adding oauth capabilities
This commit is contained in:
Janis Steiner
@@ -17,7 +17,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
//we now have userid, close stmt
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
$sql="SELECT username, email, telegram_id FROM users WHERE id = ?";
|
||||
$sql="SELECT username, email, telegram_id, user_token FROM users WHERE id = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'i', $user_id);
|
||||
mysqli_stmt_execute($stmt);
|
||||
@@ -25,7 +25,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
$username="";
|
||||
$email="";
|
||||
$telegram="";
|
||||
mysqli_stmt_bind_result($stmt,$username,$email,$telegram);
|
||||
$user_token="";
|
||||
mysqli_stmt_bind_result($stmt,$username,$email,$telegram,$user_token);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
$data=[
|
||||
@@ -34,7 +35,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
'username'=>$username,
|
||||
'email'=>$email,
|
||||
'telegram_id'=>$telegram,
|
||||
'id'=>$user_id
|
||||
'id'=>$user_id,
|
||||
'user_token'=>$user_token
|
||||
];
|
||||
|
||||
//remove auth key
|
||||
|
||||
@@ -60,7 +60,7 @@ else{
|
||||
$username=$_SESSION["username"];
|
||||
$_SESSION["needs_auth"]=false;
|
||||
$_SESSION["logged_in"]=false;
|
||||
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id FROM users WHERE username = ?";
|
||||
$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token FROM users WHERE username = ?";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||
mysqli_stmt_execute($stmt);
|
||||
@@ -68,8 +68,9 @@ else{
|
||||
$pw=0;
|
||||
$mfa=0;
|
||||
$passkey=0;
|
||||
$user_token="";
|
||||
if(mysqli_stmt_num_rows($stmt) == 1){
|
||||
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id);
|
||||
mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
$_SESSION["pw_required"] = $pw;
|
||||
$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
|
||||
@@ -78,6 +79,7 @@ else{
|
||||
$_SESSION["passkey_required"] = $passkey;
|
||||
$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
|
||||
$_SESSION["id"]=$user_id;
|
||||
$_SESSION["user_token"]=$user_token;
|
||||
$data=[
|
||||
'message' => 'prepared_start_auth',
|
||||
'redirect' => '/login/'
|
||||
|
||||
@@ -82,10 +82,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// Hash the password / a salt is added automaticly
|
||||
$hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
|
||||
|
||||
//random token which is used to auth users even if they change theyr username
|
||||
$user_token=bin2hex(random_bytes(32));
|
||||
|
||||
// Insert the user into the database
|
||||
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
|
||||
$sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled, user_token) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0,?)";
|
||||
$stmt = mysqli_prepare($conn, $sql);
|
||||
mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
|
||||
mysqli_stmt_bind_param($stmt, 'ssssss', $username, $email, $hashedPassword, $telegram_id, $pepper,$user_token);
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
|
||||
@@ -10,8 +10,8 @@
|
||||
include "assets/components.php";
|
||||
session_start();
|
||||
$_SESSION["end_url"]=$_GET["send_to"];
|
||||
if (isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] === true) {
|
||||
header("LOCATION:/login/");
|
||||
if (isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] === true && !isset($_GET["donotsend"])) {
|
||||
header("LOCATION:/login/account_selector.php");
|
||||
exit();
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -62,6 +62,7 @@
|
||||
username VARCHAR(255) NOT NULL UNIQUE,
|
||||
public_key TEXT DEFAULT '',
|
||||
credential_id VARBINARY(255),
|
||||
user_token VARCHAR(128),
|
||||
counter INT DEFAULT 0,
|
||||
2fa VARCHAR(255),
|
||||
email VARCHAR(255),
|
||||
|
||||
46
app-code/login/account_selector.php
Normal file
46
app-code/login/account_selector.php
Normal file
@@ -0,0 +1,46 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" data-bs-theme="dark">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Jakach Login</title>
|
||||
<?php
|
||||
include "../assets/components.php";
|
||||
session_start();
|
||||
?>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container mt-5">
|
||||
<div class="row justify-content-center">
|
||||
<div class="col-md-6 col-lg-4">
|
||||
<!-- Card for the form -->
|
||||
<div class="card shadow">
|
||||
<div class="card-body">
|
||||
<h4 class="card-title text-center mb-4">Jakach Login</h4>
|
||||
<!-- Form -->
|
||||
<form id="twofaForm">
|
||||
<!-- Submit Button -->
|
||||
<div class="d-grid gap-2">
|
||||
<!-- Login Button -->
|
||||
<a href="/login/" class="btn btn-primary btn-lg" id="continueLink">Continue as <?php echo($_SESSION["username"]); ?></a>
|
||||
<a class="btn btn-outline-primary btn-lg" href="/?donotsend&send_to=<?php echo($_SESSION["end_url"]); ?>">Use another account</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
// Listen for the 'Enter' key press on the document
|
||||
document.addEventListener("keydown", function(event) {
|
||||
if (event.key === "Enter") {
|
||||
// If Enter is pressed, click the link with id 'continueLink'
|
||||
document.getElementById("continueLink").click();
|
||||
}
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -35,6 +35,7 @@ if (isset($data['status'])) {
|
||||
$_SESSION["id"] = $data["id"];
|
||||
$_SESSION["email"] = $data["email"];
|
||||
$_SESSION["telegram_id"] = $data["telegram_id"];
|
||||
$_SESSION["user_token"] = $data["user_token"];
|
||||
|
||||
// Return a success response
|
||||
echo json_encode(['status' => 'success', 'msg' => 'logged in']);
|
||||
|
||||
@@ -1,3 +1,6 @@
|
||||
<?php
|
||||
session_start();
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" data-bs-theme="dark">
|
||||
<head>
|
||||
@@ -131,7 +134,12 @@
|
||||
showModalMessage('Success', 'Registration successful!');
|
||||
// Redirect to a different page if needed after closing the modal
|
||||
setTimeout(() => {
|
||||
window.location.href = '/?send_to=/account/';
|
||||
<?php
|
||||
if(empty($_SESSION["end_url"]))
|
||||
echo("window.location.href = '/?send_to=/account/';");
|
||||
else
|
||||
echo("window.location.href = '/?send_to=".$_SESSION["end_url"]."';");
|
||||
?>
|
||||
}, 2000);
|
||||
} else {
|
||||
showModalMessage('Error', result.message || 'Registration failed!');
|
||||
|
||||
Reference in New Issue
Block a user