1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 05:22:59 +00:00

Update users object to support storing arbitrary data.

This commit is contained in:
Starbeamrainbowlabs 2016-12-12 18:38:13 +00:00
parent 16f5e8fa2c
commit 7ba0d62cc8
5 changed files with 62 additions and 44 deletions

View file

@ -41,10 +41,17 @@ $guiConfig = <<<'GUICONFIG'
"clean_raw_html": {"type": "checkbox", "description": "Whether page sources should be cleaned of HTML before rendering. It is STRONGLY recommended that you keep this option turned on.", "default": true},
"enable_math_rendering": {"type": "checkbox", "description": "Whether to enable client side rendering of mathematical expressions with MathJax (https://www.mathjax.org/). Math expressions should be enclosed inside of dollar signs ($). Turn off if you don't use it.", "default": true},
"users": {"type": "usertable", "description": "An array of usernames and passwords - passwords should be hashed with sha256 (or sha3 if you have that option turned on)", "default": {
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
"user": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
"admin": {
"email": "admin@somewhere.com",
"password": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
},
"user": {
"email": "example@example.net",
"password": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
}
}},
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
"anonymous_user_name": { "type": "text", "description": "THe default name for anonymous users.", "default": "Anonymous" },
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
@ -102,6 +109,10 @@ $guiConfig = <<<'GUICONFIG'
[
"&#x1f510; &#9670;Toggle Protection",
"index.php?action=protect&page={page}"
],
[
"&#x2699; &#9670;Edit master settings",
"index.php?action=configure"
]
]},
"nav_links_bottom": {"type": "nav", "description": "An array of links in the above format that will be shown at the bottom of the page.", "default": [
@ -323,7 +334,7 @@ $env->is_history_revision = false; // Whether we are looking at a history revisi
$env->history = new stdClass(); // History revision information
$env->history->revision_number = -1; // The revision number of the current page
$env->history->revision_data = false; // The revision data object from the page index
$env->user = "Anonymous"; // The user's name
$env->user = $settings->anonymous_user_name; // The user's name
$env->is_logged_in = false; // Whether the user is logged in
$env->is_admin = false; // Whether the user is an admin (moderator)
$env->storage_prefix = $settings->data_storage_dir . DIRECTORY_SEPARATOR; // The data storage directory
@ -353,21 +364,18 @@ if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
// Clear the session variables
$_SESSION = [];
session_destroy();
$env->is_logged_in = false;
$env->user = "Anonymous";
}
if(!isset($_SESSION[$settings->sessionprefix . "-user"]) and
!isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// The user is not logged in
$env->is_logged_in = false;
}
else
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// Grab the session variables
// Note that the 'pass' field here is actually a hash of the password set
// by the login action
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
$env->pass = $_SESSION[$settings->sessionprefix . "-pass"];
if($settings->users->{$env->user} == $env->pass)
if($settings->users->{$env->user}->password == $env->pass)
{
// The user is logged in
$env->is_logged_in = true;
@ -381,11 +389,12 @@ else
$env->user = "Anonymous";
$env->pass = "";
// Clear the session data
$_SESSION = []; //delete all the variables
session_destroy(); //destroy the session
$_SESSION = []; // Delete all the variables
session_destroy(); // Destroy the session
}
}
//check to see if the currently logged in user is an admin
// Check to see if the currently logged in user is an admin
$env->is_admin = false;
if($env->is_logged_in)
{
@ -4845,7 +4854,7 @@ register_module([
//the user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user == hash_password($pass))
if($settings->users->$user->password == hash_password($pass))
{
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now

View file

@ -17,7 +17,7 @@ $env->is_history_revision = false; // Whether we are looking at a history revisi
$env->history = new stdClass(); // History revision information
$env->history->revision_number = -1; // The revision number of the current page
$env->history->revision_data = false; // The revision data object from the page index
$env->user = "Anonymous"; // The user's name
$env->user = $settings->anonymous_user_name; // The user's name
$env->is_logged_in = false; // Whether the user is logged in
$env->is_admin = false; // Whether the user is an admin (moderator)
$env->storage_prefix = $settings->data_storage_dir . DIRECTORY_SEPARATOR; // The data storage directory
@ -47,21 +47,18 @@ if(isset($_SESSION[$settings->sessionprefix . "-expiretime"]) and
// Clear the session variables
$_SESSION = [];
session_destroy();
$env->is_logged_in = false;
$env->user = "Anonymous";
}
if(!isset($_SESSION[$settings->sessionprefix . "-user"]) and
!isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// The user is not logged in
$env->is_logged_in = false;
}
else
if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// Grab the session variables
// Note that the 'pass' field here is actually a hash of the password set
// by the login action
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
$env->pass = $_SESSION[$settings->sessionprefix . "-pass"];
if($settings->users->{$env->user} == $env->pass)
if($settings->users->{$env->user}->password == $env->pass)
{
// The user is logged in
$env->is_logged_in = true;
@ -75,11 +72,12 @@ else
$env->user = "Anonymous";
$env->pass = "";
// Clear the session data
$_SESSION = []; //delete all the variables
session_destroy(); //destroy the session
$_SESSION = []; // Delete all the variables
session_destroy(); // Destroy the session
}
}
//check to see if the currently logged in user is an admin
// Check to see if the currently logged in user is an admin
$env->is_admin = false;
if($env->is_logged_in)
{

View file

@ -50,7 +50,7 @@
"author": "Starbeamrainbowlabs",
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id": "feature-guiconfig",
"lastupdate": 1481484345,
"lastupdate": 1481488416,
"optional": false
},
{
@ -167,7 +167,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login",
"lastupdate": 1472230366,
"lastupdate": 1481567842,
"optional": false
},
{

View file

@ -92,7 +92,7 @@ register_module([
//the user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users->$user == hash_password($pass))
if($settings->users->$user->password == hash_password($pass))
{
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now

View file

@ -19,10 +19,17 @@
"clean_raw_html": {"type": "checkbox", "description": "Whether page sources should be cleaned of HTML before rendering. It is STRONGLY recommended that you keep this option turned on.", "default": true},
"enable_math_rendering": {"type": "checkbox", "description": "Whether to enable client side rendering of mathematical expressions with MathJax (https://www.mathjax.org/). Math expressions should be enclosed inside of dollar signs ($). Turn off if you don't use it.", "default": true},
"users": {"type": "usertable", "description": "An array of usernames and passwords - passwords should be hashed with sha256 (or sha3 if you have that option turned on)", "default": {
"admin": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8",
"user": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
"admin": {
"email": "admin@somewhere.com",
"password": "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
},
"user": {
"email": "example@example.net",
"password": "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34"
}
}},
"admins": {"type": "array", "description": "An array of usernames that are administrators. Administrators can delete and move pages.", "default": [ "admin" ]},
"anonymous_user_name": { "type": "text", "description": "THe default name for anonymous users.", "default": "Anonymous" },
"use_sha3": {"type": "checkbox", "description": "Whether to use the new sha3 hashing algorithm for passwords etc.", "default": false },
"require_login_view": {"type": "checkbox", "description": "Whether to require that users login before they do anything else. Best used with the data_storage_dir option.", "default": false},
"data_storage_dir": {"type": "text", "description": "The directory in which to store all files, except the main index.php.", "default": "."},
@ -80,6 +87,10 @@
[
"&#x1f510; &#9670;Toggle Protection",
"index.php?action=protect&page={page}"
],
[
"&#x2699; &#9670;Edit master settings",
"index.php?action=configure"
]
]},
"nav_links_bottom": {"type": "nav", "description": "An array of links in the above format that will be shown at the bottom of the page.", "default": [