291 lines
11 KiB
PHP
291 lines
11 KiB
PHP
<?php
|
|
|
|
//use PhangoApp\PhaView\View;
|
|
use PhangoApp\WPDO\WPDO;
|
|
use PhangoApp\PhaRouter\Url;
|
|
//use PhangoApp\PhaModels\Webmodel;
|
|
|
|
//include('./modules/admin/libraries/login.php');
|
|
|
|
include('modules/admin/libraries/tplcontroller.php');
|
|
|
|
class AppController extends TplController{
|
|
|
|
public function app($op='') {
|
|
|
|
switch($op) {
|
|
|
|
default:
|
|
|
|
if($this->check_login()) {
|
|
|
|
//Default admin page.
|
|
|
|
}
|
|
else {
|
|
|
|
header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin', 'app', ['login']));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'login':
|
|
|
|
$this->db->connect();
|
|
|
|
$c_user=$this->db->select_count('useradmin', '', []);
|
|
|
|
$error=1;
|
|
|
|
$error_form=['username_error' => ''];
|
|
|
|
if(!$c_user) {
|
|
|
|
header('Location: '.Url::make_url('admin', 'app', ['signup']));
|
|
|
|
}
|
|
else {
|
|
|
|
if($_SERVER['REQUEST_METHOD']=='POST') {
|
|
|
|
//Check csrf token first.
|
|
|
|
if(PhangoApp\PhaRouter\Config::$on_proxy) {
|
|
|
|
$ip=$_SERVER['HTTP_CLIENT_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '';
|
|
|
|
}
|
|
else {
|
|
|
|
$ip=$_SERVER['REMOTE_ADDR'] ?? '';
|
|
|
|
}
|
|
|
|
if($ip!='') {
|
|
|
|
$arr_tries=$this->db->select_a_row('login_tries', [], 'WHERE ip=?', [$ip]);
|
|
|
|
$now=date("Y-m-d H:i:s");
|
|
|
|
if($arr_tries) {
|
|
|
|
$timestamp_5_min=strtotime($now)-300;
|
|
$timestamp_last_login=strtotime($arr_tries['date']);
|
|
|
|
if($timestamp_5_min>$timestamp_last_login) {
|
|
|
|
$this->db->delete('login_tries', 'WHERE ip=?', [$ip]);
|
|
$arr_tries=false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$num_tries=$arr_tries['num_tries'] ?? 0;
|
|
|
|
if($num_tries<5) {
|
|
|
|
$username=trim($_POST['username'] ?? '');
|
|
$password=trim($_POST['password'] ?? '');
|
|
|
|
if($username=='') {
|
|
|
|
$error_form['username_error']=_('Username empty');
|
|
|
|
}
|
|
|
|
$arr_user=$this->db->select_a_row('useradmin', [], 'WHERE username=?', [$username]);
|
|
|
|
if($arr_user) {
|
|
|
|
if(password_verify($password, $arr_user['password'])) {
|
|
|
|
$error=0;
|
|
|
|
$_SESSION['admin_login']=1;
|
|
$_SESSION['date_login']=date("Y-m-d H:i:s");
|
|
|
|
if($arr_user['double_auth']) {
|
|
|
|
$_SESSION['double_auth']=1;
|
|
|
|
$this->db->update('useradmin', ['auth_token' => PhangoApp\PhaUtils\Utils::get_token(25)], 'where id=?', [$arr_user['id']]);
|
|
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
$error_form['username_error']=_('Wrong user or password');
|
|
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
$error_form['username_error']=_('Wrong user or password');
|
|
|
|
}
|
|
|
|
if($error) {
|
|
|
|
if(!$arr_tries) {
|
|
|
|
$this->db->insert('login_tries', ['num_tries' => 0, 'ip' => $ip]);
|
|
|
|
}
|
|
else {
|
|
|
|
$this->db->update('login_tries', ['num_tries' => $arr_tries['num_tries']+1, 'date' => date("Y-m-d H:i:s")], 'WHERE ip=?', [$ip]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
$error_form['username_error']=_('Sorry, you need wait 5 minutes for retry login.');
|
|
|
|
}
|
|
|
|
}
|
|
else {
|
|
|
|
$error_form['username_error']=_('Unknown error');
|
|
|
|
}
|
|
|
|
echo $this->json(['error' => $error, 'error_form' => $error_form, 'message' => '']);
|
|
|
|
}
|
|
else {
|
|
|
|
echo $this->tpl->load_template('login', ['title' => 'Login']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'signup':
|
|
|
|
$this->db->connect();
|
|
|
|
$c_user=$this->db->select_count('useradmin', '', []);
|
|
|
|
if(!$c_user) {
|
|
|
|
if($_SERVER['REQUEST_METHOD']=='POST') {
|
|
|
|
$error=0;
|
|
|
|
$error_form=[];
|
|
|
|
$arr_data=['username', 'email', 'password', 'repeat_password'];
|
|
|
|
foreach($arr_data as $v) {
|
|
|
|
settype($_POST[$v], 'string');
|
|
|
|
}
|
|
|
|
$username=trim($_POST['username']);
|
|
|
|
if(!preg_match('/^[A-Za-z0-9_-]+$/', $username) || $username=='') {
|
|
|
|
$error=1;
|
|
$error_form['username_error']=_("Error: empty value");
|
|
|
|
}
|
|
|
|
$email=filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
|
|
|
|
if(!$email) {
|
|
|
|
$error=1;
|
|
$error_form['email_error']=_("Error: email is not valid");
|
|
|
|
|
|
}
|
|
|
|
$password=trim($_POST['password']);
|
|
$repeat_password=trim($_POST['repeat_password']);
|
|
|
|
if($password=='') {
|
|
|
|
$error=1;
|
|
$error_form['password_error']=_("Error: password empty");
|
|
|
|
}
|
|
else {
|
|
|
|
if($password!=$repeat_password) {
|
|
|
|
$error=1;
|
|
$error_form['password_error']=_("Error: password not equal");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if(!$error) {
|
|
|
|
if(!$this->db->insert('useradmin', ['username' => $username, 'password' => password_hash($password, PASSWORD_DEFAULT), 'email' => $email])) {
|
|
|
|
$error=1;
|
|
|
|
$error_form['username_error']=_("Error: cannot create the user, please contact with the administrator");
|
|
}
|
|
|
|
}
|
|
|
|
echo $this->json(['error' => $error, 'error_form' => $error_form, 'message' => '']);
|
|
|
|
}
|
|
else {
|
|
|
|
echo $this->tpl->load_template('signup', ['title' => 'Signup']);
|
|
|
|
}
|
|
}
|
|
|
|
break;
|
|
|
|
case 'check_auth':
|
|
|
|
//Session expired.
|
|
|
|
if($this->check_login()) {
|
|
|
|
if($_SERVER['REQUEST_METHOD']=='POST') {
|
|
|
|
|
|
|
|
}
|
|
else {
|
|
|
|
echo $this->tpl->load_template('check_auth', ['title' => 'Double auth']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'logout':
|
|
|
|
unset($_SESSION['admin_login']);
|
|
unset($_SESSION['double_auth']);
|
|
unset($_SESSION['date_login']);
|
|
|
|
header('Location: '.PhangoApp\PhaRouter\Url::make_url('admin'));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
}
|