mirror
/
adsb-receiver
kopia lustrzana https://github.com/jprochazka/adsb-receiver
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Web admin login and password change added.

pull/67/head
Joe Prochazka 2016-01-15 16:42:13 -05:00
rodzic 58f3546c82
commit fd14a859c7
9 zmienionych plików z 377 dodań i 0 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

72
build/portal/html/admin/account.php 100644
Wyświetl plik

@ -0,0 +1,72 @@
<?php
session_start();
echo "Authenticated: ".$_SESSION['authenticated'].'<br />';
echo "Login: ".$_SESSION['login'].'<br />';
echo "First Login: ".$_SESSION['firstLogin'].'<br />';
// Load the require PHP classes.
require_once('classes/common.class.php');
require_once('classes/account.class.php');
$common = new common();
$account = new account();
// Check if the user is logged in.
if (!$account->isAuthenticated()) {
// The user is not logged in so forward them to the login page.
header ("Location: login.php?origin=".urlencode('account.php'));
}
if ($common->postBack()) {
echo "POSTBACK!";
// Check that the user supplied a password matching the one currently stored in administrators.xml.
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
// Check that the supplied passwords match.
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
echo "AUTHENTICATED!";
// Change the password stored in administrators.xml related to this users login.
$account->changePassword($_SESSION['login'], $_POST['password1']);
// Since the password has changed we will log the user out to clear older session variables.
$account->logout();
}
}
require_once('includes/header.include.php');
/////////////////////
// BEGIN HTML BODY //
?>
<div>You must change your current password before continuing.</div>
<div>The password for this account has been changed successfully.</div>
<div>You must supply the correct current password for this account.</div>
<div>The passwords supplied for the new password did not match.</div>
<form method="post" action="account.php">
<div>
<label for="password">Current Password:</label>
<input type="password" name="password">
</div>
<div>
<label for="password1">New Password:</label>
<input type="password" name="password1">
</div>
<div>
<label for="password2">Confirm Password:</label>
<input type="password" name="password2">
</div>
<input type="submit" value="Change Password">
</form>
<?php
// END HTML BODY //
///////////////////
require_once('includes/footer.include.php');
?>

97
build/portal/html/admin/classes/account.class.php 100644
Wyświetl plik

@ -0,0 +1,97 @@
<?php
class account {
/////////////////////////////////////////////////////////
// Check if the administrator is authenticated or not.
function isAuthenticated() {
// Check if the remeber me cookie is set and if so set sessions variables using the stored values.
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && isset($_COOKIE['firstLogin']) && $_COOKIE['authenticated']) {
$_SESSION['authenticated'] = TRUE;
$_SESSION['login'] = $_COOKIE['login'];
$_SESSION['firstLogin'] = $_COOKIE['firstLogin'];
} else {
// Unset any cookies pertaining to user authentication since something is wrong or missing.
unset($_COOKIE["authenticated"]);
unset($_COOKIE["login"]);
unset($_COOKIE["firstLogin"]);
}
// Make sure that the session variable Authenticated is set to TRUE and that the session Login variable is set.
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && isset($_SESSION['firstLogin']) && $_SESSION['authenticated']) {
if ($_SESSION['firstLogin'] && basename($_SERVER['PHP_SELF']) != "account.php") {
header ("Location: account.php");
}
return TRUE;
}
return FALSE;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Authenticate an administrator by comparing their supplied login and password with the ones stored in administrators.xml.
function authenticate($login, $password, $remember = FALSE, $forward = TRUE, $origin = NULL) {
$common = new common();
// Get all the administrators from the administrators.xml file.
$administrators = simplexml_load_file("../data/administrators.xml") or die("Error: Cannot create administrators object");
foreach ($administrators as $administrator) {
// If or when we get to a matching login compare the supplied password to the one stored inadministrators.xml.
if ($administrator->login == $login) {
if (password_verify($password, $administrator->password)) {
// Set the session variable Authenticated to TRUE and assign the variable Login the supplied login.
$_SESSION['authenticated'] = TRUE;
$_SESSION['login'] = $login;
$_SESSION['firstLogin'] = $common->stringToBoolean($administrator->firstLogin);
// If the user wishes to be remembered set a cookie containg the authenticated and login variables.
if ($remember) {
setcookie("authenticated", TRUE, time() + (10 * 365 * 24 * 60 * 60));
setcookie("login", $login, time() + (10 * 365 * 24 * 60 * 60));
setcookie("firstLogin", $common->stringToBoolean($administrator->firstLogin), time() + (10 * 365 * 24 * 60 * 60));
}
// Forward the user if the $forward variable is set to TRUE.
if ($forward) {
if (isset($origin)) {
// Redirect the authenticated visitor to their original destination.
header ("Location: ".urldecode($origin));
} else {
// Redirect the user to the administration homepage.
header ("Location: index.php");
}
}
return TRUE;
}
}
}
// If things got this far authentication failed.
return FALSE;
}
//////////////////////////////////////////////////////////////////////////////////////////////////
// Logs the user out by deleting current session varialbes related to administrative functions.
function logout() {
// Unset any session variables pertaining to user authentication.
unset($_SESSION['authenticated']);
unset($_SESSION['login']);
unset($_SESSION['firstLogin']);
// Unset any cookies pertaining to user authentication.
unset($_COOKIE["authenticated"]);
unset($_COOKIE["login"]);
unset($_COOKIE["firstLogin"]);
// Redirect the user to the main homepage.
header ("Location: login.php");
}
////////////////////////////////////////////////////////////////////////////////////////////
// Change a password stored for an existing administrator in the file administrators.xml.
function changePassword($login, $password) {
$administrators = simplexml_load_file("../data/administrators.xml") or die("Error: Cannot create administrators object");
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
$administrator->password = password_hash($password, PASSWORD_DEFAULT);
$administrator->firstLogin = "FALSE";
}
file_put_contents("../data/administrators.xml", $administrators->asXML());
}
}
?>

32
build/portal/html/admin/classes/common.class.php 100644
Wyświetl plik

@ -0,0 +1,32 @@
<?php
class common {
////////////////////////////////////////
// Check if page load is a post back.
function postBack() {
if (empty($_SERVER['HTTP_REFERER'])) {
return FALSE;
}
$methodUsed = strtoupper($_SERVER['REQUEST_METHOD']);
$referer = strtolower(basename($_SERVER['HTTP_REFERER']));
$thisScript = strtolower(basename($_SERVER['SCRIPT_NAME']));
if ($methodUsed == 'POST' && $referer == $thisScript) {
return TRUE;
}
return FALSE;
}
/////////////////////////////////////
// Return a boolean from a string.
function stringToBoolean($value) {
switch(strtoupper($value)) {
case 'TRUE': return TRUE;
case 'FALSE': return FALSE;
default: return NULL;
}
}
}
?>

4
build/portal/html/admin/includes/footer.include.php 100644
Wyświetl plik

@ -0,0 +1,4 @@
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.4.min.js"></script>
<script type="text/javascript" src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
</body>
</html>

9
build/portal/html/admin/includes/header.include.php 100644
Wyświetl plik

@ -0,0 +1,9 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />
</head>
<body>

32
build/portal/html/admin/index.php 100644
Wyświetl plik

@ -0,0 +1,32 @@
<?php
session_start();
// Load the require PHP classes.
require_once('classes/common.class.php');
require_once('classes/account.class.php');
$common = new common();
$account = new account();
// Check if the user is logged in.
if (!$account->isAuthenticated()) {
// The user is not logged in so forward them to the login page.
header ("Location: login.php");
}
echo "Authenticated: ".$_SESSION['authenticated'].'<br />';
echo "Login: ".$_SESSION['login'].'<br />';
echo "First Login: ".$_SESSION['firstLogin'].'<br />';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
index.php
</body>
</html>

86
build/portal/html/admin/login.php 100644
Wyświetl plik

@ -0,0 +1,86 @@
<?php
///////////////////////////////
// Default Login Information //
///////////////////////////////
// Login: admin //
// Password: adsbfeeder //
///////////////////////////////
session_start();
// Load the require PHP classes.
require_once('classes/common.class.php');
require_once('classes/account.class.php');
$common = new common();
$account = new account();
// Check if the user is already logged in.
if ($account->isAuthenticated()) {
if (isset($_REQUEST['origin'])) {
// Redirect the authenticated visitor to their original destination.
header ("Location: ".urldecode($_REQUEST['origin']));
} else {
// Redirect the user to the administration homepage.
header ("Location: index.php");
}
}
if ($common->postBack()) {
// Try to authenticate the user using the credentials supplied.
$remember = (isset($_POST['remember']) ? TRUE : FALSE);
$origin = (isset($_REQUEST['origin']) ? $_REQUEST['origin'] : NULL);
$authenticated = $account->authenticate($_POST['login'], $_POST['password'], $remember, TRUE, $origin);
}
/////////////////////
// BEGIN HTML BODY //
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css" />
<link rel="stylesheet" href="../assets/css/admin.login.css" />
</head>
<body>
<div class="container">
<?php
// If authentication failed display the following error message.
if ($common->postBack() && !$authenticated) {
?>
<div>The supplied login and/or password did not match.</div>
<?php
}
?>
<form class="form-signin" method="post" action="login.php">
<h2 class="form-signin-heading">ADS-B Feeder Login</h2>
<div>
<label for="login" class="sr-only">Login</label>
<input type="text" id="login" name="login" class="form-control" placeholder="Login" required autofocus>
</div>
<div>
<label for="password" class="sr-only">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="Password" required autofocus>
</div>
<div class="checkbox">
<label>
<input type="checkbox" name="remember" value="TRUE"> Remember me
</label>
</div>
<input type="submit" value="Login" class="btn btn-lg btn-primary btn-block">
</form>
</div>
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.4.min.js"></script>
<script type="text/javascript" src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
</body>
</html>
<?php
// END HTML BODY //
///////////////////
?>

38
build/portal/html/assets/css/admin.login.css 100644
Wyświetl plik

@ -0,0 +1,38 @@
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}
.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading, .form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="email"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}

7
build/portal/html/data/administrators.xml 100644
Wyświetl plik

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <administrators>
<administrator>
<login>admin</login>
<password>$2y$10$uDSOA6NhbgmtMAiNp.QAROD/PG6RUQE/m0xp6fRgo5/TBkMWxReBq</password>
<firstLogin>TRUE</firstLogin>
</administrator>
</administrators>