janis/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding keepmeloggedin

Browse Source
This commit is contained in:
Janis Steiner
2024-12-28 17:15:57 +01:00
parent 052c8c4181
commit 5214c96b90
16 changed files with 293 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app-code/api/login/delete_keepmeloggedin.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
session_start();
header('Content-Type: application/json');
$send_to=$_SESSION["end_url"];
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
$user_id=$_SESSION["id"];
$sql="DELETE FROM keepmeloggedin WHERE user_id = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'i', $user_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
?>

36
app-code/api/login/keepmeloggedin.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
session_start();
header('Content-Type: application/json');
$send_to=$_SESSION["end_url"];
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
$keepmeloggedin=$_POST["keepmeloggedin"];
if($keepmeloggedin=="true"){
$_SESSION["keepmeloggedin_asked"]=true;
$user_id=$_SESSION["id"];
//create a login token
$login_token=bin2hex(random_bytes(128));
$agent=$_SERVER['HTTP_USER_AGENT'];
$sql="INSERT INTO keepmeloggedin (auth_token,user_id,agent) VALUES (?,?,?);";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sis', $login_token,$user_id,$agent);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
setcookie("auth_token", $login_token, time() + (30 * 24 * 60 * 60), "/", "", true, true);
$data = [
'status' => 'success'
];
echo(json_encode($data));
}else{
$_SESSION["keepmeloggedin_asked"]=true;
$data = [
'status' => 'success'
];
echo(json_encode($data));
}
?>

44
app-code/api/login/redirect.php
View File

@@ -2,31 +2,7 @@
session_start();
header('Content-Type: application/json');
function get_location_from_ip($ip) {
// Use ip-api.com to fetch geolocation data
$url = "http://ip-api.com/json/$ip";
// Initialize curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute curl and decode the JSON response
$response = curl_exec($ch);
curl_close($ch);
// Convert JSON response to PHP array
$data = json_decode($response, true);
// Check for a successful response
if ($data && $data['status'] === 'success') {
return $data; // Return the geolocation data
}
return null; // Return null if API call fails
}
include "../utils/get_location.php";
$send_to=$_SESSION["end_url"];
@@ -57,7 +33,16 @@ else if($_SESSION["needs_auth"]===false && $_SESSION["mfa_required"]==1 && $_SES
'redirect' => '/login/passkey.php'
];
echo(json_encode($data));
}*/else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 && $_SESSION["pw_authenticated"]==1){
}*/
else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 && $_SESSION["pw_authenticated"]==1 && $_SESSION["keepmeloggedin_asked"]==false){
//send to keepmelogged in question
$data=[
'message' => 'ask_keepmeloggedin',
'redirect' => '/login/keepmeloggedin.php'
];
echo(json_encode($data));
}
else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 && $_SESSION["pw_authenticated"]==1){
//fully authenticated
//create auth token which other services can then use to check if user logged in
$user_id=$_SESSION["id"];
@@ -133,7 +118,7 @@ else{
$username=$_SESSION["username"];
$_SESSION["needs_auth"]=false;
$_SESSION["logged_in"]=false;
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token,last_login, login_message,telegram_id FROM users WHERE username = ?";
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token,last_login, login_message,telegram_id, permissions FROM users WHERE username = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's', $username);
mysqli_stmt_execute($stmt);
@@ -145,8 +130,9 @@ else{
$last_login="";
$login_message=0;
$telegram_id="";
$permissions="";
if(mysqli_stmt_num_rows($stmt) == 1){
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token,$last_login,$login_message,$telegram_id);
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token,$last_login,$login_message,$telegram_id,$permissions);
mysqli_stmt_fetch($stmt);
$_SESSION["pw_required"] = $pw;
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
@@ -159,6 +145,8 @@ else{
$_SESSION["last_login"]=$last_login;
$_SESSION["telegram_id"]=$telegram_id;
$_SESSION["login_message"]=$login_message;
$_SESSION["permissions"]=$permissions;
$_SESSION["keepmeloggedin_asked"]=false;
$data=[
'message' => 'prepared_start_auth',
'redirect' => '/login/'

2
app-code/api/login/reset_pw.php
View File

@@ -53,7 +53,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}else {
mysqli_stmt_close($stmt);
echo json_encode(['success' => false, 'message' => 'Ivalid auth token']);
echo json_encode(['success' => false, 'message' => 'Invalid auth token']);
}
//remove token
$sql="DELETE FROM reset_tokens WHERE auth_token = ?;";

9
app-code/api/login/send_reset_link.php
View File

@@ -2,6 +2,7 @@
session_start();
header('Content-Type: application/json');
include "../../config/config.php";
include "../utils/get_location.php";
$username=$_SESSION["username"];
$sql="SELECT id, email, telegram_id FROM users WHERE username = ?;";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
@@ -18,9 +19,10 @@ mysqli_stmt_close($stmt);
//send telegram message
$device = $_SERVER['HTTP_USER_AGENT'];
$ip=$_SERVER["REMOTE_ADDR"];
$location=get_location_from_ip($ip);
$date=date('Y-m-d H:i:s');
$token=bin2hex(random_bytes(128));
$link="https://jakach.duckdns.org:444/login/reset_pw.php?token=$token";
$link="https://jakach-auth.duckdns.org:444/login/reset_pw.php?token=$token";
$message = "*Password reset token*\n\n"
. "You have requested the reset of your password here is your reset link.\n\n"
@@ -28,6 +30,7 @@ $message = "*Password reset token*\n\n"
. "*Details of this request:*\n"
. "• *Date&Time*: $date\n"
. "• *Device&Browser*: $device\n"
. "*Location*: ".$location["country"].", ".$location["state"].", ".$location["city"]."\n"
. "• *Account*: ".$_SESSION["username"]."\n"
. "• *IP*: $ip\n\n"
."If this was you, you can reset your password. If this was not you somebody else tried to reset your password!\n"
@@ -54,6 +57,7 @@ curl_exec($ch);
curl_close($ch);
//send mail
if(!empty($mail)){
$loc=$location["country"].", ".$location["state"].", ".$location["city"];
$content = "
<!DOCTYPE html>
<html lang='en'>
@@ -125,6 +129,7 @@ if(!empty($mail)){
<li><strong>Device & Browser:</strong> $device</li>
<li><strong>Account:</strong> $mail</li>
<li><strong>IP Address:</strong> $ip</li>
<li><strong>Location:</strong> $loc</li>
</ul>
<p>If this was you, you can reset your password. If this was not you, someone else may have tried to reset your password.</p>
@@ -182,7 +187,7 @@ if(!empty($mail)){
//insert the token into our db
$valid_until=time()+8600;
$valid_until=time()+(8600/2);
$sql="INSERT INTO reset_tokens (auth_token, user_id,valid_until) VALUES (?,?,?);";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'sii', $token,$id,$valid_until);

65
app-code/api/utils/check_keepmeloggedin.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
function logmein(){
$ret="failure";
include "/var/www/html/config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if (isset($_COOKIE['auth_token'])) {
$auth_token=$_COOKIE['auth_token'];
$sql="SELECT user_id,agent FROM keepmeloggedin WHERE auth_token = ?";
$user_id=0;
$agent="";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 's',$auth_token);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
mysqli_stmt_bind_result($stmt, $user_id,$agent);
mysqli_stmt_fetch($stmt);
mysqli_stmt_close($stmt);
//load user data
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, username, user_token,last_login, login_message,telegram_id, permissions FROM users WHERE id = ?";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, 'i', $user_id);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$pw=0;
$username="";
$mfa=0;
$passkey=0;
$user_token="";
$last_login="";
$login_message=0;
$telegram_id="";
$permissions="";
if(mysqli_stmt_num_rows($stmt) == 1){
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$username,$user_token,$last_login,$login_message,$telegram_id,$permissions);
mysqli_stmt_fetch($stmt);
$_SESSION["pw_required"] = $pw;
$_SESSION["pw_authenticated"] = 1;
$_SESSION["mfa_required"] = $mfa;
$_SESSION["mfa_authenticated"] = 1;
$_SESSION["passkey_required"] = $passkey;
$_SESSION["passkey_authenticated"] = 1;
$_SESSION["id"]=$user_id;
$_SESSION["username"]=$username;
$_SESSION["user_token"]=$user_token;
$_SESSION["last_login"]=$last_login;
$_SESSION["telegram_id"]=$telegram_id;
//$_SESSION["login_message"]=$login_message;
$_SESSION["login_message"]=false; // do not send a message if logged in via keepmeloggedin
$_SESSION["permissions"]=$permissions;
$_SESSION["keepmeloggedin_asked"]=true;
$_SESSION["logged_in"]=true;
$_SESSION["needs_auth"]=false;
$ret="success";
}
mysqli_stmt_close($stmt);
}else{
mysqli_stmt_close($stmt);
}
}
return $ret;
}
?>

27
app-code/api/utils/get_location.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
function get_location_from_ip($ip) {
// Use ip-api.com to fetch geolocation data
$url = "http://ip-api.com/json/$ip";
// Initialize curl
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute curl and decode the JSON response
$response = curl_exec($ch);
curl_close($ch);
// Convert JSON response to PHP array
$data = json_decode($response, true);
// Check for a successful response
if ($data && $data['status'] === 'success') {
return $data; // Return the geolocation data
}
return null; // Return null if API call fails
}
?>