adding jakach oauth

2024-12-26 18:32:32 +00:00
parent bea68313b3
commit eca8241cae
5 changed files with 141 additions and 4 deletions
--- a/sys0-code/assets/php/user_page.php
+++ b/sys0-code/assets/php/user_page.php
@@ -119,7 +119,7 @@
 									</div>
 									
 									<div class="card-body">
-										<h5 class="card-title">Passwort zurücksetzen</h5>
+										<h5 class="card-title">Jakach account verknüpfen / Passwort zurücksetzen</h5>
 										<p class="card-text">Hier kannst du dein Passwort ändern</p>
 										<a href="/login/reset-password.php" class="stretched-link"></a>
 									</div>
--- a/sys0-code/install/create_db.php
+++ b/sys0-code/install/create_db.php
@@ -19,6 +19,7 @@ $sql = "CREATE TABLE IF NOT EXISTS users (
 	username VARCHAR(255) NOT NULL,
 	password VARCHAR(255),
 	role VARCHAR(255),
+	user_token VARCHAR(128),
 	created_at DATETIME,
 	keepmeloggedin VARCHAR(255),
 	color VARCHAR(50),
--- a/sys0-code/login/login.php
+++ b/sys0-code/login/login.php
@@ -375,7 +375,12 @@ EOF;
 								<input type="checkbox" class="form-check-input" id="keepmeloggedin" name="keepmeloggedin" value="keepmeloggedin">
 								<label class="form-check-label" for="keepmeloggedin">Angemeldet bleiben</label>
 							</div>
+							<div class="d-flex align-items-center">
 							    <button type="submit" name="submit" class="btn btn-secondary">Login</button>
+							    <p class="mx-3 mb-0">Oder</p>
+							    <a href="https://jakach.duckdns.org:444/?send_to=https://app.ksw3d.ch/login/oauth.php" class="btn btn-secondary">mit Jakach account einloggen</a>
+							</div>
+
 						</form>
 						<div class="text-center mt-3">
 							<button type="button" class="btn btn-link" data-bs-toggle="modal" data-bs-target="#noaccount" id="lnk_1">Noch kein Account? Erstelle einen!</button>
--- a/sys0-code/login/oauth.php
+++ b/sys0-code/login/oauth.php
@@ -0,0 +1,104 @@
+<?php
+// Initialize the session
+session_start();
+//include "/var/www/html/system0/html/php/login/v3/waf/waf_no_anti_xss.php";
+$username = $password = $confirm_password = "";
+$role="user";
+$username_err = $password_err = $confirm_password_err = "";
+$err="";
+// Check if the user is already logged in, if yes then redirect him to welcome page
+if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
+	header("location: /app/overview.php");
+    exit;
+}
+require_once "../config/config.php";
+require_once "../log/log.php";
+require_once "../waf/salt.php";
+require_once "keepmeloggedin.php";
+include "../assets/components.php";
+$error=logmein($link);
+if($error==="success")
+{
+        header("LOCATION: /app/overview.php");
+}
+
+$auth_token = $_GET["auth"];
+
+// Check the auth token against Jakach login API
+$check_url = "https://jakach.duckdns.org:444/api/auth/check_auth_key.php?auth_token=" . $auth_token;
+
+// Initialize cURL
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, $check_url);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+// Execute cURL and get the response
+$response = curl_exec($ch);
+
+// Check for cURL errors
+if(curl_errno($ch)) {
+    die("cURL Error: " . curl_error($ch));
+}
+
+// Close cURL
+curl_close($ch);
+
+// Decode the JSON response
+$data = json_decode($response, true);
+// Check if the response contains a valid status
+if (isset($data['status'])) {
+    if ($data['status'] == "success") {
+        // Successful authentication: login the user
+        $_SESSION["username"] = $data["username"];
+        $_SESSION["id"] = $data["id"];
+        $_SESSION["email"] = $data["email"];
+        $_SESSION["telegram_id"] = $data["telegram_id"];
+        $_SESSION["user_token"] = $data["user_token"];
+	//load user data
+	$sql = "SELECT id, username, password, role, color,banned,banned_reason ,telegram_id,notification_telegram,notification_mail, class_id FROM users WHERE user_token = ?";
+	$stmt = mysqli_prepare($link, $sql);
+	$user_token=$_SESSION["user_token"];
+	mysqli_stmt_bind_param($stmt, "s", $user_token);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_store_result($stmt);
+	if(mysqli_stmt_num_rows($stmt) == 1){
+		$username = $password = "";
+		$username_err = $password_err = $login_err = "";
+		$color="";
+		$banned=0;
+		$banned_reason="";
+		$telegram_id="";
+		$notification_telegram=0;
+		$notification_mail=0;
+		$class_id=0;
+		$id=0;
+		mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $role,$color,$banned,$banned_reason,$telegram_id,$notification_telegram,$notification_mail,$class_id);
+		mysqli_stmt_fetch($stmt);
+		$_SESSION["loggedin"] = true;
+		$_SESSION["id"] = $id;
+		$_SESSION["username"] = $username;
+		$_SESSION["role"] = $role;
+		$_SESSION["token"]=bin2hex(random_bytes(32));
+		$_SESSION["color"]=$color;
+		$_SESSION["creation_token"]= urlencode(bin2hex(random_bytes(24/2)));
+		$_SESSION["telegram_id"]=$telegram_id;
+		$_SESSION["notification_telegram"]=$notification_telegram;
+		$_SESSION["notification_mail"]=$notification_mail;
+		$_SESSION["class_id"]=$class_id;
+		mysqli_stmt_close($stmt);
+		echo("<script>location.href='/app/overview.php';</script>");
+	}else{
+		echo("<div class='alert alert-danger'>Dein System0 Account wurde noch nicht mit deinem Jakach account verknüpft!</div>");
+	}
+        
+        // Return a success response
+    } else {
+        // Authentication failed
+	echo '<div class="alert alert-danger">Invalid auth token</div>';
+    }
+} else {
+    // Invalid response format or missing status
+	echo '<div class="alert alert-danger">Server error</div>';
+}
+
+?>
--- a/sys0-code/login/reset-password.php
+++ b/sys0-code/login/reset-password.php
@@ -15,7 +15,7 @@ $new_password_err = $confirm_password_err = "";
 $old_password="";
 $old_passwort_err="";
 // Processing form data when form is submitted
-if($_SERVER["REQUEST_METHOD"] == "POST"){
+if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["old_password"])){
    $login_err="";
    //first: validate old password
    if(empty(trim($_POST["old_password"]))){
@@ -45,6 +45,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){

                                        // Redirect user to welcome page
                                            $auth=true;
+					$change=true;
                                    } else{
                                        // Password is not valid, display a generic error message
                                        $login_err = "Invalid password.";
@@ -61,7 +62,7 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
                    }
                }
    }
-    if($auth===true)
+    if($auth===true && $change===true)
    {
        //end of old_password validation
        // Validate new password
@@ -115,6 +116,17 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
            }
        }
    }
+
+if(isset($_POST["user_token"])){
+	$sql="update users set user_token = ? where id = ?";
+	$stmt = mysqli_prepare($link, $sql);
+	$user_token=$_POST["user_token"];
+	$id=$_SESSION["id"];
+	mysqli_stmt_bind_param($stmt, "si", $user_token, $id);
+	mysqli_stmt_execute($stmt);
+	mysqli_stmt_close($stmt);
+	$msg="User Token wurde hinzugefügt.";
+}
        // Close connection
        mysqli_close($link);
 ?>
@@ -178,6 +190,21 @@ echo("<div id='content'></div>");?>
 	            echo '<div class="alert alert-danger">' . $login_err . '</div>';
 	        }
 	?>
+	<p>Hier kannst du deinen Jakach-Account verknüpfen, um dich leichter einzuloggen.</p>
+	<p>Du findest dein User-Token in bei deinem Jakach Account (<a href="https://jakach.duckdns.org:444/?send_to=/account/">hier</a>)
+	<div class="m-3">
+            <form action="" method="post">
+              <div class="form-group m-2">
+                <label for="pwd">User Token:</label>
+                <input type="text" class="form-control" id="user_token" name="user_token" required>
+              </div>
+              <button type="submit" name="submit" class="btn btn-dark m-2">Bestätigen</button>
+            </form>
+        </div>
+	<?php
+		if(isset($msg))
+			 echo '<div class="alert alert-success">' . $msg . '</div>';
+	?>
  </div>
 </div>
 <div id="footer"></div>