mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-25 05:22:59 +00:00
Update users object to support storing arbitrary data.
This commit is contained in:
parent
16f5e8fa2c
commit
7ba0d62cc8
5 changed files with 62 additions and 44 deletions
|
@ -41,10 +41,17 @@ $guiConfig = <<<'GUICONFIG'
|
|||
"clean_raw_html": {"type": "checkbox", "description": "Whether page sources should be cleaned of HTML before rendering. It is STRONGLY recommended that you keep this option turned on.", "default": true},
|
||||
"enable_math_rendering": {"type": "checkbox", "description": "Whether to enable client side rendering of mathematical expressions with MathJax (https://www.mathjax.org/). Math expressions should be enclosed inside of dollar signs ($). Turn off if you don't use it.", "default": true},
|
||||
"users": {"type": "usertable", "description": "An array of usernames and passwords - passwords should be hashed with sha256 (or sha3 if you have that option turned on)", "default": {
|
||||
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
|
||||
"user": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
|
||||
"admin": {
|
||||
"email": "admin@somewhere.com",
|
||||
"password": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
|
||||
},
|
||||
"user": {
|
||||
"email": "example@example.net",
|
||||
"password": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
|
||||
}
|
||||
}},
|
||||
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
|
||||
"anonymous_user_name": { "type": "text", "description": "THe default name for anonymous users.", "default": "Anonymous" },
|
||||
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
|
||||
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
|
||||
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
|
||||
|
@ -102,6 +109,10 @@ $guiConfig = <<<'GUICONFIG'
|
|||
[
|
||||
"🔐 ◆Toggle Protection",
|
||||
"index.php?action=protect&page={page}"
|
||||
],
|
||||
[
|
||||
"⚙ ◆Edit master settings",
|
||||
"index.php?action=configure"
|
||||
]
|
||||
]},
|
||||
"nav_links_bottom": {"type": "nav", "description": "An array of links in the above format that will be shown at the bottom of the page.", "default": [
|
||||
|
@ -323,7 +334,7 @@ $env->is_history_revision = false; // Whether we are looking at a history revisi
|
|||
$env->history = new stdClass(); // History revision information
|
||||
$env->history->revision_number = -1; // The revision number of the current page
|
||||
$env->history->revision_data = false; // The revision data object from the page index
|
||||
$env->user = "Anonymous"; // The user's name
|
||||
$env->user = $settings->anonymous_user_name; // The user's name
|
||||
$env->is_logged_in = false; // Whether the user is logged in
|
||||
$env->is_admin = false; // Whether the user is an admin (moderator)
|
||||
$env->storage_prefix = $settings->data_storage_dir . DIRECTORY_SEPARATOR; // The data storage directory
|
||||
|
@ -353,21 +364,18 @@ if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
|||
// Clear the session variables
|
||||
$_SESSION = [];
|
||||
session_destroy();
|
||||
$env->is_logged_in = false;
|
||||
$env->user = "Anonymous";
|
||||
}
|
||||
|
||||
if(!isset($_SESSION[$settings->sessionprefix . "-user"]) and
|
||||
!isset($_SESSION[$settings->sessionprefix . "-pass"]))
|
||||
{
|
||||
// The user is not logged in
|
||||
$env->is_logged_in = false;
|
||||
}
|
||||
else
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
|
||||
isset($_SESSION[$settings->sessionprefix . "-pass"]))
|
||||
{
|
||||
// Grab the session variables
|
||||
// Note that the 'pass' field here is actually a hash of the password set
|
||||
// by the login action
|
||||
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
|
||||
$env->pass = $_SESSION[$settings->sessionprefix . "-pass"];
|
||||
if($settings->users->{$env->user} == $env->pass)
|
||||
|
||||
if($settings->users->{$env->user}->password == $env->pass)
|
||||
{
|
||||
// The user is logged in
|
||||
$env->is_logged_in = true;
|
||||
|
@ -381,11 +389,12 @@ else
|
|||
$env->user = "Anonymous";
|
||||
$env->pass = "";
|
||||
// Clear the session data
|
||||
$_SESSION = []; //delete all the variables
|
||||
session_destroy(); //destroy the session
|
||||
$_SESSION = []; // Delete all the variables
|
||||
session_destroy(); // Destroy the session
|
||||
}
|
||||
}
|
||||
//check to see if the currently logged in user is an admin
|
||||
|
||||
// Check to see if the currently logged in user is an admin
|
||||
$env->is_admin = false;
|
||||
if($env->is_logged_in)
|
||||
{
|
||||
|
@ -4845,7 +4854,7 @@ register_module([
|
|||
//the user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user == hash_password($pass))
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
|
|
26
core.php
26
core.php
|
@ -17,7 +17,7 @@ $env->is_history_revision = false; // Whether we are looking at a history revisi
|
|||
$env->history = new stdClass(); // History revision information
|
||||
$env->history->revision_number = -1; // The revision number of the current page
|
||||
$env->history->revision_data = false; // The revision data object from the page index
|
||||
$env->user = "Anonymous"; // The user's name
|
||||
$env->user = $settings->anonymous_user_name; // The user's name
|
||||
$env->is_logged_in = false; // Whether the user is logged in
|
||||
$env->is_admin = false; // Whether the user is an admin (moderator)
|
||||
$env->storage_prefix = $settings->data_storage_dir . DIRECTORY_SEPARATOR; // The data storage directory
|
||||
|
@ -47,21 +47,18 @@ if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
|
|||
// Clear the session variables
|
||||
$_SESSION = [];
|
||||
session_destroy();
|
||||
$env->is_logged_in = false;
|
||||
$env->user = "Anonymous";
|
||||
}
|
||||
|
||||
if(!isset($_SESSION[$settings->sessionprefix . "-user"]) and
|
||||
!isset($_SESSION[$settings->sessionprefix . "-pass"]))
|
||||
{
|
||||
// The user is not logged in
|
||||
$env->is_logged_in = false;
|
||||
}
|
||||
else
|
||||
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
|
||||
isset($_SESSION[$settings->sessionprefix . "-pass"]))
|
||||
{
|
||||
// Grab the session variables
|
||||
// Note that the 'pass' field here is actually a hash of the password set
|
||||
// by the login action
|
||||
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
|
||||
$env->pass = $_SESSION[$settings->sessionprefix . "-pass"];
|
||||
if($settings->users->{$env->user} == $env->pass)
|
||||
|
||||
if($settings->users->{$env->user}->password == $env->pass)
|
||||
{
|
||||
// The user is logged in
|
||||
$env->is_logged_in = true;
|
||||
|
@ -75,11 +72,12 @@ else
|
|||
$env->user = "Anonymous";
|
||||
$env->pass = "";
|
||||
// Clear the session data
|
||||
$_SESSION = []; //delete all the variables
|
||||
session_destroy(); //destroy the session
|
||||
$_SESSION = []; // Delete all the variables
|
||||
session_destroy(); // Destroy the session
|
||||
}
|
||||
}
|
||||
//check to see if the currently logged in user is an admin
|
||||
|
||||
// Check to see if the currently logged in user is an admin
|
||||
$env->is_admin = false;
|
||||
if($env->is_logged_in)
|
||||
{
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
|
||||
"id": "feature-guiconfig",
|
||||
"lastupdate": 1481484345,
|
||||
"lastupdate": 1481488416,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -167,7 +167,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id": "page-login",
|
||||
"lastupdate": 1472230366,
|
||||
"lastupdate": 1481567842,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
@ -92,7 +92,7 @@ register_module([
|
|||
//the user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users->$user == hash_password($pass))
|
||||
if($settings->users->$user->password == hash_password($pass))
|
||||
{
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
|
|
|
@ -19,10 +19,17 @@
|
|||
"clean_raw_html": {"type": "checkbox", "description": "Whether page sources should be cleaned of HTML before rendering. It is STRONGLY recommended that you keep this option turned on.", "default": true},
|
||||
"enable_math_rendering": {"type": "checkbox", "description": "Whether to enable client side rendering of mathematical expressions with MathJax (https://www.mathjax.org/). Math expressions should be enclosed inside of dollar signs ($). Turn off if you don't use it.", "default": true},
|
||||
"users": {"type": "usertable", "description": "An array of usernames and passwords - passwords should be hashed with sha256 (or sha3 if you have that option turned on)", "default": {
|
||||
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
|
||||
"user": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
|
||||
"admin": {
|
||||
"email": "admin@somewhere.com",
|
||||
"password": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
|
||||
},
|
||||
"user": {
|
||||
"email": "example@example.net",
|
||||
"password": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
|
||||
}
|
||||
}},
|
||||
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
|
||||
"anonymous_user_name": { "type": "text", "description": "THe default name for anonymous users.", "default": "Anonymous" },
|
||||
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
|
||||
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
|
||||
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
|
||||
|
@ -80,6 +87,10 @@
|
|||
[
|
||||
"🔐 ◆Toggle Protection",
|
||||
"index.php?action=protect&page={page}"
|
||||
],
|
||||
[
|
||||
"⚙ ◆Edit master settings",
|
||||
"index.php?action=configure"
|
||||
]
|
||||
]},
|
||||
"nav_links_bottom": {"type": "nav", "description": "An array of links in the above format that will be shown at the bottom of the page.", "default": [
|
||||
|
|
Loading…
Reference in a new issue