diff --git a/libraries/composer-first.json b/libraries/composer-first.json index b343040..1e10071 100644 --- a/libraries/composer-first.json +++ b/libraries/composer-first.json @@ -3,16 +3,13 @@ { "type": "vcs", - "url": "git@bitbucket.org:phangoapp/phamodels.git" + "url": "https://git.cuchulu.com/phangoapp/wpdo" } ], "minimum-stability": "dev", "prefer-stable": true, - "require-dev": { - "phpunit/phpunit": "^10.4" - }, "require": { - "phangoapp/phamodels": "dev-master" + "phangoapp/wpdo": "dev-master" } } diff --git a/modules/admin/controllers/app.php b/modules/admin/controllers/app.php index 33b1e67..1345411 100644 --- a/modules/admin/controllers/app.php +++ b/modules/admin/controllers/app.php @@ -3,6 +3,9 @@ //use PhangoApp\PhaView\View; use PhangoApp\WPDO\WPDO; use PhangoApp\PhaRouter\Url; +use PHPMailer\PHPMailer\PHPMailer; +use PHPMailer\PHPMailer\SMTP; +use PHPMailer\PHPMailer\Exception; //use PhangoApp\PhaModels\Webmodel; //include('./modules/admin/libraries/login.php'); @@ -103,14 +106,20 @@ class AppController extends TplController{ $error=0; - $_SESSION['admin_login']=1; + $_SESSION['admin_login']=$arr_user['id']; $_SESSION['date_login']=date("Y-m-d H:i:s"); if($arr_user['double_auth']) { $_SESSION['double_auth']=1; - $this->db->update('useradmin', ['auth_token' => PhangoApp\PhaUtils\Utils::get_token(25)], 'where id=?', [$arr_user['id']]); + $auth_code=PhangoApp\PhaUtils\Utils::get_token(12); + + $this->db->update('useradmin', ['auth_token' => password_hash($auth_code, PASSWORD_DEFAULT)], 'where id=?', [$arr_user['id']]); + + // Send email + + $this->send_mail_auth(PhangoApp\PhaRouter\Config::$email_site, PhangoApp\PhaRouter\Config::$portal_name, $arr_user['email'], $arr_user['username'], $auth_code); } @@ -261,9 +270,32 @@ class AppController extends TplController{ if($this->check_login()) { if($_SERVER['REQUEST_METHOD']=='POST') { - + $this->db->connect(); + $error=1; + + $error_form['auth_code_error']=''; + + $auth_code=$_POST['auth_code'] ?? ''; + //($table, $fields, $where_sql='', $values=[]) + //$arr_tries=$this->db->select_a_row('login_tries', [], 'WHERE ip=?', [$ip]); + $arr_user=$this->db->select_a_row('useradmin', [], 'WHERE id=?', [$_SESSION['admin_login']]); + + if(password_verify($auth_code, $arr_user['auth_token'])) { + + unset($_SESSION['double_auth']); + $error=0; + + } + else { + + $error_form['auth_code_error']='Sorry, auth code wrong'; + + } + + echo $this->json(['error' => $error, 'error_form' => $error_form]); + } else { @@ -288,4 +320,40 @@ class AppController extends TplController{ } } + + private function send_mail_auth($email_from, $portal_name, $email_to, $name, $auth_code) { + + $mail=new PHPMailer(true); + + + try { + + //$mail->SMTPDebug = SMTP::DEBUG_SERVER; //Enable verbose debug output + $mail->isSMTP(); //Send using SMTP + $mail->Host=\PhangoApp\PhaRouter\Config::$data['smtp_host']; //Set the SMTP server to send through + $mail->SMTPAuth=true; //Enable SMTP authentication + $mail->Username=PhangoApp\PhaRouter\Config::$data['smtp_username']; //SMTP username + $mail->Password=PhangoApp\PhaRouter\Config::$data['smtp_password']; //SMTP password + $mail->SMTPSecure=PHPMailer::ENCRYPTION_STARTTLS; //Enable implicit TLS encryption + $mail->Port=PhangoApp\PhaRouter\Config::$data['smtp_port'] ?? 587; //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS` + $mail->CharSet='UTF-8'; + + $auth_code=PhangoApp\PhaUtils\Utils::get_token(25); + + $mail->setFrom($email_from, $portal_name); + $mail->addAddress($email_to, $name); + + $mail->Subject = 'Code for complete login'; + $mail->Body = 'We send to you a code for activate your account using double authentication: '.$auth_code; + + $mail->send(); + + } + catch (Exception $e) { + //echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}"; + return false; + } + + + } } diff --git a/modules/admin/templates/check_auth.php b/modules/admin/templates/check_auth.php index dd16dbd..40a49af 100644 --- a/modules/admin/templates/check_auth.php +++ b/modules/admin/templates/check_auth.php @@ -1,7 +1,7 @@ layout('login_tpl', ['title' => $title])?> start('content')?>
-

You have 5 minutes for put the code sended to your email.

+

logout and login again with other user

@@ -21,7 +21,7 @@ $('#loader-wrapper').show(); $.ajax({ - url: "make_url('admin', 'app', ['login'])?>", + url: "make_url('admin', 'app', ['check_auth'])?>", method: "POST", dataType: "json", data: {'auth_code': $('#auth_code_form').val()}, @@ -43,7 +43,7 @@ $('#csrf_token').attr('value', data.csrf_token); - $('#auth_code_error').html(data.error_form.username_error); + $('#auth_code_error').html(data.error_form.auth_code_error); } }, diff --git a/modules/phangoapp/libraries/pharouter.php b/modules/phangoapp/libraries/pharouter.php index 1b23043..26dad50 100644 --- a/modules/phangoapp/libraries/pharouter.php +++ b/modules/phangoapp/libraries/pharouter.php @@ -23,6 +23,11 @@ class Config { static public $on_proxy=false; + static public $portal_name='Website name'; + + static public $email_site=''; + + } /*Examples