From a21e20b7a8db343129aa8713853358bdb77de939 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 2 Jan 2016 13:30:46 -0500 Subject: + Added model for new page master layer ("Common" MVC) --- app/model/common.mod.php | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 app/model/common.mod.php (limited to 'app') diff --git a/app/model/common.mod.php b/app/model/common.mod.php new file mode 100644 index 0000000..d4270d8 --- /dev/null +++ b/app/model/common.mod.php @@ -0,0 +1,9 @@ + -- cgit v1.2.3 From d9b61c6ab7124730e335a4b07474462cc0fe71e0 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 2 Jan 2016 14:27:40 -0500 Subject: + Adding initial view files for common MVC --- app/view/common/foot.view.php | 1 + app/view/common/head.view.php | 1 + app/view/common/topp.view.php | 1 + 3 files changed, 3 insertions(+) create mode 100644 app/view/common/foot.view.php create mode 100644 app/view/common/head.view.php create mode 100644 app/view/common/topp.view.php (limited to 'app') diff --git a/app/view/common/foot.view.php b/app/view/common/foot.view.php new file mode 100644 index 0000000..a24a145 --- /dev/null +++ b/app/view/common/foot.view.php @@ -0,0 +1 @@ + diff --git a/app/view/common/head.view.php b/app/view/common/head.view.php new file mode 100644 index 0000000..87cd37d --- /dev/null +++ b/app/view/common/head.view.php @@ -0,0 +1 @@ + diff --git a/app/view/common/topp.view.php b/app/view/common/topp.view.php new file mode 100644 index 0000000..40d9543 --- /dev/null +++ b/app/view/common/topp.view.php @@ -0,0 +1 @@ + -- cgit v1.2.3 From 5b9f9aa34f0fbfa4de741047c51d7ba46482b7e9 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 12:21:43 -0500 Subject: + Added controller for new MVC "Auth" --- app/controller/auth.control.php | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 app/controller/auth.control.php (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php new file mode 100644 index 0000000..00c71f6 --- /dev/null +++ b/app/controller/auth.control.php @@ -0,0 +1,33 @@ +action_default($mod); + break; + } + } + + function action_default($mod) + { + $mod->deflt(); + include "view/auth/default.view.php"; + } +} + +?> -- cgit v1.2.3 From 735230c9125314e5a185e82c57cac0ad2e11b996 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 12:47:30 -0500 Subject: + Added model for Auth MVC --- app/model/auth.mod.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 app/model/auth.mod.php (limited to 'app') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php new file mode 100644 index 0000000..9c356e2 --- /dev/null +++ b/app/model/auth.mod.php @@ -0,0 +1,15 @@ + -- cgit v1.2.3 From abb659a2753054158e9f7ec26271740a64a07e7d Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 15:49:33 -0500 Subject: * Hooked the Auth MVC from the Root controller --- app/controller/root.control.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'app') diff --git a/app/controller/root.control.php b/app/controller/root.control.php index 437cae1..b44ad76 100644 --- a/app/controller/root.control.php +++ b/app/controller/root.control.php @@ -2,6 +2,7 @@ require_once "class/controller.class.php"; require_once "controller/sysconf.control.php"; +require_once "controller/auth.control.php"; /* * Root-level controller for Scrott app. This object will delegate the page request to the @@ -27,8 +28,12 @@ class Root extends Controller } /* TODO */ + /* TODO -- only auth if logged out */ else - echo "Configuration is present!"; + { + $ctrl = new Auth(); + $ctrl->handle($argv); + } } /* -- cgit v1.2.3 From 9dc4095be9da030a40ecdc7528bcb02843037a05 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 15:53:46 -0500 Subject: + Adding default view for Auth MVC --- app/view/auth/default.view.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 app/view/auth/default.view.php (limited to 'app') diff --git a/app/view/auth/default.view.php b/app/view/auth/default.view.php new file mode 100644 index 0000000..8769aa2 --- /dev/null +++ b/app/view/auth/default.view.php @@ -0,0 +1,13 @@ + + + + + + Scrott - Login + + + + + + + -- cgit v1.2.3 From e0162feea3e4f7df36fdad5a6cf83fd37972aba9 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 3 Jan 2016 18:29:45 -0500 Subject: * Start of application navbar * Digested some example code --- app/view/common/head.view.php | 7 +++++++ app/view/common/topp.view.php | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+) (limited to 'app') diff --git a/app/view/common/head.view.php b/app/view/common/head.view.php index 87cd37d..b23ec18 100644 --- a/app/view/common/head.view.php +++ b/app/view/common/head.view.php @@ -1 +1,8 @@ + + diff --git a/app/view/common/topp.view.php b/app/view/common/topp.view.php index 40d9543..05e4862 100644 --- a/app/view/common/topp.view.php +++ b/app/view/common/topp.view.php @@ -1 +1,21 @@ + + -- cgit v1.2.3 From 50cd689b49148c47df60d92ce33340b9a4c516b7 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 26 Jan 2016 19:05:58 -0500 Subject: + Added a basic login page design --- app/view/auth/default.view.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'app') diff --git a/app/view/auth/default.view.php b/app/view/auth/default.view.php index 8769aa2..9bb1c47 100644 --- a/app/view/auth/default.view.php +++ b/app/view/auth/default.view.php @@ -8,6 +8,40 @@ + +
+
+
+ +
+
+
+
+ +

Login

+ +
+ + +
+ +
+ + +
+ + +
+
+
+
+ +
+
+
+ -- cgit v1.2.3 From 9ce26b55017a24f3cae5c20958f2d612273c2f60 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 26 Jan 2016 21:55:43 -0500 Subject: + Added function to User class to fetch all users from DB * Altered Auth MVC deflt action to return false if no users are found. This way, the Auth controller can automatically present user a page to create an admin account --- app/class/user.class.php | 16 ++++++++++++++++ app/model/auth.mod.php | 10 ++++++++++ 2 files changed, 26 insertions(+) (limited to 'app') diff --git a/app/class/user.class.php b/app/class/user.class.php index 8ef91ae..6004dc9 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -25,6 +25,22 @@ class User extends Object parent::__construct("user", $cols); $this->loadObj($guid); } + + /* + * Get all users -- ordered by name, ascending + */ + function getAllUsers_orderByName() + { + $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; + $result = $this->db->query($query); + + $users = array(); + + foreach ($result as $u) + $users[] = new User($u['guid']); + + return $users; + } } ?> diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9c356e2..9cd6b7c 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -1,6 +1,7 @@ getAllUsers_orderByName()) == 0) + return false; + + return true; } } -- cgit v1.2.3 From 67fb3eeb6d788b6f58d589757285a0e72a5ea3aa Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Wed, 27 Jan 2016 22:32:03 -0500 Subject: + Added view for account registration --- app/view/auth/signup.view.php | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 app/view/auth/signup.view.php (limited to 'app') diff --git a/app/view/auth/signup.view.php b/app/view/auth/signup.view.php new file mode 100644 index 0000000..273c174 --- /dev/null +++ b/app/view/auth/signup.view.php @@ -0,0 +1,60 @@ + + + + + + Scrott - Create Account + + + + + +
+ noaccounts)) { ?> +
+

Almost there....

+

Scrott's configuration is working, but no user accounts exist.
Use the form below to signup as an admin.

+
It is presumed that you are the administrator for this Scrott install.
There is a security risk involved with exposing this page to the public!
+
+ + +
+
+ +
+
+
+
+ +

Signup for Scrott

+ +
+ + +
+ +
+ + +
+ +
+ + +
+ + +
+
+
+
+ +
+
+
+ + + + -- cgit v1.2.3 From 635ceb4808624ad6676d43e83c1ff5a7d4341d36 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 28 Jan 2016 19:38:28 -0500 Subject: Add admin field to user table User accounts now have a field to denote whether they are site administrators. The first account created during app initial configuration is an admin automatically. --- app/class/user.class.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6004dc9..9a87b01 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -17,6 +17,7 @@ class User extends Object "key", "salt", "alias", + "admin", "email", "emailConf", "emailConfKey" -- cgit v1.2.3 From 3a111ed74e89e9634e5baf4375625acc6ad262e6 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Thu, 28 Jan 2016 20:39:47 -0500 Subject: Finish signup and initialSignup actions on Auth MVC If no accounts exist no login page will be shown. Instead, the app presents the signup page to allow the administrator to create his account. This is the only case where a new account should be an admin by default. --- app/controller/auth.control.php | 22 ++++++++++++++++++++-- app/model/auth.mod.php | 15 +++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 00c71f6..7fafd11 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -17,6 +17,10 @@ class Auth extends Controller switch ($_REQUEST['input']['action']) { + case "signup": + $this->action_signup($mod); + break; + default: $this->action_default($mod); break; @@ -25,8 +29,22 @@ class Auth extends Controller function action_default($mod) { - $mod->deflt(); - include "view/auth/default.view.php"; + if ($mod->deflt()) + include "view/auth/default.view.php"; + else + $this->action_initial_signup($mod); + } + + function action_initial_signup($mod) + { + $mod->initialSignup(); + $this->action_signup($mod); + } + + function action_signup($mod) + { + $mod->signup(); + include "view/auth/signup.view.php"; } } diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9cd6b7c..5b655d6 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -20,6 +20,21 @@ class AuthModel extends CommonModel return true; } + + /* + * Initial signup action + */ + function initialSignup() + { + $this->noaccounts = true; + } + + /* + * Signup action + */ + function signup() + { + } } ?> -- cgit v1.2.3 From bad5036569b3c572f60dae034c42a8129adc29e5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 18:22:13 -0500 Subject: Handle object timestamps automatically in Object::saveObj() The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own. A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time --- app/class/object.class.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'app') diff --git a/app/class/object.class.php b/app/class/object.class.php index bcd8dfa..93b52f0 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -77,6 +77,8 @@ abstract class Object extends Framework { if (isset($this->guid)) { + $this->timeUpdated = $this->getCurrentTimestamp(); + /* Update Base */ $updateStr = ""; @@ -117,6 +119,8 @@ abstract class Object extends Framework else { $this->guid = $this->getNewGUID(); + $this->timeCreated = $this->getCurrentTimestamp(); + $this->timeUpdated = $this->timeCreated; /* Insert Base */ $colsStr = ""; @@ -179,6 +183,16 @@ abstract class Object extends Framework $this->db->query($query); } + /* + * Get current timestamp for object database purposes + */ + function getCurrentTimestamp() + { + $query = "SELECT now() AS stamp"; + $result = $this->db->query($query); + return $result[0]['stamp']; + } + /* * Check whether given GUID exists */ -- cgit v1.2.3 From b6bb1893ad7b4a901a28b0fa2e725141a7b39509 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 20:48:14 -0500 Subject: Update app source of entropy for creating random blobs Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy. Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc. --- app/class/object.class.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'app') diff --git a/app/class/object.class.php b/app/class/object.class.php index 93b52f0..96cc810 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -214,13 +214,20 @@ abstract class Object extends Framework { do { - $sha = hash("sha256", rand()); - $guid = substr($sha, 0, 8); + $guid = substr($this->getBlob(), 0, 8); } while ($this->isGUID($guid)); return $guid; } + + /* + * Get a random sha256 blob + */ + function getBlob() + { + return hash("sha256", openssl_random_pseudo_bytes(64)); + } } /* -- cgit v1.2.3 From 2b6afdd9ef767e1e84c4751c72da6be13d9b4402 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 21:20:41 -0500 Subject: Add functionality to create new User objects User class now has a new function which will take a $username and a $password and use it to initialize itself as well as write new object data to the database. This commit introduces a helper function getKey() (from class User) for creating user object keys by hashing the contatenation of its password and salt. This commit introduces a helper function usernameInUse() (from class User) for ensuring the uniqueness of names amongst user-type objects --- app/class/user.class.php | 54 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'app') diff --git a/app/class/user.class.php b/app/class/user.class.php index 9a87b01..6bce26c 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -42,6 +42,60 @@ class User extends Object return $users; } + + /* + * Check whether a given username is currently in use + */ + function usernameInUse($username) + { + $escd_username = $this->db->esc($username); + + $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; + $results = $this->db->query($query); + + if (count($results) > 0) + return true; + + return false; + } + + /* + * Generate a key from a user's password and salt + */ + function getKey($password, $salt) + { + return hash("sha256", $salt . $password); + } + + /* + * Create a new User object with the given username and keyed with the given plain-text password + * This function returns false if $username is already being used + * On success, this object should be initialized as the new user (use only on new User() objects) + */ + function createNewUser($username, $password) + { + if ($this->usernameInUse($username)) + return false; + + /* if there exist no users already, make this new one an admin */ + if (count($this->getAllUsers_orderByName()) == 0) + $this->admin = 1; + + $this->perms = 0; + $this->name = $username; + $this->type = "user"; + $this->salt = $this->getBlob(); + $this->key = $this->getKey($password, $this->salt); + $this->emailConf = 0; + $this->emailConfKey = $this->getBlob(); + + $this->saveObj(); + + $this->owner = $this->guid; + $this->saveObj(); + + return true; + } } ?> -- cgit v1.2.3 From ed1b89d4aa07393d7a9f75c689c4877acfa38826 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 30 Jan 2016 21:49:42 -0500 Subject: Implement signup_submit action on Auth MVC Submissions to the Auth signup page are now fully handled by either creating a new account (User object in the system) or posting an error message to the page (Auth model) --- app/controller/auth.control.php | 10 ++++++++++ app/model/auth.mod.php | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 7fafd11..693d190 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -21,6 +21,10 @@ class Auth extends Controller $this->action_signup($mod); break; + case "signup_submit": + $this->action_signup_submit($mod); + break; + default: $this->action_default($mod); break; @@ -46,6 +50,12 @@ class Auth extends Controller $mod->signup(); include "view/auth/signup.view.php"; } + + function action_signup_submit($mod) + { + $mod->signupSubmit($_REQUEST['input']); + $this->action_signup($mod); + } } ?> diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 5b655d6..aa0adf3 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -2,6 +2,7 @@ require_once "model/common.mod.php"; require_once "class/user.class.php"; +require_once "class/form.class.php"; class AuthModel extends CommonModel { @@ -35,6 +36,39 @@ class AuthModel extends CommonModel function signup() { } + + /* + * Attempt to register a new account + */ + function signupSubmit($input) + { + $form = new Form(); + $form->field_text("username"); + $form->field_text("password", null, false); + $form->field_text("cPassword", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + if ($form->password != $form->cPassword) + { + $this->logError("Passwords do not match"); + return; + } + + $user = new User(); + + if (!$user->createNewUser($form->username, $form->password)) + { + $this->logError("Your requested username is already in use"); + return; + } + + $this->redirectTo($this->ap() . "/"); + } } ?> -- cgit v1.2.3 From 1a2cf00b5e1a9c00be823eb655a76f8625bf32b5 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 12:47:04 -0500 Subject: Merge Auth MVC, initial_signup action into signup There was a mistake that caused the page notice about no accounts existing to sometimes not showup in error. This merge resolves that issue as well as tidys up the code a bit. --- app/controller/auth.control.php | 8 +------- app/model/auth.mod.php | 12 ++++-------- 2 files changed, 5 insertions(+), 15 deletions(-) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 693d190..9bb8349 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -36,13 +36,7 @@ class Auth extends Controller if ($mod->deflt()) include "view/auth/default.view.php"; else - $this->action_initial_signup($mod); - } - - function action_initial_signup($mod) - { - $mod->initialSignup(); - $this->action_signup($mod); + $this->action_signup($mod); } function action_signup($mod) diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index aa0adf3..cdf416b 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -22,19 +22,15 @@ class AuthModel extends CommonModel return true; } - /* - * Initial signup action - */ - function initialSignup() - { - $this->noaccounts = true; - } - /* * Signup action */ function signup() { + $userTbl = new User(); + + if (count($userTbl->getAllUsers_orderByName()) == 0) + $this->noaccounts = true; } /* -- cgit v1.2.3 From e15599108f64bd816eb32f8028a81e3db76c19ff Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 16:52:52 -0500 Subject: Implement PHP session semantics in Framework class Added PHP session handling to core framework. Functions now exist to set the current user, get the current user, and get the IP address used to login (to compare with furure requests on the same session to combat session hijacking). --- app/class/framework.class.php | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'app') diff --git a/app/class/framework.class.php b/app/class/framework.class.php index d1293de..74c4b14 100644 --- a/app/class/framework.class.php +++ b/app/class/framework.class.php @@ -4,7 +4,11 @@ is_file("scrott.conf.php") && require_once "scrott.conf.php"; +/* Init PHP session */ +session_start(); + require_once "class/mysql.class.php"; +require_once "class/user.class.php"; /* * Global functions / operations and access to contextual or session-based information @@ -47,6 +51,43 @@ abstract class Framework exit; } + /* + * Get a user object for the currently logged in user. Returns false if session is logged out. + */ + function getCurrentUser() + { + if (isset($_SESSION['userguid'])) + return new User($_SESSION['userguid']); + + return false; + } + + /* + * Get the IP address the client held when the current session began + */ + function getOriginIP() + { + return $_SESSION['userip']; + } + + /* + * Set the current logged in user + */ + function setCurrentUser($user = null) + { + if ($user != null && isset($user->guid)) + { + $_SESSION['userguid'] = $user->guid; + $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; + } + + else + { + unset($_SESSION['userguid']); + unset($_SESSION['userip']); + } + } + /* * Get or create the app's database connection object (this is a singleton object and dependent on system-level config) */ -- cgit v1.2.3 From 8640c13c934ff3e6d907b1e335edb83da088a2ca Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 31 Jan 2016 20:33:38 -0500 Subject: Log in on signup success Now, on a successful submission of the signup view form (Auth MVC), the app automatically logs in the newly-created user and redirects to Framework::ap() . "/". Placeholder code has been added to the root controller to simply var_dump() the current logged in user if one exists, otherwise the login view (Auth MVC) is shown --- app/controller/root.control.php | 10 +++++++++- app/model/auth.mod.php | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'app') diff --git a/app/controller/root.control.php b/app/controller/root.control.php index b44ad76..06abf27 100644 --- a/app/controller/root.control.php +++ b/app/controller/root.control.php @@ -29,11 +29,19 @@ class Root extends Controller /* TODO */ /* TODO -- only auth if logged out */ - else + else if (!$this->getCurrentUser()) { $ctrl = new Auth(); $ctrl->handle($argv); } + + else + { + echo "logged in as:!"; + echo "
";
+            var_dump($this->getCurrentUser());
+            echo "
"; + } } /* diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index cdf416b..9fa67e4 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -63,6 +63,7 @@ class AuthModel extends CommonModel return; } + $this->setCurrentUser($user); $this->redirectTo($this->ap() . "/"); } } -- cgit v1.2.3 From c776b36fd884808435dd1208f0dd9a57216b3927 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 1 Feb 2016 19:18:55 -0500 Subject: Implement authentication helper functions in User class Added function to initialize a User object by username wrather than GUID. Added function to validate a user-supplied plain-text password for a given user --- app/class/user.class.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'app') diff --git a/app/class/user.class.php b/app/class/user.class.php index 6bce26c..bd2e174 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -27,6 +27,21 @@ class User extends Object $this->loadObj($guid); } + /* + * Initialize object by username + */ + function initByUsername($username) + { + $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; + $result = $this->db->query($query); + + if (count($result) == 0) + return false; + + $this->loadObj($result[0]['guid']); + return true; + } + /* * Get all users -- ordered by name, ascending */ @@ -96,6 +111,15 @@ class User extends Object return true; } + + /* + * Validate the password for this user. Returns true if correct, false otherwise + */ + function validatePassword($password) + { + $key = $this->getKey($password, $this->salt); + return $key == $this->key; + } } ?> -- cgit v1.2.3 From faa6ca0b2e9430d2f9d689aab583a7f881ed03bf Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Mon, 1 Feb 2016 19:33:57 -0500 Subject: Implement 'login' action on Auth MVC Finished initial functionality for Auth MVC by implementing the login feature --- app/controller/auth.control.php | 10 ++++++++++ app/model/auth.mod.php | 27 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 9bb8349..0e970dd 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -25,6 +25,10 @@ class Auth extends Controller $this->action_signup_submit($mod); break; + case "login": + $this->action_login($mod); + break; + default: $this->action_default($mod); break; @@ -50,6 +54,12 @@ class Auth extends Controller $mod->signupSubmit($_REQUEST['input']); $this->action_signup($mod); } + + function action_login($mod) + { + $mod->login($_REQUEST['input']); + $this->action_default($mod); + } } ?> diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 9fa67e4..2b61b91 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -66,6 +66,33 @@ class AuthModel extends CommonModel $this->setCurrentUser($user); $this->redirectTo($this->ap() . "/"); } + + /* + * Attempt to login + */ + function login($input) + { + $form = new Form(); + $form->field_text("username"); + $form->field_text("password", null, false); + + if (!$form->populate($input)) + { + $this->logFormErrors($form); + return; + } + + $user = new User(); + + if (!($user->initByUsername($form->username) && $user->validatePassword($form->password))) + { + $this->logError("Username or password is incorrect"); + return; + } + + $this->setCurrentUser($user); + $this->redirectTo($this->ap() . "/"); + } } ?> -- cgit v1.2.3 From 7d484a70f73bd679e0dcf18d23d8124d8edf8f63 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 2 Feb 2016 19:52:07 -0500 Subject: Add helper function to Setting class Added a static helper function to replacing (or inserting) an option value in the database, longhand. --- app/class/setting.class.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'app') diff --git a/app/class/setting.class.php b/app/class/setting.class.php index ea5fac3..b48f241 100644 --- a/app/class/setting.class.php +++ b/app/class/setting.class.php @@ -23,6 +23,23 @@ class Setting extends Framework return $res[0]['value']; } + + /* + * Helper function for setting setting values on the database + */ + static function setValue($key, $value) + { + $db = parent::getDbConnection(); + $escdKey = $db->esc($key); + $escdValue = $db->esc($value); + + if (self::getValue($key) === false) + $query = "INSERT INTO setting (`key`, value) VALUES('" . $escdKey . "', '" . $escdValue . "')"; + else + $query = "UPDATE setting SET value = '" . $escdValue . "' WHERE `key` = '" . $escdKey . "'"; + + $db->query($query); + } } ?> -- cgit v1.2.3 From 4496b56e3392ba8183c0e1764557d51a8633e7ca Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Tue, 2 Feb 2016 20:31:29 -0500 Subject: Add admin setting 'allowPublicSignup' This setting will be used to decide if the app should allow unauthenticated users to create their own user accounts or if an admin must create them. --- app/class/setting.class.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'app') diff --git a/app/class/setting.class.php b/app/class/setting.class.php index b48f241..e3ef7f1 100644 --- a/app/class/setting.class.php +++ b/app/class/setting.class.php @@ -40,6 +40,19 @@ class Setting extends Framework $db->query($query); } + + /* + * Should the app allow the public to signup their own accounts with Scrott? + */ + static function allowPublicSignup($value = null) + { + $opt = "allowPublicSignup"; + + if ($value != null) + self::setValue($opt, $value); + + return self::getValue($opt); + } } ?> -- cgit v1.2.3 From 39394819d45ebcf68cab96c13a6affb994f734f3 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 6 Feb 2016 01:10:12 -0500 Subject: Merge the two auth views together For design reasons and to simplify flow of control throughout the app login/signup sequence, these two views are being merged together. This will autimately make the auth MVC less stateful, which I think is good. NOTE: This breaks the Auth MVC, the model and controller will need updated to support this new, single default view --- app/view/auth/default.view.php | 114 ++++++++++++++++++++++++++++++++--------- app/view/auth/signup.view.php | 60 ---------------------- 2 files changed, 90 insertions(+), 84 deletions(-) delete mode 100644 app/view/auth/signup.view.php (limited to 'app') diff --git a/app/view/auth/default.view.php b/app/view/auth/default.view.php index 9bb1c47..16085e7 100644 --- a/app/view/auth/default.view.php +++ b/app/view/auth/default.view.php @@ -3,42 +3,108 @@ - Scrott - Login + Scrott - Not logged in
-
-
- -
-
-
-
- -

Login

- -
- - -
+ noaccounts)) { ?> +
+

Almost there....

+

Scrott's configuration is working, but no user accounts exist.
Use the form below to signup as an admin.

+
It is presumed that you are the administrator for this Scrott install.
There is a security risk involved with exposing this page to the public!
+
+ -
- - -
+
+
+
+
+ +
+
+
+ + +

Login

+ +
+ + +
- - +
+ + +
+ +
+ tabSwap) { ?> + + Signup + + + + +
+ +
+
+ +
-
+
+
+
+ +
+
+
+
+ +

Signup for Scrott

+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ tabSwap) { ?> + + Cancel + + + + +
+
+
+
+
+ +
+
+
diff --git a/app/view/auth/signup.view.php b/app/view/auth/signup.view.php deleted file mode 100644 index 273c174..0000000 --- a/app/view/auth/signup.view.php +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - Scrott - Create Account - - - - - -
- noaccounts)) { ?> -
-

Almost there....

-

Scrott's configuration is working, but no user accounts exist.
Use the form below to signup as an admin.

-
It is presumed that you are the administrator for this Scrott install.
There is a security risk involved with exposing this page to the public!
-
- - -
-
- -
-
-
-
- -

Signup for Scrott

- -
- - -
- -
- - -
- -
- - -
- - -
-
-
-
- -
-
-
- - - - -- cgit v1.2.3 From b3a31ffef3a6203ec61e745821945b371fff7c22 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 6 Feb 2016 18:18:11 -0500 Subject: Update Auth model to reflect changes in previous commit --- app/model/auth.mod.php | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'app') diff --git a/app/model/auth.mod.php b/app/model/auth.mod.php index 2b61b91..23b8288 100644 --- a/app/model/auth.mod.php +++ b/app/model/auth.mod.php @@ -3,6 +3,7 @@ require_once "model/common.mod.php"; require_once "class/user.class.php"; require_once "class/form.class.php"; +require_once "class/setting.class.php"; class AuthModel extends CommonModel { @@ -11,33 +12,35 @@ class AuthModel extends CommonModel */ function deflt() { - /* Make sure user accounts exist since this is preping the page to login. If there are no accounts in the DB, - * return false to signal controller to display the admin account creation */ - $userTbl = new User(); if (count($userTbl->getAllUsers_orderByName()) == 0) - return false; + { + $this->noaccounts = true; + $this->activeTab['signup'] = "in active"; + $this->tabSwap = false; + } - return true; + else + { + $this->activeTab['login'] = "in active"; + $this->tabSwap = Setting::allowPublicSignup(); + } } /* - * Signup action + * Attempt to register a new account */ - function signup() + function signup($input) { $userTbl = new User(); - if (count($userTbl->getAllUsers_orderByName()) == 0) - $this->noaccounts = true; - } + if (!Setting::allowPublicSignup() && count($userTbl->getAllUsers_orderByName()) > 0) + { + $this->logError("You may not signup at this time"); + return; + } - /* - * Attempt to register a new account - */ - function signupSubmit($input) - { $form = new Form(); $form->field_text("username"); $form->field_text("password", null, false); -- cgit v1.2.3 From 0b6f4ab1814c097ac30e293e91ecbf446fecaf48 Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 6 Feb 2016 19:01:43 -0500 Subject: Update Auth controller to work with recent MVC redesign (HEAD^^) --- app/controller/auth.control.php | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 0e970dd..6269c9c 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -21,10 +21,6 @@ class Auth extends Controller $this->action_signup($mod); break; - case "signup_submit": - $this->action_signup_submit($mod); - break; - case "login": $this->action_login($mod); break; @@ -37,22 +33,14 @@ class Auth extends Controller function action_default($mod) { - if ($mod->deflt()) - include "view/auth/default.view.php"; - else - $this->action_signup($mod); + $mod->deflt(); + include "view/auth/default.view.php"; } function action_signup($mod) { - $mod->signup(); - include "view/auth/signup.view.php"; - } - - function action_signup_submit($mod) - { - $mod->signupSubmit($_REQUEST['input']); - $this->action_signup($mod); + $mod->signup($_REQUEST['input']); + $this->action_default($mod); } function action_login($mod) -- cgit v1.2.3 From c5564a0a2ae183c533a38905eccdbf383030cd4c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sun, 7 Feb 2016 13:45:46 -0500 Subject: Modify Auth controller description This MVC will not be used to handle deauth (logout) anymore. To improve app flow, a separate one will be created for this purpose --- app/controller/auth.control.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app') diff --git a/app/controller/auth.control.php b/app/controller/auth.control.php index 6269c9c..f441310 100644 --- a/app/controller/auth.control.php +++ b/app/controller/auth.control.php @@ -4,7 +4,7 @@ require_once "class/controller.class.php"; require_once "model/auth.mod.php"; /* - * Auth is used to login, logout, or register new user accounts + * Auth is used to login or register new user accounts */ class Auth extends Controller { -- cgit v1.2.3