kopia lustrzana https://github.com/jprochazka/adsb-receiver
Web admin login and password change added.
Joe Prochazka
rodzic
58f3546c82
commit
fd14a859c7
|
|
@ -0,0 +1,72 @@
|
|||
<?php
|
||||
|
||||
session_start();
|
||||
|
||||
echo "Authenticated: ".$_SESSION['authenticated'].'<br />';
|
||||
echo "Login: ".$_SESSION['login'].'<br />';
|
||||
echo "First Login: ".$_SESSION['firstLogin'].'<br />';
|
||||
|
||||
// Load the require PHP classes.
|
||||
require_once('classes/common.class.php');
|
||||
require_once('classes/account.class.php');
|
||||
|
||||
$common = new common();
|
||||
$account = new account();
|
||||
|
||||
// Check if the user is logged in.
|
||||
if (!$account->isAuthenticated()) {
|
||||
// The user is not logged in so forward them to the login page.
|
||||
header ("Location: login.php?origin=".urlencode('account.php'));
|
||||
}
|
||||
|
||||
if ($common->postBack()) {
|
||||
|
||||
echo "POSTBACK!";
|
||||
|
||||
// Check that the user supplied a password matching the one currently stored in administrators.xml.
|
||||
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
|
||||
// Check that the supplied passwords match.
|
||||
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
|
||||
|
||||
echo "AUTHENTICATED!";
|
||||
|
||||
// Change the password stored in administrators.xml related to this users login.
|
||||
$account->changePassword($_SESSION['login'], $_POST['password1']);
|
||||
// Since the password has changed we will log the user out to clear older session variables.
|
||||
$account->logout();
|
||||
}
|
||||
}
|
||||
|
||||
require_once('includes/header.include.php');
|
||||
|
||||
/////////////////////
|
||||
// BEGIN HTML BODY //
|
||||
|
||||
?>
|
||||
<div>You must change your current password before continuing.</div>
|
||||
<div>The password for this account has been changed successfully.</div>
|
||||
<div>You must supply the correct current password for this account.</div>
|
||||
<div>The passwords supplied for the new password did not match.</div>
|
||||
|
||||
<form method="post" action="account.php">
|
||||
<div>
|
||||
<label for="password">Current Password:</label>
|
||||
<input type="password" name="password">
|
||||
</div>
|
||||
<div>
|
||||
<label for="password1">New Password:</label>
|
||||
<input type="password" name="password1">
|
||||
</div>
|
||||
<div>
|
||||
<label for="password2">Confirm Password:</label>
|
||||
<input type="password" name="password2">
|
||||
</div>
|
||||
<input type="submit" value="Change Password">
|
||||
</form>
|
||||
<?php
|
||||
|
||||
// END HTML BODY //
|
||||
///////////////////
|
||||
|
||||
require_once('includes/footer.include.php');
|
||||
?>
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
<?php
|
||||
class account {
|
||||
|
||||
/////////////////////////////////////////////////////////
|
||||
// Check if the administrator is authenticated or not.
|
||||
|
||||
function isAuthenticated() {
|
||||
// Check if the remeber me cookie is set and if so set sessions variables using the stored values.
|
||||
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && isset($_COOKIE['firstLogin']) && $_COOKIE['authenticated']) {
|
||||
$_SESSION['authenticated'] = TRUE;
|
||||
$_SESSION['login'] = $_COOKIE['login'];
|
||||
$_SESSION['firstLogin'] = $_COOKIE['firstLogin'];
|
||||
} else {
|
||||
// Unset any cookies pertaining to user authentication since something is wrong or missing.
|
||||
unset($_COOKIE["authenticated"]);
|
||||
unset($_COOKIE["login"]);
|
||||
unset($_COOKIE["firstLogin"]);
|
||||
}
|
||||
// Make sure that the session variable Authenticated is set to TRUE and that the session Login variable is set.
|
||||
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && isset($_SESSION['firstLogin']) && $_SESSION['authenticated']) {
|
||||
if ($_SESSION['firstLogin'] && basename($_SERVER['PHP_SELF']) != "account.php") {
|
||||
header ("Location: account.php");
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Authenticate an administrator by comparing their supplied login and password with the ones stored in administrators.xml.
|
||||
|
||||
function authenticate($login, $password, $remember = FALSE, $forward = TRUE, $origin = NULL) {
|
||||
$common = new common();
|
||||
// Get all the administrators from the administrators.xml file.
|
||||
$administrators = simplexml_load_file("../data/administrators.xml") or die("Error: Cannot create administrators object");
|
||||
foreach ($administrators as $administrator) {
|
||||
// If or when we get to a matching login compare the supplied password to the one stored inadministrators.xml.
|
||||
if ($administrator->login == $login) {
|
||||
if (password_verify($password, $administrator->password)) {
|
||||
// Set the session variable Authenticated to TRUE and assign the variable Login the supplied login.
|
||||
$_SESSION['authenticated'] = TRUE;
|
||||
$_SESSION['login'] = $login;
|
||||
$_SESSION['firstLogin'] = $common->stringToBoolean($administrator->firstLogin);
|
||||
// If the user wishes to be remembered set a cookie containg the authenticated and login variables.
|
||||
if ($remember) {
|
||||
setcookie("authenticated", TRUE, time() + (10 * 365 * 24 * 60 * 60));
|
||||
setcookie("login", $login, time() + (10 * 365 * 24 * 60 * 60));
|
||||
setcookie("firstLogin", $common->stringToBoolean($administrator->firstLogin), time() + (10 * 365 * 24 * 60 * 60));
|
||||
}
|
||||
// Forward the user if the $forward variable is set to TRUE.
|
||||
if ($forward) {
|
||||
if (isset($origin)) {
|
||||
// Redirect the authenticated visitor to their original destination.
|
||||
header ("Location: ".urldecode($origin));
|
||||
} else {
|
||||
// Redirect the user to the administration homepage.
|
||||
header ("Location: index.php");
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
// If things got this far authentication failed.
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Logs the user out by deleting current session varialbes related to administrative functions.
|
||||
|
||||
function logout() {
|
||||
// Unset any session variables pertaining to user authentication.
|
||||
unset($_SESSION['authenticated']);
|
||||
unset($_SESSION['login']);
|
||||
unset($_SESSION['firstLogin']);
|
||||
// Unset any cookies pertaining to user authentication.
|
||||
unset($_COOKIE["authenticated"]);
|
||||
unset($_COOKIE["login"]);
|
||||
unset($_COOKIE["firstLogin"]);
|
||||
// Redirect the user to the main homepage.
|
||||
header ("Location: login.php");
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Change a password stored for an existing administrator in the file administrators.xml.
|
||||
|
||||
function changePassword($login, $password) {
|
||||
$administrators = simplexml_load_file("../data/administrators.xml") or die("Error: Cannot create administrators object");
|
||||
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
|
||||
$administrator->password = password_hash($password, PASSWORD_DEFAULT);
|
||||
$administrator->firstLogin = "FALSE";
|
||||
}
|
||||
file_put_contents("../data/administrators.xml", $administrators->asXML());
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
class common {
|
||||
|
||||
////////////////////////////////////////
|
||||
// Check if page load is a post back.
|
||||
|
||||
function postBack() {
|
||||
if (empty($_SERVER['HTTP_REFERER'])) {
|
||||
return FALSE;
|
||||
}
|
||||
$methodUsed = strtoupper($_SERVER['REQUEST_METHOD']);
|
||||
$referer = strtolower(basename($_SERVER['HTTP_REFERER']));
|
||||
$thisScript = strtolower(basename($_SERVER['SCRIPT_NAME']));
|
||||
if ($methodUsed == 'POST' && $referer == $thisScript) {
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/////////////////////////////////////
|
||||
// Return a boolean from a string.
|
||||
|
||||
function stringToBoolean($value) {
|
||||
switch(strtoupper($value)) {
|
||||
case 'TRUE': return TRUE;
|
||||
case 'FALSE': return FALSE;
|
||||
default: return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.4.min.js"></script>
|
||||
<script type="text/javascript" src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title></title>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
|
||||
session_start();
|
||||
|
||||
// Load the require PHP classes.
|
||||
require_once('classes/common.class.php');
|
||||
require_once('classes/account.class.php');
|
||||
|
||||
$common = new common();
|
||||
$account = new account();
|
||||
|
||||
// Check if the user is logged in.
|
||||
if (!$account->isAuthenticated()) {
|
||||
// The user is not logged in so forward them to the login page.
|
||||
header ("Location: login.php");
|
||||
}
|
||||
|
||||
echo "Authenticated: ".$_SESSION['authenticated'].'<br />';
|
||||
echo "Login: ".$_SESSION['login'].'<br />';
|
||||
echo "First Login: ".$_SESSION['firstLogin'].'<br />';
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title></title>
|
||||
</head>
|
||||
<body>
|
||||
index.php
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,86 @@
|
|||
<?php
|
||||
|
||||
///////////////////////////////
|
||||
// Default Login Information //
|
||||
///////////////////////////////
|
||||
// Login: admin //
|
||||
// Password: adsbfeeder //
|
||||
///////////////////////////////
|
||||
|
||||
session_start();
|
||||
|
||||
// Load the require PHP classes.
|
||||
require_once('classes/common.class.php');
|
||||
require_once('classes/account.class.php');
|
||||
|
||||
$common = new common();
|
||||
$account = new account();
|
||||
|
||||
// Check if the user is already logged in.
|
||||
if ($account->isAuthenticated()) {
|
||||
if (isset($_REQUEST['origin'])) {
|
||||
// Redirect the authenticated visitor to their original destination.
|
||||
header ("Location: ".urldecode($_REQUEST['origin']));
|
||||
} else {
|
||||
// Redirect the user to the administration homepage.
|
||||
header ("Location: index.php");
|
||||
}
|
||||
}
|
||||
|
||||
if ($common->postBack()) {
|
||||
// Try to authenticate the user using the credentials supplied.
|
||||
$remember = (isset($_POST['remember']) ? TRUE : FALSE);
|
||||
$origin = (isset($_REQUEST['origin']) ? $_REQUEST['origin'] : NULL);
|
||||
$authenticated = $account->authenticate($_POST['login'], $_POST['password'], $remember, TRUE, $origin);
|
||||
}
|
||||
|
||||
/////////////////////
|
||||
// BEGIN HTML BODY //
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title></title>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />
|
||||
<link rel="stylesheet" href="../assets/css/admin.login.css" />
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<?php
|
||||
// If authentication failed display the following error message.
|
||||
if ($common->postBack() && !$authenticated) {
|
||||
?>
|
||||
<div>The supplied login and/or password did not match.</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<form class="form-signin" method="post" action="login.php">
|
||||
<h2 class="form-signin-heading">ADS-B Feeder Login</h2>
|
||||
<div>
|
||||
<label for="login" class="sr-only">Login</label>
|
||||
<input type="text" id="login" name="login" class="form-control" placeholder="Login" required autofocus>
|
||||
</div>
|
||||
<div>
|
||||
<label for="password" class="sr-only">Password</label>
|
||||
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required autofocus>
|
||||
</div>
|
||||
<div class="checkbox">
|
||||
<label>
|
||||
<input type="checkbox" name="remember" value="TRUE"> Remember me
|
||||
</label>
|
||||
</div>
|
||||
<input type="submit" value="Login" class="btn btn-lg btn-primary btn-block">
|
||||
</form>
|
||||
</div>
|
||||
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.4.min.js"></script>
|
||||
<script type="text/javascript" src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
|
||||
// END HTML BODY //
|
||||
///////////////////
|
||||
?>
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
body {
|
||||
padding-top: 40px;
|
||||
padding-bottom: 40px;
|
||||
background-color: #eee;
|
||||
}
|
||||
.form-signin {
|
||||
max-width: 330px;
|
||||
padding: 15px;
|
||||
margin: 0 auto;
|
||||
}
|
||||
.form-signin .form-signin-heading, .form-signin .checkbox {
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
.form-signin .checkbox {
|
||||
font-weight: normal;
|
||||
}
|
||||
.form-signin .form-control {
|
||||
position: relative;
|
||||
height: auto;
|
||||
-webkit-box-sizing: border-box;
|
||||
-moz-box-sizing: border-box;
|
||||
box-sizing: border-box;
|
||||
padding: 10px;
|
||||
font-size: 16px;
|
||||
}
|
||||
.form-signin .form-control:focus {
|
||||
z-index: 2;
|
||||
}
|
||||
.form-signin input[type="email"] {
|
||||
margin-bottom: -1px;
|
||||
border-bottom-right-radius: 0;
|
||||
border-bottom-left-radius: 0;
|
||||
}
|
||||
.form-signin input[type="password"] {
|
||||
margin-bottom: 10px;
|
||||
border-top-left-radius: 0;
|
||||
border-top-right-radius: 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
<?xml version="1.0" encoding="utf-8"?> <administrators>
|
||||
<administrator>
|
||||
<login>admin</login>
|
||||
<password>$2y$10$uDSOA6NhbgmtMAiNp.QAROD/PG6RUQE/m0xp6fRgo5/TBkMWxReBq</password>
|
||||
<firstLogin>TRUE</firstLogin>
|
||||
</administrator>
|
||||
</administrators>
|
||||
Ładowanie…
Reference in New Issue