1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-26 05:32:59 +00:00

Add option to require login before viewing pages. Currently halfway through #38.

This commit is contained in:
Starbeamrainbowlabs 2015-11-14 15:22:35 +00:00
parent 1f68038636
commit 3711f10e5c
5 changed files with 57 additions and 9 deletions

View file

@ -109,6 +109,8 @@ $settings->users = [
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese "user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
]; ];
$settings->require_login_view = true;
// Whether to use the new sha3 hashing algorithm that was standardised on the // Whether to use the new sha3 hashing algorithm that was standardised on the
// 8th August 2015. Only works if you have strawbrary's sha3 extension // 8th August 2015. Only works if you have strawbrary's sha3 extension
// installed. Get it here: https://github.com/strawbrary/php-sha3 // installed. Get it here: https://github.com/strawbrary/php-sha3
@ -881,6 +883,7 @@ if(makepathsafe($_GET["page"]) !== $_GET["page"])
exit(); exit();
} }
// Finish setting up the environment object
$env->page = $_GET["page"]; $env->page = $_GET["page"];
$env->action = strtolower($_GET["action"]); $env->action = strtolower($_GET["action"]);
@ -1035,7 +1038,6 @@ class page_renderer
return self::render($title, $content, self::$minimal_content_template); return self::render($title, $content, self::$minimal_content_template);
} }
public static function get_css_as_html() public static function get_css_as_html()
{ {
global $settings; global $settings;
@ -1140,6 +1142,7 @@ class page_renderer
////////////////////////////////////// //////////////////////////////////////
///// Extra consistency measures ///// ///// Extra consistency measures /////
////////////////////////////////////// //////////////////////////////////////
// Redirect to the search page if there isn't a page with the requested name
if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"])) if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
{ {
http_response_code(307); http_response_code(307);
@ -1148,6 +1151,22 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
exit(page_renderer::render("Non existent page - $settings->sitename", "<p>There isn't a page on $settings->sitename with that name. However, you could <a href='$url'>search for this page name</a> in other pages.</p> exit(page_renderer::render("Non existent page - $settings->sitename", "<p>There isn't a page on $settings->sitename with that name. However, you could <a href='$url'>search for this page name</a> in other pages.</p>
<p>Alternatively, you could <a href='?action=edit&page=" . rawurlencode($env->page) . "&create=true'>create this page</a>.</p>")); <p>Alternatively, you could <a href='?action=edit&page=" . rawurlencode($env->page) . "&create=true'>create this page</a>.</p>"));
} }
// Redirect the user to the login page if:
// - A login is required to view this wiki
// - The user isn't already requesting the login page
// Note we use $_GET here because $env->action isn't populated at this point
if($settings->require_login_view === true && // If this site requires a login in order to view pages
!$env->is_logged_in && // And the user isn't logged in
$_GET["action"] !== "login") // And the user isn't requesting the login page
{
// Redirect the user to the login page
http_response_code(307);
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
<p><a href='$url'>Login</a>.</p>"));
}
////////////////////////////////////// //////////////////////////////////////
////////////////////////////////////// //////////////////////////////////////
@ -2839,6 +2858,8 @@ register_module([
$content = "<h1>Login to $settings->sitename</h1>\n"; $content = "<h1>Login to $settings->sitename</h1>\n";
if(isset($_GET["failed"])) if(isset($_GET["failed"]))
$content .= "\t\t<p><em>Login failed.</em></p>\n"; $content .= "\t\t<p><em>Login failed.</em></p>\n";
if(isset($_GET["required"]))
$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
$content .= "\t\t<form method='post' action='index.php?action=checklogin&returnto=" . rawurlencode($_SERVER['REQUEST_URI']) . "'> $content .= "\t\t<form method='post' action='index.php?action=checklogin&returnto=" . rawurlencode($_SERVER['REQUEST_URI']) . "'>
<label for='user'>Username:</label> <label for='user'>Username:</label>
<input type='text' name='user' id='user' /> <input type='text' name='user' id='user' />
@ -2847,7 +2868,7 @@ register_module([
<input type='password' name='pass' id='pass' /> <input type='password' name='pass' id='pass' />
<br /> <br />
<input type='submit' value='Login' /> <input type='submit' value='Login' />
</form>"; </form>\n";
exit(page_renderer::render_main($title, $content)); exit(page_renderer::render_main($title, $content));
}); });

View file

@ -543,6 +543,7 @@ if(makepathsafe($_GET["page"]) !== $_GET["page"])
exit(); exit();
} }
// Finish setting up the environment object
$env->page = $_GET["page"]; $env->page = $_GET["page"];
$env->action = strtolower($_GET["action"]); $env->action = strtolower($_GET["action"]);
@ -697,7 +698,6 @@ class page_renderer
return self::render($title, $content, self::$minimal_content_template); return self::render($title, $content, self::$minimal_content_template);
} }
public static function get_css_as_html() public static function get_css_as_html()
{ {
global $settings; global $settings;
@ -802,6 +802,7 @@ class page_renderer
////////////////////////////////////// //////////////////////////////////////
///// Extra consistency measures ///// ///// Extra consistency measures /////
////////////////////////////////////// //////////////////////////////////////
// Redirect to the search page if there isn't a page with the requested name
if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"])) if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
{ {
http_response_code(307); http_response_code(307);
@ -810,6 +811,22 @@ if(!isset($pageindex->{$env->page}) and isset($_GET["search-redirect"]))
exit(page_renderer::render("Non existent page - $settings->sitename", "<p>There isn't a page on $settings->sitename with that name. However, you could <a href='$url'>search for this page name</a> in other pages.</p> exit(page_renderer::render("Non existent page - $settings->sitename", "<p>There isn't a page on $settings->sitename with that name. However, you could <a href='$url'>search for this page name</a> in other pages.</p>
<p>Alternatively, you could <a href='?action=edit&page=" . rawurlencode($env->page) . "&create=true'>create this page</a>.</p>")); <p>Alternatively, you could <a href='?action=edit&page=" . rawurlencode($env->page) . "&create=true'>create this page</a>.</p>"));
} }
// Redirect the user to the login page if:
// - A login is required to view this wiki
// - The user isn't already requesting the login page
// Note we use $_GET here because $env->action isn't populated at this point
if($settings->require_login_view === true && // If this site requires a login in order to view pages
!$env->is_logged_in && // And the user isn't logged in
$_GET["action"] !== "login") // And the user isn't requesting the login page
{
// Redirect the user to the login page
http_response_code(307);
$url = "?action=login&returnto=" . rawurlencode($_SERVER["REQUEST_URI"]) . "&required=true";
header("location: $url");
exit(page_renderer::render("Login required - $settings->sitename", "<p>$settings->sitename requires that you login before you are able to access it.</p>
<p><a href='$url'>Login</a>.</p>"));
}
////////////////////////////////////// //////////////////////////////////////
////////////////////////////////////// //////////////////////////////////////

View file

@ -122,7 +122,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login", "id": "page-login",
"lastupdate": 1445170746, "lastupdate": 1447514093,
"optional": false "optional": false
}, },
{ {

View file

@ -16,11 +16,19 @@ register_module([
*/ */
add_action("login", function() { add_action("login", function() {
global $settings; global $settings;
// Build the action url that will actually perform the login
$login_form_action_url = "index.php?action=checklogin"
if(isset($_GET["returnto"]))
$login_form_action_url .= "&returnto=" . rawurlencode($_SERVER['REQUEST_URI']);
$title = "Login to $settings->sitename"; $title = "Login to $settings->sitename";
$content = "<h1>Login to $settings->sitename</h1>\n"; $content = "<h1>Login to $settings->sitename</h1>\n";
if(isset($_GET["failed"])) if(isset($_GET["failed"]))
$content .= "\t\t<p><em>Login failed.</em></p>\n"; $content .= "\t\t<p><em>Login failed.</em></p>\n";
$content .= "\t\t<form method='post' action='index.php?action=checklogin&returnto=" . rawurlencode($_SERVER['REQUEST_URI']) . "'> if(isset($_GET["required"]))
$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
$content .= "\t\t<form method='post' action='$login_form_action_url'>
<label for='user'>Username:</label> <label for='user'>Username:</label>
<input type='text' name='user' id='user' /> <input type='text' name='user' id='user' />
<br /> <br />
@ -28,7 +36,7 @@ register_module([
<input type='password' name='pass' id='pass' /> <input type='password' name='pass' id='pass' />
<br /> <br />
<input type='submit' value='Login' /> <input type='submit' value='Login' />
</form>"; </form>\n";
exit(page_renderer::render_main($title, $content)); exit(page_renderer::render_main($title, $content));
}); });
@ -58,7 +66,7 @@ register_module([
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going //redirect to wherever the user was going
http_response_code(302); http_response_code(302);
if(isset($_POST["goto"])) if(isset($_POST["returnto"]))
header("location: " . $_POST["returnto"]); header("location: " . $_POST["returnto"]);
else else
header("location: index.php"); header("location: index.php");

View file

@ -98,6 +98,8 @@ $settings->users = [
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese "user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
]; ];
$settings->require_login_view = true;
// Whether to use the new sha3 hashing algorithm that was standardised on the // Whether to use the new sha3 hashing algorithm that was standardised on the
// 8th August 2015. Only works if you have strawbrary's sha3 extension // 8th August 2015. Only works if you have strawbrary's sha3 extension
// installed. Get it here: https://github.com/strawbrary/php-sha3 // installed. Get it here: https://github.com/strawbrary/php-sha3