149 lines
4.6 KiB
PHP
149 lines
4.6 KiB
PHP
|
<?php
|
||
|
/**
|
||
|
* /config/config.php
|
||
|
* @version 1.0
|
||
|
* @desc configuration file
|
||
|
* @author Fándly Gergő Zoltán
|
||
|
* @copy 2017 Fándly Gergő Zoltán
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* Includes
|
||
|
*/
|
||
|
require_once("lib/loginManager/loginManager.php");
|
||
|
require_once("lib/defuse-crypto.phar");
|
||
|
require_once("lib/functions.php");
|
||
|
|
||
|
/*
|
||
|
* Load in config files
|
||
|
*/
|
||
|
$config=parse_ini_file("config.ini", true);
|
||
|
$config['cryptokey']=file_get_contents("cryptokey.cnf", true);
|
||
|
$config['allowlogin']=file_get_contents("allowlogin.cnf", true)=="1"?true:false;
|
||
|
$config['allowsignup']=file_get_contents("allowsignup.cnf", true)=="1"?true:false;
|
||
|
|
||
|
/*
|
||
|
* regionalization
|
||
|
*/
|
||
|
date_default_timezone_set($config['general']['timezone']);
|
||
|
mb_internal_encoding("UTF-8");
|
||
|
|
||
|
/*
|
||
|
* Load language file
|
||
|
*/
|
||
|
$lang=parse_ini_file("lang/".$config['language']['use']);
|
||
|
|
||
|
/*
|
||
|
* Set up database
|
||
|
*/
|
||
|
$db=new PDO($config['database']['type'].":host=".$config['database']['host'].";dbname=".$config['database']['name'].";charset=utf8", $config['database']['user'], $config['database']['password']);
|
||
|
|
||
|
/*
|
||
|
* Load Crypto key
|
||
|
*/
|
||
|
$crypto=\Defuse\Crypto\Key::loadFromAsciiSafeString($config['cryptokey']);
|
||
|
|
||
|
/*
|
||
|
* Byte Order Mark for exports
|
||
|
*/
|
||
|
$BOM=chr(239).chr(187).chr(191);
|
||
|
|
||
|
/*
|
||
|
* DEBUG
|
||
|
*/
|
||
|
if($config['general']['debug']){
|
||
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||
|
ini_set("display_errors", true);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Versioning
|
||
|
*/
|
||
|
const VERSION="2.0";
|
||
|
|
||
|
/*
|
||
|
* Set up loginManager
|
||
|
*/
|
||
|
//build needed classes
|
||
|
class handler implements lmHandler{
|
||
|
public function handle($state, $target=0){
|
||
|
global $db;
|
||
|
switch($state){
|
||
|
case lmStates::LOGIN_FAILED:
|
||
|
functions::setError(1);
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
case lmStates::LOGIN_OK:
|
||
|
$sql=$db->prepare("SELECT id, name, class, accesslevel, except_signup FROM users WHERE id=:id");
|
||
|
$sql->execute(array(":id"=>$target));
|
||
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
||
|
$_SESSION['id']=$res['id'];
|
||
|
$_SESSION['name']=$res['name'];
|
||
|
$_SESSION['class']=$res['class'];
|
||
|
$_SESSION['accesslevel']=$res['accesslevel'];
|
||
|
$_SESSION['except_signup']=$res['except_signup'];
|
||
|
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
case lmStates::CAPTCHA_FAILED:
|
||
|
functions::setError(2);
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
case lmStates::BANNED:
|
||
|
functions::setError(3);
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
case lmStates::FORGET_DONE:
|
||
|
functions::setMessage(1);
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
case lmStates::LOGOUT_DONE:
|
||
|
functions::setMessage(2);
|
||
|
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
|
||
|
break;
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
class password implements lmPassword{
|
||
|
public function verifyPassword($cleartext, $database){
|
||
|
global $crypto;
|
||
|
|
||
|
if($database==""){
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if($cleartext==\Defuse\Crypto\Crypto::decrypt($database, $crypto)){
|
||
|
return true;
|
||
|
}
|
||
|
else{
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
class twoFactor implements lmTwoFactor{
|
||
|
public function secondFactor($uid){
|
||
|
global $config, $db;
|
||
|
$sql=$db->prepare("SELECT accesslevel, except_login FROM users WHERE id=:id");
|
||
|
$sql->execute(array(":id"=>$uid));
|
||
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
||
|
if(($config['allowlogin']=="1" || $res['accesslevel']>0 || $res['except_login']==1) && $res['except_login']!=2){
|
||
|
return true;
|
||
|
}
|
||
|
else{
|
||
|
functions::setError(4);
|
||
|
header("Location: ./");
|
||
|
die();
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//build the class
|
||
|
$lm=new loginManager(new lmConfig($db, $config['login']['session_lifetime'], $config['login']['captcha_enable'], $config['login']['captcha_after'], $config['login']['captcha_sitekey'], $config['login']['captcha_secretkey'], $config['login']['ban_enable'], $config['login']['ban_after'], $config['login']['ban_time'], $config['login']['look'], $config['login']['remember_enable'], $config['login']['remember_time'], lmStates::AUTH_ID), new handler(), new password(), new twoFactor());
|
||
|
|
||
|
/*
|
||
|
* init LM
|
||
|
*/
|
||
|
$lm->init();
|