diff options
author | Simon Rettberg | 2013-10-28 18:29:29 +0100 |
---|---|---|
committer | Simon Rettberg | 2013-10-28 18:29:29 +0100 |
commit | 160880836462e277c77427e71a2ba97a2ad17184 (patch) | |
tree | 656a2199846bb762c91fdfdebe30c54fd36b21c4 | |
parent | Show different content on main page depending on logged in/guest status (diff) | |
download | slx-admin-160880836462e277c77427e71a2ba97a2ad17184.tar.gz slx-admin-160880836462e277c77427e71a2ba97a2ad17184.tar.xz slx-admin-160880836462e277c77427e71a2ba97a2ad17184.zip |
DB-Support, add user functionality
-rw-r--r-- | config.php | 7 | ||||
-rw-r--r-- | inc/db.inc.php | 54 | ||||
-rw-r--r-- | inc/message.inc.php | 15 | ||||
-rw-r--r-- | inc/session.inc.php | 6 | ||||
-rw-r--r-- | inc/user.inc.php | 25 | ||||
-rw-r--r-- | index.php | 1 | ||||
-rw-r--r-- | modules/adduser.inc.php | 41 | ||||
-rw-r--r-- | style/default.css | 10 | ||||
-rw-r--r-- | templates/page-adduser.html | 28 | ||||
-rw-r--r-- | templates/page-login.html | 3 | ||||
-rw-r--r-- | templates/page-main.html | 7 |
11 files changed, 178 insertions, 19 deletions
@@ -3,3 +3,10 @@ define('CONFIG_SESSION_DIR', '/tmp/openslx'); define('CONFIG_SESSION_TIMEOUT', 86400); +//define('CONFIG_SQL_BACKEND', 'mysql'); +//define('CONFIG_SQL_HOST', 'localhost'); +define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost'); +define('CONFIG_SQL_USER', 'openslx'); +define('CONFIG_SQL_PASS', 'geheim'); +//define('CONFIG_SQL_DB', 'openslx'); + diff --git a/inc/db.inc.php b/inc/db.inc.php new file mode 100644 index 00000000..09341a07 --- /dev/null +++ b/inc/db.inc.php @@ -0,0 +1,54 @@ +<?php + +class Database +{ + private static $dbh = false; + private static $statements = array(); + + public static function init() + { + if (self::$dbh !== false) return; + try { + self::$dbh = new PDO(CONFIG_SQL_DSN, CONFIG_SQL_USER, CONFIG_SQL_PASS, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")); + } catch (PDOException $e) { + Util::traceError('Connecting to the local database failed: ' . $e->getMessage()); + } + } + + public static function queryFirst($query, $args = array()) + { + $res = self::simpleQuery($query, $args); + if ($res === false) return false; + return $res->fetch(PDO::FETCH_ASSOC); + } + + public static function exec($query, $args = array()) + { + $res = self::simpleQuery($query, $args); + if ($res === false) return false; + return $res->rowCount(); + } + + public static function simpleQuery($query, $args = array()) + { + self::init(); + //if (empty($args)) Util::traceError('Query with zero arguments!'); + if (!isset(self::$statements[$query])) { + self::$statements[$query] = self::$dbh->prepare($query); + } else { + self::$statements[$query]->closeCursor(); + } + if (self::$statements[$query]->execute($args) === false) { + Util::traceError("Database Error: \n" . implode("\n", self::$statements[$query]->errorInfo())); + } + return self::$statements[$query]; + } + + public static function prepare($query) + { + self:init(); + return self::$dbh->prepare($query); + } + +} + diff --git a/inc/message.inc.php b/inc/message.inc.php index 238ed939..b24bf2a1 100644 --- a/inc/message.inc.php +++ b/inc/message.inc.php @@ -2,13 +2,18 @@ // TODO: Move to extra file $error_text = array( - 'loginfail' => 'Benutzername oder Kennwort falsch', - 'token' => 'Ungültiges Token. CSRF Angriff?', + 'loginfail' => 'Benutzername oder Kennwort falsch', + 'token' => 'Ungültiges Token. CSRF Angriff?', + 'adduser-disabled' => 'Keine ausreichenden Rechte, um weitere Benutzer hinzuzufügen', + 'password-mismatch' => 'Passwort und Passwortbestätigung stimmen nicht überein', + 'empty-field' => 'Ein benötigtes Feld wurde nicht ausgefüllt', + 'adduser-success' => 'Benutzer erfolgreich hinzugefügt', ); class Message { private static $list = array(); + private static $flushed = false; public static function addError($id) { @@ -16,6 +21,7 @@ class Message 'type' => 'error', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addWarning($id) @@ -24,6 +30,7 @@ class Message 'type' => 'warning', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addInfo($id) @@ -32,6 +39,7 @@ class Message 'type' => 'info', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addSuccess($id) @@ -40,6 +48,7 @@ class Message 'type' => 'success', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function renderList() @@ -48,6 +57,8 @@ class Message foreach (self::$list as $item) { Render::addTemplate('messagebox-' . $item['type'], array('message' => $error_text[$item['id']])); } + self::$list = array(); + self::$flushed = true; } } diff --git a/inc/session.inc.php b/inc/session.inc.php index 4b4d4139..402e6cd9 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -19,19 +19,21 @@ class Session . $_SERVER['REMOTE_ADDR'] . mt_rand(0, 65535) . $_SERVER['REMOTE_PORT'] + . mt_rand(0, 65535) . $_SERVER['HTTP_USER_AGENT'] + . mt_rand(0, 65535) . microtime(true) . mt_rand(0, 65535) ); } - public static function createSession() + public static function create() { self::generateSessionId(); self::$data = array(); } - public static function loadSession() + public static function load() { // Try to load session id from cookie if (!self::loadSessionId()) return false; diff --git a/inc/user.inc.php b/inc/user.inc.php index f10a4f65..b988bbeb 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -14,13 +14,16 @@ class User public static function getName() { if (self::$user === false) return false; - return self::$user['name']; + return self::$user['fullname']; } public static function load() { - if (Session::loadSession()) { - self::$user['name'] = 'Hans'; + if (Session::load()) { + $uid = Session::get('uid'); + if ($uid === false || $uid < 1) self::logout(); + self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid)); + if (self::$user === false) self::logout(); return true; } return false; @@ -28,14 +31,14 @@ class User public static function login($user, $pass) { - if ($user == 'test' && $pass == 'test') { - Session::createSession();; - Session::set('uid', 1); - Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'])); - Session::save(); - return true; - } - return false; + $ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); + if ($ret === false) return false; + if (crypt($pass, $ret['passwd']) !== $ret['passwd']) return false; + Session::create(); + Session::set('uid', $ret['userid']); + Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'])); + Session::save(); + return true; } public static function logout() @@ -7,6 +7,7 @@ require_once('inc/render.inc.php'); require_once('inc/menu.inc.php'); require_once('inc/util.inc.php'); require_once('inc/message.inc.php'); +require_once('inc/db.inc.php'); if (empty($_REQUEST['do'])) { // No specific module - set default diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php new file mode 100644 index 00000000..7e03b040 --- /dev/null +++ b/modules/adduser.inc.php @@ -0,0 +1,41 @@ +<?php + +User::load(); + +if (isset($_POST['action']) && $_POST['action'] === 'adduser') { + // Check required fields + if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) { + Message::addError('empty-field'); + } elseif ($_POST['pass1'] !== $_POST['pass2']) { + Message::addError('password-mismatch'); + } else { + $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22); + $data = array( + 'user' => $_POST['user'], + 'pass' => crypt($_POST['pass1'], '$6$' . $salt), + 'fullname' => $_POST['fullname'], + 'phone' => $_POST['phone'], + 'email' => $_POST['email'], + ); + if (strlen($data['pass']) < 50) Util::traceError('Error hashing password using SHA-512'); + if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { + Util::traceError('Could not create new user in DB'); + } + $adduser_success = true; + } +} + +function render_module() +{ + if (isset($adduser_success)) { + Message::addInfo('adduser-success'); + return; + } + if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + } else { + Render::setTitle('Benutzer anlegen'); + Render::addTemplate('page-adduser', $_POST); + } +} + diff --git a/style/default.css b/style/default.css index 052fa0b1..f90d96de 100644 --- a/style/default.css +++ b/style/default.css @@ -7,6 +7,11 @@ body { padding: 15px; margin: 0 auto; } +.form-adduser { + max-width: 600px; + padding: 10px; + margin: 0 auto; +} .form-signin .form-signin-heading, .form-signin .checkbox { margin-bottom: 10px; @@ -14,7 +19,8 @@ body { .form-signin .checkbox { font-weight: normal; } -.form-signin .form-control { +.form-signin .form-control, +.form-adduser .form-control { position: relative; font-size: 16px; height: auto; @@ -23,7 +29,7 @@ body { -moz-box-sizing: border-box; box-sizing: border-box; } -.form-signin .form-control:focus { +.form-control:focus { z-index: 2; } .form-signin input[type="text"] { diff --git a/templates/page-adduser.html b/templates/page-adduser.html new file mode 100644 index 00000000..8fca8610 --- /dev/null +++ b/templates/page-adduser.html @@ -0,0 +1,28 @@ +<div class="container"> + <form class="form-adduser" action="?do=adduser" method="post"> + <h2 class="form-signin-heading">Benutzer anlegen</h2> + <div class="row"> + <div class="col-md-4">Benutzerkennung</div> + <div class="col-md-4"><input type="text" name="user" value="{{user}}" class="form-control" placeholder="Benutzerkennung" autofocus></div> + </div> + <div class="row"> + <div class="col-md-4">Passwort</div> + <div class="col-md-4"><input type="password" name="pass1" class="form-control" placeholder="Passwort"></div> + <div class="col-md-4"><input type="password" name="pass2" class="form-control" placeholder="Wiederholen"></div> + </div> + <div class="row"> + <div class="col-md-4">Vollständiger Name</div> + <div class="col-md-4"><input type="text" name="fullname" value="{{fullname}}" class="form-control" placeholder="Max Mustermann"></div> + </div> + <div class="row"> + <div class="col-md-4">Telefon</div> + <div class="col-md-4"><input type="text" name="phone" value="{{phone}}" class="form-control" placeholder="Durchwahl"></div> + </div> + <div class="row"> + <div class="col-md-4">E-Mail</div> + <div class="col-md-4"><input type="text" name="email" value="{{email}}" class="form-control" placeholder="spam@aol.com"></div> + </div> + <button class="btn btn-lg btn-primary btn-block" type="submit">Benutzer anlegen</button> + <input type="hidden" name="action" value="adduser"> + </form> +</div> diff --git a/templates/page-login.html b/templates/page-login.html index 4c2e7220..8fad084d 100644 --- a/templates/page-login.html +++ b/templates/page-login.html @@ -1,12 +1,13 @@ <div class="container"> <form class="form-signin" action="?do=session" method="post"> <h2 class="form-signin-heading">Anmeldung</h2> - <input type="text" name="user" class="form-control" placeholder="Benutzername" autofocus> + <input type="text" name="user" class="form-control" placeholder="Benutzerkennung" autofocus> <input type="password" name="pass" class="form-control" placeholder="Passwort"> <label class="checkbox"> <input type="checkbox" name="remember" value="remember-me"> Angemeldet bleiben </label> <button class="btn btn-lg btn-primary btn-block" type="submit">Anmelden</button> + <a class="btn btn-lg btn-primary btn-block" href="">Registrieren</a> <input type="hidden" name="action" value="login"> </form> </div> diff --git a/templates/page-main.html b/templates/page-main.html index 3cb64449..f7c0bfa3 100644 --- a/templates/page-main.html +++ b/templates/page-main.html @@ -1 +1,6 @@ -<h1>Willkommen, {{user}}</h1> +<div class="jumbotron"> + <h1>Willkommen, {{user}}</h1> + <p>Du hast es geschafft. dich einzuloggen. Starker Typ!</p> + <p>Du bist der Beste! Du bist der Größte! Ein Hoch auf {{user}}!</p> +</div> + |