Web API added

e9934022 · Logeshwaran Ys · dca9896a · e9934022 · e9934022 · e9934022
Commit e9934022 authored 1 year ago by Logeshwaran Ys
--- a/_templates/_login.php
+++ b/_templates/_login.php
@@ -22,6 +22,7 @@ if ($result) {
 			<input name="password" type="password" class="form-control" id="floatingPassword" placeholder="Password">
 			<label for="floatingPassword">Password</label>
 		</div>
+		<input name="fingerprint" type="hidden" class="form-control" id="fingerprint">

 		<div class="checkbox mb-3">
 			<label>

--- a/libs/includes/Post.class.php
+++ b/libs/includes/Post.class.php
--- a/libs/includes/UserSession.class.php
+++ b/libs/includes/UserSession.class.php
@@ -14,8 +14,8 @@ class UserSession
    public static function authenticate($user, $pass)
    {
        $username = User::login($user, $pass);
-        $user = new User($username);
        if ($username) {
+            $user = new User($username);
            $conn = Database::getConnection();
            $ip = $_SERVER['REMOTE_ADDR'];
            $agent = $_SERVER['HTTP_USER_AGENT'];
@@ -33,9 +33,41 @@ class UserSession
        }
    }

+    /*
+    *Authorize function have 4 levels of checks
+        1.Check that the IP and User agent field is filled
+        2.Check if the session is correct and active
+        3.Check that the current IP is the same as the previous IP
+        4.Check that the current User agent is the same as the previous User agent
+
+        @return true else false
+    */
+
    public static function authorize($token)
    {
-        $sess = new UserSession($token);
+        try {
+            $session = new UserSession($token);
+            if (isset($_SERVER['REMOTE_ADDR']) and isset($_SERVER['HTTP_USER_AGENT'])) {
+                if ($session->isValid() and $session->isActive()) {
+                    if ($_SERVER['REMOTE_ADDR'] == $session->getIP()) {
+                        if ($_SERVER['HTTP_USER_AGENT'] == $session->getUserAgent()) {
+                            return true;
+                        } else {
+                            throw new Exception("User agent dosen't match");
+                        }
+                    } else {
+                        throw new Exception("IP doesn't match");
+                    }
+                } else {
+                    $session->removeSession();
+                    throw new Exception("Invalid session");
+                }
+            } else {
+                throw new Exception("IP and User_agent is null");
+            }
+        } catch(Exception $e) {
+            return false;
+        }
    }

    public function __construct($token)
@@ -44,6 +76,7 @@ class UserSession
        $this->token = $token;
        $this->data = null;
        $sql = "SELECT * FROM `session` WHERE `id`= $token LIMIT 1;";
+        // $sql = "SELECT * FROM `session` WHERE `id`= '$token' LIMIT 1;";
        $result = $this->conn->query($sql);
        if ($result->num_rows) {
            $row = $result->fetch_assoc();
@@ -61,17 +94,59 @@ class UserSession

    public function isValid()
    {
+        if (isset($this->data['login_time'])) {
+            $login_time = DateTime::createFromFormat('Y-m-d H:i:s', $this->data['login_time']);
+            if (3600>time() - $login_time->getTimestamp()) {
+                return true;
+            } else {
+                return false;
+            }
+        } else {
+            throw new Exception("login time is null");
+        }
    }

    public function getIP()
    {
+        return isset($this->data["ip"]) ? $this->data["ip"] : false;
    }

    public function getUserAgent()
    {
+        return isset($this->data["user_agent"]) ? $this->data["user_agent"] : false;
    }

    public function deactivate()
    {
+        if (!$this->conn) {
+            $this->conn = Database::getConnection();
+        }
+        $sql = "UPDATE `session` SET `active` = 0 WHERE `uid`=$this->uid";
+
+        return $this->conn->query($sql) ? true : false;
+    }
+
+    public function isActive()
+    {
+        if (isset($this->data['active'])) {
+            return $this->data['active'] ? true : false;
+        }
+    }
+
+    // This function remove current session
+    public function removeSession()
+    {
+        if (isset($this->data['id'])) {
+            $id = $this->data['id'];
+            if (!$this->conn) {
+                $this->conn = Database::getConnection();
+            }
+            $sql = "DELETE FROM `session` WHERE `id` = $id;";
+            if ($this->conn->query($sql)) {
+                return true;
+            } else {
+                return false;
+            }
+        }
    }
 }
--- a/libs/includes/WebAPI.class.php
+++ b/libs/includes/WebAPI.class.php
+<?php
+
+class WebAPI
+{
+    public function __construct()
+    {
+        if (php_sapi_name() == "cli") {
+            global $__site_config;
+            $__site_config_path = "/home/Logeshwaran/photogramconfig.json";
+            $__site_config = file_get_contents($__site_config_path);
+        //print($__site_config);
+        } elseif (php_sapi_name() == "apache2handler") {
+            global $__site_config;
+            $__site_config_path = dirname(is_link($_SERVER['DOCUMENT_ROOT']) ? readlink($_SERVER['DOCUMENT_ROOT']) : $_SERVER['DOCUMENT_ROOT']).'/photogramconfig.json';
+            $__site_config = file_get_contents($__site_config_path);
+        }
+        Database::getConnection();
+    }
+
+    public function initiateSession()
+    {
+        //Session::start();
+    }
+}
--- a/libs/load.php
+++ b/libs/load.php
@@ -5,13 +5,15 @@ include_once 'includes/Mic.class.php';
 include_once 'includes/User.class.php';
 include_once 'includes/Database.class.php';
 include_once 'includes/UserSession.class.php';
+include_once 'includes/WebAPI.class.php';

 global $__site_config;
 // global $__base_path;
 //Note: Change this path if you run this code outside lab
-$__site_config = file_get_contents($_SERVER['DOCUMENT_ROOT'].'/../photogramconfig.json');
+//$__site_config = file_get_contents($_SERVER['DOCUMENT_ROOT'].'/../photogramconfig.json');
 // $__base_path = get_config('base_path');
-Session::start();
+$wapi = new WebAPI();
+$wapi->initiateSession();

 function get_config($key, $default=null)
 {

--- a/login.php
+++ b/login.php
@@ -9,24 +9,41 @@ include 'libs/load.php';
 <!doctype html>
 <html lang="en">

-<? load_template('_head'); ?>
+<?php load_template('_head'); ?>

 <body>


-  <? load_template('_header'); ?>
+	<?php load_template('_header'); ?>

-  <main>
+	<main>

-    <? load_template('_login'); ?>
+		<?php load_template('_login'); ?>


-  </main>
+	</main>
+	<script src="https://code.jquery.com/jquery-3.6.4.js"
+		integrity="sha256-a9jBBRygX1Bh5lt8GZjXDzyOB+bWve9EiO7tROUtj/E=" crossorigin="anonymous"></script>


+	<script
+		src="<?=get_config('base_path')?>assets/dist/js/bootstrap.bundle.min.js">
+	</script>
+	<script>
+		// Initialize the agent at application startup.
+		const fpPromise = import('https://openfpcdn.io/fingerprintjs/v3')
+			.then(FingerprintJS => FingerprintJS.load())

-  <script src="<?=get_config('base_path')?>assets/dist/js/bootstrap.bundle.min.js"></script>
-
+		// Get the visitor identifier when you need it.
+		fpPromise
+			.then(fp => fp.get())
+			.then(result => {
+				// This is the visitor identifier:
+				const visitorId = result.visitorId;
+				console.log(visitorId);
+				$("#fingerprint").val(visitorId);
+			})
+	</script>

 </body>


--- a/logintest2.php
+++ b/logintest2.php
+<?php
+
+include 'libs/load.php';
+
+$user = 'hellohd';
+
+if (isset($_GET['logout'])) {
+    if (Session::isset("session_token")) {
+        $Session = new UserSession(Session::get("session_token"));
+        if ($Session->removeSession()) {
+            echo "<h3> Previous Session is not removing from db </h3>";
+        } else {
+            echo "<h3> Previous Session not removing from db </h3>";
+        }
+    }
+    Session::destroy();
+    die("Session destroyed, <a href='logintest2.php'>Login Again</a>");
+}
+
+/*
+1. Check if session_token in PHP session is available
+2. If yes, construct UserSession and see if its successfull.
+3. Check if the session is valid one
+4. If valid print "Session Validated"
+5. Else, print "Invalid Session" and ask user to login.
+*/
+
+if (Session::isset("session_token")) {
+    if (UserSession::authorize(Session::get("session_token"))) {
+        echo "<h1>Session Login, WELCOME $user </h1>";
+    } else {
+        Session::destroy();
+        die("<h1>invalid Session, <a href='logintest2.php'>Login Again</a></h1>");
+    }
+} else {
+    $pass = isset($_GET['pass']) ? $_GET['pass'] : '';
+    if (!$pass) {
+        die("<h1>Password is Empty</h1>");
+    }
+    if (UserSession::authenticate($user, $pass)) {
+        echo "<h1>New LOGIN Success, WELCOME $user</h1>";
+    } else {
+        echo "<h1>New Login Failed! $user</h1>";
+    }
+}
+
+echo <<<EOL
+<br><br><a href="logintest2.php?logout">Logout</a>S
+EOL;