2015-09-19 09:19:56 +00:00
< ? php
register_module ([
" name " => " Login " ,
2017-09-15 22:06:10 +00:00
" version " => " 0.8.5 " ,
2015-09-19 09:19:56 +00:00
" author " => " Starbeamrainbowlabs " ,
" description " => " Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login. " ,
" id " => " page-login " ,
" code " => function () {
2015-12-21 14:03:21 +00:00
global $settings ;
2016-06-15 18:20:03 +00:00
/**
* @ api { get } ? action = login [ & failed = yes ][ & returnto = { someUrl }] Get the login page
* @ apiName Login
* @ apiGroup Authorisation
* @ apiPermission Anonymous
*
* @ apiParam { string } failed Setting to yes causes a login failure message to be displayed above the login form .
* @ apiParam { string } returnto Set to the url to redirect to upon a successful login .
*/
2015-09-19 09:19:56 +00:00
/*
2016-06-04 19:27:14 +00:00
* ██ ██████ ██████ ██ ███ ██
* ██ ██ ██ ██ ██ ████ ██
* ██ ██ ██ ██ ███ ██ ██ ██ ██
* ██ ██ ██ ██ ██ ██ ██ ██ ██
* ███████ ██████ ██████ ██ ██ ████
2015-09-19 09:19:56 +00:00
*/
add_action ( " login " , function () {
2016-08-24 18:12:37 +00:00
global $settings , $env ;
2015-11-14 15:22:35 +00:00
// Build the action url that will actually perform the login
2015-11-14 15:41:28 +00:00
$login_form_action_url = " index.php?action=checklogin " ;
2015-11-14 15:22:35 +00:00
if ( isset ( $_GET [ " returnto " ]))
2015-11-14 15:41:28 +00:00
$login_form_action_url .= " &returnto= " . rawurlencode ( $_GET [ " returnto " ]);
2015-11-14 15:22:35 +00:00
2016-08-24 18:12:37 +00:00
if ( $env -> is_logged_in && ! empty ( $_GET [ " returnto " ]))
{
http_response_code ( 307 );
header ( " location: " . $_GET [ " returnto " ]);
}
2015-09-19 09:19:56 +00:00
$title = " Login to $settings->sitename " ;
$content = " <h1>Login to $settings->sitename </h1> \n " ;
if ( isset ( $_GET [ " failed " ]))
$content .= " \t \t <p><em>Login failed.</em></p> \n " ;
2015-11-14 15:22:35 +00:00
if ( isset ( $_GET [ " required " ]))
$content .= " \t \t <p><em> $settings->sitename requires that you login before continuing.</em></p> \n " ;
$content .= " \t \t <form method='post' action=' $login_form_action_url '>
2015-09-19 09:19:56 +00:00
< label for = 'user' > Username :</ label >
2016-04-09 10:02:25 +00:00
< input type = 'text' name = 'user' id = 'user' autofocus />
2015-09-19 09:19:56 +00:00
< br />
< label for = 'pass' > Password :</ label >
< input type = 'password' name = 'pass' id = 'pass' />
< br />
< input type = 'submit' value = 'Login' />
2015-11-14 15:22:35 +00:00
</ form > \n " ;
2015-09-19 09:19:56 +00:00
exit ( page_renderer :: render_main ( $title , $content ));
});
2016-06-15 18:20:03 +00:00
/**
* @ api { post } ? action = checklogin Perform a login
* @ apiName CheckLogin
* @ apiGroup Authorisation
* @ apiPermission Anonymous
*
* @ apiParam { string } user The user name to login with .
2018-03-30 15:40:29 +00:00
* @ apiParam { string } pass The password to login with .
2016-06-15 18:20:03 +00:00
* @ apiParam { string } returnto The URL to redirect to upon a successful login .
*
* @ apiError InvalidCredentialsError The supplied credentials were invalid . Note that this error is actually a redirect to ? action = login & failed = yes ( with the returnto parameter appended if you supplied one )
*/
2016-06-04 19:27:14 +00:00
2015-09-19 09:19:56 +00:00
/*
2016-06-04 19:27:14 +00:00
* ██████ ██ ██ ███████ ██████ ██ ██
2016-12-12 18:38:13 +00:00
* ██ ██ ██ ██ ██ ██ ██
* ██ ███████ █████ ██ █████
* ██ ██ ██ ██ ██ ██ ██
2016-06-04 19:27:14 +00:00
* ██████ ██ ██ ███████ ██████ ██ ██
*
* ██ ██████ ██████ ██ ███ ██
* ██ ██ ██ ██ ██ ████ ██
* ██ ██ ██ ██ ███ ██ ██ ██ ██
* ██ ██ ██ ██ ██ ██ ██ ██ ██
* ███████ ██████ ██████ ██ ██ ████
2015-09-19 09:19:56 +00:00
*/
add_action ( " checklogin " , function () {
2015-09-22 13:34:18 +00:00
global $settings , $env ;
2015-09-19 09:19:56 +00:00
2018-03-30 12:17:06 +00:00
// Actually do the login
2015-09-19 09:19:56 +00:00
if ( isset ( $_POST [ " user " ]) and isset ( $_POST [ " pass " ]))
{
2018-03-30 12:17:06 +00:00
// The user wants to log in
2015-09-19 09:19:56 +00:00
$user = $_POST [ " user " ];
$pass = $_POST [ " pass " ];
2016-12-12 18:38:13 +00:00
if ( $settings -> users -> $user -> password == hash_password ( $pass ))
2015-09-19 09:19:56 +00:00
{
2018-03-30 12:17:06 +00:00
// Success! :D
2015-09-22 13:34:18 +00:00
$env -> is_logged_in = true ;
2018-03-30 12:17:06 +00:00
$expiretime = time () + 60 * 60 * 24 * 30 ; // 30 days from now
2015-09-19 09:19:56 +00:00
$_SESSION [ " $settings->sessionprefix -user " ] = $user ;
2015-10-10 12:00:46 +00:00
$_SESSION [ " $settings->sessionprefix -pass " ] = hash_password ( $pass );
2015-09-19 09:19:56 +00:00
$_SESSION [ " $settings->sessionprefix -expiretime " ] = $expiretime ;
2018-03-30 12:17:06 +00:00
// Redirect to wherever the user was going
2015-09-19 09:19:56 +00:00
http_response_code ( 302 );
2018-03-30 12:17:06 +00:00
header ( " x-login-success: yes " );
2015-11-14 15:41:28 +00:00
if ( isset ( $_GET [ " returnto " ]))
header ( " location: " . $_GET [ " returnto " ]);
2015-09-19 09:19:56 +00:00
else
header ( " location: index.php " );
exit ();
}
else
{
2018-03-30 12:17:06 +00:00
// Login failed :-(
2015-09-19 09:19:56 +00:00
http_response_code ( 302 );
2018-03-30 12:17:06 +00:00
header ( " x-login-success: no " );
2016-06-04 19:27:14 +00:00
$nextUrl = " index.php?action=login&failed=yes " ;
if ( ! empty ( $_GET [ " returnto " ]))
$nextUrl .= " &returnto= " . rawurlencode ( $_GET [ " returnto " ]);
header ( " location: $nextUrl " );
2015-09-19 09:19:56 +00:00
exit ();
}
}
else
{
http_response_code ( 302 );
2016-06-04 19:27:14 +00:00
$nextUrl = " index.php?action=login&failed=yes&badrequest=yes " ;
if ( ! empty ( $_GET [ " returnto " ]))
$nextUrl .= " &returnto= " . rawurlencode ( $_GET [ " returnto " ]);
header ( " location: $nextUrl " );
2015-09-19 09:19:56 +00:00
exit ();
}
});
2015-12-21 14:03:21 +00:00
// Register a section on logging in on the help page.
add_help_section ( " 30-login " , " Logging in " , " <p>In order to edit $settings->sitename and have your edit attributed to you, you need to be logged in. Depending on the settings, logging in may be a required step if you want to edit at all. Thankfully, loggging in is not hard. Simply click the "Login" link in the top left, type your username and password, and then click login.</p>
2016-06-22 08:13:32 +00:00
< p > If you do not have an account yet and would like one , try contacting < a href = 'mailto:" . hide_email($settings->admindetails_email) . "' > $settings -> admindetails_name </ a > , $settings -> sitename ' s administrator and ask them nicely to see if they can create you an account .</ p > " );
2015-09-19 09:19:56 +00:00
}
]);
2015-10-10 12:00:46 +00:00
2017-09-15 22:06:10 +00:00
/**
* Hashes the given password according to the current settings defined
* in $settings .
* @ package page - login
* @ param string $pass The password to hash .
2015-10-10 12:00:46 +00:00
*
2017-09-15 22:06:10 +00:00
* @ return string The hashed password . Uses sha3 if $settings -> use_sha3 is
* enabled , or sha256 otherwise .
2015-10-10 12:00:46 +00:00
*/
function hash_password ( $pass )
{
global $settings ;
if ( $settings -> use_sha3 )
{
return sha3 ( $pass , 256 );
}
else
{
return hash ( " sha256 " , $pass );
}
}
2015-09-19 09:19:56 +00:00
?>