ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Closed #45

Browse source
This commit is contained in:
Marcin Kurczewski 2013-10-22 11:40:10 +02:00
parent 739e5d3b5d
commit 18097b6192
8 changed files with 89 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.ini
View file

@ -10,6 +10,7 @@ mediaPath=./public_html/media/
title=szurubooru title=szurubooru
featuredPostMaxDays=7 featuredPostMaxDays=7
debugQueries=0 debugQueries=0
salt = "1A2/$_4xVa"
[browsing] [browsing]
usersPerPage=8 usersPerPage=8
@ -32,7 +33,6 @@ passRegex = "/^.+$/"
userNameMinLength = 3 userNameMinLength = 3
userNameMaxLength = 20 userNameMaxLength = 20
userNameRegex = "/^[\w_-]+$/ui" userNameRegex = "/^[\w_-]+$/ui"
salt = "1A2/$_4xVa"
needEmailForRegistering = 1 needEmailForRegistering = 1
needEmailForCommenting = 0 needEmailForCommenting = 0

10
src/Bootstrap.php
View file

@ -12,6 +12,16 @@ class Bootstrap
$this->context->loggedIn = true; $this->context->loggedIn = true;
} }
} }
if (!$this->context->loggedIn)
{
try
{
AuthController::tryAutoLogin();
}
catch (Exception $e)
{
}
}
if (empty($this->context->user)) if (empty($this->context->user))
{ {
$dummy = R::dispense('user'); $dummy = R::dispense('user');

65
src/Controllers/AuthController.php
View file

@ -1,6 +1,42 @@
<?php <?php
class AuthController class AuthController
{ {
public static function tryLogin($name, $password)
{
$config = \Chibi\Registry::getConfig();
$dbUser = R::findOne('user', 'name = ?', [$name]);
if ($dbUser === null)
throw new SimpleException('Invalid username');
$passwordHash = Model_User::hashPassword($password, $dbUser->pass_salt);
if ($passwordHash != $dbUser->pass_hash)
throw new SimpleException('Invalid password');
if (!$dbUser->staff_confirmed and $config->registration->staffActivation)
throw new SimpleException('Staff hasn\'t confirmed your registration yet');
if ($dbUser->banned)
throw new SimpleException('You are banned');
if ($config->registration->needEmailForRegistering)
PrivilegesHelper::confirmEmail($dbUser);
$_SESSION['user-id'] = $dbUser->id;
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
return $dbUser;
}
public static function tryAutoLogin()
{
if (!isset($_COOKIE['auth']))
return;
$token = TextHelper::decrypt($_COOKIE['auth']);
list ($name, $password) = array_map('base64_decode', explode('|', $token));
return self::tryLogin($name, $password);
}
/** /**
* @route /auth/login * @route /auth/login
*/ */
@ -17,29 +53,17 @@ class AuthController
return; return;
} }
if (InputHelper::get('submit'))
{
$suppliedName = InputHelper::get('name'); $suppliedName = InputHelper::get('name');
$suppliedPassword = InputHelper::get('password'); $suppliedPassword = InputHelper::get('password');
if ($suppliedName !== null and $suppliedPassword !== null) $dbUser = self::tryLogin($suppliedName, $suppliedPassword);
if (InputHelper::get('remember'))
{ {
$dbUser = R::findOne('user', 'name = ?', [$suppliedName]); $token = implode('|', [base64_encode($suppliedName), base64_encode($suppliedPassword)]);
if ($dbUser === null) setcookie('auth', TextHelper::encrypt($token), time() + 365 * 24 * 3600, '/');
throw new SimpleException('Invalid username'); }
$suppliedPasswordHash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
if ($suppliedPasswordHash != $dbUser->pass_hash)
throw new SimpleException('Invalid password');
if (!$dbUser->staff_confirmed and $this->config->registration->staffActivation)
throw new SimpleException('Staff hasn\'t confirmed your registration yet');
if ($dbUser->banned)
throw new SimpleException('You are banned');
if ($this->config->registration->needEmailForRegistering)
PrivilegesHelper::confirmEmail($dbUser);
$_SESSION['user-id'] = $dbUser->id;
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
$this->context->transport->success = true; $this->context->transport->success = true;
} }
} }
@ -52,6 +76,7 @@ class AuthController
$this->context->viewName = null; $this->context->viewName = null;
$this->context->viewName = null; $this->context->viewName = null;
unset($_SESSION['user-id']); unset($_SESSION['user-id']);
setcookie('auth', false, 0, '/');
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index')); \Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
} }
} }

2
src/Controllers/UserController.php
View file

@ -483,7 +483,7 @@ class UserController
$this->context->suppliedPassword2 = $suppliedPassword2; $this->context->suppliedPassword2 = $suppliedPassword2;
$this->context->suppliedEmail = $suppliedEmail; $this->context->suppliedEmail = $suppliedEmail;
if ($suppliedName !== null) if (InputHelper::get('submit'))
{ {
$suppliedName = Model_User::validateUserName($suppliedName); $suppliedName = Model_User::validateUserName($suppliedName);

18
src/Helpers/TextHelper.php
View file

@ -149,4 +149,22 @@ class TextHelper
$output = preg_replace('{</?p>}', '', $output); $output = preg_replace('{</?p>}', '', $output);
return $output; return $output;
} }
public static function encrypt($text)
{
$salt = \Chibi\Registry::getConfig()->main->salt;
$alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_ECB;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
return trim(base64_encode(mcrypt_encrypt($alg, $salt, $text, $mode, $iv)));
}
public static function decrypt($text)
{
$salt = \Chibi\Registry::getConfig()->main->salt;
$alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_ECB;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
return trim(mcrypt_decrypt($alg, $salt, base64_decode($text), $mode, $iv));
}
} }

2
src/Models/Model_User.php
View file

@ -153,7 +153,7 @@ class Model_User extends RedBean_SimpleModel
public static function hashPassword($pass, $salt2) public static function hashPassword($pass, $salt2)
{ {
$salt1 = \Chibi\Registry::getConfig()->registration->salt; $salt1 = \Chibi\Registry::getConfig()->main->salt;
return sha1($salt1 . $salt2 . $pass); return sha1($salt1 . $salt2 . $pass);
} }

10
src/Views/auth-login.phtml
View file

@ -13,10 +13,20 @@
<div class="input-wrapper"><input type="password" id="password" name="password"/></div> <div class="input-wrapper"><input type="password" id="password" name="password"/></div>
</div> </div>
<div>
<label class="left">&nbsp;</label>
<div class="input-wrapper">
<input type="checkbox" name="remember" value="1"/>
Remember me
</div>
</div>
<?php if (isset($this->context->transport->errorMessage)): ?> <?php if (isset($this->context->transport->errorMessage)): ?>
<p class="alert alert-error">Error: <?php echo $this->context->transport->errorMessage ?></p> <p class="alert alert-error">Error: <?php echo $this->context->transport->errorMessage ?></p>
<?php endif ?> <?php endif ?>
<input type="hidden" name="submit" value="1"/>
<div> <div>
<label class="left"></label> <label class="left"></label>
<button type="submit">Log in</button> <button type="submit">Log in</button>

2
src/Views/user-registration.phtml
View file

@ -44,6 +44,8 @@
</div> </div>
<?php endif ?> <?php endif ?>
<input type="hidden" name="submit" value="1"/>
<div> <div>
<label class="left"></label> <label class="left"></label>
<button type="submit">Register</button> <button type="submit">Register</button>