adding oauth capabilities
This commit is contained in:
Janis Steiner
@@ -17,7 +17,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
|||||||
//we now have userid, close stmt
|
//we now have userid, close stmt
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
|
|
||||||
$sql="SELECT username, email, telegram_id FROM users WHERE id = ?";
|
$sql="SELECT username, email, telegram_id, user_token FROM users WHERE id = ?";
|
||||||
$stmt = mysqli_prepare($conn, $sql);
|
$stmt = mysqli_prepare($conn, $sql);
|
||||||
mysqli_stmt_bind_param($stmt, 'i', $user_id);
|
mysqli_stmt_bind_param($stmt, 'i', $user_id);
|
||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
@@ -25,7 +25,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
|||||||
$username="";
|
$username="";
|
||||||
$email="";
|
$email="";
|
||||||
$telegram="";
|
$telegram="";
|
||||||
mysqli_stmt_bind_result($stmt,$username,$email,$telegram);
|
$user_token="";
|
||||||
|
mysqli_stmt_bind_result($stmt,$username,$email,$telegram,$user_token);
|
||||||
mysqli_stmt_fetch($stmt);
|
mysqli_stmt_fetch($stmt);
|
||||||
mysqli_stmt_close($stmt);
|
mysqli_stmt_close($stmt);
|
||||||
$data=[
|
$data=[
|
||||||
@@ -34,7 +35,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
|||||||
'username'=>$username,
|
'username'=>$username,
|
||||||
'email'=>$email,
|
'email'=>$email,
|
||||||
'telegram_id'=>$telegram,
|
'telegram_id'=>$telegram,
|
||||||
'id'=>$user_id
|
'id'=>$user_id,
|
||||||
|
'user_token'=>$user_token
|
||||||
];
|
];
|
||||||
|
|
||||||
//remove auth key
|
//remove auth key
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ else{
|
|||||||
$username=$_SESSION["username"];
|
$username=$_SESSION["username"];
|
||||||
$_SESSION["needs_auth"]=false;
|
$_SESSION["needs_auth"]=false;
|
||||||
$_SESSION["logged_in"]=false;
|
$_SESSION["logged_in"]=false;
|
||||||
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id FROM users WHERE username = ?";
|
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token FROM users WHERE username = ?";
|
||||||
$stmt = mysqli_prepare($conn, $sql);
|
$stmt = mysqli_prepare($conn, $sql);
|
||||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||||
mysqli_stmt_execute($stmt);
|
mysqli_stmt_execute($stmt);
|
||||||
@@ -68,8 +68,9 @@ else{
|
|||||||
$pw=0;
|
$pw=0;
|
||||||
$mfa=0;
|
$mfa=0;
|
||||||
$passkey=0;
|
$passkey=0;
|
||||||
|
$user_token="";
|
||||||
if(mysqli_stmt_num_rows($stmt) == 1){
|
if(mysqli_stmt_num_rows($stmt) == 1){
|
||||||
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id);
|
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token);
|
||||||
mysqli_stmt_fetch($stmt);
|
mysqli_stmt_fetch($stmt);
|
||||||
$_SESSION["pw_required"] = $pw;
|
$_SESSION["pw_required"] = $pw;
|
||||||
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
|
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
|
||||||
@@ -78,6 +79,7 @@ else{
|
|||||||
$_SESSION["passkey_required"] = $passkey;
|
$_SESSION["passkey_required"] = $passkey;
|
||||||
$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
|
$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
|
||||||
$_SESSION["id"]=$user_id;
|
$_SESSION["id"]=$user_id;
|
||||||
|
$_SESSION["user_token"]=$user_token;
|
||||||
$data=[
|
$data=[
|
||||||
'message' => 'prepared_start_auth',
|
'message' => 'prepared_start_auth',
|
||||||
'redirect' => '/login/'
|
'redirect' => '/login/'
|
||||||
|
|||||||
@@ -81,11 +81,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
$pepper=bin2hex(random_bytes(32));
|
$pepper=bin2hex(random_bytes(32));
|
||||||
// Hash the password / a salt is added automaticly
|
// Hash the password / a salt is added automaticly
|
||||||
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
|
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
|
||||||
|
|
||||||
|
//random token which is used to auth users even if they change theyr username
|
||||||
|
$user_token=bin2hex(random_bytes(32));
|
||||||
|
|
||||||
// Insert the user into the database
|
// Insert the user into the database
|
||||||
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
|
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled, user_token) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0,?)";
|
||||||
$stmt = mysqli_prepare($conn, $sql);
|
$stmt = mysqli_prepare($conn, $sql);
|
||||||
mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
|
mysqli_stmt_bind_param($stmt, 'ssssss', $username, $email, $hashedPassword, $telegram_id, $pepper,$user_token);
|
||||||
if (mysqli_stmt_execute($stmt)) {
|
if (mysqli_stmt_execute($stmt)) {
|
||||||
echo json_encode([
|
echo json_encode([
|
||||||
'success' => true,
|
'success' => true,
|
||||||
|
|||||||
@@ -10,8 +10,8 @@
|
|||||||
include "assets/components.php";
|
include "assets/components.php";
|
||||||
session_start();
|
session_start();
|
||||||
$_SESSION["end_url"]=$_GET["send_to"];
|
$_SESSION["end_url"]=$_GET["send_to"];
|
||||||
if (isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] === true) {
|
if (isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] === true && !isset($_GET["donotsend"])) {
|
||||||
header("LOCATION:/login/");
|
header("LOCATION:/login/account_selector.php");
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
@@ -62,6 +62,7 @@
|
|||||||
username VARCHAR(255) NOT NULL UNIQUE,
|
username VARCHAR(255) NOT NULL UNIQUE,
|
||||||
public_key TEXT DEFAULT '',
|
public_key TEXT DEFAULT '',
|
||||||
credential_id VARBINARY(255),
|
credential_id VARBINARY(255),
|
||||||
|
user_token VARCHAR(128),
|
||||||
counter INT DEFAULT 0,
|
counter INT DEFAULT 0,
|
||||||
2fa VARCHAR(255),
|
2fa VARCHAR(255),
|
||||||
email VARCHAR(255),
|
email VARCHAR(255),
|
||||||
|
|||||||
46
app-code/login/account_selector.php
Normal file
46
app-code/login/account_selector.php
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en" data-bs-theme="dark">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<title>Jakach Login</title>
|
||||||
|
<?php
|
||||||
|
include "../assets/components.php";
|
||||||
|
session_start();
|
||||||
|
?>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container mt-5">
|
||||||
|
<div class="row justify-content-center">
|
||||||
|
<div class="col-md-6 col-lg-4">
|
||||||
|
<!-- Card for the form -->
|
||||||
|
<div class="card shadow">
|
||||||
|
<div class="card-body">
|
||||||
|
<h4 class="card-title text-center mb-4">Jakach Login</h4>
|
||||||
|
<!-- Form -->
|
||||||
|
<form id="twofaForm">
|
||||||
|
<!-- Submit Button -->
|
||||||
|
<div class="d-grid gap-2">
|
||||||
|
<!-- Login Button -->
|
||||||
|
<a href="/login/" class="btn btn-primary btn-lg" id="continueLink">Continue as <?php echo($_SESSION["username"]); ?></a>
|
||||||
|
<a class="btn btn-outline-primary btn-lg" href="/?donotsend&send_to=<?php echo($_SESSION["end_url"]); ?>">Use another account</a>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
// Listen for the 'Enter' key press on the document
|
||||||
|
document.addEventListener("keydown", function(event) {
|
||||||
|
if (event.key === "Enter") {
|
||||||
|
// If Enter is pressed, click the link with id 'continueLink'
|
||||||
|
document.getElementById("continueLink").click();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
@@ -35,6 +35,7 @@ if (isset($data['status'])) {
|
|||||||
$_SESSION["id"] = $data["id"];
|
$_SESSION["id"] = $data["id"];
|
||||||
$_SESSION["email"] = $data["email"];
|
$_SESSION["email"] = $data["email"];
|
||||||
$_SESSION["telegram_id"] = $data["telegram_id"];
|
$_SESSION["telegram_id"] = $data["telegram_id"];
|
||||||
|
$_SESSION["user_token"] = $data["user_token"];
|
||||||
|
|
||||||
// Return a success response
|
// Return a success response
|
||||||
echo json_encode(['status' => 'success', 'msg' => 'logged in']);
|
echo json_encode(['status' => 'success', 'msg' => 'logged in']);
|
||||||
|
|||||||
@@ -1,3 +1,6 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
?>
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en" data-bs-theme="dark">
|
<html lang="en" data-bs-theme="dark">
|
||||||
<head>
|
<head>
|
||||||
@@ -131,7 +134,12 @@
|
|||||||
showModalMessage('Success', 'Registration successful!');
|
showModalMessage('Success', 'Registration successful!');
|
||||||
// Redirect to a different page if needed after closing the modal
|
// Redirect to a different page if needed after closing the modal
|
||||||
setTimeout(() => {
|
setTimeout(() => {
|
||||||
window.location.href = '/?send_to=/account/';
|
<?php
|
||||||
|
if(empty($_SESSION["end_url"]))
|
||||||
|
echo("window.location.href = '/?send_to=/account/';");
|
||||||
|
else
|
||||||
|
echo("window.location.href = '/?send_to=".$_SESSION["end_url"]."';");
|
||||||
|
?>
|
||||||
}, 2000);
|
}, 2000);
|
||||||
} else {
|
} else {
|
||||||
showModalMessage('Error', result.message || 'Registration failed!');
|
showModalMessage('Error', result.message || 'Registration failed!');
|
||||||
|
|||||||
Reference in New Issue
Block a user