From f5371aba5dfd611a2b9dc1b20439b566031afe68 Mon Sep 17 00:00:00 2001 From: Jarkko Toivanen Date: Sat, 28 Sep 2024 08:21:52 +0300 Subject: [PATCH] simple tokenized loginsystem --- inc/database.php | 69 ++++++++++++++++++++++++++++++++++++++++++++++++ index.php | 39 ++++++++++++++++++++------- login.php | 16 +++++++++++ logout.php | 7 +++++ style.css | 3 +++ 5 files changed, 124 insertions(+), 10 deletions(-) create mode 100644 login.php create mode 100644 logout.php diff --git a/inc/database.php b/inc/database.php index 678d634..55244b7 100755 --- a/inc/database.php +++ b/inc/database.php @@ -53,6 +53,15 @@ class DataBase extends SQLite3 { FOREIGN KEY (personaid) REFERENCES personas(id) ON UPDATE CASCADE ON DELETE CASCADE ); + CREATE TABLE IF NOT EXISTS tokens ( + id INTEGER PRIMARY KEY AUTOINCREMENT UNIQUE, + userid INTEGER NOT NULL, + token TEXT NOT NULL UNIQUE, + lastuse TEXT NOT NULL, + expires TEXT NOT NULL, + FOREIGN KEY (userid) REFERENCES users(id) ON UPDATE CASCADE ON DELETE CASCADE + ); + INSERT OR IGNORE INTO users (id, handle, name, about) VALUES ('0', 'SYSTEM', 'SYSTEM', 'SYSTEM'); "; @@ -70,6 +79,16 @@ class DataBase extends SQLite3 { } } + function getUserByHandle($handle) { + $handle = $this->escapeString($handle); + $sql = "SELECT * FROM users AS user WHERE handle='$handle';"; + $ret = $this->query($sql)->fetchArray(SQLITE3_ASSOC); + if(!$ret) { + return false; + } + return $ret; + } + function addPost($text, $userid=NULL, $personaid=NULL) { $id = hexdec(uniqid()); $time = time(); @@ -109,6 +128,56 @@ class DataBase extends SQLite3 { return password_verify($password, $dbhash); } + function tokenGen() { + return random_bytes(32); + } + function tokenAdd($userid) { + $token = $this->tokenGen(); + $hashed = hash('sha256', $token); + $time = time(); + $expires = $time + 2592000; // 30 days + $sql = "INSERT INTO tokens (userid, token, lastuse, expires) VALUES ('$userid', '$hashed', '$time', '$expires');"; + $ret = $this->exec($sql); + if(!$ret) { + die($this->lastErrorMsg()); + } + return $token; + } + function tokenRefresh($tokenid) { + $time = time(); + $expires = $time + 2592000; // 30 days + $sql = "UPDATE tokens SET lastuse='$time', expires='$expires' WHERE id='$tokenid';"; + $ret = $this->exec($sql); + if(!$ret) { + die($this->lastErrorMsg()); + } + } + function tokenRemove($token) { + $hashed = hash('sha256', $token); + $sql = "DELETE FROM tokens WHERE token='$hashed';"; + $ret = $this->exec($sql); + if(!$ret) { + die($this->lastErrorMsg()); + } + } + + function getAuthedUserId($token=NULL) { + if (empty($token)) { + if (empty($_COOKIE['token'])) { + return false; + } + $token = base64_decode($_COOKIE['token']); + } + $hashed = hash('sha256', $token); + $sql = "SELECT id AS id, userid AS userid FROM tokens WHERE token='$hashed';"; + $ret = $this->query($sql)->fetchArray(SQLITE3_ASSOC); + if(!$ret) { + return false; + } + $this->tokenRefresh($ret['id']); + return $ret['userid']; + } + function getPosts($userid=NULL, $personaid = NULL) { $sql = "SELECT * FROM posts AS post LEFT JOIN users AS user ON post.userid=user.id LEFT JOIN personas AS persona ON post.personaid=persona.id;"; diff --git a/index.php b/index.php index d4596d5..56a01fa 100755 --- a/index.php +++ b/index.php @@ -1,3 +1,10 @@ +lastErrorMsg()); +} +?> @@ -9,6 +16,21 @@
Snuffler
+ + getAuthedUserId()) { + ?> + +
+ + + +
+ + + LOG OUT

@@ -20,15 +42,12 @@
+ + lastErrorMsg()); -} //$database->addPost("Test post", 0); @@ -39,8 +58,8 @@ foreach($posts as $post) { echo '' . $post["user.name"] . ''; echo '
@' . $post["user.handle"] . ''; echo '

' . $post["post.text"] . '

'; - echo '
' . date("D j.n.Y \k\l\o G:i", $post["post.time"]) . ''; - echo '5👍 0👎 2💬'; + echo '
' . date("D j.n.Y \@ G:i", $post["post.time"]) . ''; + echo '👍5 👎0 💬2'; echo "
"; } @@ -49,4 +68,4 @@ $database->close(); ?> - \ No newline at end of file + diff --git a/login.php b/login.php new file mode 100644 index 0000000..971ac7c --- /dev/null +++ b/login.php @@ -0,0 +1,16 @@ +getUserByHandle($_POST['name']); +if ($db->passwordVerify($user['user.id'], $_POST['pass'])) { + $token = $db->tokenAdd($user['user.id']); + $token64 = base64_encode($token); + $expires = time() + 2592000; // 30 days + setcookie('token', $token64, $expires); +} +header("Location: /"); +?> diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..e6f4c66 --- /dev/null +++ b/logout.php @@ -0,0 +1,7 @@ +tokenRemove(base64_decode($_COOKIE['token'])); +header("Location: /"); +?> diff --git a/style.css b/style.css index 7bcae66..a4862d5 100644 --- a/style.css +++ b/style.css @@ -7,6 +7,9 @@ hr { border-color: #584200; } +#loginform { + text-align: center; +} #titlebox { font-size: 5em; text-align: center;