summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config.php7
-rw-r--r--inc/db.inc.php54
-rw-r--r--inc/message.inc.php15
-rw-r--r--inc/session.inc.php6
-rw-r--r--inc/user.inc.php25
-rw-r--r--index.php1
-rw-r--r--modules/adduser.inc.php41
-rw-r--r--style/default.css10
-rw-r--r--templates/page-adduser.html28
-rw-r--r--templates/page-login.html3
-rw-r--r--templates/page-main.html7
11 files changed, 178 insertions, 19 deletions
diff --git a/config.php b/config.php
index 910c14dd..262ed508 100644
--- a/config.php
+++ b/config.php
@@ -3,3 +3,10 @@
define('CONFIG_SESSION_DIR', '/tmp/openslx');
define('CONFIG_SESSION_TIMEOUT', 86400);
+//define('CONFIG_SQL_BACKEND', 'mysql');
+//define('CONFIG_SQL_HOST', 'localhost');
+define('CONFIG_SQL_DSN', 'mysql:dbname=openslx;host=localhost');
+define('CONFIG_SQL_USER', 'openslx');
+define('CONFIG_SQL_PASS', 'geheim');
+//define('CONFIG_SQL_DB', 'openslx');
+
diff --git a/inc/db.inc.php b/inc/db.inc.php
new file mode 100644
index 00000000..09341a07
--- /dev/null
+++ b/inc/db.inc.php
@@ -0,0 +1,54 @@
+<?php
+
+class Database
+{
+ private static $dbh = false;
+ private static $statements = array();
+
+ public static function init()
+ {
+ if (self::$dbh !== false) return;
+ try {
+ self::$dbh = new PDO(CONFIG_SQL_DSN, CONFIG_SQL_USER, CONFIG_SQL_PASS, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
+ } catch (PDOException $e) {
+ Util::traceError('Connecting to the local database failed: ' . $e->getMessage());
+ }
+ }
+
+ public static function queryFirst($query, $args = array())
+ {
+ $res = self::simpleQuery($query, $args);
+ if ($res === false) return false;
+ return $res->fetch(PDO::FETCH_ASSOC);
+ }
+
+ public static function exec($query, $args = array())
+ {
+ $res = self::simpleQuery($query, $args);
+ if ($res === false) return false;
+ return $res->rowCount();
+ }
+
+ public static function simpleQuery($query, $args = array())
+ {
+ self::init();
+ //if (empty($args)) Util::traceError('Query with zero arguments!');
+ if (!isset(self::$statements[$query])) {
+ self::$statements[$query] = self::$dbh->prepare($query);
+ } else {
+ self::$statements[$query]->closeCursor();
+ }
+ if (self::$statements[$query]->execute($args) === false) {
+ Util::traceError("Database Error: \n" . implode("\n", self::$statements[$query]->errorInfo()));
+ }
+ return self::$statements[$query];
+ }
+
+ public static function prepare($query)
+ {
+ self:init();
+ return self::$dbh->prepare($query);
+ }
+
+}
+
diff --git a/inc/message.inc.php b/inc/message.inc.php
index 238ed939..b24bf2a1 100644
--- a/inc/message.inc.php
+++ b/inc/message.inc.php
@@ -2,13 +2,18 @@
// TODO: Move to extra file
$error_text = array(
- 'loginfail' => 'Benutzername oder Kennwort falsch',
- 'token' => 'Ungültiges Token. CSRF Angriff?',
+ 'loginfail' => 'Benutzername oder Kennwort falsch',
+ 'token' => 'Ungültiges Token. CSRF Angriff?',
+ 'adduser-disabled' => 'Keine ausreichenden Rechte, um weitere Benutzer hinzuzufügen',
+ 'password-mismatch' => 'Passwort und Passwortbestätigung stimmen nicht überein',
+ 'empty-field' => 'Ein benötigtes Feld wurde nicht ausgefüllt',
+ 'adduser-success' => 'Benutzer erfolgreich hinzugefügt',
);
class Message
{
private static $list = array();
+ private static $flushed = false;
public static function addError($id)
{
@@ -16,6 +21,7 @@ class Message
'type' => 'error',
'id' => $id
);
+ if (self::$flushed) self::renderList();
}
public static function addWarning($id)
@@ -24,6 +30,7 @@ class Message
'type' => 'warning',
'id' => $id
);
+ if (self::$flushed) self::renderList();
}
public static function addInfo($id)
@@ -32,6 +39,7 @@ class Message
'type' => 'info',
'id' => $id
);
+ if (self::$flushed) self::renderList();
}
public static function addSuccess($id)
@@ -40,6 +48,7 @@ class Message
'type' => 'success',
'id' => $id
);
+ if (self::$flushed) self::renderList();
}
public static function renderList()
@@ -48,6 +57,8 @@ class Message
foreach (self::$list as $item) {
Render::addTemplate('messagebox-' . $item['type'], array('message' => $error_text[$item['id']]));
}
+ self::$list = array();
+ self::$flushed = true;
}
}
diff --git a/inc/session.inc.php b/inc/session.inc.php
index 4b4d4139..402e6cd9 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -19,19 +19,21 @@ class Session
. $_SERVER['REMOTE_ADDR']
. mt_rand(0, 65535)
. $_SERVER['REMOTE_PORT']
+ . mt_rand(0, 65535)
. $_SERVER['HTTP_USER_AGENT']
+ . mt_rand(0, 65535)
. microtime(true)
. mt_rand(0, 65535)
);
}
- public static function createSession()
+ public static function create()
{
self::generateSessionId();
self::$data = array();
}
- public static function loadSession()
+ public static function load()
{
// Try to load session id from cookie
if (!self::loadSessionId()) return false;
diff --git a/inc/user.inc.php b/inc/user.inc.php
index f10a4f65..b988bbeb 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -14,13 +14,16 @@ class User
public static function getName()
{
if (self::$user === false) return false;
- return self::$user['name'];
+ return self::$user['fullname'];
}
public static function load()
{
- if (Session::loadSession()) {
- self::$user['name'] = 'Hans';
+ if (Session::load()) {
+ $uid = Session::get('uid');
+ if ($uid === false || $uid < 1) self::logout();
+ self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid));
+ if (self::$user === false) self::logout();
return true;
}
return false;
@@ -28,14 +31,14 @@ class User
public static function login($user, $pass)
{
- if ($user == 'test' && $pass == 'test') {
- Session::createSession();;
- Session::set('uid', 1);
- Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
- Session::save();
- return true;
- }
- return false;
+ $ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
+ if ($ret === false) return false;
+ if (crypt($pass, $ret['passwd']) !== $ret['passwd']) return false;
+ Session::create();
+ Session::set('uid', $ret['userid']);
+ Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
+ Session::save();
+ return true;
}
public static function logout()
diff --git a/index.php b/index.php
index ec1f96fd..5e4262c4 100644
--- a/index.php
+++ b/index.php
@@ -7,6 +7,7 @@ require_once('inc/render.inc.php');
require_once('inc/menu.inc.php');
require_once('inc/util.inc.php');
require_once('inc/message.inc.php');
+require_once('inc/db.inc.php');
if (empty($_REQUEST['do'])) {
// No specific module - set default
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php
new file mode 100644
index 00000000..7e03b040
--- /dev/null
+++ b/modules/adduser.inc.php
@@ -0,0 +1,41 @@
+<?php
+
+User::load();
+
+if (isset($_POST['action']) && $_POST['action'] === 'adduser') {
+ // Check required fields
+ if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) {
+ Message::addError('empty-field');
+ } elseif ($_POST['pass1'] !== $_POST['pass2']) {
+ Message::addError('password-mismatch');
+ } else {
+ $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
+ $data = array(
+ 'user' => $_POST['user'],
+ 'pass' => crypt($_POST['pass1'], '$6$' . $salt),
+ 'fullname' => $_POST['fullname'],
+ 'phone' => $_POST['phone'],
+ 'email' => $_POST['email'],
+ );
+ if (strlen($data['pass']) < 50) Util::traceError('Error hashing password using SHA-512');
+ if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) {
+ Util::traceError('Could not create new user in DB');
+ }
+ $adduser_success = true;
+ }
+}
+
+function render_module()
+{
+ if (isset($adduser_success)) {
+ Message::addInfo('adduser-success');
+ return;
+ }
+ if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
+ Message::addError('adduser-disabled');
+ } else {
+ Render::setTitle('Benutzer anlegen');
+ Render::addTemplate('page-adduser', $_POST);
+ }
+}
+
diff --git a/style/default.css b/style/default.css
index 052fa0b1..f90d96de 100644
--- a/style/default.css
+++ b/style/default.css
@@ -7,6 +7,11 @@ body {
padding: 15px;
margin: 0 auto;
}
+.form-adduser {
+ max-width: 600px;
+ padding: 10px;
+ margin: 0 auto;
+}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
@@ -14,7 +19,8 @@ body {
.form-signin .checkbox {
font-weight: normal;
}
-.form-signin .form-control {
+.form-signin .form-control,
+.form-adduser .form-control {
position: relative;
font-size: 16px;
height: auto;
@@ -23,7 +29,7 @@ body {
-moz-box-sizing: border-box;
box-sizing: border-box;
}
-.form-signin .form-control:focus {
+.form-control:focus {
z-index: 2;
}
.form-signin input[type="text"] {
diff --git a/templates/page-adduser.html b/templates/page-adduser.html
new file mode 100644
index 00000000..8fca8610
--- /dev/null
+++ b/templates/page-adduser.html
@@ -0,0 +1,28 @@
+<div class="container">
+ <form class="form-adduser" action="?do=adduser" method="post">
+ <h2 class="form-signin-heading">Benutzer anlegen</h2>
+ <div class="row">
+ <div class="col-md-4">Benutzerkennung</div>
+ <div class="col-md-4"><input type="text" name="user" value="{{user}}" class="form-control" placeholder="Benutzerkennung" autofocus></div>
+ </div>
+ <div class="row">
+ <div class="col-md-4">Passwort</div>
+ <div class="col-md-4"><input type="password" name="pass1" class="form-control" placeholder="Passwort"></div>
+ <div class="col-md-4"><input type="password" name="pass2" class="form-control" placeholder="Wiederholen"></div>
+ </div>
+ <div class="row">
+ <div class="col-md-4">Vollständiger Name</div>
+ <div class="col-md-4"><input type="text" name="fullname" value="{{fullname}}" class="form-control" placeholder="Max Mustermann"></div>
+ </div>
+ <div class="row">
+ <div class="col-md-4">Telefon</div>
+ <div class="col-md-4"><input type="text" name="phone" value="{{phone}}" class="form-control" placeholder="Durchwahl"></div>
+ </div>
+ <div class="row">
+ <div class="col-md-4">E-Mail</div>
+ <div class="col-md-4"><input type="text" name="email" value="{{email}}" class="form-control" placeholder="spam@aol.com"></div>
+ </div>
+ <button class="btn btn-lg btn-primary btn-block" type="submit">Benutzer anlegen</button>
+ <input type="hidden" name="action" value="adduser">
+ </form>
+</div>
diff --git a/templates/page-login.html b/templates/page-login.html
index 4c2e7220..8fad084d 100644
--- a/templates/page-login.html
+++ b/templates/page-login.html
@@ -1,12 +1,13 @@
<div class="container">
<form class="form-signin" action="?do=session" method="post">
<h2 class="form-signin-heading">Anmeldung</h2>
- <input type="text" name="user" class="form-control" placeholder="Benutzername" autofocus>
+ <input type="text" name="user" class="form-control" placeholder="Benutzerkennung" autofocus>
<input type="password" name="pass" class="form-control" placeholder="Passwort">
<label class="checkbox">
<input type="checkbox" name="remember" value="remember-me"> Angemeldet bleiben
</label>
<button class="btn btn-lg btn-primary btn-block" type="submit">Anmelden</button>
+ <a class="btn btn-lg btn-primary btn-block" href="">Registrieren</a>
<input type="hidden" name="action" value="login">
</form>
</div>
diff --git a/templates/page-main.html b/templates/page-main.html
index 3cb64449..f7c0bfa3 100644
--- a/templates/page-main.html
+++ b/templates/page-main.html
@@ -1 +1,6 @@
-<h1>Willkommen, {{user}}</h1>
+<div class="jumbotron">
+ <h1>Willkommen, {{user}}</h1>
+ <p>Du hast es geschafft. dich einzuloggen. Starker Typ!</p>
+ <p>Du bist der Beste! Du bist der Größte! Ein Hoch auf {{user}}!</p>
+</div>
+
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-10 23:53:48 +0200