18 Jun 2023

Breaks backward compatibility!

1) Core Boxx engine update - A lot of variable name changes and merged all SQL files.
2) JWT library update
3) General HTML user interface update

Author: code-boxx

.htaccess

@@ -0,0 +1,7 @@
+RewriteEngine On
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+RewriteBase /
+RewriteRule ^index\.php$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.php [L]

CB-worker.js

@@ -12,8 +12,8 @@ self.addEventListener("install", evt => {
       // (A2) ICONS + IMAGES
       "assets/ico-512.png",
       "assets/favicon.png",
-      "assets/login.jpg",
-      "assets/forgot.jpg",
+      "assets/login.webp",
+      "assets/forgot.webp",
       // (A3) COMMON INTERFACE
       "assets/PAGE-cb.js",
       "assets/CB-selector.css",

README.md

@@ -0,0 +1 @@
+Options -Indexes

assets/.htaccess

@@ -22,7 +22,7 @@ var uimport = {
     // (B2) READ SELECTED FILE
     let reader = new FileReader(),
         vMail = new RegExp("[a-z0-9]+@[a-z]+\.[a-z]{2,3}"),
-        vRoles = ["A", "T", "S", "I"],
+        vLvl = ["A", "T", "S", "I"],
         csv = hFile.files[0], row, col, err, valid = false;
 
     reader.addEventListener("loadend", () => { try {
@@ -41,7 +41,7 @@ var uimport = {
             row.appendChild(col);
           }
           if (err==null && !vMail.test(r[1])) { err = "Invalid Email"; }
-          if (err==null && !vRoles.includes(r[2])) { err = "Invalid Role"; }
+          if (err==null && !vLvl.includes(r[2])) { err = "Invalid Level"; }
           if (err==null && !cb.checker(r[3])) { err = "Invalid Password"; }
           col = document.createElement("td");
           col.innerHTML = err==null ? "" : err;
@@ -87,7 +87,7 @@ var uimport = {
         data : {
           name : col[0].innerHTML,
           email : col[1].innerHTML,
-          role : col[2].innerHTML,
+          lvl : col[2].innerHTML,
           password : col[3].innerHTML
         },
         onpass : () => {

assets/A-users-import.js

@@ -2,7 +2,7 @@ var usr = {
   // (A) SHOW ALL USERS
   pg : 1, // current page
   find : "", // current search
-  role : "", // current role
+  lvl : "", // current level
   list : silent => {
     if (silent!==true) { cb.page(0); }
     cb.load({
@@ -11,7 +11,7 @@ var usr = {
       data : {
         page : usr.pg,
         search : usr.find,
-        role : usr.role
+        lvl : usr.lvl
       }
     });
   },
@@ -26,7 +26,7 @@ var usr = {
   // (C) SEARCH USER
   search : () => {
     usr.find = document.getElementById("user-search").value;
-    usr.role = document.getElementById("user-search-role").value;
+    usr.lvl = document.getElementById("user-search-lvl").value;
     usr.pg = 1;
     usr.list();
     return false;
@@ -47,7 +47,7 @@ var usr = {
     var data = {
       name : document.getElementById("user_name").value,
       email : document.getElementById("user_email").value,
-      role : document.getElementById("user_role").value,
+      lvl : document.getElementById("user_level").value,
       password : document.getElementById("user_password").value
     };
     var id = document.getElementById("user_id").value;

assets/A-users.js

@@ -1,49 +1,18 @@
 <?php
-// (A) CHECKS
-// (A1) ADMIN & TEACHERS ONLY
-function checkAT () {
-  global $_SESS; global $_CORE;
-  if (!isset($_SESS["user"]) || ($_SESS["user"]["user_role"]!="A" && $_SESS["user"]["user_role"]!="T")) {
-    $_CORE->respond(0, "No permission or session expired", null, null, 403);
-  }
+// (A) STUDENTS ONLY - ATTENDANCE VIA QR CODE
+if ($_CORE->Route->act == "attendQR") {
+  $_CORE->ucheck("S");
+  $_POST["uid"] = $_SESSION["user"]["user_id"];
+  $_CORE->autoAPI("Classes", "attendQR");
 }
 
-// (A2) STUDENT ONLY
-function checkS () {
-  global $_SESS; global $_CORE;
-  if (!isset($_SESS["user"]) || $_SESS["user"]["user_role"]!="S") {
-    $_CORE->respond(0, "No permission or session expired", null, null, 403);
-  }
-}
-
-switch ($_REQ) {
-  // (B) INVALID REQUEST
-  default:
-    $_CORE->respond(0, "Invalid request", null, null, 400);
-    break;
-
-  // (C) SET ATTENDANCE (SINGLE)
-  case "attend":
-    checkAT();
-    $_CORE->autoAPI("Classes", "attend");
-    break;
-
-  // (D) REMOVE ATTENDANCE (SINGLE)
-  case "absent":
-    checkAT();
-    $_CORE->autoAPI("Classes", "absent");
-    break;
-
-  // (E) SAVE ATTENDANCE (FOR CLASS)
-  case "save":
-    checkAT();
-    $_CORE->autoAPI("Classes", "attendance");
-    break;
+// (B) API ENDPOINTS - ADMIN & TEACHERS ONLY
+$_CORE->ucheck(["A", "T"]);
+$_CORE->autoAPI([
+  "attend" => ["Classes", "attend"],
+  "absent" => ["Classes", "absent"],
+  "save" => ["Classes", "attendance"]
+]);
 
-  // (F) ATTENDANCE VIA QR CODE
-  case "attendQR":
-    checkS();
-    $_POST["uid"] = $_SESS["user"]["user_id"];
-    $_CORE->autoAPI("Classes", "attendQR");
-    break;
-}
+// (C) INVALID REQUEST
+$_CORE->respond(0, "Invalid request", null, null, 400);