v1.2 initial commit
This commit is contained in:
84
pub/login/php/auth.php
Normal file
84
pub/login/php/auth.php
Normal file
@@ -0,0 +1,84 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
|
||||
if (checkLoginAttempts() > 3) {
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$username = trim($_POST['username'] ?? '');
|
||||
$password = $_POST['password'] ?? '';
|
||||
|
||||
if (empty($username) || empty($password)) {
|
||||
die("Username and password are required.");
|
||||
}
|
||||
|
||||
if ($username !== 'superuser' && !filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
die("Invalid email address.");
|
||||
}
|
||||
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM vc_users WHERE user_email = ? LIMIT 1");
|
||||
$stmt->bind_param('s', $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$user = $result->fetch_assoc();
|
||||
|
||||
if (!$user) {
|
||||
setcookie('login_error', 'Invalid username or password', time() + 3600, '/');
|
||||
addLoginAttempts();
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!password_verify($password, $user['user_password'])) {
|
||||
setcookie('login_error', 'Invalid username or password', time() + 3600, '/');
|
||||
addLoginAttempts();
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
}
|
||||
|
||||
switch ($user['user_status']) {
|
||||
case 'banned':
|
||||
setcookie('login_error', 'Account is banned.', time() + 3600, '/');
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
case 'inactive':
|
||||
setcookie('login_error', 'Account is inactive.', time() + 3600, '/');
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
case 'pending':
|
||||
setcookie('login_error', 'Account is pending approval.', time() + 3600, '/');
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
case 'active':
|
||||
// continue
|
||||
break;
|
||||
default:
|
||||
setcookie('login_error', 'something went wrong, contact support', time() + 3600, '/');
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
}
|
||||
|
||||
setTimeZoneCookie();
|
||||
|
||||
# check if mfa2 is enabled
|
||||
if ($user['user_two_factor_enabled'] == 1) {
|
||||
# go to the mfa login
|
||||
session_regenerate_id(true); # create session to store some data
|
||||
$_SESSION['mfa'] = ['user_uuid' => $user['user_uuid'], 'user_secret' => $user['user_two_factor_secret']];
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
} else {
|
||||
# No mfa2 is setup
|
||||
|
||||
loginUser($user['user_uuid']);
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
118
pub/login/php/authFunctions.php
Normal file
118
pub/login/php/authFunctions.php
Normal file
@@ -0,0 +1,118 @@
|
||||
<?php
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
|
||||
function checkLoginAttempts()
|
||||
{
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT address
|
||||
FROM ip_login_attempts
|
||||
WHERE address LIKE ?
|
||||
AND timestamp > (UNIX_TIMESTAMP() - 600)
|
||||
");
|
||||
$stmt->bind_param('s', $_SERVER['REMOTE_ADDR']);
|
||||
$stmt->execute();
|
||||
$stmt->store_result();
|
||||
return $stmt->num_rows;
|
||||
}
|
||||
|
||||
function addLoginAttempts()
|
||||
{
|
||||
$ip = $_SERVER["REMOTE_ADDR"];
|
||||
$stmt = $GLOBALS['conn']->prepare("INSERT INTO ip_login_attempts (address, timestamp) VALUES (?, UNIX_TIMESTAMP())");
|
||||
$stmt->bind_param('s', $ip);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
function setTimeZoneCookie()
|
||||
{
|
||||
?>
|
||||
<script>
|
||||
document.cookie = "user_timezone=" + Intl.DateTimeFormat().resolvedOptions().timeZone + "; path=/";
|
||||
</script>
|
||||
<?php
|
||||
}
|
||||
|
||||
function getUserTimezone()
|
||||
{
|
||||
$default_timezone = 'America/New_York';
|
||||
if (isset($_COOKIE['user_timezone']) && in_array($_COOKIE['user_timezone'], DateTimeZone::listIdentifiers())) {
|
||||
$timezone = $_COOKIE['user_timezone'];
|
||||
} else {
|
||||
$timezone = $default_timezone;
|
||||
}
|
||||
|
||||
return $timezone;
|
||||
}
|
||||
|
||||
function setSessionParams()
|
||||
{
|
||||
if (isset($_SESSION['user']['user_uuid'])) {
|
||||
$user_uuid = $_SESSION['user']['user_uuid'];
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM vc_users INNER JOIN vc_user_groups ON vc_users.user_group_uuid = vc_user_groups.user_group_uuid WHERE user_uuid = ? LIMIT 1");
|
||||
$stmt->bind_param('s', $user_uuid);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$user = $result->fetch_assoc();
|
||||
|
||||
$_SESSION['user'] = ['user_uuid' => $user['user_uuid'],
|
||||
'user_email' => $user['user_email'],
|
||||
'user_first_name' => $user['user_first_name'],
|
||||
'user_full_name' => $user['user_full_name'],
|
||||
'user_group_uuid' => $user['user_group_uuid'],
|
||||
'user_group_weight' => $user['user_group_weight'],
|
||||
'user_group_type' => $user['user_group_type'],
|
||||
'user_pref_language' => $user['user_pref_language'],
|
||||
'user_two_factor_enabled' => $user['user_two_factor_enabled'],
|
||||
'user_profile_picture' => $user['user_profile_picture'],
|
||||
'user_profile_picture_thumbnail' => $user['user_profile_picture_thumbnail'],
|
||||
'user_timezone' => getUserTimezone(),
|
||||
];
|
||||
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT vc_user_group_permissions_portal.permission_value, vc_permissions.permission_name
|
||||
FROM vc_user_group_permissions_portal
|
||||
INNER JOIN vc_permissions ON vc_user_group_permissions_portal.permission_uuid = vc_permissions.permission_uuid
|
||||
WHERE user_group_uuid = ?");
|
||||
$stmt->bind_param('s', $user['user_group_uuid']);
|
||||
$_SESSION['permission'] = array();
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$_SESSION['permission'][$row['permission_name']] = $row['permission_value'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function loginUser($user_uuid)
|
||||
{
|
||||
$update = $GLOBALS['conn']->prepare("UPDATE vc_users SET user_last_login_timestamp = ? WHERE user_uuid = ?");
|
||||
$update->bind_param('is', time(), $user_uuid);
|
||||
$update->execute();
|
||||
|
||||
session_regenerate_id(true);
|
||||
|
||||
$_SESSION['user'] = ['user_uuid' => $user_uuid];
|
||||
|
||||
setSessionParams();
|
||||
}
|
||||
|
||||
# link the verification code input and check if its an valid code.
|
||||
function linkVerificationPosts()
|
||||
{
|
||||
$codeParts = [];
|
||||
$allSet = true;
|
||||
for ($i = 1; $i <= 6; $i++) {
|
||||
$key = 'verification-' . $i;
|
||||
if (isset($_POST[$key]) && $_POST[$key] !== '') {
|
||||
$codeParts[] = $_POST[$key];
|
||||
} else {
|
||||
$allSet = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($allSet) {
|
||||
return implode('', $codeParts);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
87
pub/login/php/forgotPasswordRequest.php
Normal file
87
pub/login/php/forgotPasswordRequest.php
Normal file
@@ -0,0 +1,87 @@
|
||||
<?php
|
||||
|
||||
use bin\php\Classes\mailBuilder;
|
||||
|
||||
if (!isset($_POST['user_email'])) {
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
|
||||
|
||||
|
||||
$loginAttempts = checkLoginAttempts();
|
||||
|
||||
if ($loginAttempts > 5) {
|
||||
header('location: /login/forgotPassword.php?result=blocked');
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_email = $_POST['user_email'];
|
||||
|
||||
$sql = "SELECT * FROM vc_users WHERE user_email = ?";
|
||||
$stmt = $GLOBALS['conn']->prepare($sql);
|
||||
$stmt->bind_param("s", $user_email);
|
||||
if (!$stmt->execute()) {
|
||||
header('location: /login/forgotPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
|
||||
$result = $stmt->get_result();
|
||||
$user_data = $result->fetch_assoc();
|
||||
|
||||
if ($result->num_rows == 0) {
|
||||
header('location: /login/forgotPassword.php?result=success');
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($user_data['user_status'] != 'active') {
|
||||
header('location: /login/forgotPassword.php?result=success');
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_uuid = $user_data["user_uuid"];
|
||||
$user_password_reset_token = bin2hex(random_bytes(32));
|
||||
$user_password_reset_expires = time() + 86400;
|
||||
|
||||
$sql = "UPDATE vc_users SET user_password_reset_token = ?, user_password_reset_expires = ? WHERE user_uuid = ?";
|
||||
$stmt = $GLOBALS['conn']->prepare($sql);
|
||||
$stmt->bind_param("sss",
|
||||
$user_password_reset_token,
|
||||
$user_password_reset_expires,
|
||||
$user_uuid
|
||||
);
|
||||
|
||||
|
||||
# Sending an email to the user
|
||||
$host = $_SERVER['HTTP_HOST'];
|
||||
$verifyLink = "https://{$host}/login/resetPassword.php?token={$user_password_reset_token}";
|
||||
|
||||
$mail = new mailBuilder();
|
||||
$mail->subject = "Hello " . $user_data['user_full_name'] . ", Here’s Your Password Reset Link";
|
||||
$mail->addAddress($user_data['user_email'], $user_data['user_first_name']);
|
||||
$mail->mailText = '
|
||||
Hello ' . $user_data['user_first_name'] . ',<br><br>
|
||||
|
||||
We received a request to reset the password for your account. You can reset your password by clicking the link below.<br>
|
||||
This link is valid for 24 hours from the time of this request:<br>
|
||||
<a href="' . $verifyLink . '" class="btn btn-primary">Reset Password</a><br><br>
|
||||
|
||||
Or copy and paste the following link into your browser: <br>' . $verifyLink . '<br><br>
|
||||
|
||||
If you did not request a password reset, you can safely ignore this message. No changes will be made to your account.<br><br>
|
||||
|
||||
Best regards,<br><br>
|
||||
The Sentri gnome behind the code
|
||||
';
|
||||
|
||||
if ($stmt->execute()) {
|
||||
$mail->sendMail();
|
||||
addLoginAttempts(); # add login attempt to prevent spamming from the forgot password link
|
||||
header('location: /login/forgotPassword.php?result=success');
|
||||
} else {
|
||||
header('location: /login/forgotPassword.php?result=failed');
|
||||
}
|
||||
|
||||
exit;
|
||||
45
pub/login/php/mfaAuth.php
Normal file
45
pub/login/php/mfaAuth.php
Normal file
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
# includes
|
||||
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
|
||||
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
|
||||
use RobThree\Auth\TwoFactorAuth;
|
||||
|
||||
if (!isset($_POST['verification-1']) && !isset($_SESSION['mfa']['user_secret']) && !isset($_SESSION['mfa']['user_uuid'])) {
|
||||
unset($_SESSION['mfa']);
|
||||
addLoginAttempts();
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
if (checkLoginAttempts() > 3) {
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
}
|
||||
|
||||
$tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider());
|
||||
|
||||
$secret = $_SESSION['mfa']['user_secret'];
|
||||
$postedCode = linkVerificationPosts();
|
||||
|
||||
if ($postedCode) {
|
||||
$result = $tfa->verifyCode($secret, $postedCode);
|
||||
|
||||
if ($result) {
|
||||
loginUser($_SESSION['mfa']['user_uuid']);
|
||||
unset($_SESSION['mfa']);
|
||||
|
||||
} else {
|
||||
addLoginAttempts();
|
||||
setcookie('login_error', 'Invalid verification code', time() + 3600, '/');
|
||||
|
||||
}
|
||||
} else {
|
||||
unset($_SESSION['mfa']);
|
||||
|
||||
}
|
||||
header('Location: /');
|
||||
exit;
|
||||
69
pub/login/php/setPassword.php
Normal file
69
pub/login/php/setPassword.php
Normal file
@@ -0,0 +1,69 @@
|
||||
<?php
|
||||
if ($_POST['password-1'] != $_POST['password-2']) {
|
||||
header('location: /login/resetPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
$user_password = password_hash($_POST['password-1'], PASSWORD_BCRYPT, ["cost" => 12]);
|
||||
|
||||
if (isset($_POST['user_uuid'])) {
|
||||
session_start();
|
||||
|
||||
if (!isset($_SESSION['user']['user_uuid'])) {
|
||||
header('location: /login/resetPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
|
||||
$user_uuid = $_SESSION['user']['user_uuid'];
|
||||
$sql = "UPDATE vc_users SET user_password = ?,
|
||||
user_password_reset_token = NULL,
|
||||
user_password_reset_expires = NULL
|
||||
WHERE user_uuid = ?";
|
||||
$userSql = "SELECT COUNT(*) FROM vc_users WHERE user_uuid = ?";
|
||||
$whereValue = $user_uuid;
|
||||
|
||||
} elseif (isset($_POST['user_password_reset_token'])) {
|
||||
$user_password_reset_token = $_POST['user_password_reset_token'];
|
||||
$sql = "UPDATE vc_users SET user_password = ?,
|
||||
user_password_reset_token = NULL,
|
||||
user_password_reset_expires = NULL,
|
||||
user_verified_email = 1,
|
||||
user_status = 'active'
|
||||
WHERE user_password_reset_token = ? AND user_status IN ('active', 'pending')";
|
||||
$userSql = "SELECT COUNT(*) FROM vc_users WHERE user_password_reset_token = ?";
|
||||
$whereValue = $user_password_reset_token;
|
||||
}
|
||||
|
||||
function checkUserExists($whereValue, $conn, $sql)
|
||||
{
|
||||
$stmt = $conn->prepare($sql);
|
||||
$stmt->bind_param("s", $whereValue);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($count);
|
||||
$stmt->fetch();
|
||||
$stmt->close();
|
||||
|
||||
return $count > 0;
|
||||
}
|
||||
|
||||
|
||||
if (!checkUserExists($whereValue, $GLOBALS['conn'], $userSql)) {
|
||||
header('location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
$stmt = $GLOBALS['conn']->prepare($sql);
|
||||
$stmt->bind_param("ss",
|
||||
$user_password,
|
||||
$whereValue
|
||||
);
|
||||
|
||||
|
||||
if ($stmt->execute()) {
|
||||
header('location: /login/resetPassword.php?result=success');
|
||||
exit;
|
||||
} else {
|
||||
header('location: /login/resetPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
Reference in New Issue
Block a user