ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Closed #45

Browse source
This commit is contained in:
Marcin Kurczewski 2013-10-22 11:40:10 +02:00
parent 739e5d3b5d
commit 18097b6192
8 changed files with 89 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.ini
View file

@ -10,6 +10,7 @@ mediaPath=./public_html/media/
title=szurubooru
featuredPostMaxDays=7
debugQueries=0
salt = "1A2/$_4xVa"
[browsing]
usersPerPage=8
@ -32,7 +33,6 @@ passRegex = "/^.+$/"
userNameMinLength = 3
userNameMaxLength = 20
userNameRegex = "/^[\w_-]+$/ui"
salt = "1A2/$_4xVa"
needEmailForRegistering = 1
needEmailForCommenting = 0

10
src/Bootstrap.php
View file

@ -12,6 +12,16 @@ class Bootstrap
$this->context->loggedIn = true;
}
}
if (!$this->context->loggedIn)
{
try
{
AuthController::tryAutoLogin();
}
catch (Exception $e)
{
}
}
if (empty($this->context->user))
{
$dummy = R::dispense('user');

65
src/Controllers/AuthController.php
View file

@ -1,6 +1,42 @@
<?php
class AuthController
{
public static function tryLogin($name, $password)
{
$config = \Chibi\Registry::getConfig();
$dbUser = R::findOne('user', 'name = ?', [$name]);
if ($dbUser === null)
throw new SimpleException('Invalid username');
$passwordHash = Model_User::hashPassword($password, $dbUser->pass_salt);
if ($passwordHash != $dbUser->pass_hash)
throw new SimpleException('Invalid password');
if (!$dbUser->staff_confirmed and $config->registration->staffActivation)
throw new SimpleException('Staff hasn\'t confirmed your registration yet');
if ($dbUser->banned)
throw new SimpleException('You are banned');
if ($config->registration->needEmailForRegistering)
PrivilegesHelper::confirmEmail($dbUser);
$_SESSION['user-id'] = $dbUser->id;
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
return $dbUser;
}
public static function tryAutoLogin()
{
if (!isset($_COOKIE['auth']))
return;
$token = TextHelper::decrypt($_COOKIE['auth']);
list ($name, $password) = array_map('base64_decode', explode('|', $token));
return self::tryLogin($name, $password);
}
/**
* @route /auth/login
*/
@ -17,29 +53,17 @@ class AuthController
return;
}
if (InputHelper::get('submit'))
{
$suppliedName = InputHelper::get('name');
$suppliedPassword = InputHelper::get('password');
if ($suppliedName !== null and $suppliedPassword !== null)
$dbUser = self::tryLogin($suppliedName, $suppliedPassword);
if (InputHelper::get('remember'))
{
$dbUser = R::findOne('user', 'name = ?', [$suppliedName]);
if ($dbUser === null)
throw new SimpleException('Invalid username');
$suppliedPasswordHash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
if ($suppliedPasswordHash != $dbUser->pass_hash)
throw new SimpleException('Invalid password');
if (!$dbUser->staff_confirmed and $this->config->registration->staffActivation)
throw new SimpleException('Staff hasn\'t confirmed your registration yet');
if ($dbUser->banned)
throw new SimpleException('You are banned');
if ($this->config->registration->needEmailForRegistering)
PrivilegesHelper::confirmEmail($dbUser);
$_SESSION['user-id'] = $dbUser->id;
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
$token = implode('|', [base64_encode($suppliedName), base64_encode($suppliedPassword)]);
setcookie('auth', TextHelper::encrypt($token), time() + 365 * 24 * 3600, '/');
}
$this->context->transport->success = true;
}
}
@ -52,6 +76,7 @@ class AuthController
$this->context->viewName = null;
$this->context->viewName = null;
unset($_SESSION['user-id']);
setcookie('auth', false, 0, '/');
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
}
}

2
src/Controllers/UserController.php
View file

@ -483,7 +483,7 @@ class UserController
$this->context->suppliedPassword2 = $suppliedPassword2;
$this->context->suppliedEmail = $suppliedEmail;
if ($suppliedName !== null)
if (InputHelper::get('submit'))
{
$suppliedName = Model_User::validateUserName($suppliedName);

18
src/Helpers/TextHelper.php
View file

@ -149,4 +149,22 @@ class TextHelper
$output = preg_replace('{</?p>}', '', $output);
return $output;
}
public static function encrypt($text)
{
$salt = \Chibi\Registry::getConfig()->main->salt;
$alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_ECB;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
return trim(base64_encode(mcrypt_encrypt($alg, $salt, $text, $mode, $iv)));
}
public static function decrypt($text)
{
$salt = \Chibi\Registry::getConfig()->main->salt;
$alg = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_ECB;
$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg, $mode), MCRYPT_RAND);
return trim(mcrypt_decrypt($alg, $salt, base64_decode($text), $mode, $iv));
}
}

2
src/Models/Model_User.php
View file

@ -153,7 +153,7 @@ class Model_User extends RedBean_SimpleModel
public static function hashPassword($pass, $salt2)
{
$salt1 = \Chibi\Registry::getConfig()->registration->salt;
$salt1 = \Chibi\Registry::getConfig()->main->salt;
return sha1($salt1 . $salt2 . $pass);
}

10
src/Views/auth-login.phtml
View file

@ -13,10 +13,20 @@
<div class="input-wrapper"><input type="password" id="password" name="password"/></div>
</div>
<div>
<label class="left">&nbsp;</label>
<div class="input-wrapper">
<input type="checkbox" name="remember" value="1"/>
Remember me
</div>
</div>
<?php if (isset($this->context->transport->errorMessage)): ?>
<p class="alert alert-error">Error: <?php echo $this->context->transport->errorMessage ?></p>
<?php endif ?>
<input type="hidden" name="submit" value="1"/>
<div>
<label class="left"></label>
<button type="submit">Log in</button>

2
src/Views/user-registration.phtml
View file

@ -44,6 +44,8 @@
</div>
<?php endif ?>
<input type="hidden" name="submit" value="1"/>
<div>
<label class="left"></label>
<button type="submit">Register</button>