Commit 66969895 authored by Jason Frisvold's avatar Jason Frisvold
Browse files

- index with current changes for login/out

- necessary templates
parent 6893fdea
......@@ -25,30 +25,26 @@
// Load the configuration file
require_once("config.php");
// Globals
$data = array(
'skynet_favicon' => $skynet_favicon,
'skynet_stylesheet' => $skynet_stylesheet,
'skynet_homepage' => $skynet_homepage,
'skynet_version' => $skynet_version,
);
// Global array for Smarty data
$data = array(
'skynet_favicon' => $skynet_favicon,
'skynet_stylesheet' => $skynet_stylesheet,
'skynet_homepage' => $skynet_homepage,
'skynet_version' => $skynet_version,
);
// Connect to the database server
$sqlhdlr = new mysqli($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
$skynet_dbName);
// Make sure we have a connection
// TODO : This should be slimified (whatever that means)
if (mysqli_connect_errno()) {
die( '<p>Unable to connect to the database server at this time: ' .
mysqli_connect_error() . ' </p>' );
}
function prep_smarty($app) {
$smarty = $app->view()->getInstance();
$smarty->loadFilter("pre", 'whitespace_control');
$smarty->debugging = true;
}
// Instantiate a slim instance
$app = new \Slim\Slim(array(
'view' => new \Slim\Views\Smarty(),
'debug' => true,
......@@ -58,6 +54,8 @@
'mode' => 'development'
));
// We want to use Smarty for templates, this sets up the necessary Smarty
// configuration within Slim
$view = $app->view();
$view->parserDirectory = $skynet_smarty_dir;
$view->parserCompileDirectory = "$skynet_work_dir/templates_c";
......@@ -66,27 +64,18 @@
dirname(__FILE__) . '/libs',
);
$authenticateForRole = function ( $role = 'member' ) {
return function () use ( $role ) {
$user = User::fetchFromDatabaseSomehow();
if ( $user->belongsToRole($role) === false ) {
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
$app->redirect('/login');
}
};
};
$isauthenticated = function() {
return function() {
$app->hook('slim.before', function () use ($app) {
$app->view()->appendData(array('baseUrl' => '/index.php/'));
});
$isauthenticated = function( $role = 'user' ) {
return function() use ( $role ) {
// Globalize the phptodo variables needed
global $skynet_dbHost, $skynet_dbUser, $skynet_dbPass, $skynet_dbName,
$skynet_sessTime, $sqlhdlr, $data;
// Globalize the user variables
//global $smarty;
$skynet_sessTime, $skynet_serveruri, $sqlhdlr, $data;
// Try and get the id, last time, and user if from the sessions database
// Try and get the id, last time, and user id from the sessions
// database
$query = sprintf('SELECT id, last, user_id FROM sessions WHERE ' .
'phpsessid = "%s"', session_id());
......@@ -97,48 +86,49 @@
die( 'Error: ' . $sqlhdlr->error );
}
// Check to see if an id was set, and if the time is good
// Check to see if an id was set, and if the time is valid
if ((isset($id)) && (($last + $skynet_sessTime) >= time())) {
// Good session, update the timestamp
$query = sprintf("UPDATE sessions SET last = %d WHERE id = %d", time(),
$id);
$query = sprintf("UPDATE sessions SET last = %d WHERE id = %d",
time(), $id);
$sqlhdlr->query($query) or die( 'Error: ' . $sqlhdlr->error );
// Create the user object
$user_obj = new skynetUser($skynet_dbHost, $skynet_dbUser,
$skynet_dbPass, $skynet_dbName, $user_id);
$skynet_dbPass, $skynet_dbName,
$user_id);
// Assign the appropriate data to the smarty $data array
$data['username'] = $user_obj->username();
$data['adminflag'] = $user_obj->adminflag();
// Assign the username to the smarty template
//$smarty->assign('username', $user_obj->username());
//$smarty->assign('adminflag', $user_obj->adminflag());
if (get_magic_quotes_gpc()) {
$data['fullname'] = stripslashes(htmlentities($user_obj->fullname(),
ENT_QUOTES));
// $smarty->assign('fullname',
// stripslashes(htmlentities($user_obj->fullname(),
// ENT_QUOTES)));
} else {
$data['fullname'] = htmlentities($user_obj->fullname(),
ENT_QUOTES);
// $smarty->assign('fullname', htmlentities($user_obj->fullname(),
// ENT_QUOTES));
}
return($user_obj);
} else {
// If a guest role, then bypass the login redirect
if ($role == 'guest') {
$data['username'] = 'guest';
return;
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
//$app->redirect('/login');
$app->redirect('/login');
}
// Return a 0 to indicate that authentication was not successful
$app = \Slim\Slim::getInstance();
$app->flash('error', 'Login required');
//$app->redirect('/login');
$app->redirect('/login');
};
};
......@@ -147,77 +137,95 @@
global $data;
prep_smarty($app);
print_r($data);
$app->render('index.tpl', $data);
$app->render('main.tpl', $data);
});
// GET route
$app->post('/', function () use ($app) {
// Login routine
// TODO: Add a redirect here for users already logged in
$app->get('/login', function () use ($app) {
global $data;
prep_smarty($app);
$app->render('index.tpl', $data);
$app->render('login.tpl', $data);
});
$app->run();
// Login routine
$app->post('/login', function () use ($app) {
// Some global variables
$skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
$skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
// Check to see if this is a login attempt
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
$authenticated = login($_REQUEST['username'], $_REQUEST['password']);
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
} else {
$app->flash('error', 'Username or Password missing');
$app->redirect('/login');
}
// If the user is authenticated, jump them to the main page
if ((isset($authenticated) && ($authenticated == 1)) ||
($user_obj = authenticate())) {
if (isset($_SESSION['redirect'])) {
$app->redirect($_SESSION['redirect']);
} else {
$app->redirect('/');
}
unset($_SESSION['redirect']);
// Define usesmarty (to indicate that config needs to load smarty)
define('usesmarty', 1);
// Otherwise show the login page
} else {
$app->flash('error', 'Invalid Username or Password');
$app->redirect('/login');
}
// Connect to the database server
$sqlhdlr = new mysqli($skynet_dbHost, $skynet_dbUser, $skynet_dbPass,
$skynet_dbName);
// Make sure we have a connection
if (mysqli_connect_errno()) {
die( '<p>Unable to connect to the database server at this time: ' .
mysqli_connect_error() . ' </p>' );
}
$app->flash('error', 'Critical Failure');
$app->redirect('/login');
// Some global variables
$skynet_nameRegex = '/^[a-zA-Z0-9_\-]{1,15}\z/';
$skynet_pwdRegex = '/^[a-zA-Z0-9@#$%\^&\*\/]{4,15}\z/';
});
// Check to see if this is a login attempt
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (preg_match($skynet_nameRegex, $_REQUEST['username']) &&
preg_match($skynet_pwdRegex, $_REQUEST['password'])) {
$authenticated = login($_REQUEST['username'], $_REQUEST['password']);
} else {
$authenticated = 0;
}
}
// Login routine
$app->get('/logout', function () use ($app) {
// If the user is authenticated, jump them to the main page
if ((isset($authenticated) && ($authenticated == 1)) ||
($user_obj = authenticate())) {
if (isset($_SESSION['redirect'])) {
header('Location: ' . $_SESSION['redirect']);
} else {
//header('Location: ' . $skynet_serveruri .
// dirname($_SERVER['PHP_SELF']) . '/main.php');
header('Location: ' . $skynet_serveruri .
join_paths(dirname($_SERVER['PHP_SELF']), '/main.php'));
}
unset($_SESSION['redirect']);
logout();
$app->flash('success', 'Logout successful');
$app->redirect('/login');
});
// Otherwise show the login page
} else {
// If the previous attempt was a failure, show it properly
if (isset($authenticated) && ($authenticated == 0)) {
$smarty->assign('failed', 1);
}
// GET route
$app->get('/about', $isauthenticated('guest'), function () use ($app) {
global $data;
prep_smarty($app);
// Display the template
//$smarty->display('index.tpl');
}
$app->render('about.tpl', $data);
});
$app->run();
$sqlhdlr->close();
?>
// Loads the whitespace_control filter for handling comments within the
// Smarty templates
function prep_smarty($app) {
global $skynet_debug;
$smarty = $app->view()->getInstance();
$smarty->loadFilter("pre", 'whitespace_control');
$smarty->debugging = $skynet_debug;
}
?>
\ No newline at end of file
......@@ -20,7 +20,8 @@
<head>
<meta http-equiv='content-type' content='text/html; charset=ISO-8859-1' />
<link rel='shortcut icon' type='image/x-icon' href='{$skynet_favicon}'>
<link rel='stylesheet' href='css/reset.css' type='text/css' />
<link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
<link rel='stylesheet' href='{$skynet_stylesheet}' type='text/css' />
<title>Skynet Automated Security Scanner</title>
</head>
......
......@@ -23,16 +23,16 @@
{if $page == 'main'}
[main]
{else}
[<a href='main.php'>main</a>]
[<a href='/'>main</a>]
{/if}
{if $page == 'about'}
[about]
{else}
[<a href='about.php'>about</a>]
[<a href='/about'>about</a>]
{/if}
[<a href='logout.php'>logout</a>]
[<a href='/logout'>logout</a>]
{else}
[<a href='index.php'>login</a>]
[<a href='/login'>login</a>]
{/if}
</span>
</p>
......
......@@ -21,27 +21,39 @@
<meta name='robots' content='noindex, nofollow' />
<meta http-equiv='content-type' content='text/html; charset=ISO-8859-1' />
<link rel='shortcut icon' type='image/x-icon' href='{$skynet_favicon}'>
<link rel='stylesheet' href='css/reset.css' type='text/css' />
<link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<link href="/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
<link rel='stylesheet' href='{$skynet_stylesheet}' type='text/css' />
<title>Skynet Automated Security Scanner</title>
</head>
<body>
<h1>Welcome to Skynet</h1>
<h3>Please login :</h3>
<form action="index.php" method="post">
<div class="centered">
UserName : <input type="text" name="username" alt='Username' size='15' />
&nbsp;&nbsp;
Password : <input type="password" name="password" alt='Password' size='15' />
<input type="submit" value="Log In" />
<form action="login" method="post">
<div class="col-sm-8 col-sm-offset-2 col-md-10 col-md-offset-1">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
<input type="text" class="form-control" placeholder="username" id="username" name="username" tabindex="1" accesskey="" path="username" autocomplete="false" htmlEscape="true" autofocus />
</div>
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input id="password" name="password" tabindex="2" placeholder="password" class="form-control" type="password" value="" autocomplete="off"/>
</div>
<input type="submit" class="btn btn-primary btn-lg btn-block" value="Log In" />
</div>
</form>
{if isset($logout)}
<h3 class='alert'>Logout Successful</h3>
<div class="col-sm-8 col-sm-offset-2 col-md-10 col-md-offset-1">
{if isset($smarty.session['slim.flash'].error)}
<div class='alert alert-danger'>{$smarty.session['slim.flash'].error}</div>
{/if}
{if isset($failed)}
<h3 class='alert'>Login Failed</h3>
{if isset($smarty.session['slim.flash'].success)}
<div class='alert alert-success'>{$smarty.session['slim.flash'].success}</div>
{/if}
</div>
{include file='footer.tpl'}
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment