gergof/SignUp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Dump everything from SVN

Browse Source
This commit is contained in:
Fándly Gergő
2019-08-08 16:40:15 +03:00
parent 7391f609d6
commit bcf29a3d4f
46 changed files with 4205 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/.htaccess Normal file
View File

@ -0,0 +1,2 @@
order allow,deny
deny from all

1
config/allowlogin.cnf Normal file
View File

@ -0,0 +1 @@
1

1
config/allowsignup.cnf Normal file
View File

@ -0,0 +1 @@
1

148
config/config.php Normal file
View File

@ -0,0 +1,148 @@
<?php
/**
* /config/config.php
* @version 1.0
* @desc configuration file
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
/*
* Includes
*/
require_once("lib/loginManager/loginManager.php");
require_once("lib/defuse-crypto.phar");
require_once("lib/functions.php");
/*
* Load in config files
*/
$config=parse_ini_file("config.ini", true);
$config['cryptokey']=file_get_contents("cryptokey.cnf", true);
$config['allowlogin']=file_get_contents("allowlogin.cnf", true)=="1"?true:false;
$config['allowsignup']=file_get_contents("allowsignup.cnf", true)=="1"?true:false;
/*
* regionalization
*/
date_default_timezone_set($config['general']['timezone']);
mb_internal_encoding("UTF-8");
/*
* Load language file
*/
$lang=parse_ini_file("lang/".$config['language']['use']);
/*
* Set up database
*/
$db=new PDO($config['database']['type'].":host=".$config['database']['host'].";dbname=".$config['database']['name'].";charset=utf8", $config['database']['user'], $config['database']['password']);
/*
* Load Crypto key
*/
$crypto=\Defuse\Crypto\Key::loadFromAsciiSafeString($config['cryptokey']);
/*
* Byte Order Mark for exports
*/
$BOM=chr(239).chr(187).chr(191);
/*
* DEBUG
*/
if($config['general']['debug']){
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
ini_set("display_errors", true);
}
/*
* Versioning
*/
const VERSION="2.0";
/*
* Set up loginManager
*/
//build needed classes
class handler implements lmHandler{
public function handle($state, $target=0){
global $db;
switch($state){
case lmStates::LOGIN_FAILED:
functions::setError(1);
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
case lmStates::LOGIN_OK:
$sql=$db->prepare("SELECT id, name, class, accesslevel, except_signup FROM users WHERE id=:id");
$sql->execute(array(":id"=>$target));
$res=$sql->fetch(PDO::FETCH_ASSOC);
$_SESSION['id']=$res['id'];
$_SESSION['name']=$res['name'];
$_SESSION['class']=$res['class'];
$_SESSION['accesslevel']=$res['accesslevel'];
$_SESSION['except_signup']=$res['except_signup'];
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
case lmStates::CAPTCHA_FAILED:
functions::setError(2);
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
case lmStates::BANNED:
functions::setError(3);
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
case lmStates::FORGET_DONE:
functions::setMessage(1);
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
case lmStates::LOGOUT_DONE:
functions::setMessage(2);
header("Location: ".explode("?", $_SERVER['REQUEST_URI'])[0]);
break;
}
return;
}
}
class password implements lmPassword{
public function verifyPassword($cleartext, $database){
global $crypto;
if($database==""){
return false;
}
if($cleartext==\Defuse\Crypto\Crypto::decrypt($database, $crypto)){
return true;
}
else{
return false;
}
}
}
class twoFactor implements lmTwoFactor{
public function secondFactor($uid){
global $config, $db;
$sql=$db->prepare("SELECT accesslevel, except_login FROM users WHERE id=:id");
$sql->execute(array(":id"=>$uid));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if(($config['allowlogin']=="1" || $res['accesslevel']>0 || $res['except_login']==1) && $res['except_login']!=2){
return true;
}
else{
functions::setError(4);
header("Location: ./");
die();
return false;
}
}
}
//build the class
$lm=new loginManager(new lmConfig($db, $config['login']['session_lifetime'], $config['login']['captcha_enable'], $config['login']['captcha_after'], $config['login']['captcha_sitekey'], $config['login']['captcha_secretkey'], $config['login']['ban_enable'], $config['login']['ban_after'], $config['login']['ban_time'], $config['login']['look'], $config['login']['remember_enable'], $config['login']['remember_time'], lmStates::AUTH_ID), new handler(), new password(), new twoFactor());
/*
* init LM
*/
$lm->init();

1
config/cryptokey.cnf Normal file
View File

@ -0,0 +1 @@
def00000b0c6c796affdb1dbc89821e277b7ddcc88fd99669ab04984330c574c049eea27a3d54d40d1033d7c4ce9b500e04517ff27bcce47a57c54aaba85681404edc32a

89
config/db.sql Normal file
View File

@ -0,0 +1,89 @@
/**
* /config/db.sql
* @version 1.0
* @desc SQL set up file
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
DROP TABLE IF EXISTS `users`, `login_history`, `login_bans`, `time_sequences`, `time_blocks`, `programs`, `registrations`, `registration_log`;
CREATE TABLE `users`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '',
`class` varchar(10) NOT NULL default '', /* format: ddC (ex: 05D) */
`accesslevel` tinyint(1) UNSIGNED NOT NULL default 0, /* 0:student; 1:head teacher; 2:manager; 3:administrator */
`password` varchar(255) NOT NULL default '',
`except_login` tinyint(1) UNSIGNED NOT NULL default 0, /* 0:no change; 1:always allow login; 2:never allow login - only takes effect for students */
`except_signup` tinyint(1) UNSIGNED NOT NULL default 0, /* 0:no change; 1:always allow sign up; 2:never allow sign up - only takes effect for students */
PRIMARY KEY (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `login_history`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`user` int(4) UNSIGNED NOT NULL default 1, /* id of nouser */
`date` timestamp NOT NULL default current_timestamp,
`ip` varchar(45) NOT NULL default '0.0.0.0',
`auth_token` varchar(65) NOT NULL default '',
`user_agent` varchar(500) NOT NULL default '',
`success` tinyint(1) NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`user`) REFERENCES users(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `login_bans`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`ip` varchar(45) NOT NULL default '0.0.0.0',
`until` timestamp NOT NULL default current_timestamp,
PRIMARY KEY (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `time_sequences`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '', /* ex: monday, tuesday, 1st week, etc */
`allow_signup` tinyint(1) UNSIGNED NOT NULL default 1, /* 0:forbid; 1:allow */
PRIMARY KEY (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `time_blocks`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '', /* ex: 9-10, 8:00, etc */
`sequence` int(4) UNSIGNED NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`sequence`) REFERENCES time_sequences(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `programs`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`name` varchar(65) NOT NULL default '',
`description` text NOT NULL default '', /* as long, as wished! */
`instructor` varchar(150) NOT NULL default '',
`location` varchar(150) NOT NULL default '',
`category` tinyint(1) UNSIGNED NOT NULL default 0, /* 0:0th class; 1:1-2th class; 2:3-4th class; 3:5-6th class; 4:7-8th class; 5:9-10th class 6:11-12th class; 10:0-4th class; 11:5-8th class; 12:9-12th class; 20:0-12th class */
`time_block` int(4) UNSIGNED NOT NULL default 0,
`max_participants` int(4) UNSIGNED NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`time_block`) REFERENCES time_blocks(`id`) ON DELETE NO ACTION
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `registrations`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`user` int(4) UNSIGNED NOT NULL default 0,
`program` int(4) UNSIGNED NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`user`) REFERENCES users(`id`) ON DELETE CASCADE,
FOREIGN KEY (`program`) REFERENCES programs(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `registration_log`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`user` int(4) UNSIGNED NOT NULL default 0,
`date` timestamp NOT NULL default current_timestamp,
`action` tinyint(1) UNSIGNED NOT NULL default 0, /* 0:unsibscribe; 1:subscribe; 10:admin deleted; 11:admin added */
`program` int(4) UNSIGNED NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`user`) REFERENCES users(`id`) ON DELETE CASCADE,
FOREIGN KEY (`program`) REFERENCES programs(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
INSERT INTO users (`id`, `name`) VALUES (1, 'nouser');

125
config/lang/hun.ini Normal file
View File

@ -0,0 +1,125 @@
; /config/lang/hun.ini
; hungarian language file
index="Kezdőlap"
programs="Programok"
timetable="Órarend"
timetable_programs="Órarend programok szerint"
studentcard="Ellenőrző"
users="Felhasználók"
admin="Adminisztrátori eszközök"
logout="Kijelentkezés"
cookie_message="Oldalunk sütiket használ a megfelelő működés biztosításához."
cookie_dismiss="Elfogadom!"
login="Bejelentkezés"
id="Azonosító"
uid="Felhasználó azonosító"
password="Jelszó"
ok="Mehet!"
index_content="Ide kerül majd valami, ha minden igaz. Vagy lehet mégse."
name="Név"
class="Osztály"
programs_content="Programok listája"
description="Leírás"
instructor="Tanár"
category="Kategória"
timesequence="Nap"
timeblock="Időintervallum"
maxpart="Maximum résztvevők"
curpart="Résztvevők száma"
subscribe="Feliratkozás"
actions="Műveletek"
edit="Szerkesztés"
delete="Törlés"
qdelete="Biztosan le szeretné törölni ezt az adatelemet?"
unsubscribe="Leiratkozás"
qunsubscribe="Biztosan le szeretnél iratkozni erre a programról?"
new="Létrehozás"
newprogram="Új program létrehozása"
newtimesequence="Új nap hozzáadása"
newtimeblock="Új időblokk hozzáadása"
location="Helyszín"
editprogram="Program szerkesztése"
edittimesequence="Nap szerkesztése"
forceadd="Program manuális hozzáadása"
forceadddisc="Használat előtt kérem nézze meg, hogy az adott diáknak van e már programja arra az időpontra, ha igen, elősször törölje azt!"
pid="Program azonosító"
pleaseselect="Kérem válasszon!"
user="Diák"
program="Program"
export="Exportálás CSV-be"
notcomplete="Nem teljes feliratkozások"
progcount="Programok száma"
num="Sorszám"
print="Nyomtatás"
progname="Program neve"
signature="Aláírás"
studentprinted="Diák nyomtatta"
newuser="Új felhasználó létrehozása"
accesslevel="Jogszint"
except_login="Bejelentkezés kivételezés"
except_signup="Feliratkozás kivételezés"
qnewpassword="Adjon meg egy új jelszavat! random:"
newpassword="Új jelszó"
qexceptlogin="Bejelentkezési kivételezés. 0-alap beállítás, 1-mindig engedje belépni, 2-sose engedje belépni"
qexceptsignup="Feliratkozási kivételezés. 0-alap beállítás, 1-mindig engedje feliratkozni, 2-sose engedje feliratkozni"
newpassword4all="Új jelszó generálása minden diáknak és osztályfőnöknek"
resetall="Minden kivételezés visszaállítása alapértelmezettre"
allow_login="Bejelentkezés engedélyezése"
allow_signup="Feliratkozás engedélyezése"
positive="Igen"
negative="Nem"
current="Jelenleg"
allow_signup_timesequence="Feliratkozás engedélyezése"
toggle="Átállítás"
time_block_disclaimer="Kérem használja az ÓÓ:PP formátumot a megfelelő rendezés érdekében!"
orthis="vagy"
qproceed="Biztosan végre szeretné hajtani ezt a műveletet?"
masterswitch="Főkapcsolók"
;accesslevels
al[0]="Diák"
al[1]="Osztályfőnök"
al[2]="Manager"
al[3]="Adminisztrátor"
;categories
cat[100]="Rejtett"
cat[0]="0. osztály"
cat[1]="1-2. osztály"
cat[2]="3-4. osztály"
cat[3]="5-6. osztály"
cat[4]="7-8. osztály"
cat[5]="9-10. osztály"
cat[6]="11-12. osztály"
cat[10]="0-4. osztály"
cat[11]="5-8. osztály"
cat[12]="9-12. osztály"
cat[20]="0-12. osztály"
;errors
error[1]="Hibás felhasználónév vagy jelszó! Ha elfelejtetted jelszavadat, keresd az osztályfőnöködet!"
error[2]="Hibásan töltötted ki a Captcha-t!"
error[3]="Az oldal ideiglenesen kitiltott a túl sok hibás bejelentkezési kísérlet miatt erről az IP címről"
error[4]="A bejelentkezés le van tiltva."
error[5]="Már létezik egy elem ezzel a névvel."
error[6]="A művelet nem lett sikeres. Kérem próbálja újra!"
error[7]="Nem található semmi a kért azonosítóval."
error[8]="Erre a programra már nincs több hely. Kérlek keress egy másikat!"
error[9]="Erre az időpontra már van egy programod. Válassz másikat, vagy iratkozz le az előbbiről!"
error[10]="Ez a program nem a te kategóriád számára van! Ide amúgy sem juthatsz el legálisan, szóval kérlek ne keress exploit-ot. Úgysem fogsz találni."
error[11]="A jelentkezés jelenleg nem engedélyezett!"
error[12]="A diáknak már van erre az időpontra egy programja. Előbb törölje azt!"
error[13]="A feliratkozás nem módosítható ennél a programnál."
;messages
message[1]="Felhasználó elfelejtve!"
message[2]="Sikeresen kijelentkeztél!"
message[3]="Adat sikeresen hozzáadva!"
message[4]="Adat sikeresen törölve!"
message[5]="Sikeresen feliratkoztál a programra!"
message[6]="Sikeresen leiratkoztál a programról!"
message[7]="Művelet sikeresen végrehajtva!"

BIN
config/lib/defuse-crypto.phar Normal file
View File

Binary file not shown.

270
config/lib/functions.php Normal file
View File

@ -0,0 +1,270 @@
<?php
/**
* functions.php
* @version 2.3
* @desc General issued php function library for me
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
class functions{
const STR_SAME=0;
const STR_LOWERCASE=1;
const STR_RACCENT=2;
const STR_RACCLOW=3;
const RAND_SMALL=0;
const RAND_LARGE=1;
const RAND_SPEC=2;
const COOKIE_LIFETIME=3;
public static function setError($code){
global $errcode;
if(isset($errcode)){
array_push($errcode, $code);
}
else{
$errcode=array($code);
}
setcookie("errcode", serialize($errcode), time()+functions::COOKIE_LIFETIME);
}
public static function isError(){
global $errcode;
if(isset($errcode) || isset($_COOKIE['errcode'])){
return true;
}
else{
return false;
}
}
public static function getErrorArray(){
global $errcode;
if(functions::isError()){
if(isset($errcode)){
return $errcode;
}
if(isset($_COOKIE['errcode'])){
return unserialize($_COOKIE['errcode']);
}
}
else{
return 0;
}
}
public static function setMessage($code){
global $msgcode;
if(isset($msgcode)){
array_push($msgcode, $code);
}
else{
$msgcode=array($code);
}
setcookie("msgcode", serialize($msgcode), time()+functions::COOKIE_LIFETIME);
}
public static function isMessage(){
global $msgcode;
if(isset($msgcode) || isset($_COOKIE['msgcode'])){
return true;
}
else{
return false;
}
}
public static function getMessageArray(){
global $msgcode;
if(functions::isMessage()){
if(isset($msgcode)){
return $msgcode;
}
if(isset($_COOKIE['msgcode'])){
return unserialize($_COOKIE['msgcode']);
}
}
else{
return 0;
}
}
public static function clearError(){
global $errcode;
if(isset($errcode)){
unset($errcode);
}
setcookie("errcode", null, -1);
}
public static function clearMessage(){
global $msgcode;
if(isset($msgcode)){
unset($msgcode);
}
setcookie("msgcode", null, -1);
}
public static function randomString($length, $char=functions::RAND_SMALL){
if($char==0){
$charset="0123456789abcdefghijklmnopqrstuvwxyz";
}
else if($char==1){
$charset="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
}
else if($char==2){
$charset="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ~!@#$%^&*()_-=+\?/.>,<";
}
$charsetlength=strlen($charset);
$string="";
for($i=0; $i<$length; $i++){
$string=$string . $charset[rand(0, $charsetlength-1)];
}
return $string;
}
public static function get_string_between($string, $start, $end){
$string=' ' . $string;
$ini=strpos($string, $start);
if($ini==0) return '';
$ini+=strlen($start);
$len=strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
public static function process_string($str, $dep){
global $functions_accent_convert;
switch($dep){
case 0:
{
return $str;
break;
}
case 1:
{
return strtolower($str);
break;
}
case 2:
{
return strtr($str, $functions_accent_convert);
break;
}
case 3:
{
return strtolower(strtr($str, $functions_accent_convert));
break;
}
}
return 0;
}
public static function validate_captcha($secretkey, $response){
$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$response);
$data=json_decode($verify);
if($data->success){
return true;
}
else{
return false;
}
}
};
$functions_accent_convert=array(
// Decompositions for Latin-1 Supplement
chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
chr(195).chr(191) => 'y',
// Decompositions for Latin Extended-A
chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
chr(197).chr(190) => 'z', chr(197).chr(191) => 's');
?>

82
config/lib/loginManager/lmConfig.php Normal file
View File

@ -0,0 +1,82 @@
<?php
/**
* loginManager/lmConfig.php
* @version 1.3
* @desc config class
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
class lmConfig{
public function __construct($_pdo, $_session_lifetime, $_captcha_enable, $_captcha_after, $_captcha_sitekey, $_captcha_secretkey, $_ban_enable, $_ban_after, $_ban_time, $_look, $_remember_enable, $_remember_time, $_auth_type){
$this->pdo=$_pdo;
$this->session_lifetime=$_session_lifetime;
$this->captcha_enable=$_captcha_enable;
$this->captcha_after=$_captcha_after;
$this->captcha_sitekey=$_captcha_sitekey;
$this->captcha_secretkey=$_captcha_secretkey;
$this->ban_enable=$_ban_enable;
$this->ban_after=$_ban_after;
$this->ban_time=$_ban_time;
$this->look=$_look;
$this->remember_enable=$_remember_enable;
$this->remember_time=$_remember_time;
$this->auth_type=$_auth_type;
}
private $pdo;
private $session_lifetime;
private $captcha_enable;
private $captcha_after;
private $captcha_sitekey;
private $captcha_secretkey;
private $ban_enable;
private $ban_after;
private $ban_time;
private $look;
private $remember_enable; //NOT SAFE AT ALL!!!
private $remember_time;
private $auth_type;
public function getPDO(){
return $this->pdo;
}
public function getSessionLifetime(){
return $this->session_lifetime;
}
public function isCaptchaEnabled(){
return $this->captcha_enable;
}
public function getCaptchaAfter(){
return $this->captcha_after;
}
public function getCaptchaSitekey(){
return $this->captcha_sitekey;
}
public function getCaptchaSecretkey(){
return $this->captcha_secretkey;
}
public function isBanEnabled(){
return $this->ban_enable;
}
public function getBanAfter(){
return $this->ban_after;
}
public function getBanTime(){
return $this->ban_time;
}
public function getLook(){
return $this->look;
}
public function isRememberEnabled(){
return $this->remember_enable;
}
public function getRememberTime(){
return $this->remember_time;
}
public function getAuthType(){
return $this->auth_type;
}
}
?>

14
config/lib/loginManager/lmHandler.php Normal file
View File

@ -0,0 +1,14 @@
<?php
/**
* loginManager/lmHandler.php
* @version 1.1
* @desc Event handler for login manager
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
interface lmHandler{
public function handle($state, $target=0);
}
?>

14
config/lib/loginManager/lmPassword.php Normal file
View File

@ -0,0 +1,14 @@
<?php
/**
* loginManager/lmPassword.php
* @version 1.0
* @desc interface for function verifying password
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
interface lmPassword{
public function verifyPassword($cleartext, $database);
}
?>

24
config/lib/loginManager/lmStates.php Normal file
View File

@ -0,0 +1,24 @@
<?php
/**
* loginManager/lmStates.php
* @version 1.2
* @desc States of login manager
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
class lmStates{
const LOGIN_FAILED=0;
const LOGIN_OK=1;
const CAPTCHA_FAILED=2;
const BANNED=3;
const FORGET_DONE=4;
const LOGOUT_DONE=5;
const AUTH_ID=10;
const AUTH_UNAME=11;
const NOUSER=1;
}
?>

14
config/lib/loginManager/lmTwoFactor.php Normal file
View File

@ -0,0 +1,14 @@
<?php
/**
* loginManager/lmTwoFactor.php
* @version 1.0
* @desc second factor auth to LM
* @author Fándly Gergő Zoltán 2017
* @copy 2017 Fándly Gergő Zoltán
*/
interface lmTwoFactor{
public function secondFactor($uid);
}
?>

44
config/lib/loginManager/lmUtils.php Normal file
View File

@ -0,0 +1,44 @@
<?php
/**
* loginManager/lmUtils.php
* @desc utilities for correct functioning
* @version 1.0
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
class lmUtils{
/**
* generate a random string with special character
* @param int $length length of the requested string
* @return string
*/
public static function randomString($length){
$charset="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ~!@#$%^&*()_-=+\?/.>,<";
$charsetLength=strlen($charset);
$string="";
for($i=0; $i<$length; $i++){
$string.=$charset[rand(0, $charsetLength-1)];
}
return $string;
}
/**
* validate google ReCaptcha
* @param string $secretkey secret key to captcha API
* @param string $response response of API
* @return bool
*/
public static function validateCaptcha($secretkey, $response){
$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$response);
$data=json_decode($verify);
if($data->success){
return true;
}
else{
return false;
}
}
}
?>

394
config/lib/loginManager/loginManager.php Normal file
View File

@ -0,0 +1,394 @@
<?php
/**
* loginManager/loginManager.php
* @version 1.1
* @desc Easily manage authentication to your system
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
/**
* NEEDED Database structure:
*
<?sql
CREATE TABLE `users`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`username` varchar(65) NOT NULL default '', /* optional
`password` varchar(255) NOT NULL default '',
PRIMARY KEY (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `login_history`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`user` int(4) UNSIGNED NOT NULL default 1, /* id of nouser
`date` timestamp NOT NULL default current_timestamp,
`ip` varchar(45) NOT NULL default '0.0.0.0',
`auth_token` varchar(65) NOT NULL default '',
`user_agent` varchar(500) NOT NULL default '',
`success` tinyint(1) NOT NULL default 0,
PRIMARY KEY (`id`),
FOREIGN KEY (`user`) REFERENCES users(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `login_remember` (
`id` int(4) UNSIGNED NOT NULL auto_increment,
`user` int(4) UNSIGNED NOT NULL default 0,
`remember_token` varchar(65) NOT NULL default '',
`until` timestamp NOT NULL default current_timestamp,
PRIMARY KEY (`id`),
FOREIGN KEY (`user`) REFERENCES users(`id`) ON DELETE CASCADE
) CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE TABLE `login_bans`(
`id` int(4) UNSIGNED NOT NULL auto_increment,
`ip` varchar(45) NOT NULL default '0.0.0.0',
`until` timestamp NOT NULL default current_timestamp,
PRIMARY KEY (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
INSERT INTO users (`id`, `username`) VALUES (1, 'nouser');
?>
*
*/
/*
* Includes
*/
require("lmStates.php");
require("lmConfig.php");
require("lmHandler.php");
require("lmPassword.php");
require("lmTwoFactor.php");
require("lmUtils.php");
/*
* Class
*/
class loginManager{
//constructor
/**
* building...
* @param lmConfig $_config configuration for login Manager
* @param lmHandler $_eventHandler handler of events
* @param lmPassword $_passwordEngine engine for verifying passwords
* @return void
*/
public function __construct($_config, $_eventHandler, $_passwordEngine, $_twoFactor){
$this->config=$_config;
$this->eventHandler=$_eventHandler;
$this->passwordEngine=$_passwordEngine;
$this->twoFactor=$_twoFactor;
return;
}
//settings
private $config;
private $eventHandler;
private $passwordEngine;
private $twoFactor;
//frontend functions
/**
* initialize session and set its lifetime
* @return bool
*/
public function init(){
session_set_cookie_params($this->config->getSessionLifetime());
return session_start();
}
/**
* prepare for login. Run this on the top of your login page!
* @return void
*/
public function loginPrepare(){
$this->passFailedAttempts();
return;
}
/**
* lets start here!
* @param int/string @identifier id or username of user
* @param string @password cleartext password from input
* @param bool $remember save user fot further use
* @return void
*/
public function login($identifier, $password, $remember=false){
global $lm_force_captcha;
if($this->passFailedAttempts()){ //not banned
if(isset($lm_force_captcha)){ //check captcha
if(!isset($_POST['g-recaptcha-response'])){
$captcha_failed=true;
$this->addLoginHistory(lmStates::NOUSER, lmStates::LOGIN_FAILED);
$this->eventHandler->handle(lmStates::CAPTCHA_FAILED);
return;
}
else{
if(!lmUtils::validateCaptcha($this->config->getCaptchaSecretkey(), $_POST['g-recaptcha-response'])){
$captcha_failed=true;
$this->addLoginHistory(lmStates::NOUSER, lmStates::LOGIN_FAILED);
$this->eventHandler->handle(lmStates::CAPTCHA_FAILED);
return;
}
}
}
if(!isset($captcha_failed)){
if($this->config->isRememberEnabled()){ //check if remembering is enabled
if($this->isRememberingUser() && $this->twoFactor->secondFactor($this->isRememberingUser())){ //remembering.
$this->permitLogin($this->isRememberingUser()); //good to go!
return;
}
}
//proceed with normal login
if($this->config->getAuthType()==lmStates::AUTH_UNAME){ //username based authentication
$sql=$this->config->getPDO()->prepare("SELECT COUNT(id) AS count, id, password FROM users WHERE username=:identifier");
}
else{
$sql=$this->config->getPDO()->prepare("SELECT COUNT(id) AS count, id, password FROM users WHERE id=:identifier");
}
$sql->execute(array(":identifier"=>$identifier));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']==0){ //user not existing
$this->addLoginHistory(lmStates::NOUSER, lmStates::LOGIN_FAILED);
$this->eventHandler->handle(lmStates::LOGIN_FAILED);
return;
}
else{
if($this->passwordEngine->verifyPassword($password, $res['password']) && $this->twoFactor->secondFactor($res['id'])){
if($this->config->isRememberEnabled()){ //remember... if he wants to be insecure
if($remember){
$this->rememberUser($res['id']);
}
}
$this->permitLogin($res['id']); //good to go!
return;
}
else{
$this->addLoginHistory($res['id'], lmStates::LOGIN_FAILED);
$this->eventHandler->handle(lmStates::LOGIN_FAILED);
return;
}
}
}
}
return;
}
/**
* finish it up!
* @return void
*/
public function logout(){
$_SESSION=array();
session_destroy();
setcookie("lm_login_random", NULL, -1);
$this->eventHandler->handle(lmStates::LOGOUT_DONE);
return;
}
/**
* just some formal checking
* @return bool
*/
public function validateLogin(){
if(!isset($_SESSION['lm_id'])){
return false;
}
else{
$sql=$this->config->getPDO()->prepare("SELECT auth_token FROM login_history WHERE user=:id and success=1 ORDER BY id DESC LIMIT 1");
$sql->execute(array(":id"=>$_SESSION['lm_id']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['auth_token']==$this->getSessionKey()){
return true;
}
else{
$this->addLoginHistory(lmStates::NOUSER, lmStates::LOGIN_FAILED);
return false;
}
}
}
/**
* do i know you?
* @return int
*/
public function isRememberingUser(){
if(!$this->config->isRememberEnabled()){
return NULL;
}
if(is_null($this->getRememberKey())){
return NULL;
}
else{
$sql=$this->config->getPDO()->prepare("SELECT COUNT(id) AS count, user FROM login_remember WHERE remember_token=:token and until>:until");
$sql->execute(array(":token"=>$this->getRememberKey(), ":until"=>date("Y-m-d H:i:s")));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']!=1){
addLoginHistory(lmStates::NOUSER, lmStates::LOGIN_FAILED);
return NULL;
}
else{
return $res['user'];
}
}
}
/**
* i don't know you anymore!
* @return void
*/
public function forgetUser(){
$sql=$this->config->getPDO()->prepare("UPDATE login_remember SET until=0 WHERE remember_token=:token");
$sql->execute(array(":token"=>$this->getRememberKey()));
setcookie("lm_login_remember", NULL, -1);
$this->eventHandler->handle(lmStates::FORGET_DONE);
return;
}
/**
* print captcha html code if needed
* @param bool $dark use the dark theme, default false
* @return void
*/
public function printCaptcha($dark=false){
if($this->config->isCaptchaEnabled()){
global $lm_force_captcha;
if(isset($lm_force_captcha)){
if($dark){
echo "<div class=\"g-recaptcha\" data-sitekey=\"".$this->config->getCaptchaSitekey()."\" data-theme=\"dark\"></div>";
}
else{
echo "<div class=\"g-recaptcha\" data-sitekey=\"".$this->config->getCaptchaSitekey()."\"></div>";
}
return;
}
else{
return;
}
}
return;
}
//backend functions
protected function generateSessionKey(){
$random=lmUtils::randomString(32);
setcookie("lm_login_random", $random, time()+$this->config->getSessionLifetime());
$hash=hash("sha256", $_SERVER['REMOTE_ADDR']."***".$_SERVER['HTTP_USER_AGENT']."***".$random);
return $hash;
}
protected function getSessionKey(){
if(!isset($_COOKIE['lm_login_random'])){
return NULL;
}
else{
$hash=hash("sha256", $_SERVER['REMOTE_ADDR']."***".$_SERVER['HTTP_USER_AGENT']."***".$_COOKIE['lm_login_random']);
return $hash;
}
}
protected function passFailedAttempts(){
//check if no limitations are enabled
if(!$this->config->isCaptchaEnabled() && !$this->config->isBanEnabled()){
return true; //nothing to do
}
//check if is already banned
if($this->config->isBanEnabled()){
$sql=$this->config->getPDO()->prepare("SELECT COUNT(id) AS count FROM login_bans WHERE id=:ip and until>:until");
$sql->execute(array(":ip"=>$_SERVER['REMOTE_ADDR'], ":until"=>date("Y-m-d H:i:s")));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']!=0){
$this->eventHandler->handle(lmStates::BANNED);
return false;
}
}
//count failed attempts
$sql=$this->config->getPDO()->prepare("SELECT COUNT(id) AS count FROM login_history WHERE ip=:ip and date>:date and success=0");
$sql->execute(array(":ip"=>$_SERVER['REMOTE_ADDR'], ":date"=>date("Y-m-d H:i:s", time()-$this->config->getLook())));
$res=$sql->fetch(PDO::FETCH_ASSOC);
//force captcha if case
if($res['count']>=$this->config->getCaptchaAfter() && $this->config->isCaptchaEnabled()){
global $lm_force_captcha;
$lm_force_captcha=true;
}
//bann if case
if($res['count']>=$this->config->getBanAfter() && $this->config->isBanEnabled()){
$sql=$this->config->getPDO()->prepare("INSERT INTO login_bans (ip, until) VALUES (:ip, :until)");
$sql->execute(array(":ip"=>$_SERVER['REMOTE_ADDR'], ":until"=>date("Y-m-d H:i:s", time()+$config->getBanTime())));
global $lm_banned;
$lm_banned=true;
$this->eventHandler->handle(lmStates::BANNED);
return false;
}
return true;
}
protected function addLoginHistory($uid, $success=lmStates::LOGIN_FAILED, $token=""){
$sql=$this->config->getPDO()->prepare("INSERT INTO login_history (user, date, ip, auth_token, user_agent, success) VALUES (:user, :date, :ip, :auth_token, :user_agent, :success)");
$sql->execute(array(":user"=>$uid, ":date"=>date("Y-m-d H:i:s"), ":ip"=>$_SERVER['REMOTE_ADDR'], ":auth_token"=>$token, ":user_agent"=>$_SERVER['HTTP_USER_AGENT'], ":success"=>$success));
return;
}
protected function permitLogin($uid){
$token=$this->generateSessionKey();
$this->addLoginHistory($uid, lmStates::LOGIN_OK, $token);
$_SESSION=array();
$_SESSION['lm_id']=$uid;
$this->eventHandler->handle(lmStates::LOGIN_OK, $uid);
return;
}
//functions for remembering
protected function generateRememberKey(){
$random=lmUtils::randomString(32);
setcookie("lm_login_remember", $random, time()+(86000*$config->getRememberTime()));
$hash=hash("sha256", $_SERVER['REMOTE_ADDR']."***".$_SERVER['HTTP_USER_AGENT']."***".$random);
return $hash;
}
protected function getRememberKey(){
if(!isset($_COOKIE['lm_login_remember'])){
return NULL;
}
else{
$hash=hash("sha256", $_SERVER['REMOTE_ADDR']."***".$_SERVER['HTTP_USER_AGENT']."***".$random);
return $hash;
}
}
protected function rememberUser($uid){
$sql=$this->config->getPDO()->prepare("INSERT INTO login_remember (user, remember_token, until) VALUES (:user, :token, :until)");
$sql->execute(array(":user"=>$uid, ":token"=>generateRememberKey(), ":until"=>date("Y-m-d H:i:s", time()+(86400*$config->getRememberTime()))));
return;
}
}