janis/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding some code, still stesting it

Browse Source
This commit is contained in:
Janis Steiner
2024-12-18 19:40:09 +01:00
parent 2bddb8f8c2
commit 391d7e318d
8 changed files with 560 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app-code/api/login/redirect.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
session_start();
header('Content-Type: application/json');
$send_to=$_SESSION["end_url"];
//if allready authenticated
if(($_SESSION["auth_passkey"]==="not_reauired" or $_SESSION["auth_passkey"]==="authenticated") and ($_SESSION["auth_password"]==="not_reauired" or $_SESSION["auth_password"]==="authenticated") and ($_SESSION["auth_2fa"]==="not_reauired" or $_SESSION["auth_2fa"]==="authenticated")){
//user is fully authenticated, send him to the desired page
$data = [
'login' => true,
'message' => 'fully_logged_in',
'redirect' => $send_to
];
echo(json_encode($data));
}else{
//we have to send the user around :)
//load his auth methods. then send the first one. if he auths there he will be send back here and we can send him to the next auth method
$username=$_SESSION["username"];
}
?>

4
app-code/api/login/set_username.php Normal file
View File

@@ -0,0 +1,4 @@
<?php
session_start();
$_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$_POST["username"]);
?>

111
app-code/api/register/register_user.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
// Set response headers to return JSON
header('Content-Type: application/json');
include "../../config/config.php";
// Connect to the database
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection
if ($conn === false) {
echo json_encode([
'success' => false,
'message' => 'Database connection failed: ' . mysqli_connect_error()
]);
exit;
}
// Check if the request method is POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Get the JSON input
$input = file_get_contents('php://input');
$data = json_decode($input, true);
// Validate input
if (!isset($data['username']) || !isset($data['password'])) {
echo json_encode([
'success' => false,
'message' => 'Invalid input. Username and password are required.'
]);
exit;
}
$username = trim($data['username']);
$email = trim($data['email']);
$password = trim($data['password']);
$telegram_id = trim($data['telegram']);
// Check for empty fields
if (empty($username) || empty($password)) {
echo json_encode([
'success' => false,
'message' => 'Username and password are required.'
]);
exit;
}
// Check if the username already exists
$sql = "SELECT id FROM users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) > 0) {
echo json_encode([
'success' => false,
'message' => 'Username already taken.'
]);
mysqli_stmt_close($stmt);
exit;
}
mysqli_stmt_close($stmt);
// Check if the email already exists
$sql = "SELECT id FROM users WHERE email = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) > 0 && $email!="") {
echo json_encode([
'success' => false,
'message' => 'Email already registered.'
]);
mysqli_stmt_close($stmt);
exit;
}
mysqli_stmt_close($stmt);
$pepper=bin2hex(random_bytes(32));
// Hash the password / a salt is added automaticly
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
// Insert the user into the database
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
if (mysqli_stmt_execute($stmt)) {
echo json_encode([
'success' => true,
'message' => 'Registration successful!'
]);
} else {
echo json_encode([
'success' => false,
'message' => 'Registration failed. Please try again later.'
]);
}
mysqli_stmt_close($stmt);
} else {
// Invalid request method
echo json_encode([
'success' => false,
'message' => 'Invalid request method. Only POST is allowed.'
]);
}
// Close the database connection
mysqli_close($conn);
?>

9
app-code/assets/components.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
echo('<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" >
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.2/dist/umd/popper.min.js" ></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.min.js" crossorigin="anonymous"></script>
');
?>

89
app-code/index.php Normal file
View File

@@ -0,0 +1,89 @@
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<!-- here the user provides his username. we will then send him around yey :) -->
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Jakach Login</title>
<?php
include "assets/components.php";
session_start();
$_SESSION["end_url"]=$_GET["send_to"];
?>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6 col-lg-4">
<!-- Card for the form -->
<div class="card shadow">
<div class="card-body">
<h4 class="card-title text-center mb-4">Jakach Login</h4>
<!-- Form -->
<form id="usernameForm">
<!-- Username Input -->
<div class="mb-3">
<input type="text" id="username" name="username" class="form-control" placeholder="Benutzername" required>
</div>
<!-- Submit Button -->
<div class="d-grid gap-2">
<!-- Login Button -->
<button type="submit" class="btn btn-primary btn-lg">Einloggen</button>
<!-- Register Button -->
<a class="btn btn-outline-primary btn-lg" href="/register/">Account Erstellen</a>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script>
// Select the form
const usernameForm = document.getElementById('usernameForm');
// Add submit event listener
usernameForm.addEventListener('submit', async (event) => {
event.preventDefault(); // Prevent the default form submission behavior
// Get the username input value
const usernameInput = document.getElementById('username');
const username = usernameInput.value;
// Check if username is empty (just in case)
if (!username) {
alert('Please enter a username.');
return;
}
try {
// Send POST request to the API
const response = await fetch('/api/login/set_username.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ username }), // Send username as JSON
});
// Check if the request was successful
if (response.ok) {
// Redirect to /login/ upon success
window.location.href = '/login/';
} else {
// Handle errors
const errorData = await response.json();
alert(`Error: ${errorData.message || 'Failed to set username.'}`);
}
} catch (error) {
// Handle network errors
console.error('Error:', error);
alert('An error occurred. Please try again later.');
}
});
</script>
</body>
</html>

115
app-code/install/create_db.php Normal file
View File

@@ -0,0 +1,115 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Jakach-Login install</title>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card">
<div class="card-header">
<h4>We are creating the databases used in jakach-login, please stand by</h4>
</div>
<div class="card-body">
<p>If the creation fails, please wait a minute and try again. The database server might still be starting at the time.</p>
<br>
</div>
<?php
$success=1;
include "../config/config.php";
// Create connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD);
// Check connection
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
// Create database
$sql = "CREATE DATABASE IF NOT EXISTS $DB_DATABASE";
if ($conn->query($sql) === TRUE) {
echo '<br><div class="alert alert-success" role="alert">
Database created successfully!
</div>';
} else {
$success=0;
echo '<br><div class="alert alert-danger" role="alert">
Error creating database: ' . $conn->error .'
</div>';
}
$conn->close();
// Connect to the new database
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
// Check connection
if ($conn->connect_error) {
$success=0;
die("Connection failed: " . $conn->connect_error);
}
// Create user table
$sql="CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL UNIQUE,
public_key TEXT DEFAULT '',
credential_id TEXT DEFAULT '',
counter INT DEFAULT 0,
2fa VARCHAR(255),
email VARCHAR(255),
password VARCHAR(500),
pepper VARCHAR(255),
telegram_id VARCHAR(255),
permissions VARCHAR(255),
color_profile INT,
auth_key VARCHAR(255),
keepmeloggedin_token VARCHAR(255),
auth_method_keepmeloggedin_enabled INT,
auth_method_enabled_2fa INT,
auth_method_enabled_pw INT,
auth_method_enabled_passkey INT,
auth_method_required_2fa INT,
auth_method_required_pw INT,
auth_method_required_passkey INT
);";
if ($conn->query($sql) === TRUE) {
echo '<br><div class="alert alert-success" role="alert">
Table users created successfully!
</div>';
} else {
$success=0;
echo '<br><div class="alert alert-danger" role="alert">
Error creating table users: ' . $conn->error .'
</div>';
}
if($success!==1){
echo '<br><div class="alert alert-danger" role="alert">
There was an error creating the databases. Please try again or contact support at: <a href="mailto:info.jakach@gmail.com">info.jakach@gmail.com</a>
</div>';
}else{
echo '<br><div class="alert alert-success" role="alert">
Database created successfully!
</div>';
}
$conn->close();
?>
</div>
</div>
</div>
</div>
</body>
</html>

55
app-code/login/index.php Normal file
View File

@@ -0,0 +1,55 @@
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<!-- this is the first file accessed by the user. It sends a request to backend to check where it should send the user -->
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Jakach Login</title>
<?php
include "../assets/components.php";
?>
</head>
<body>
<div class="d-flex flex-column justify-content-center align-items-center" style="height: 100vh;">
<!-- Spinner -->
<div class="spinner-border text-primary mb-3" role="status">
<span class="visually-hidden">Loading...</span>
</div>
<!-- Redirecting Text -->
<p class="text-center fs-4">Redirecting...</p>
</div>
<script>
const redirect_api="/api/login/redirect.php";
async function redirect() {
try {
const response = await fetch(redirect_api);
// Check if the response is OK
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
// Parse the JSON response
const data = await response.json();
// Extract the 'redirect' property from the response
const redirectUrl = data.redirect;
// Check if the redirect URL exists
if (redirectUrl) {
// Redirect the user to the URL
window.location.href = redirectUrl;
}
} catch (error) {
// Handle errors (e.g., network issues or API errors)
console.error("Error fetching data:", error);
}
}
// Call the function on page load
redirect();
</script>
</body>
</html>

156
app-code/register/index.php Normal file
View File

@@ -0,0 +1,156 @@
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<!-- this is the first file accessed by the user. It sends a request to backend to check where it should send the user -->
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Jakach Login</title>
<?php
include "../assets/components.php";
?>
</head>
<body>
<div class="container mt-5">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="card shadow-sm">
<div class="card-header text-center bg-primary text-white">
<h4>Register</h4>
</div>
<div class="card-body">
<form id="registerForm">
<!-- Username -->
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" class="form-control" id="username" placeholder="Enter your username" required>
</div>
<!-- Email -->
<div class="mb-3">
<label for="email" class="form-label">Email Address (optional)</label>
<input type="email" class="form-control" id="email" placeholder="Enter your email">
</div>
<!-- Telegram -->
<div class="mb-3">
<label for="telegram" class="form-label">Telegram ID (optional)</label>
<input type="text" class="form-control" id="telegram" placeholder="Enter your Telegram ID">
</div>
<!-- Password -->
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" placeholder="Enter your password" required>
</div>
<!-- Confirm Password -->
<div class="mb-3">
<label for="confirm-password" class="form-label">Confirm Password</label>
<input type="password" class="form-control" id="confirm-password" placeholder="Confirm your password" required>
</div>
<!-- Submit Button -->
<div class="d-grid">
<button type="submit" class="btn btn-primary">Register</button>
</div>
</form>
</div>
<div class="card-footer text-center">
<small>Already have an account? <a href="/?send_to=/account/">Login here</a></small>
</div>
</div>
</div>
</div>
</div>
<div class="modal fade" id="responseModal" tabindex="-1" aria-labelledby="responseModalLabel" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="responseModalLabel">Message</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body" id="responseMessage">
<!-- Message content will be injected here -->
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<script>
// Grab the form element
const registerForm = document.getElementById('registerForm');
const responseModal = new bootstrap.Modal(document.getElementById('responseModal')); // Initialize the modal
const responseMessage = document.getElementById('responseMessage'); // Modal body for messages
// Listen for form submission
registerForm.addEventListener('submit', async (event) => {
event.preventDefault(); // Prevent the default form submission
// Get form values
const username = document.getElementById('username').value.trim();
const email = document.getElementById('email').value.trim();
const password = document.getElementById('password').value;
const confirmPassword = document.getElementById('confirm-password').value;
const telegram = document.getElementById('telegram').value.trim();
// Validation
if (username === '') {
showModalMessage('Error', 'Username is required!');
return;
}
if (password.length < 12) {
showModalMessage('Error', 'Password must be at least 12 characters long!');
return;
}
if (password !== confirmPassword) {
showModalMessage('Error', 'Passwords do not match!');
return;
}
// Prepare data to send
const formData = {
username: username,
email: email,
password: password,
telegram: telegram
};
try {
// Send data to the server using fetch
const response = await fetch('/api/register/register_user.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json', // JSON format
},
body: JSON.stringify(formData), // Convert form data to JSON string
});
// Process the server's response
if (response.ok) {
const result = await response.json();
if (result.success) {
showModalMessage('Success', 'Registration successful!');
// Redirect to a different page if needed after closing the modal
setTimeout(() => {
window.location.href = '/?send_to=/account/';
}, 2000);
} else {
showModalMessage('Error', result.message || 'Registration failed!');
}
} else {
showModalMessage('Error', 'An error occurred while registering. Please try again.');
}
} catch (error) {
console.error('Error:', error);
showModalMessage('Error', 'Unable to register. Please try again later.');
}
});
// Function to display a modal message
function showModalMessage(title, message) {
document.getElementById('responseModalLabel').textContent = title; // Set the modal title
responseMessage.textContent = message; // Set the modal body message
responseModal.show(); // Show the modal
}
</script>
</body>
</html>