196 lines
4.7 KiB
PHP
196 lines
4.7 KiB
PHP
<?php
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
|
|
require_once 'config.php';
|
|
|
|
if(!isset($config) || empty($config)){
|
|
die("<h1>Configuration error</h1><p>Copy the webdata/config.sample.php file to webdata/config.php and fill out your connection settings.</p>");
|
|
}
|
|
|
|
$projectRoot = $config["general"]["projectRoot"];
|
|
|
|
function database(){
|
|
global $config;
|
|
|
|
$db = new mysqli($config["db"]["host"], $config["db"]["user"], $config["db"]["pass"], $config["db"]["database"]);
|
|
|
|
if($db->connect_error){
|
|
die("Connection failed: " . $db->connect_error);
|
|
}
|
|
|
|
return $db;
|
|
}
|
|
|
|
function filter($data){
|
|
global $db;
|
|
|
|
if(gettype($data) !== "array"){
|
|
$data = trim(htmlentities(strip_tags($data)));
|
|
|
|
return $db->real_escape_string($data);
|
|
}
|
|
else if(gettype($data) == "array"){
|
|
foreach($data as $key => $value){
|
|
$data[$key] = filter($value);
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
function getHtmlHeaders($prepend = ""){
|
|
return "<meta charset='UTF-8'>
|
|
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
|
|
<meta name='viewport' content='width=device-width, initial-scale=1.0'>
|
|
|
|
<link rel='stylesheet' href='".$prepend."css/bootstrap.min.css' type='text/css' />
|
|
<link rel='stylesheet' href='".$prepend."css/index.css' type='text/css' />
|
|
|
|
<script src='".$prepend."js/jquery-3.5.1.min.js'></script>
|
|
<script src='".$prepend."js/popper.min.js'></script>
|
|
<script src='".$prepend."js/bootstrap.min.js'></script>
|
|
<!--<script src='".$prepend."js/hammer.js'></script>
|
|
<script src='".$prepend."js/hammer.jquery.js'></script>-->
|
|
\n";
|
|
}
|
|
|
|
function loginUser($email, $pass) {
|
|
global $db;
|
|
|
|
|
|
$err = [];
|
|
|
|
// get user from database
|
|
$getUserSQL = "SELECT pwd, user_id, user_email FROM user WHERE user_email = '$email' LIMIT 1;";
|
|
$getUserRes = $db->query($getUserSQL);
|
|
|
|
$dbPass = "missingPassword";
|
|
$dbUserId = 0;
|
|
$dbUserName = "Unknown";
|
|
|
|
if($getUserRes->num_rows == 1){
|
|
// Verify password
|
|
list($dbPass, $dbUserId, $dbUserName) = $getUserRes->fetch_row();
|
|
}
|
|
|
|
|
|
|
|
if(password_verify(PwdGen($pass), $dbPass)){
|
|
if(!isset($_SESSION)){
|
|
session_start();
|
|
}
|
|
else {
|
|
// session_regenerate_id(true);
|
|
session_regenerate_id();
|
|
}
|
|
|
|
$_SESSION['user_id'] = $dbUserId;
|
|
$_SESSION['user_name'] = $dbUserName;
|
|
$_SESSION['user_agent'] = md5($_SERVER['HTTP_USER_AGENT']);
|
|
$userKey = GenKey();
|
|
$updateUserSQL = "UPDATE user SET ctime = ".time().", ckey = '$userKey' WHERE user_id = $dbUserId;";
|
|
if($db->query($updateUserSQL)){
|
|
$_SESSION['user_key'] = sha1($userKey);
|
|
return true;
|
|
}
|
|
else {
|
|
$err[] = "Failed to login.\n".$db->error;
|
|
}
|
|
}
|
|
else {
|
|
$err[] = "Username and/or Password is wrong.";
|
|
}
|
|
|
|
return $err;
|
|
}
|
|
|
|
function PwdGen($pass, $returnHashed = false): string {
|
|
global $config;
|
|
|
|
$pepper = $config['general']['pepper'] ?? 'IAmBadAtSecurity';
|
|
$pwd_peppered = hash_hmac("sha256", $pass, $pepper);
|
|
if(!$returnHashed){
|
|
return $pwd_peppered;
|
|
}
|
|
|
|
return password_hash($pwd_peppered, PASSWORD_ARGON2ID, ['threads' => 2]);
|
|
}
|
|
|
|
function GenKey($length = 7): string{
|
|
$password = "";
|
|
$possible = "0123456789abcdefghijkmnopqrstuvwxyz";
|
|
|
|
$i = 0;
|
|
|
|
while($i < $length){
|
|
|
|
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
|
|
|
|
if(!strstr($password, $char)){
|
|
$password .= $char;
|
|
$i++;
|
|
}
|
|
}
|
|
|
|
return $password;
|
|
}
|
|
|
|
function checkLogin(): bool{
|
|
global $db, $_SESSION;
|
|
|
|
if($db == null){
|
|
$db = database();
|
|
}
|
|
|
|
if(!isset($_SESSION)){
|
|
session_start();
|
|
}
|
|
|
|
if(!isset($_SESSION['user_id'])){
|
|
return false;
|
|
}
|
|
|
|
if(md5($_SERVER['HTTP_USER_AGENT']) == @$_SESSION['user_agent']){
|
|
$verifyLoginRes = $db->query("SELECT ckey FROM user WHERE user_id = ".$_SESSION['user_id']);
|
|
list($cKey) = $verifyLoginRes->fetch_row();
|
|
if(sha1($cKey) == $_SESSION['user_key']){
|
|
return true;
|
|
}
|
|
}
|
|
|
|
unset($_SESSION['user_id']);
|
|
return false;
|
|
}
|
|
|
|
function requireLogin(): bool{
|
|
global $config;
|
|
if(checkLogin()){
|
|
return true;
|
|
}
|
|
|
|
$_SESSION['loginRef'] = $_SERVER['PHP_SELF'];
|
|
|
|
header("Location: ".$config["general"]["projectRoot"]."/login.php?return=".str_ireplace('index.php', '', $_SERVER['PHP_SELF']));
|
|
return false;
|
|
}
|
|
|
|
function checkLoginSimple(): bool {
|
|
global $_SESSION;
|
|
|
|
if(!isset($_SESSION)){
|
|
session_start();
|
|
$_SERVER['HTTP_REFERER'] = "";
|
|
}
|
|
|
|
if(isset($_SESSION['user_id'])){
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|