diff --git a/index.php b/index.php index b6a5e59..f87345b 100644 --- a/index.php +++ b/index.php @@ -440,8 +440,8 @@
- - + +
@@ -470,6 +470,10 @@
+
+ + +
@@ -949,10 +953,12 @@ document.querySelectorAll('.settings-btn').forEach(b => b.style.display = ''); } - // Update user email in the dropdown and refresh profiles + projects - if (data.user && data.user.email) { + // Update user email or username if exists in the dropdown and refresh profiles + projects + if (data.user) { const userEl = document.getElementById('dropdownUserEmail'); - if (userEl) userEl.textContent = data.user.email; + if (userEl) userEl.textContent = (data.user.username && data.user.username.trim()) + ? data.user.username + : data.user.email; } loadProfiles(); @@ -968,6 +974,7 @@ document.getElementById('registerForm').addEventListener('submit', (e) => { e.preventDefault(); const email = document.getElementById('registerEmail').value.trim(); + const username = document.getElementById('registerUsername').value.trim(); const password = document.getElementById('registerPassword').value; const err = document.getElementById('registerError'); @@ -978,7 +985,7 @@ fetch('register.php', { method: 'POST', headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify({ email, password }) + body: JSON.stringify({ email, username: username || null, password }) }) .then(async r => { const data = await r.json(); @@ -1025,7 +1032,8 @@ // Add user name to user menu if (me.logged_in) { - document.getElementById('dropdownUserEmail').textContent = me.user.email; + document.getElementById('dropdownUserEmail').textContent = + (me.user.username && me.user.username.trim()) ? me.user.username : me.user.email; } // Hide settings button if user can't manage settings diff --git a/login.php b/login.php index dc9b156..37bb9b9 100644 --- a/login.php +++ b/login.php @@ -5,19 +5,32 @@ require 'auth.php'; header('Content-Type: application/json'); $data = json_decode(file_get_contents('php://input'), true); -$email = strtolower(trim($data['email'] ?? '')); + +// Keep front-end field name "email" for compatibility; it can now be email OR username +$identifierRaw = trim($data['email'] ?? ''); +$identifier = strtolower($identifierRaw); $password = strval($data['password'] ?? ''); -$stmt = $pdo->prepare(" - SELECT u.id, u.email, u.password_hash, +if ($identifier === '') { + http_response_code(400); + echo json_encode(['success' => false, 'error' => 'Email or username is required']); + exit; +} + +$isEmail = filter_var($identifier, FILTER_VALIDATE_EMAIL) !== false; + +$sql = " + SELECT u.id, u.email, u.username, u.password_hash, r.name AS role_name, r.can_manage_settings FROM users u JOIN roles r ON r.id = u.role_id - WHERE u.email = ? + WHERE " . ($isEmail ? "u.email = ?" : "u.username = ?") . " LIMIT 1 -"); -$stmt->execute([$email]); +"; + +$stmt = $pdo->prepare($sql); +$stmt->execute([$identifier]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if (!$user || !password_verify($password, $user['password_hash'])) { @@ -27,10 +40,11 @@ if (!$user || !password_verify($password, $user['password_hash'])) { } $_SESSION['user'] = [ - 'id' => intval($user['id']), + 'id' => (int)$user['id'], 'email' => $user['email'], + 'username' => $user['username'], // NEW 'role' => $user['role_name'], - 'can_manage_settings' => intval($user['can_manage_settings']), + 'can_manage_settings' => (int)$user['can_manage_settings'], ]; // Set active profile for this session (default profile if available) @@ -39,14 +53,12 @@ $stmt->execute([$_SESSION['user']['id']]); $profileId = $stmt->fetchColumn(); if (!$profileId) { - // Fallback to first profile $stmt = $pdo->prepare("SELECT id FROM profiles WHERE user_id = ? ORDER BY id ASC LIMIT 1"); $stmt->execute([$_SESSION['user']['id']]); $profileId = $stmt->fetchColumn(); } if (!$profileId) { - // Last-resort: create a default profile if none exist (useful for new users) $stmt = $pdo->prepare("INSERT INTO profiles (user_id, name, is_default) VALUES (?, 'Default', 1)"); $stmt->execute([$_SESSION['user']['id']]); $profileId = $pdo->lastInsertId(); @@ -59,6 +71,7 @@ echo json_encode([ 'user' => [ 'id' => $_SESSION['user']['id'], 'email' => $_SESSION['user']['email'], + 'username' => $_SESSION['user']['username'], // NEW 'role' => $_SESSION['user']['role'], 'can_manage_settings' => $_SESSION['user']['can_manage_settings'], ], diff --git a/register.php b/register.php index 56f1153..cdbe122 100644 --- a/register.php +++ b/register.php @@ -6,6 +6,8 @@ header('Content-Type: application/json'); $data = json_decode(file_get_contents('php://input'), true); $email = strtolower(trim($data['email'] ?? '')); +$usernameRaw = trim($data['username'] ?? ''); +$username = $usernameRaw === '' ? null : strtolower($usernameRaw); $password = strval($data['password'] ?? ''); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { @@ -19,12 +21,31 @@ if (strlen($password) < 8) { exit; } +// Optional username validation +if ($username !== null) { + if (strlen($username) < 3 || strlen($username) > 50) { + http_response_code(400); + echo json_encode(['success' => false, 'error' => 'Username must be between 3 and 50 characters']); + exit; + } + + // letters/numbers + . _ - ; must start/end with letter/number + if (!preg_match('/^[a-z0-9](?:[a-z0-9._-]*[a-z0-9])?$/', $username)) { + http_response_code(400); + echo json_encode([ + 'success' => false, + 'error' => 'Username may contain letters, numbers, underscore, hyphen, dot, and must start/end with a letter or number' + ]); + exit; + } +} + $hash = password_hash($password, PASSWORD_DEFAULT); // Standard role id from roles table $stmt = $pdo->prepare("SELECT id FROM roles WHERE name = 'standard' LIMIT 1"); $stmt->execute(); -$role_id = intval($stmt->fetchColumn()); +$role_id = (int)$stmt->fetchColumn(); if ($role_id <= 0) { http_response_code(500); @@ -35,9 +56,30 @@ if ($role_id <= 0) { try { $pdo->beginTransaction(); - // Create user - $stmt = $pdo->prepare("INSERT INTO users (email, password_hash, role_id) VALUES (?, ?, ?)"); - $stmt->execute([$email, $hash, $role_id]); + // Friendly conflict checks (DB unique constraints should still exist) + $stmt = $pdo->prepare('SELECT 1 FROM users WHERE email = ? LIMIT 1'); + $stmt->execute([$email]); + if ($stmt->fetchColumn()) { + $pdo->rollBack(); + http_response_code(409); + echo json_encode(['success' => false, 'error' => 'Email already in use']); + exit; + } + + if ($username !== null) { + $stmt = $pdo->prepare('SELECT 1 FROM users WHERE username = ? LIMIT 1'); + $stmt->execute([$username]); + if ($stmt->fetchColumn()) { + $pdo->rollBack(); + http_response_code(409); + echo json_encode(['success' => false, 'error' => 'Username already in use']); + exit; + } + } + + // Create user (username is nullable) + $stmt = $pdo->prepare("INSERT INTO users (email, username, password_hash, role_id) VALUES (?, ?, ?, ?)"); + $stmt->execute([$email, $username, $hash, $role_id]); $userId = (int)$pdo->lastInsertId(); // Create default profile for this user