From 18097b61924f801b2bf040ddebde54f37cbeca09 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Tue, 22 Oct 2013 11:40:10 +0200
Subject: [PATCH] Closed #45

---
 config.ini                         |  2 +-
 src/Bootstrap.php                  | 10 +++++
 src/Controllers/AuthController.php | 67 ++++++++++++++++++++----------
 src/Controllers/UserController.php |  2 +-
 src/Helpers/TextHelper.php         | 18 ++++++++
 src/Models/Model_User.php          |  2 +-
 src/Views/auth-login.phtml         | 10 +++++
 src/Views/user-registration.phtml  |  2 +
 8 files changed, 89 insertions(+), 24 deletions(-)

diff --git a/config.ini b/config.ini
index 73c14075..730483f7 100644
--- a/config.ini
+++ b/config.ini
@@ -10,6 +10,7 @@ mediaPath=./public_html/media/
 title=szurubooru
 featuredPostMaxDays=7
 debugQueries=0
+salt = "1A2/$_4xVa"
 
 [browsing]
 usersPerPage=8
@@ -32,7 +33,6 @@ passRegex         = "/^.+$/"
 userNameMinLength = 3
 userNameMaxLength = 20
 userNameRegex     = "/^[\w_-]+$/ui"
-salt              = "1A2/$_4xVa"
 
 needEmailForRegistering = 1
 needEmailForCommenting = 0
diff --git a/src/Bootstrap.php b/src/Bootstrap.php
index b68f9aff..bafdc3b1 100644
--- a/src/Bootstrap.php
+++ b/src/Bootstrap.php
@@ -12,6 +12,16 @@ class Bootstrap
 				$this->context->loggedIn = true;
 			}
 		}
+		if (!$this->context->loggedIn)
+		{
+			try
+			{
+				AuthController::tryAutoLogin();
+			}
+			catch (Exception $e)
+			{
+			}
+		}
 		if (empty($this->context->user))
 		{
 			$dummy = R::dispense('user');
diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php
index fa4fa275..5163f889 100644
--- a/src/Controllers/AuthController.php
+++ b/src/Controllers/AuthController.php
@@ -1,6 +1,42 @@
 <?php
 class AuthController
 {
+	public static function tryLogin($name, $password)
+	{
+		$config = \Chibi\Registry::getConfig();
+
+		$dbUser = R::findOne('user', 'name = ?', [$name]);
+		if ($dbUser === null)
+			throw new SimpleException('Invalid username');
+
+		$passwordHash = Model_User::hashPassword($password, $dbUser->pass_salt);
+		if ($passwordHash != $dbUser->pass_hash)
+			throw new SimpleException('Invalid password');
+
+		if (!$dbUser->staff_confirmed and $config->registration->staffActivation)
+			throw new SimpleException('Staff hasn\'t confirmed your registration yet');
+
+		if ($dbUser->banned)
+			throw new SimpleException('You are banned');
+
+		if ($config->registration->needEmailForRegistering)
+			PrivilegesHelper::confirmEmail($dbUser);
+
+		$_SESSION['user-id'] = $dbUser->id;
+		\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
+		return $dbUser;
+	}
+
+	public static function tryAutoLogin()
+	{
+		if (!isset($_COOKIE['auth']))
+			return;
+
+		$token = TextHelper::decrypt($_COOKIE['auth']);
+		list ($name, $password) = array_map('base64_decode', explode('|', $token));
+		return self::tryLogin($name, $password);
+	}
+
 	/**
 	* @route /auth/login
 	*/
@@ -17,29 +53,17 @@ class AuthController
 			return;
 		}
 
-		$suppliedName = InputHelper::get('name');
-		$suppliedPassword = InputHelper::get('password');
-		if ($suppliedName !== null and $suppliedPassword !== null)
+		if (InputHelper::get('submit'))
 		{
-			$dbUser = R::findOne('user', 'name = ?', [$suppliedName]);
-			if ($dbUser === null)
-				throw new SimpleException('Invalid username');
+			$suppliedName = InputHelper::get('name');
+			$suppliedPassword = InputHelper::get('password');
+			$dbUser = self::tryLogin($suppliedName, $suppliedPassword);
 
-			$suppliedPasswordHash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
-			if ($suppliedPasswordHash != $dbUser->pass_hash)
-				throw new SimpleException('Invalid password');
-
-			if (!$dbUser->staff_confirmed and $this->config->registration->staffActivation)
-				throw new SimpleException('Staff hasn\'t confirmed your registration yet');
-
-			if ($dbUser->banned)
-				throw new SimpleException('You are banned');
-
-			if ($this->config->registration->needEmailForRegistering)
-				PrivilegesHelper::confirmEmail($dbUser);
-
-			$_SESSION['user-id'] = $dbUser->id;
-			\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
+			if (InputHelper::get('remember'))
+			{
+				$token = implode('|', [base64_encode($suppliedName), base64_encode($suppliedPassword)]);
+				setcookie('auth', TextHelper::encrypt($token), time() + 365 * 24 * 3600, '/');
+			}
 			$this->context->transport->success = true;
 		}
 	}
@@ -52,6 +76,7 @@ class AuthController
 		$this->context->viewName = null;
 		$this->context->viewName = null;
 		unset($_SESSION['user-id']);
+		setcookie('auth', false, 0, '/');
 		\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
 	}
 }
diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php
index 8ee8a948..4ba2a7cd 100644
--- a/src/Controllers/UserController.php
+++ b/src/Controllers/UserController.php
@@ -483,7 +483,7 @@ class UserController
 		$this->context->suppliedPassword2 = $suppliedPassword2;
 		$this->context->suppliedEmail = $suppliedEmail;
 
-		if ($suppliedName !== null)
+		if (InputHelper::get('submit'))
 		{
 			$suppliedName = Model_User::validateUserName($suppliedName);
 
diff --git a/src/Helpers/TextHelper.php b/src/Helpers/TextHelper.php
index 44ec1dd1..ee0ff418 100644
--- a/src/Helpers/TextHelper.php
+++ b/src/Helpers/TextHelper.php
@@ -149,4 +149,22 @@ class TextHelper
 			$output = preg_replace('{</?p>}', '', $output);
 		return $output;
 	}
+
+	public static function encrypt($text)
+	{
+		$salt = \Chibi\Registry::getConfig()->main->salt;
+		$alg = MCRYPT_RIJNDAEL_256;
+		$mode = MCRYPT_MODE_ECB;
+		$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
+		return trim(base64_encode(mcrypt_encrypt($alg, $salt, $text, $mode, $iv)));
+	}
+
+	public static function decrypt($text)
+	{
+		$salt = \Chibi\Registry::getConfig()->main->salt;
+		$alg = MCRYPT_RIJNDAEL_256;
+		$mode = MCRYPT_MODE_ECB;
+		$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
+		return trim(mcrypt_decrypt($alg, $salt, base64_decode($text), $mode, $iv));
+	}
 }
diff --git a/src/Models/Model_User.php b/src/Models/Model_User.php
index 46db8404..1aa93c27 100644
--- a/src/Models/Model_User.php
+++ b/src/Models/Model_User.php
@@ -153,7 +153,7 @@ class Model_User extends RedBean_SimpleModel
 
 	public static function hashPassword($pass, $salt2)
 	{
-		$salt1 = \Chibi\Registry::getConfig()->registration->salt;
+		$salt1 = \Chibi\Registry::getConfig()->main->salt;
 		return sha1($salt1 . $salt2 . $pass);
 	}
 
diff --git a/src/Views/auth-login.phtml b/src/Views/auth-login.phtml
index 4729479b..6bcc2537 100644
--- a/src/Views/auth-login.phtml
+++ b/src/Views/auth-login.phtml
@@ -13,10 +13,20 @@
 		<div class="input-wrapper"><input type="password" id="password" name="password"/></div>
 	</div>
 
+	<div>
+		<label class="left">&nbsp;</label>
+		<div class="input-wrapper">
+			<input type="checkbox" name="remember" value="1"/>
+			Remember me
+		</div>
+	</div>
+
 	<?php if (isset($this->context->transport->errorMessage)): ?>
 		<p class="alert alert-error">Error: <?php echo $this->context->transport->errorMessage ?></p>
 	<?php endif ?>
 
+	<input type="hidden" name="submit" value="1"/>
+
 	<div>
 		<label class="left"></label>
 		<button type="submit">Log in</button>
diff --git a/src/Views/user-registration.phtml b/src/Views/user-registration.phtml
index 37a4a852..b3b0e213 100644
--- a/src/Views/user-registration.phtml
+++ b/src/Views/user-registration.phtml
@@ -44,6 +44,8 @@
 			</div>
 		<?php endif ?>
 
+		<input type="hidden" name="submit" value="1"/>
+
 		<div>
 			<label class="left"></label>
 			<button type="submit">Register</button>