Skip to content
Snippets Groups Projects
Commit 5441fc8d authored by V Harish Ragavendher's avatar V Harish Ragavendher
Browse files

Merge branch 'push' into 'master' 

MVC part 2 changes have been implemented mainly with sessions

See merge request !9
parents 57eca90c 077da2c0
Branches master
No related tags found
1 merge request!9MVC part 2 changes have been implemented mainly with sessions
Pipeline #3900 passed
Stage: deploy
Hide whitespace changes
Inline Side-by-side
Showing
with 126 additions and 83 deletions
htdocs/__templates/__header.php
+ 5
1
View file @ 5441fc8d
......@@ -14,7 +14,11 @@
<ul class="list-unstyled">
<li><a href="#" class="text-white">Follow on Twitter</a></li>
<li><a href="#" class="text-white">Like on Facebook</a></li>
<li><a href="#" class="text-white">Email me</a></li>
<?if(sessions::isAuthenticated()) {?>
<li><a href="/?logout" class="text-white">Log out</a></li>
<?} else {?>
<li><a href="/login.php" class="text-white">Log in</a></li>
<?}?>
</ul>
</div>
</div>
......
htdocs/__templates/index/__login.php
+ 2
2
View file @ 5441fc8d
......@@ -4,8 +4,8 @@
<h1 class="fw-light">Make Your Moments Beautiful</h1>
<p class="lead text-muted">We took an oauth preserve your memories with unique snaps and you...?</p>
<p>
<a href="#" class="btn btn-Warning my-2">Login</a>
<a href="#" class="btn btn-Info my-2">Register</a>
<a href="/login.php" class="btn btn-Warning my-2">Login</a>
<a href="/signup.php" class="btn btn-Info my-2">Register</a>
</p>
</div>
</div>
......
htdocs/__templates/login.php
+ 2
1
View file @ 5441fc8d
<?php
$login = false;
if(isset($_POST['password']) and isset($_POST['Username'])) {
echo $_POST['fingerprint'];
// echo $_POST['fingerprint'];
$password = $_POST['password'];
$user = $_POST['Username'];
$result = userSession::Authenticate($user, $password);
......@@ -12,6 +12,7 @@ if($login) {
if($result) {?>
<script>
window.location.href = "<?=get_config('base_path')?>"
/* just a simple rerdirection via javascript */
</script>
<?php } else {?>
<div class="my-5">
......
htdocs/index.php
+ 14
1
View file @ 5441fc8d
......@@ -2,4 +2,17 @@
include 'libs/load.php';
// as we already said only including load makes our task easier
sessions::renderPage();
if (isset($_GET['logout'])) {
if(sessions::isset('session_token')) {
$session = new userSession(sessions::get('session_token'));
if($session->remove()) {
echo "<h3>previous session has been removed from the DB</h3>";
} else {
echo "<h3>previous session have not been removed from the DB</h3>";
}
}sessions::destroy();
header("Location: /");
die();
} else {
sessions::renderPage();
}
htdocs/libs/includes/sessions.class.php
+ 22
0
View file @ 5441fc8d
......@@ -3,6 +3,8 @@
class sessions
{
public static $isError = false;
public static $userSession = null;
public static $user = null;
public static function start()
{
session_start();
......@@ -60,9 +62,29 @@ class sessions
{
return basename($_SERVER['SCRIPT_NAME'], '.php');
}
public static function getUser()
{
return sessions::$user;
}
public static function getUsersession()
{
return sessions::$userSession;
}
public static function isAuthenticated()
{
TODO://incase of error replace isValid() with isActive
if(is_object(sessions::getUsersession())) {
return sessions::getUsersession()->isValid();
} else {
return false;
}
}
public static function ensureLogin()
{
if(!sessions::isAuthenticated()) {
header("Location: /login.php");
}
die();
}
}
htdocs/libs/includes/user.class.php
+ 5
5
View file @ 5441fc8d
......@@ -33,7 +33,6 @@ class user
'cost' => 9
];
$pass = password_hash($pass, PASSWORD_DEFAULT, $options);
$sql = "INSERT INTO `user_data` (`Username`, `Email`, `Password`, `phone`,`blocked`,`active`)
VALUES ('$user', '$email', '$pass', '$phone','0','1')";
$result = false;
......@@ -54,7 +53,7 @@ class user
// $pass=password_verify($pass);
$sql = "SELECT*FROM user_data WHERE Username='$user'";
print($sql);
// echo $sql;
$result = $conn->query($sql);
if($result->num_rows === 1) {
$row = $result->fetch_assoc();
......@@ -81,9 +80,9 @@ class user
$this->id = $row['ID'];
// return $this->id;
// print_r($row['ID']);
} else {
throw new Exception("invalid username");
}
} //else {
// throw new Exception("invalid username");
// }
}
private function _set_data($variable, $data)
......@@ -91,6 +90,7 @@ class user
if(!$this->conn) {
$this->conn = database::getconnetion();
}
TODO:/* They have replaced user_personal with users if needed that change has to be done*/
$sql = "UPDATE user_personal SET $variable ='$data[0]' WHERE ID ='$this->id' " ;
if($this->conn->query($sql)) {
return true;
......
htdocs/libs/includes/userSession.class.php
+ 53
72
View file @ 5441fc8d
......@@ -9,27 +9,19 @@ class userSession
public static function Authenticate($user, $pass)
{
// if ($fingerprint == null) {
//
// if($fingerprint == null) {
// throw new Exception("Fingerprint is empty");
// }
// }
$username = user::login($user, $pass);
$user = new user($username);
if ($username) {
$conn = database::getconnetion();
$useragent = $_SERVER['HTTP_USER_AGENT'];
// print_r($useragent."<br>\n");
$ip = $_SERVER['REMOTE_ADDR'];
$fingerprint = $_POST['fingerprint'];
//print_r($ip."<br>\n");
$token = md5(rand(0, 9999999999) . time() . $ip . $useragent);
$sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `user_agent`, `ip`,`fingerprint`, `active`)
VALUES ('$user->id','$token', now(), '$useragent', '$ip','$fingerprint','1')";
if($conn->query($sql)) {
sessions::set('session_token', $token);
sessions::set('visitor_id', $fingerprint);
sessions::set('fingerprint', $fingerprint);
return $token;
} else {
return false;
......@@ -41,47 +33,33 @@ class userSession
}
public function authorize($token)
public static function authorize($token)
{
$conn = database::getconnetion();
$user_sess = new userSession($token);
if(isset($user_sess)) {
if($user_sess->isValid($token) and $user_sess->isActive($token)) {
if($user_sess->getIp() == $_SERVER['REMOTE_ADDR'] and $user_sess->getUserAgent() == $_SERVER['HTTP_USER_AGENT']) {
if($user_sess->getFingerprint() == $_COOKIE['fingerprint']) {//error sort this out....IMP
print($_COOKIE['fingerprint']);
$user_sess->getUser();
return $user_sess;
return true;
} else {
throw new Exception("fingerprint doesnt match");
try {
if(isset($_SERVER['REMOTE_ADDR']) and isset($_SERVER['HTTP_USER_AGENT'])) {
if($user_sess->isValid() and $user_sess->isActive()) {
if($user_sess->getIp() == $_SERVER['REMOTE_ADDR']) {
if($user_sess->getUserAgent() == $_SERVER['HTTP_USER_AGENT']) {
if($user_sess->getFingerprint() == $_SESSION['fingerprint']) {
$user_sess->getUser();
sessions::$user = $user_sess->getUser();
return $user_sess;
} else {
throw new Exception("fingerprint doesn't match");
}
}
}
//sessions::set('session_validity', true);
} else {
throw new exception("Ip or user agent doesn't match please try to login again");
sessions::set('useragent_ip', true);
throw new Exception("useragent and Ip are null");
}
} else {
//sessions::set('session_validity', false);
//sessions::set('is_loggedin', false);
$user_sess->deactivate($token);
throw new exception("session seems invalid please login again to activate your session");
sessions::set('token_deact', true);
}
} elseif($_GET['logout']) {
// $user_sess->deactivate($token);
$user_sess->remove($token);
sessions::destroy();
print("logged out sucessfully");
} else {
return false;
throw new Exception("no session found unidentified login");
} catch (Exception $e) {
throw new Exception("something went wrong");
}
}
public function __construct($token)
{
$this->conn = database::getconnetion();
......@@ -93,7 +71,7 @@ class userSession
if($result->num_rows === 1) {
$row = $result->fetch_assoc();
$this->data = $row;
$this->uid = $row['uid'];
$this->uid = $row['uid'];//updating from database
} else {
throw new Exception("invalid Session");
}
......@@ -104,33 +82,39 @@ class userSession
return new user($this->uid);
}
public function isValid($token)
public function isValid()
{
$time = $this->data['login_time']; //CAUTION: change if error throws up......
$sec = strtotime($time);
$end_time = $sec + 3600;
if($sec < $end_time) {
return true;
if(isset($this->data['login_time'])) {
$time = date_create_from_format("Y-m-d H:i:s", $this->data['login_time']);
if(time() - $time->getTimestamp() < 3600) {
//it check the current time with the login time is less than 3600
return true;
} else {
return false;
}
} else {
throw new Exception("session validity expired please log again");
return false;
throw new Exception("login time cannot be found");
}
}
public function getIp()
{
return $this->data['ip'];//since we have stored the queried row in in $this->data we could use it
return isset($this->data['ip']) ? $this->data["ip"] : false;
//since we have stored the queried row in in $this->data we could use it
}
public function getUserAgent()
{
return $this->data['user_agent'];//since we have stored the queried row in in $this->data we could use it
return isset($this->data['user_agent']) ? $this->data['user_agent'] : false;
//since we have stored the queried row in in $this->data we could use it
}
public function deactivate($token)
public function deactivate()
{
$sql = "UPDATE `session` SET `active`= '0' WHERE `token` = '$token'";
if(!$this->conn) {
database::getconnetion();
}
$sql = "UPDATE `session` SET `active`= '0' WHERE `uid` = '$this->uid'";
if($this->conn->query($sql)) {
return true;
} else {
......@@ -138,10 +122,9 @@ class userSession
}
}
public function activate($token)
public function activate()
{
$sql = "UPDATE `session` SET `active`= '1' WHERE `token` = '$token'";
//
$sql = "UPDATE `session` SET `active`= '1' WHERE `uid` = '$this->uid'";
if($this->conn->query($sql)) {
return true;
} else {
......@@ -149,30 +132,28 @@ class userSession
}
}
public function isActive($token)
public function isActive()
{
// $sql = "SELECT*FROM `session` WHERE `token`='$token'";
// $result = $this->conn->query($sql);
// if($result->num_rows === 1) {
// $row = $result->fetch_assoc();
// if($row === 1)
if($this->data['active']) {
if(isset($this->data['active'])) {
return true;
} else {
// throw new Exception("activity status negative");
return false;
}
}
//}
public function remove($token)
public function remove()
{
$sql = "DELETE*FROM `session` WHERE `token`=$token";
if(isset($this->data['id'])) {
$id = $this->data['id'];
}
if(!$this->conn) {
database::getconnetion();
}
$sql = "DELETE FROM `session` WHERE `id`='$id'";
if($this->conn->query($sql)) {
return true;
} else {
// throw new Exception("error on deleting the session");
return false;
}
......
htdocs/libs/includes/webApi.class.php
+ 13
1
View file @ 5441fc8d
......@@ -22,9 +22,21 @@ class webAPI
}
/* intitateSession
1. starts the session
2. authorizes the session token stored in sessions
3. stores the authorized session into a new session variable for later access*/
public function initiateSession()
{
sessions::start();
if (sessions::isset('session_token')) {
try {
/* Authorizing users session and storing it in a static variable */
sessions::$userSession = userSession::authorize(sessions::get('session_token'));
} catch (Exception $e) {
TODO://make changes in the exception
}
}
}
}
htdocs/login.php
+ 5
0
View file @ 5441fc8d
<?php
include 'libs/load.php';
if (sessions::isAuthenticated()) {
//page will not be redirected if something echoed before the redirection
header("Location:/");
die();//die() will stop the page from being rendered (i.e) sessions::renderpage()
}
sessions::renderPage();
htdocs/signup.php
+ 5
0
View file @ 5441fc8d
<?php
include 'libs/load.php';
if (sessions::isAuthenticated()) {
//page will not be redirected if something echoed before the redirection
header("Location:/");
die();//die() will stop the page from being rendered (i.e) sessions::renderpage()
}
sessions::renderPage();
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment