATE users SET avatar = :avatar WHERE id = :id');
+                $stmt->bindValue(':avatar', $name);
+                $stmt->bindValue(':id', $user_id);
+                $stmt->execute();
+            }
+
+            if(isset($_FILES['banner']) && $_FILES['banner']['error'] === UPLOAD_ERR_OK){
+                $banner = $_FILES['banner']['tmp_name'];
+                $image_name = $_FILES['banner']['name'];
+                $image_size = $_FILES['banner']['size'];
+                $ext = strtolower(pathinfo($_FILES['banner']['name'], PATHINFO_EXTENSION));
+                $image_content = file_get_contents($banner);
+
+                $allowedPhotos = array('jpg', 'jpeg', 'png', 'gif');
+                $name = generateRandomName();
+                $name = $name . '.' . $ext;
+                $path = $_SERVER['DOCUMENT_ROOT'] . '/uploads/';        
+                if (in_array($ext, $allowedPhotos)) {
+                    move_uploaded_file($banner, $path . $name);
+                }
+        
+                $stmt = $db_con->prepare('UPDATE users SET banner = :banner WHERE id = :id');
+                $stmt->bindValue(':banner', $name);
+                $stmt->bindValue(':id', $user_id);
+                $stmt->execute();
+            }
+
+            foreach ($userData as $setting => $value) {
+                if ($setting != 'username' || $setting != 'password' || $setting != 'email' || $setting != 'bio' || $setting != 'avatar' || $setting != 'banner') {
+                    if (isset($value) && !empty($value)) {
+                        update_user_data($setting, $value, $user_id);
+                    }
+                }
+            }
+        }
+        
+
+    }else{
+        die();
+    }
+}
+
+function generateRandomName($length = 32) {
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $randomName = '';
+    $maxIndex = strlen($characters) - 1;
+    
+    for ($i = 0; $i < $length; $i++) {
+        $randomName .= $characters[rand(0, $maxIndex)];
+    }
+    
+    return $randomName;
+}
+
+function update_user_data($name, $value, $user){
+    global $db_con;
+    if(is_array($value)){
+        $value = implode(",", $value);
+    }
+    $sql_con = $db_con->prepare('SELECT * FROM user_data WHERE data_name = :data_name AND user_id = :user_id');
+    $sql_con->bindValue(':data_name', $name);
+    $sql_con->bindValue(':user_id', $user);
+    $sql_con->execute();
+
+    $num_rows = $sql_con->rowCount();
+    if($num_rows > 0){
+        $sql_con = $db_con->prepare('UPDATE user_data SET data_value = :data_value WHERE user_id = :user_id AND data_name = :data_name');
+        $sql_con->bindValue(':data_name', $name);
+        $sql_con->bindValue(':data_value', $value);
+        $sql_con->bindValue(':user_id', $user);
+        $sql_con->execute();
+    }else{
+        $sql_con = $db_con->prepare('INSERT INTO user_data (data_name, data_value, user_id) VALUES (:data_name, :data_value, :user_id)');
+        $sql_con->bindValue(':data_name', $name);
+        $sql_con->bindValue(':data_value', $value);
+        $sql_con->bindValue(':user_id', $user);
+        $sql_con->execute();
+    }
+    // echo 'Executed ' . $name . ' with value ' . $value . '<br>';
+}
+?>