deathcat/tinyTask
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added authentication functionality and simple role based model

Browse Source
This commit is contained in:
deathcat
2026-02-11 15:02:37 -08:00
parent c247631de6
commit 11889e3f93
17 changed files with 341 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
add_project.php
View File

@@ -1,15 +1,22 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
require_login();
$user_id = current_user_id();
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
if (!isset($data['name']) || empty(trim($data['name']))) { $name = trim($data['name'] ?? '');
if ($name === '') {
http_response_code(400); http_response_code(400);
echo json_encode(['error' => 'Project name is required']); echo json_encode(['success' => false, 'error' => 'Project name is required']);
exit; exit;
} }
$stmt = $pdo->prepare("INSERT INTO projects (name) VALUES (?)"); $stmt = $pdo->prepare("INSERT INTO projects (user_id, name) VALUES (?, ?)");
$stmt->execute([trim($data['name'])]); $stmt->execute([$user_id, $name]);
echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]); echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]);
?>

26
add_subtask.php
View File

@@ -1,18 +1,32 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
require_login();
$user_id = current_user_id();
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
$name = trim($data['name'] ?? ''); $name = trim($data['name'] ?? '');
$task_id = intval($data['task_id'] ?? 0); $task_id = intval($data['task_id'] ?? 0);
if ($name === '' || $task_id <= 0) { if ($name === '' || $task_id <= 0) {
http_response_code(400); http_response_code(400);
echo json_encode(['error' => 'Invalid input']); echo json_encode(['success' => false, 'error' => 'Invalid input']);
exit; exit;
} }
$stmt = $pdo->prepare("INSERT INTO subtasks (task_id, name) VALUES (?, ?)"); // Ensure task belongs to this user
$stmt->execute([$task_id, $name]); $stmt = $pdo->prepare("SELECT id FROM tasks WHERE id = ? AND user_id = ? LIMIT 1");
$stmt->execute([$task_id, $user_id]);
if (!$stmt->fetchColumn()) {
http_response_code(403);
echo json_encode(['success' => false, 'error' => 'Forbidden']);
exit;
}
$stmt = $pdo->prepare("INSERT INTO subtasks (user_id, task_id, name) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $task_id, $name]);
echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]); echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]);
?>

22
add_task.php
View File

@@ -1,5 +1,11 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
require_login();
$user_id = current_user_id();
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
$name = trim($data['name'] ?? ''); $name = trim($data['name'] ?? '');
@@ -7,12 +13,20 @@ $project_id = intval($data['project_id'] ?? 0);
if ($name === '' || $project_id <= 0) { if ($name === '' || $project_id <= 0) {
http_response_code(400); http_response_code(400);
echo json_encode(['error' => 'Invalid input']); echo json_encode(['success' => false, 'error' => 'Invalid input']);
exit; exit;
} }
$stmt = $pdo->prepare("INSERT INTO tasks (project_id, name) VALUES (?, ?)"); // Ensure project belongs to this user
$stmt->execute([$project_id, $name]); $stmt = $pdo->prepare("SELECT id FROM projects WHERE id = ? AND user_id = ? LIMIT 1");
$stmt->execute([$project_id, $user_id]);
if (!$stmt->fetchColumn()) {
http_response_code(403);
echo json_encode(['success' => false, 'error' => 'Forbidden']);
exit;
}
$stmt = $pdo->prepare("INSERT INTO tasks (user_id, project_id, name) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $project_id, $name]);
echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]); echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]);
?>

36
auth.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
// auth.php
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
function is_logged_in(): bool {
return isset($_SESSION['user']) && isset($_SESSION['user']['id']);
}
function current_user_id(): int {
return intval($_SESSION['user']['id'] ?? 0);
}
function current_user_can_manage_settings(): bool {
return !empty($_SESSION['user']['can_manage_settings']);
}
function require_login(): void {
if (!is_logged_in()) {
http_response_code(401);
header('Content-Type: application/json');
echo json_encode(['success' => false, 'error' => 'Not authenticated']);
exit;
}
}
function require_can_manage_settings(): void {
require_login();
if (!current_user_can_manage_settings()) {
http_response_code(403);
header('Content-Type: application/json');
echo json_encode(['success' => false, 'error' => 'Forbidden']);
exit;
}
}

7
delete_project.php
View File

@@ -1,6 +1,11 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
require_login();
$user_id = current_user_id();
$id = intval($_GET['id'] ?? 0); $id = intval($_GET['id'] ?? 0);
if ($id > 0) { if ($id > 0) {
$pdo->prepare("DELETE FROM projects WHERE id = ?")->execute([$id]); $pdo->prepare("DELETE FROM projects WHERE id = ? AND user_id = ?")->execute([$id, $user_id]);
} }

7
delete_subtask.php
View File

@@ -1,6 +1,11 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
require_login();
$user_id = current_user_id();
$id = intval($_GET['id'] ?? 0); $id = intval($_GET['id'] ?? 0);
if ($id > 0) { if ($id > 0) {
$pdo->prepare("DELETE FROM subtasks WHERE id = ?")->execute([$id]); $pdo->prepare("DELETE FROM subtasks WHERE id = ? AND user_id = ?")->execute([$id, $user_id]);
} }

7
delete_task.php
View File

@@ -1,6 +1,11 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
require_login();
$user_id = current_user_id();
$id = intval($_GET['id'] ?? 0); $id = intval($_GET['id'] ?? 0);
if ($id > 0) { if ($id > 0) {
$pdo->prepare("DELETE FROM tasks WHERE id = ?")->execute([$id]); $pdo->prepare("DELETE FROM tasks WHERE id = ? AND user_id = ?")->execute([$id, $user_id]);
} }

21
get_data.php
View File

@@ -1,19 +1,26 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
$projects = $pdo->query("SELECT * FROM projects ORDER BY sort_order ASC")->fetchAll(); header('Content-Type: application/json');
require_login();
$user_id = current_user_id();
$stmt = $pdo->prepare("SELECT * FROM projects WHERE user_id = ? ORDER BY sort_order ASC");
$stmt->execute([$user_id]);
$projects = $stmt->fetchAll();
foreach ($projects as &$project) { foreach ($projects as &$project) {
$stmt = $pdo->prepare("SELECT * FROM tasks WHERE project_id = ? ORDER BY created_at"); $stmt = $pdo->prepare("SELECT * FROM tasks WHERE project_id = ? AND user_id = ? ORDER BY created_at");
$stmt->execute([$project['id']]); $stmt->execute([$project['id'], $user_id]);
$project['tasks'] = $stmt->fetchAll(); $project['tasks'] = $stmt->fetchAll();
foreach ($project['tasks'] as &$task) { foreach ($project['tasks'] as &$task) {
$stmt = $pdo->prepare("SELECT * FROM subtasks WHERE task_id = ? ORDER BY created_at"); $stmt = $pdo->prepare("SELECT * FROM subtasks WHERE task_id = ? AND user_id = ? ORDER BY created_at");
$stmt->execute([$task['id']]); $stmt->execute([$task['id'], $user_id]);
$task['subtasks'] = $stmt->fetchAll(); $task['subtasks'] = $stmt->fetchAll();
} }
} }
echo json_encode($projects); echo json_encode($projects);
?>

84
index.php
View File

@@ -343,24 +343,78 @@
</div> </div>
</div> </div>
<!-- Modal: Confirmation --> <!-- Modal: Confirmation -->
<div class="modal fade" id="confirmationModal" tabindex="-1" aria-hidden="true"> <div class="modal fade" id="confirmationModal" tabindex="-1" aria-hidden="true">
<div class="modal-dialog modal-dialog-centered"> <div class="modal-dialog modal-dialog-centered">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title">Confirm Action</h5> <h5 class="modal-title">Confirm Action</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button> <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div> </div>
<div class="modal-body" id="confirmationModalBody"> <div class="modal-body" id="confirmationModalBody">
Are you sure you want to continue? Are you sure you want to continue?
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
<button type="button" class="btn btn-danger" id="confirmModalYes">Yes</button> <button type="button" class="btn btn-danger" id="confirmModalYes">Yes</button>
</div>
</div> </div>
</div> </div>
</div> </div>
</div>
<!-- Modal: Login -->
<div class="modal fade" id="loginModal" tabindex="-1" aria-hidden="true" data-bs-backdrop="static" data-bs-keyboard="false">
<div class="modal-dialog modal-dialog-centered">
<form id="loginForm" class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Sign In</h5>
</div>
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Email</label>
<input type="email" class="form-control" id="loginEmail" required>
</div>
<div class="mb-3">
<label class="form-label">Password</label>
<input type="password" class="form-control" id="loginPassword" required>
</div>
<div class="text-danger" id="loginError" style="display:none;"></div>
</div>
<div class="modal-footer d-flex justify-content-between w-100">
<button type="button" class="btn btn-outline-secondary" id="showRegisterBtn">Create account</button>
<button type="submit" class="btn btn-primary">Sign In</button>
</div>
</form>
</div>
</div>
<!-- Modal: Register -->
<div class="modal fade" id="registerModal" tabindex="-1" aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
<form id="registerForm" class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Create Account</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<div class="mb-3">
<label class="form-label">Email</label>
<input type="email" class="form-control" id="registerEmail" required>
</div>
<div class="mb-3">
<label class="form-label">Password (8+ chars)</label>
<input type="password" class="form-control" id="registerPassword" required minlength="8">
</div>
<div class="text-danger" id="registerError" style="display:none;"></div>
<div class="text-success" id="registerSuccess" style="display:none;"></div>
</div>
<div class="modal-footer d-flex justify-content-between w-100">
<button type="button" class="btn btn-outline-secondary" id="backToLoginBtn">Back</button>
<button type="submit" class="btn btn-primary">Create</button>
</div>
</form>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>

44
login.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
$data = json_decode(file_get_contents('php://input'), true);
$email = strtolower(trim($data['email'] ?? ''));
$password = strval($data['password'] ?? '');
$stmt = $pdo->prepare("
SELECT u.id, u.email, u.password_hash,
r.name AS role_name,
r.can_manage_settings
FROM users u
JOIN roles r ON r.id = u.role_id
WHERE u.email = ?
LIMIT 1
");
$stmt->execute([$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$user || !password_verify($password, $user['password_hash'])) {
http_response_code(401);
echo json_encode(['success' => false, 'error' => 'Invalid credentials']);
exit;
}
$_SESSION['user'] = [
'id' => intval($user['id']),
'email' => $user['email'],
'role' => $user['role_name'],
'can_manage_settings' => intval($user['can_manage_settings']),
];
echo json_encode([
'success' => true,
'user' => [
'id' => $_SESSION['user']['id'],
'email' => $_SESSION['user']['email'],
'role' => $_SESSION['user']['role'],
'can_manage_settings' => $_SESSION['user']['can_manage_settings'],
]
]);

8
logout.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
require 'auth.php';
header('Content-Type: application/json');
$_SESSION = [];
session_destroy();
echo json_encode(['success' => true]);

18
me.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
require 'auth.php';
header('Content-Type: application/json');
if (!is_logged_in()) {
echo json_encode(['logged_in' => false]);
exit;
}
echo json_encode([
'logged_in' => true,
'user' => [
'id' => intval($_SESSION['user']['id']),
'email' => $_SESSION['user']['email'],
'role' => $_SESSION['user']['role'],
'can_manage_settings' => intval($_SESSION['user']['can_manage_settings']),
]
]);

42
register.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
$data = json_decode(file_get_contents('php://input'), true);
$email = strtolower(trim($data['email'] ?? ''));
$password = strval($data['password'] ?? '');
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Invalid email']);
exit;
}
if (strlen($password) < 8) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Password must be at least 8 characters']);
exit;
}
$hash = password_hash($password, PASSWORD_DEFAULT);
// Standard role id from roles table
$stmt = $pdo->prepare("SELECT id FROM roles WHERE name = 'standard' LIMIT 1");
$stmt->execute();
$role_id = intval($stmt->fetchColumn());
if ($role_id <= 0) {
http_response_code(500);
echo json_encode(['success' => false, 'error' => "Role 'standard' not found"]);
exit;
}
try {
$stmt = $pdo->prepare("INSERT INTO users (email, password_hash, role_id) VALUES (?, ?, ?)");
$stmt->execute([$email, $hash, $role_id]);
echo json_encode(['success' => true]);
} catch (Throwable $e) {
http_response_code(409);
echo json_encode(['success' => false, 'error' => 'Account already exists']);
}

7
reset_settings.php
View File

@@ -1,6 +1,11 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
require_can_manage_settings();
$stmt = $pdo->prepare("UPDATE settings SET title = 'tinyTask', icon_class = 'kanban', icon_color = '#ff0000' WHERE id = 1"); $stmt = $pdo->prepare("UPDATE settings SET title = 'tinyTask', icon_class = 'kanban', icon_color = '#ff0000' WHERE id = 1");
$stmt->execute(); $stmt->execute();
echo json_encode(['success' => true]); echo json_encode(['success' => true]);
?>

14
update_project_order.php
View File

@@ -1,25 +1,27 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$data = json_decode(file_get_contents('php://input'), true); require_login();
$user_id = current_user_id();
$data = json_decode(file_get_contents('php://input'), true);
if (!$data || !is_array($data)) { if (!$data || !is_array($data)) {
echo json_encode(['success' => false, 'message' => 'Invalid input']); echo json_encode(['success' => false, 'message' => 'Invalid input']);
exit; exit;
} }
$stmt = $pdo->prepare("UPDATE projects SET sort_order = ? WHERE id = ?"); $stmt = $pdo->prepare("UPDATE projects SET sort_order = ? WHERE id = ? AND user_id = ?");
foreach ($data as $item) { foreach ($data as $item) {
$id = $item['id']; $id = $item['id'] ?? null;
$order = $item['order']; $order = $item['order'] ?? null;
if (!is_numeric($id) || !is_numeric($order)) continue; if (!is_numeric($id) || !is_numeric($order)) continue;
$stmt->execute([$order, $id]); $stmt->execute([(int)$order, (int)$id, $user_id]);
} }
echo json_encode(['success' => true]); echo json_encode(['success' => true]);
exit;

8
update_settings.php
View File

@@ -1,13 +1,17 @@
<?php <?php
require 'db.php'; require 'db.php';
require 'auth.php';
header('Content-Type: application/json');
require_can_manage_settings();
$data = json_decode(file_get_contents('php://input'), true); $data = json_decode(file_get_contents('php://input'), true);
$title = $data['title'] ?? 'tinyTask'; $title = $data['title'] ?? 'tinyTask';
$icon = $data['icon_class'] ?? 'kanban'; $icon = $data['icon_class'] ?? 'kanban';
$color = $data['icon_color'] ?? '#ff0000'; $color = $data['icon_color'] ?? '#ff0000';
$stmt = $pdo->prepare("UPDATE settings SET title = ?, icon_class = ?, icon_color = ? WHERE id = 1"); $stmt = $pdo->prepare("UPDATE settings SET title = ?, icon_class = ?, icon_color = ? WHERE id = 1");
$stmt->execute([$title, $icon, $color]); $stmt->execute([$title, $icon, $color]);
echo json_encode(['success' => true]); echo json_encode(['success' => true]);
?>

30
update_task_order.php
View File

@@ -1,11 +1,25 @@
<?php <?php
require 'db.php'; // Adjust path if needed require 'db.php';
require 'auth.php';
$data = json_decode(file_get_contents("php://input"), true); header('Content-Type: application/json');
if (isset($data['task_ids']) && is_array($data['task_ids'])) { require_login();
$stmt = $pdo->prepare("UPDATE tasks SET task_order = ? WHERE id = ?"); $user_id = current_user_id();
foreach ($data['task_ids'] as $order => $id) {
$stmt->execute([$order, $id]); $data = json_decode(file_get_contents('php://input'), true);
} if (!$data || !is_array($data)) {
echo json_encode echo json_encode(['success' => false, 'message' => 'Invalid input']);
exit;
}
$stmt = $pdo->prepare("UPDATE tasks SET task_order = ? WHERE id = ? AND user_id = ?");
foreach ($data as $item) {
$id = $item['id'] ?? null;
$order = $item['order'] ?? null;
if (!is_numeric($id) || !is_numeric($order)) continue;
$stmt->execute([(int)$order, (int)$id, $user_id]);
}
echo json_encode(['success' => true]);