sharpetronics/crunchbutton
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

partial #2648

Browse Source
This commit is contained in:
arzynik 2014-04-24 16:03:13 -07:00
parent b0af697f52
commit bb54d6d03f
7 changed files with 288 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/controllers/default/cockpit2/api/login/index.php Normal file
View File

@ -0,0 +1,14 @@
<?php
class Controller_api_login extends Crunchbutton_Controller_Rest {
public function init() {
$user = c::auth()->doAuthByLocalUser(['email' => $this->request()['user'], 'password' => $this->request()['password']]);
if ($user) {
die('asd');
echo c::admin()->json();
} else {
echo json_encode(['error' => 'invalid login']);
}
}
}

83
include/library/Cockpit/Auth.php Normal file
View File

@ -0,0 +1,83 @@
<?php
class Cockpit_Auth extends Crunchbutton_Auth_Base {
public function init() {
//check for admin
if ($_SERVER['HTTP_AUTHORIZATION']) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
if ($_SERVER['PHP_AUTH_USER']) {
$admin = Admin::login($_SERVER['PHP_AUTH_USER']);
if ($admin->id_admin && sha1(c::crypt()->encrypt($_SERVER['PHP_AUTH_PW'])) == $admin->pass) {
// we have a valid login
c::admin($admin);
$_SESSION['admin'] = true;
}
$this->user($admin);
}
}
public function postInit() {
if ($this->user()->id_admin) {
c::admin($this->user());
}
}
public function setUser($user) {
$this->_user = $user;
$this->session()->id_user = $user->id_user;
$this->session()->date_active = date('Y-m-d H:i:s');
$this->session()->generateAndSaveToken();
setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/');
}
public function doAuth($type, $id) {
$auth = Crunchbutton_User_Auth::byTypeId($type,$id);
if ($auth->active && $auth->user()->active) {
$this->_user = $auth->user();
$this->session()->id_user = $this->user()->id_user;
$this->session()->id_user_auth = $auth->id_user_auth;
$this->session()->save();
return true;
}
return false;
}
public function doAuthByLocalUser($params) {
$auth = Admin_Auth::localLogin($params['email'], $params['password']);
if ($auth->active) {
c::admin($auth);
$this->user($auth);
$this->session()->id_admin = $this->user()->id_admin;
$this->session()->date_active = date('Y-m-d H:i:s');
$this->session()->generateAndSaveToken();
setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/');
return true;
}
return false;
}
public function user($user = null) {
if (isset($user)) {
$this->_user = $user;
} elseif (!isset($this->_user)) {
$this->_user = $this->userObject();
}
return $this->_user;
}
public function userObject($params = null) {
if ($params) {
return new Crunchbutton_Admin($params);
} else {
return new Crunchbutton_Admin;
}
}
}

27
include/library/Crunchbutton/Admin/Auth.php Normal file
View File

@ -0,0 +1,27 @@
<?php
class Crunchbutton_Admin_Auth extends Cana_Model {
public static function passwordEncrypt($password) {
return sha1(c::crypt()->encrypt($password));
}
public static function localLogin($email, $password) {
$password = self::passwordEncrypt($password);
$query = sprintf('
SELECT *
FROM admin
WHERE
login="%s"
AND pass="%s"
AND active=1
LIMIT 1',
@mysql_real_escape_string($email),
@mysql_real_escape_string($password)
);
return Admin::q($query)->get(0);
}
}

8
include/library/Crunchbutton/App.php
View File

@ -181,11 +181,17 @@ class Crunchbutton_App extends Cana_App {
$config = $this->config();
$config->site = Crunchbutton_Site::byDomain();
if ($config->site->name == 'redirect' && $config->site->theme) {
header('Location: '.$config->site->theme.$_SERVER['REQUEST_URI']);
exit;
}
if ($config->site->name == 'Cockpit' || $config->site->name == 'Cockpit2') {
array_unshift($GLOBALS['config']['libraries'], 'Cockpit');
}
$config->host_callback = $host_callback;
@ -399,7 +405,7 @@ class Crunchbutton_App extends Cana_App {
}
public function buildAuth($db = null) {
$this->auth(new Crunchbutton_Auth($db));
$this->auth(new Auth($db));
return $this;
}
public function buildAcl($db = null) {

111
include/library/Crunchbutton/Auth.php
View File

@ -1,66 +1,16 @@
<?php
class Crunchbutton_Auth {
private $_user;
private $_session;
class Crunchbutton_Auth extends Crunchbutton_Auth_Base {
public function __construct() {
$this->_session = new Crunchbutton_Session;
session_start();
//check for admin
if ($_SERVER['HTTP_AUTHORIZATION']) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
if ($_SERVER['PHP_AUTH_USER']) {
$admin = Admin::login($_SERVER['PHP_AUTH_USER']);
if ($admin->id_admin && sha1(c::crypt()->encrypt($_SERVER['PHP_AUTH_PW'])) == $admin->pass) {
// we have a valid login
c::admin($admin);
$_SESSION['admin'] = true;
}
}
// here we need to check for a token
// if we dont have a valid token, we need to check for a facebook cookie
// then if none of thats good just return a blank user object
if ($_COOKIE['token'] && !$this->session()->id_user) {
$sess = Session::token($_COOKIE['token']);
if ($sess->id_user) {
$token = $_COOKIE['token'];
$data = $sess->data;
$id_user = $sess->id_user;
// Issue #973 - if the new id_session is different of the new one it means it is another session
// the old session must to be deleted
$id_session = $sess->id_session;
if( $this->session()->id_session != $sess->id_session ){
$this->session()->data = $data;
Session::deleteToken( $token );
}
$this->session()->id_session = $id_session;
$this->session()->id_user = $id_user;
$this->session()->token = $token;
} else { // if no id_user in session, delete cookie and session in DB as it's not used, see #624
Session::deleteToken($_COOKIE['token']);
setcookie('token','',0,'/');
}
}
// we have a successful user
if ($this->session()->id_user) {
// if ($this->session()->ip == $_SERVER['REMOTE_ADDR']) {
$this->_user = new Crunchbutton_User($this->session()->id_user);
$this->session()->date_active = date('Y-m-d H:i:s');
$this->session()->save();
}
public function init() {
}
public function postInit() {
// if we dont have a user lets check for a facebook user.
// not sure if theres any way to avoid this, but if a fb user is found, we have to make a fb request
// which take a little bit of time
if (!$this->_user) {
if (!$this->user()->id) {
// check for a facebook cookie
foreach ($_COOKIE as $key => $value) {
if (preg_match('/^fbsr_.*$/', $key)) {
@ -71,19 +21,6 @@ class Crunchbutton_Auth {
}
}
}
// we still dont have a user, so just set a blan object
if (!$this->_user) {
$this->_user = new Crunchbutton_User;
}
}
public function facebook($fb = null) {
if (isset($fb)) {
$this->_facebook = $fb;
}
return $this->_facebook;
}
public function fbauth() {
@ -142,32 +79,6 @@ class Crunchbutton_Auth {
return $this->_user;
}
public function get($var) {
return $_SESSION[$var];
}
public function set($var,$value) {
$_SESSION[$var] = $value;
}
public function id() {
return $this->_session;
}
public function ip() {
return $this->_ip;
}
public function destroy() {
$this->_session = session_id();
Caffeine::db()->query('UPDATE session SET active=0 WHERE session="'.$this->id().'"');
session_regenerate_id();
$this->_session = session_id();
$this->_user = new Crunchbutton_User;
}
public static function load($user, $profile) {
$user->permalink = $profile->username ? $profile->username : $profile->id;
$user->fbid = $profile->id;
@ -181,8 +92,12 @@ class Crunchbutton_Auth {
$user->saving_from = $user->saving_from.'Auth::load - ';
$user->save();
}
public function session() {
return $this->_session;
public function userObject($params = null) {
if ($params) {
return new Crunchbutton_User($params);
} else {
return new Crunchbutton_User;
}
}
}

141
include/library/Crunchbutton/Auth/Base.php Normal file
View File

@ -0,0 +1,141 @@
<?php
class Crunchbutton_Auth_Base extends Cana_Model {
private $_user;
private $_session;
public function __construct() {
$this->_session = new Crunchbutton_Session;
session_start();
$this->init();
// here we need to check for a token
// if we dont have a valid token, we need to check for a facebook cookie
// then if none of thats good just return a blank user object
if (!$this->user()->id && $_COOKIE['token'] && !$this->session()->id) {
$sess = Session::token($_COOKIE['token']);
$id = $sess->id_user ? $sess->id_user : $sess->id_admin;
if ($sess->id_user || $sess->id_admin) {
$token = $_COOKIE['token'];
$data = $sess->data;
$id_user = $sess->id_user;
$id_admin = $sess->id_admin;
// Issue #973 - if the new id_session is different of the new one it means it is another session
// the old session must to be deleted
$id_session = $sess->id_session;
if ($this->session()->id_session != $sess->id_session) {
$this->session()->data = $data;
Session::deleteToken($token);
}
$this->session()->id_session = $id_session;
$this->session()->id_user = $id_user;
$this->session()->id_admin = $id_admin;
$this->session()->token = $token;
} else {
// if no id_user in session, delete cookie and session in DB as it's not used, see #624
Session::deleteToken($_COOKIE['token']);
setcookie('token','',0,'/');
}
}
// we have a successful user
if ($this->session()->id_user || $this->session()->id_admin) {
$this->user($this->userObject($this->session()->id_admin ? $this->session()->id_admin : $this->session()->id_user));
$this->session()->date_active = date('Y-m-d H:i:s');
$this->session()->save();
}
$this->postInit();
// if we still dont have a user, so just set a empty object
if (!$this->user()->id) {
$this->user($this->userObject());
}
}
public function postInit() {
}
public function facebook($fb = null) {
if (isset($fb)) {
$this->_facebook = $fb;
}
return $this->_facebook;
}
public function fbauth() {
// we have a facebook user
if ($this->facebook()->fbuser()->id) {
$createNewUser = ( $this->user()->id_user ) ? false : true;
$user = User::facebookCreate($this->facebook()->fbuser()->id, $createNewUser);
if ($user) {
$this->setUser($user);
}
}
return $this;
}
public function setUser($user) {
$this->_user = $user;
$this->session()->id_user = $user->id_user;
$this->session()->date_active = date('Y-m-d H:i:s');
$this->session()->generateAndSaveToken();
setcookie('token', $this->session()->token, (new DateTime('3000-01-01'))->getTimestamp(), '/');
}
public function doAuth($type, $id) {
$auth = Crunchbutton_User_Auth::byTypeId($type,$id);
if ($auth->active && $auth->user()->active) {
$this->_user = $auth->user();
$this->session()->id_user = $this->user()->id_user;
$this->session()->id_user_auth = $auth->id_user_auth;
$this->session()->save();
return true;
}
return false;
}
public function user($user = null) {
if (isset($user)) {
$this->_user = $user;
}
return $this->_user;
}
public function get($var) {
return $_SESSION[$var];
}
public function set($var,$value) {
$_SESSION[$var] = $value;
}
public function id() {
return $this->_session;
}
public function ip() {
return $this->_ip;
}
public function destroy() {
$this->_session = session_id();
Caffeine::db()->query('UPDATE session SET active=0 WHERE session="'.$this->id().'"');
session_regenerate_id();
$this->_session = session_id();
$this->_user = new Crunchbutton_User;
}
public function session($session = null) {
if (!is_null($session)) {
$this->_session = $session;
}
return $this->_session;
}
}

5
include/library/Crunchbutton/Session/Adapter.php
View File

@ -43,6 +43,7 @@ class Crunchbutton_Session_Adapter extends Cana_Table {
$this->date_create = date('Y-m-d H:i:s');
$this->active = 1;
$this->id_user = $this->get('id_user');
$this->idadmin = $this->get('id_admin');
$this->ip = $_SERVER['REMOTE_ADDR'];
$this->id_session = $id;
}
@ -69,8 +70,8 @@ class Crunchbutton_Session_Adapter extends Cana_Table {
}
public function generateAndSaveToken() {
if ($this->id_user && !$this->token) {
$fields = '-=d4sh0fs4|t?&4ndM4YB350m35ymb0||0v3!!!!!!=-'.$this->id_session.$this->id_user.uniqid();
if (($this->id_user || $this->id_admin) && !$this->token) {
$fields = '-=d4sh0fs4|t?&4ndM4YB350m35ymb0||0v3!!!!!!=-'.$this->id_session.$this->id_user.$this->id_admin.uniqid();
$this->token = strtoupper(hash('sha512', $fields));
$this->save();
}