Luca/thetool
1
0
Fork 0
Code Issues 5 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into fronkdev

Browse Source
This commit is contained in:
Frank Schubert
2023-08-30 09:05:02 +02:00
parent b86db7cf82 62776c1ab4
commit f787014a4e
21 changed files with 1666 additions and 572 deletions
Download Patch File Download Diff File Expand all files Collapse all files

390
lib/mvcfronk/mfLogin/mfLoginController.php
View File

@@ -1,162 +1,238 @@
<?php
class mfLoginController extends mfBaseController {
protected function init($request) {
$this->layout()->setTemplate("mfLogin/Index");
if($request['mfLoginTemplate']) {
$this->layout()->setTemplate($request['mfLoginTemplate']);
}
/*if($request['mfLoginGet']) {
$_SESSION['mfLoginGet']=$request['mfLoginGet'];
}*/
if($request['mfLoginUrl']) {
$_SESSION['mfLoginUrl']=$request['mfLoginUrl'];
}
$this->logout();
}
protected function indexAction() {
if($_SESSION[MFAPPNAME."_loginfailed"]) {
$this->layout()->set("LayoutError","Login fehlgeschlagen.");
}
unset($_SESSION[MFAPPNAME."_loginfailed"]);
}
protected function loginAction($request) {
if(!$this->performLogin($request['Username'],$request['Password'])) {
$_SESSION[MFAPPNAME."_loginfailed"]=true;
}
//$get=$_SESSION['mfLoginGet'];
$url=$_SESSION['mfLoginUrl'];
//unset($_SESSION['mfLoginGet']);
unset($_SESSION['mfLoginUrl']);
/*
$mod=$get['action'];
if(preg_match('/([^_]+)_(.+)/',$action,$m)) {
$mod=$m[1];
$action=$m[2];
}
unset($get['action']);
self::redirect($mod,$action,$get);
*/
header("Location: $url");
}
class mfLoginController extends mfBaseController
{
protected function init($request)
{
$this->layout()->setTemplate("mfLogin/Index");
if ($request['mfLoginTemplate']) {
$this->layout()->setTemplate($request['mfLoginTemplate']);
}
/*if($request['mfLoginGet']) {
$_SESSION['mfLoginGet']=$request['mfLoginGet'];
}*/
if ($request['mfLoginUrl']) {
$_SESSION['mfLoginUrl'] = $request['mfLoginUrl'];
}
/*
* Internal functions
*/
public function logout() {
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
unset($_SESSION[MFAPPNAME.'_username']);
unset($_SESSION[MFAPPNAME.'_ip']);
}
public static function staticLogout() {
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
unset($_SESSION[MFAPPNAME.'_username']);
unset($_SESSION[MFAPPNAME.'_ip']);
}
public static function isLoggedIn() {
$db=new FronkDB();
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
if($_SESSION[MFAPPNAME.'_username'] && $_SESSION[MFAPPNAME.'_ip']) {
$username=$_SESSION[MFAPPNAME.'_username'];
$ip=$_SERVER['REMOTE_ADDR'];
$sid=session_id();
if($_SESSION[MFAPPNAME.'_ip']==$ip) {
// session seems legit, check if user exists and additionally check IP saved in database
$res=$db->select(MFUSERTABLE,"*","username='$username' AND ip='$ip' AND sessionid='$sid'");
if($db->num_rows($res)) {
$user=$db->fetch_object($res);
self::initSession($user);
return true;
}
return false;
}
} else {
return false;
}
}
protected static function initSession($user) {
$_SESSION[MFAPPNAME.'_username']=$user->username;
$_SESSION[MFAPPNAME.'_ip']=$_SERVER['REMOTE_ADDR'];
unset($_SESSION[MFAPPNAME."_loginfailed"]);
$user=mfUser::singleton($user);
return true;
}
protected function performLogin($username,$password) {
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
//session_set_cookie_params(0);
//session_name(MFAPPNAME."_session");
//session_start();
if(!is_scalar($username) || !is_scalar($password)) {
return false;
$this->logout();
}
protected function indexAction()
{
if ($_SESSION[MFAPPNAME . "_loginfailed"]) {
$this->layout()->set("LayoutError", "Login fehlgeschlagen.");
}
unset($_SESSION[MFAPPNAME . "_loginfailed"]);
}
protected function loginAction($request)
{
#Check if 2FA Code existiert
if (!$request['TwofactorCode'] || !is_int((int)$request['TwofactorCode'])) {
$code2fa = "unset";
} else {
$code2fa = $request['TwofactorCode'];
}
#Check ob Angemeldet bleiben aktiv ist
if (isset($request['Remember']) && $request['Remember'] === "true") {
$remember = true;
} else {
$remember = false;
}
#performLogin um 2FA Code und Remember erweitert
$performLogin = $this->performLogin($request['Username'], $request['Password'], $code2fa, $remember);
#performLogin um mehrere Stati erweitert
if ($performLogin === true) {
} elseif ($performLogin == "2fa") {
$this->layout()->setTemplate("mfLogin/Index");
$this->layout()->set("request", $request);
$this->layout()->set("requesttype", $performLogin);
return;
} elseif ($performLogin == "false2fa") {
$this->layout()->setTemplate("mfLogin/Index");
$this->layout()->setFlash("Verifizierungscode falsch oder abgelaufen", "error");
$this->layout()->set("request", $request);
$this->layout()->set("requesttype", $performLogin);
return;
} else {
$_SESSION[MFAPPNAME . "_loginfailed"] = true;
$this->layout()->setTemplate("mfLogin/Index");
$this->layout()->set("requesttype", "falselogin");
return;
}
//$get=$_SESSION['mfLoginGet'];
$url = $_SESSION['mfLoginUrl'];
//unset($_SESSION['mfLoginGet']);
unset($_SESSION['mfLoginUrl']);
/*
$mod=$get['action'];
if(preg_match('/([^_]+)_(.+)/',$action,$m)) {
$mod=$m[1];
$action=$m[2];
}
unset($get['action']);
self::redirect($mod,$action,$get);
*/
#Header wird nur neu geladen wenn Login true ist
header("Location: $url");
}
/*
* Internal functions
*/
public function logout()
{
if (!defined("MFAPPNAME")) define("MFAPPNAME", "mvcfronk");
if (!defined("MFUSERTABLE")) define("MFUSERTABLE", "mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
#Delete Token (DB und Cookie)
UserToken::deleteToken();
unset($_SESSION[MFAPPNAME . '_username']);
unset($_SESSION[MFAPPNAME . '_ip']);
}
public static function staticLogout()
{
if (!defined("MFAPPNAME")) define("MFAPPNAME", "mvcfronk");
if (!defined("MFUSERTABLE")) define("MFUSERTABLE", "mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
#Delete Token (DB und Cookie)
UserToken::deleteToken();
unset($_SESSION[MFAPPNAME . '_username']);
unset($_SESSION[MFAPPNAME . '_ip']);
}
public static function isLoggedIn()
{
$db = new FronkDB();
if (!defined("MFAPPNAME")) define("MFAPPNAME", "mvcfronk");
if (!defined("MFUSERTABLE")) define("MFUSERTABLE", "mfWorker");
//session_name(MFAPPNAME."_session");
//session_start();
#Check if Token Cookie und DB Eintrag existiert
UserToken::checkToken();
if ($_SESSION[MFAPPNAME . '_username'] && $_SESSION[MFAPPNAME . '_ip']) {
$username = $_SESSION[MFAPPNAME . '_username'];
$ip = $_SERVER['REMOTE_ADDR'];
$sid = session_id();
if ($_SESSION[MFAPPNAME . '_ip'] == $ip) {
// session seems legit, check if user exists and additionally check IP saved in database
$res = $db->select(MFUSERTABLE, "*", "username='$username' AND ip='$ip' AND sessionid='$sid'");
if ($db->num_rows($res)) {
$user = $db->fetch_object($res);
self::initSession($user);
return true;
}
return false;
}
} else {
return false;
}
}
protected static function initSession($user)
{
$_SESSION[MFAPPNAME . '_username'] = $user->username;
$_SESSION[MFAPPNAME . '_ip'] = $_SERVER['REMOTE_ADDR'];
unset($_SESSION[MFAPPNAME . "_loginfailed"]);
$user = mfUser::singleton($user);
return true;
}
protected function performLogin($username, $password, $code2fa, $remember)
{
if (!defined("MFAPPNAME")) define("MFAPPNAME", "mvcfronk");
if (!defined("MFUSERTABLE")) define("MFUSERTABLE", "mfWorker");
//session_set_cookie_params(0);
//session_name(MFAPPNAME."_session");
//session_start();
if (!is_scalar($username) || !is_scalar($password)) {
return false;
}
$username = $this->db()->escape($username);
$res = $this->db()->select(MFUSERTABLE, "*", "username='$username'");
if (!$this->db()->num_rows($res)) {
sleep(1);
return false;
}
$user = $this->db()->fetch_object($res);
$hash = $user->password;
#2FA Variablen
$twofactor = $user->twofactor;
$twofactorcode = $user->twofactorcode;
$twofactortimestamp = $user->twofactortimestamp;
#Zeitdifferenz des 2FA Codes
$timeSecond = time() - $twofactortimestamp;
$userid = $user->id;
$salt = substr($hash, 0, 16);
$passhash = $this->generatePasswordHash($password, $salt);
if ($passhash === $hash) {
if ($twofactor !== "0") {
if ($code2fa == "unset") {
#2FA Code wird generiert
$twoFactor = new UserTwofactor($userid);
$twoFactor->sendCode();
return "2fa"; #Return für das Einblenden der Verifizierungsmaske
} elseif ($twofactorcode != $code2fa || $timeSecond > 300) {
return "false2fa"; #Return für falscher/abgelaufener 2FA Code
} elseif ($remember) {
#Token generieren in DB und Cookie schreiben
UserToken::generateToken($userid);
}
$twoFactor = new UserTwofactor($userid);
$twoFactor->removeCode();
}
//session_name(MFAPPNAME."_session");
//session_start();
$this->db()->update(MFUSERTABLE, array('ip' => $_SERVER['REMOTE_ADDR'], 'sessionid' => session_id()), "username='$username'");
$this->log->debug("$username logged in");
self::initSession($user);
return true;
}
sleep(1);
return false;
}
public static function generatePasswordHash($pass, $salt = NULL)
{
if (!$salt) {
$salt = substr(md5(uniqid(rand(), true)), 0, 16);
} else {
$salt = substr($salt, 0, 16);
}
return $salt . sha1($salt . $pass);
}
$username = $this->db()->escape($username);
$res = $this->db()->select(MFUSERTABLE,"*","username='$username'");
if(!$this->db()->num_rows($res)) {
sleep(1);
return false;
}
$user = $this->db()->fetch_object($res);
$hash = $user->password;
$salt = substr($hash,0,16);
$passhash = $this->generatePasswordHash($password,$salt);
if($passhash === $hash) {
//session_name(MFAPPNAME."_session");
//session_start();
$this->db()->update(MFUSERTABLE,array('ip' => $_SERVER['REMOTE_ADDR'],'sessionid' => session_id()),"username='$username'");
$this->log->debug("$username logged in");
self::initSession($user);
return true;
}
sleep(1);
return false;
}
public static function generatePasswordHash($pass,$salt=NULL) {
if(!$salt) {
$salt = substr(md5(uniqid(rand(), true)), 0, 16);
} else {
$salt = substr($salt,0,16);
}
return $salt.sha1($salt.$pass);
}
}