From a1e40f7902839f7602bffb8a5117240bb71c38d4 Mon Sep 17 00:00:00 2001
From: Krehan Tim <mail@timkrehan.de>
Date: Tue, 20 Nov 2018 13:53:17 +0100
Subject: [PATCH] fixed missing user api

---
 .htaccess                   | 2 ++
 bin/adduser.js              | 5 ++---
 bin/settings.js             | 3 +--
 install/install_adduser.php | 2 --
 php/edit-user.php           | 6 +++---
 5 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/.htaccess b/.htaccess
index e93d4d6..399fc0d 100644
--- a/.htaccess
+++ b/.htaccess
@@ -21,12 +21,14 @@
   RewriteRule ^api/([\w-]+)/([\w-]+)$ php/api.php?site=api&call=$1&function=$2 [L]
 </IfModule>
 
+#Deny every *.php file
 <Files *.php>
     Order Deny,Allow
     Deny from all
     Allow from 127.0.0.1
 </Files>
 
+#allow following files
 <Files index.php>
     Order Allow,Deny
     Allow from all
diff --git a/bin/adduser.js b/bin/adduser.js
index d2cb4c7..9fc6819 100644
--- a/bin/adduser.js
+++ b/bin/adduser.js
@@ -1,13 +1,12 @@
 $(document).ready(function(){
   $("#button_newuser").click(function(){
-    $.post("/php/edit-user.php",
+    $.post("/api/user/new",
       {
-        function: "new-user",
         username: $("#text_user").val(),
         passwd: $("#text_passwd").val()
       },
       function(data){
-        if(data==0){
+        if(data=="0"){
           infoPopUp("Benutzer erfolgreich erstellt!", 100);
           $("#text_user").val("");
           $("#text_passwd").val("");
diff --git a/bin/settings.js b/bin/settings.js
index 0461d18..ecea9fd 100644
--- a/bin/settings.js
+++ b/bin/settings.js
@@ -31,9 +31,8 @@ $(document).ready(function(){
     }
   });
   $("#passwordSaveButton").click(function(){
-    $.post("/php/edit-user.php",
+    $.post("/api/user/change-pw",
       {
-        function: "change-pw",
         current: $("#old-password-input").val(),
         new: $("#new-password-input").val()
       },
diff --git a/install/install_adduser.php b/install/install_adduser.php
index 06fa697..9ca584c 100644
--- a/install/install_adduser.php
+++ b/install/install_adduser.php
@@ -13,6 +13,4 @@
   <input id="button_newuser" class="button" type="submit" name="" value="Neuer Benutzer">
 </div>
 <button class="button button-disabled" id="adduser-button-done">Fertig</button>
-
-<!-- Only here in install/adduser -->
 <div id="info-popup"><font id="info-popup-text"></font></div>
diff --git a/php/edit-user.php b/php/edit-user.php
index 9aa0bdd..bc0dbcb 100644
--- a/php/edit-user.php
+++ b/php/edit-user.php
@@ -1,16 +1,16 @@
 <?php
   include $_SESSION["docroot"].'/php/classes.user.php';
   $user = new user;
-  if($_POST["function"]!="new-user"){
+  if($_GET["function"]!="new"){
     $user->get_info($_COOKIE["token"]);
   }
-
+  
   switch ($_GET["function"]) {
     case 'change-pw':
       $user->change_password($_POST["current"], $_POST["new"]);
       break;
 
-    case 'new-user':
+    case 'new':
       $user->new($_POST["username"], $_POST["passwd"]);
       break;