Pepperminty-Wiki/modules/page-login.php

<?php
register_module([
	"name" => "Login",
	"version" => "0.7",
	"author" => "Starbeamrainbowlabs",
	"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
	"id" => "page-login",
	"code" => function() {
		/*
		 *  _             _
		 * | | ___   __ _(_)_ __
		 * | |/ _ \ / _` | | '_ \
		 * | | (_) | (_| | | | | |
		 * |_|\___/ \__, |_|_| |_|
		 *          |___/  %login%
		 */
		add_action("login", function() {
			global $settings;
			
			// Build the action url that will actually perform the login
			$login_form_action_url = "index.php?action=checklogin";
			if(isset($_GET["returnto"]))
				$login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]);
			
			$title = "Login to $settings->sitename";
			$content = "<h1>Login to $settings->sitename</h1>\n";
			if(isset($_GET["failed"]))
				$content .= "\t\t<p><em>Login failed.</em></p>\n";
			if(isset($_GET["required"]))
				$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
			$content .= "\t\t<form method='post' action='$login_form_action_url'>
				<label for='user'>Username:</label>
				<input type='text' name='user' id='user' />
				<br />
				<label for='pass'>Password:</label>
				<input type='password' name='pass' id='pass' />
				<br />
				<input type='submit' value='Login' />
			</form>\n";
			exit(page_renderer::render_main($title, $content));
		});
		
		/*
		 *       _               _    _             _
		 *   ___| |__   ___  ___| | _| | ___   __ _(_)_ __
		 *  / __| '_ \ / _ \/ __| |/ / |/ _ \ / _` | | '_ \
		 * | (__| | | |  __/ (__|   <| | (_) | (_| | | | | |
		 *  \___|_| |_|\___|\___|_|\_\_|\___/ \__, |_|_| |_|
		 *     %checklogin%                   |___/
		 */
		add_action("checklogin", function() {
			global $settings, $env;
			
			//actually do the login
			if(isset($_POST["user"]) and isset($_POST["pass"]))
			{
				//the user wants to log in
				$user = $_POST["user"];
				$pass = $_POST["pass"];
				if($settings->users[$user] == hash_password($pass))
				{
					$env->is_logged_in = true;
					$expiretime = time() + 60*60*24*30; //30 days from now
					$_SESSION["$settings->sessionprefix-user"] = $user;
					$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
					$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
					//redirect to wherever the user was going
					http_response_code(302);
					if(isset($_GET["returnto"]))
						header("location: " . $_GET["returnto"]);
					else
						header("location: index.php");
					exit();
				}
				else
				{
					http_response_code(302);
					header("location: index.php?action=login&failed=yes");
					exit();
				}
			}
			else
			{
				http_response_code(302);
				header("location: index.php?action=login&failed=yes&badrequest=yes");
				exit();
			}
		});
	}
]);

/*
 * @summary Hashes the given password according to the current settings defined
 * 			in $settings.
 * 
 * @param $pass {string} The password to hash.
 * 
 * @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
 * 					 enabled, or sha256 otherwise.
 */
function hash_password($pass)
{
	global $settings;
	if($settings->use_sha3)
	{
		return sha3($pass, 256);
	}
	else
	{
		return hash("sha256", $pass);
	}
}

?>
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`<?php`
			`register_module([`
			`"name" => "Login",`
Add use_sha3 option to settings in light of recent developments with sha256 2015-10-10 12:00:46 +00:00			`"version" => "0.7",`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`"author" => "Starbeamrainbowlabs",`
			`"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",`
			`"id" => "page-login",`
			`"code" => function() {`
			`/*`
			`* _ _`
			`* \| \| ___ __ _(_)_ __`
			* \| \|/ _ \ / _` \| \| '_ \
			`* \| \| (_) \| (_\| \| \| \| \| \|`
			`* \|_\|\___/ \__, \|_\|_\| \|_\|`
			`* \|___/ %login%`
			`*/`
			`add_action("login", function() {`
			`global $settings;`
Add option to require login before viewing pages. Currently halfway through #38. 2015-11-14 15:22:35 +00:00
			`// Build the action url that will actually perform the login`
Redirect to the last page viewed. Fixes #38. 2015-11-14 15:41:28 +00:00			`$login_form_action_url = "index.php?action=checklogin";`
Add option to require login before viewing pages. Currently halfway through #38. 2015-11-14 15:22:35 +00:00			`if(isset($_GET["returnto"]))`
Redirect to the last page viewed. Fixes #38. 2015-11-14 15:41:28 +00:00			`$login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]);`
Add option to require login before viewing pages. Currently halfway through #38. 2015-11-14 15:22:35 +00:00
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`$title = "Login to $settings->sitename";`
			`$content = "<h1>Login to $settings->sitename</h1>\n";`
			`if(isset($_GET["failed"]))`
			`$content .= "\t\t<p><em>Login failed.</em></p>\n";`
Add option to require login before viewing pages. Currently halfway through #38. 2015-11-14 15:22:35 +00:00			`if(isset($_GET["required"]))`
			`$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";`
			`$content .= "\t\t<form method='post' action='$login_form_action_url'>`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`<label for='user'>Username:</label>`
			`<input type='text' name='user' id='user' />`
			`<br />`
			`<label for='pass'>Password:</label>`
			`<input type='password' name='pass' id='pass' />`
			`<br />`
			`<input type='submit' value='Login' />`
Add option to require login before viewing pages. Currently halfway through #38. 2015-11-14 15:22:35 +00:00			`</form>\n";`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`exit(page_renderer::render_main($title, $content));`
			`});`

			`/*`
			`* _ _ _ _`
			`* ___\| \|__ ___ ___\| \| _\| \| ___ __ _(_)_ __`
			* / __\| '_ \ / _ \/ __\| \|/ / \|/ _ \ / _` \| \| '_ \
			`* \| (__\| \| \| \| __/ (__\| <\| \| (_) \| (_\| \| \| \| \| \|`
			`* \___\|_\| \|_\|\___\|\___\|_\|\_\_\|\___/ \__, \|_\|_\| \|_\|`
			`* %checklogin% \|___/`
			`*/`
			`add_action("checklogin", function() {`
Convert all existing modules over to new $env 2015-09-22 13:34:18 +00:00			`global $settings, $env;`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00
			`//actually do the login`
			`if(isset($_POST["user"]) and isset($_POST["pass"]))`
			`{`
			`//the user wants to log in`
			`$user = $_POST["user"];`
			`$pass = $_POST["pass"];`
Add use_sha3 option to settings in light of recent developments with sha256 2015-10-10 12:00:46 +00:00			`if($settings->users[$user] == hash_password($pass))`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`{`
Convert all existing modules over to new $env 2015-09-22 13:34:18 +00:00			`$env->is_logged_in = true;`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`$expiretime = time() + 606024*30; //30 days from now`
			`$_SESSION["$settings->sessionprefix-user"] = $user;`
Add use_sha3 option to settings in light of recent developments with sha256 2015-10-10 12:00:46 +00:00			`$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;`
			`//redirect to wherever the user was going`
			`http_response_code(302);`
Redirect to the last page viewed. Fixes #38. 2015-11-14 15:41:28 +00:00			`if(isset($_GET["returnto"]))`
			`header("location: " . $_GET["returnto"]);`
Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`else`
			`header("location: index.php");`
			`exit();`
			`}`
			`else`
			`{`
			`http_response_code(302);`
			`header("location: index.php?action=login&failed=yes");`
			`exit();`
			`}`
			`}`
			`else`
			`{`
			`http_response_code(302);`
			`header("location: index.php?action=login&failed=yes&badrequest=yes");`
			`exit();`
			`}`
			`});`
			`}`
			`]);`
Add use_sha3 option to settings in light of recent developments with sha256 2015-10-10 12:00:46 +00:00
			`/*`
			`* @summary Hashes the given password according to the current settings defined`
			`* in $settings.`
			`*`
			`* @param $pass {string} The password to hash.`
			`*`
			`* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is`
			`* enabled, or sha256 otherwise.`
			`*/`
			`function hash_password($pass)`
			`{`
			`global $settings;`
			`if($settings->use_sha3)`
			`{`
			`return sha3($pass, 256);`
			`}`
			`else`
			`{`
			`return hash("sha256", $pass);`
			`}`
			`}`

Erm what's happening here...? 2015-09-19 09:19:56 +00:00			`?>`