Finish login
This commit is contained in:
marc-go
46
api/login/getcookies.php
Normal file
46
api/login/getcookies.php
Normal file
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
require "../../main.php";
|
||||
|
||||
$mcServ = new mcServ();
|
||||
$db = $mcServ->getDB();
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
if (!isset($_POST["username"]) || !isset($_POST["passwd"])) {
|
||||
die("Username or Password are missing");
|
||||
}
|
||||
|
||||
$user = $_POST["username"];
|
||||
$passwd = hash("sha256", $_POST["passwd"]);
|
||||
|
||||
$sql = "SELECT username, passwd FROM users WHERE username = :username AND passwd = :passwd";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->execute([
|
||||
':username' => $user,
|
||||
':passwd' => $passwd
|
||||
]);
|
||||
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result) {
|
||||
$config = $mcServ->getConf();
|
||||
|
||||
$session["session_id"] = $mcServ->generateSessionID();
|
||||
$device_id = rand(1, 999);
|
||||
|
||||
$json[$device_id] = json_encode($session);
|
||||
|
||||
file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $admin_user . ".json", json_encode($json));
|
||||
|
||||
setcookie("session_id", $session["session_id"], time() + 3600, "/");
|
||||
setcookie("device_id", $device_id, time() + 3600, "/");
|
||||
setcookie("username", $user, time() + 3600, "/");
|
||||
|
||||
header("Location: /admin");
|
||||
exit;
|
||||
|
||||
}else{
|
||||
header("Location: /login.php?passwdIsFalse=true");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -1,10 +1,6 @@
|
||||
<?php
|
||||
require "../../main.php";
|
||||
|
||||
ini_set("display_errors", 1);
|
||||
ini_set("display_startup_errors", 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
$admin_user = $_POST["admin_user"];
|
||||
$admin_mail = $_POST["admin_mail"];
|
||||
$admin_passwd_1 = $_POST["admin_passwd_1"];
|
||||
|
||||
@@ -51,6 +51,10 @@ a {
|
||||
color: #000000;
|
||||
}
|
||||
|
||||
.message_red {
|
||||
color: red;
|
||||
}
|
||||
|
||||
input {
|
||||
border: 1px solid #e0e0e0;
|
||||
width: 200px;
|
||||
|
||||
@@ -20,8 +20,8 @@ if (!$mcServ->checkConf()) {
|
||||
}
|
||||
|
||||
if (!$mcServ->checkLogin()) {
|
||||
/*header("Location: /login.php");
|
||||
exit;*/
|
||||
header("Location: /login.php");
|
||||
exit;
|
||||
}else{
|
||||
echo "angemeldet";
|
||||
}
|
||||
|
||||
@@ -1,7 +1,13 @@
|
||||
<?php
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
if (!isset($_POST["username"]) || !isset($_GET["passwd"])) {
|
||||
die("Username or Password are missing");
|
||||
require "../main.php";
|
||||
|
||||
$mcServ = new mcServ();
|
||||
|
||||
if (isset($_GET["action"])) {
|
||||
if ($_GET["action"] == "logout") {
|
||||
setcookie("username", "", time() - 3600, "/");
|
||||
setcookie("session_id", "", time() - 3600, "/");
|
||||
setcookie("device_id", "", time() - 3600, "/");
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -20,10 +26,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
<h2>Login</h2>
|
||||
</div>
|
||||
<div class="content">
|
||||
<form action="/api/setup/setup.php" method="post">
|
||||
<div id="admin_user" class="page">
|
||||
<form action="/api/login/getcookies.php" method="post">
|
||||
<div class="page">
|
||||
<a href="/resetpasswd.php">Forget Passwort?</a>
|
||||
|
||||
<?php
|
||||
if (isset($_GET["passwdIsFalse"])) {
|
||||
echo '<p class="message_red">Invalid username or password</p>';
|
||||
}
|
||||
?>
|
||||
|
||||
<input type="text" name="username" placeholder="Username" id="user" required><br><br>
|
||||
<input type="password" name="passwd" placeholder="Password" id="passwd" required><br><br>
|
||||
|
||||
|
||||
12
main.php
12
main.php
@@ -29,7 +29,6 @@ class mcServ {
|
||||
|
||||
public function checkLogin() {
|
||||
if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"])) {
|
||||
echo "Keine Cookies gesetzt";
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -38,20 +37,27 @@ class mcServ {
|
||||
$json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true);
|
||||
|
||||
if (!isset($json[$_COOKIE["device_id"]])) {
|
||||
echo "Device ID gibt es nicht im JSON";
|
||||
return false;
|
||||
}
|
||||
|
||||
$device = json_decode($json[$_COOKIE["device_id"]], true);
|
||||
|
||||
if ($device["session_id"] !== $_COOKIE["session_id"]) {
|
||||
echo "Session IDs stimmen nicht überein";
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getDB() {
|
||||
$config = $this->getConf();
|
||||
|
||||
$db = new PDO("sqlite:" . $config["DB_PATH"]);
|
||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
|
||||
return $db;
|
||||
}
|
||||
|
||||
public function generateSessionID() {
|
||||
$num = rand(1, 999999);
|
||||
$hash = hash("sha256", $num);
|
||||
|
||||
Reference in New Issue
Block a user