authentication.php 5.28 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?php if (!defined('skynet')) exit();
/* Skynet - Automated "Cloud" Security Scanner                                *#
#* Copyright (C) 2014-present  Jason Frisvold <friz@godshell.com>             *#
#*                                                                            *#
#* This program is free software; you can redistribute it and/or modify       *#
#* it under the terms of the GNU General Public License as published by       *#
#* the Free Software Foundation; either version 2 of the License, or          *#
#* (at your option) any later version.                                        *#
#*                                                                            *#
#* This program is distributed in the hope that it will be useful,            *#
#* but WITHOUT ANY WARRANTY; without even the implied warranty of             *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *#
#* GNU General Public License for more details.                               *#
#*                                                                            *#
#* You should have received a copy of the GNU General Public License          *#
#* along with this program; if not, write to the Free Software                *#
#* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA */

19
20
   $isauthenticated = function( $role = 'user' ) use ($app) {
      return function() use ( $app, $role ) {
21
         // Globalize the phptodo variables needed
22
         global $skynet_sessTime, $skynet_serveruri, $smarty_data;
23
24
25

         // Try and get the id, last time, and user id from the sessions
         // database
26
         $result = $app->db->table('sessions')
27
28
29
30
31
32
33
34
35
36
37
38
            ->select('id', 'last', 'user_id')
            ->where('phpsessid', '=', session_id())
            ->first();

         $id = $result['id'];
         $last = $result['last'];
         $user_id = $result['user_id'];


         // Check to see if an id was set, and if the time is valid
         if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
            // Good session, update the timestamp
39
            $app->db->table('sessions')
40
41
42
43
               ->where('id', '=', $id)
               ->update(array('last' => time()));

            // Create the user object
44
            $user_obj = new skynetUser($app->db, $user_id);
45
      
46
            // Assign the appropriate data to the smarty array
47
48
49
50
51
52
53
            $smarty_data['username'] = $user_obj->username();
            $smarty_data['adminflag'] = $user_obj->adminflag();

            if (get_magic_quotes_gpc()) {
               $smarty_data['fullname'] =
                  stripslashes(htmlentities($user_obj->fullname(), ENT_QUOTES));
            } else {
54
55
               $smarty_data['fullname'] =
                  htmlentities($user_obj->fullname(),ENT_QUOTES);
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
            }

            return($user_obj);
         } else {
            // If a guest role, then bypass the login redirect
            if ($role == 'guest') {
               $smarty_data['username'] = 'guest';
               return;
            }

            // Return a 0 to indicate that authentication was not successful
            $app = \Slim\Slim::getInstance();
            $app->flash('error', 'Login required');
            $app->redirect('/login');
         }
      
         // Return a 0 to indicate that authentication was not successful
         $app = \Slim\Slim::getInstance();
         $app->flash('error', 'Login required');
         $app->redirect('/login');
      };
   };

   // Login routine
   // TODO: Add a redirect here for users already logged in
   $app->get('/login', function () use ($app) {
      global $smarty_data;

      prep_smarty($app);   
      $app->render('login.tpl', $smarty_data);
   
   });

   // Login routine
   $app->post('/login', function () use ($app) {

      // Some global variables
      $skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
      $skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';

      // Check to see if this is a login attempt
      if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
         if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
             preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
            $authenticated = login($_REQUEST['username'], $_REQUEST['password']);
         } else {
            $app->flash('error', 'Invalid Username or Password');
            $app->redirect('/login');
         }
      } else {
         $app->flash('error', 'Username or Password missing');
         $app->redirect('/login');
      }

      // If the user is authenticated, jump them to the main page
      if ((isset($authenticated) && ($authenticated == 1)) ||
          ($user_obj = authenticate())) {
         if (isset($_SESSION['redirect'])) {
            $app->redirect($_SESSION['redirect']);
         } else {
            $app->redirect('/');
         }
         unset($_SESSION['redirect']);
   
      // Otherwise show the login page
      } else {
         $app->flash('error', 'Invalid Username or Password');
         $app->redirect('/login');
      }

      $app->flash('error', 'Critical Failure');
      $app->redirect('/login');

   });

   // Logout routine
   $app->get('/logout', function () use ($app) {

      logout();
      
      $app->flash('success', 'Logout successful');
      $app->redirect('/login');
   
   });

?>