Merge branch 'master' into 'dev'

Master See merge request !11

Merge branch 'master' into 'dev'
dbbdc4a7 · Sibidharan · 81ff01a4 · a4797f9e · dbbdc4a7 · dbbdc4a7
Commit dbbdc4a7 authored 2 years ago by Sibidharan
--- a/_templates/_head.php
+++ b/_templates/_head.php
@@ -8,7 +8,22 @@

    <!-- Bootstrap core CSS -->
    <link href="<?=get_config('base_path')?>assets/dist/css/bootstrap.min.css" rel="stylesheet">
-    <title>Photogram by LAHTP</title>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
+    <script>
+    // Initialize the agent at application startup.
+    const fpPromise = import('https://openfpcdn.io/fingerprintjs/v3')
+        .then(FingerprintJS => FingerprintJS.load())
+
+    // Get the visitor identifier when you need it.
+    fpPromise
+        .then(fp => fp.get())
+        .then(result => {
+        // This is the visitor identifier:
+        const visitorId = result.visitorId
+        console.log(visitorId)
+        $('#fingerprint').val(visitorId);
+        })
+    </script>
    <? if (file_exists($_SERVER['DOCUMENT_ROOT'] .get_config('base_path').'css/' . basename($_SERVER['PHP_SELF'], ".php") . ".css")) { ?>
        <link href="<?=get_config('base_path')?>css/<?= basename($_SERVER['PHP_SELF'], ".php") ?>.css" rel="stylesheet">
    <? } ?>

--- a/_templates/_login.php
+++ b/_templates/_login.php
@@ -23,6 +23,7 @@ if ($result) {
    <form method="post" action="login.php">
        <img class="mb-4" src="https://git.selfmade.ninja/uploads/-/system/appearance/logo/1/Logo_Dark.png" alt=""
            height="50">
+        <input name="fingerprint" type="hidden" id="fingerprint" value="">
        <h1 class="h3 mb-3 fw-normal">Please sign in</h1>

        <div class="form-floating">

--- a/libs/includes/UserSession.class.php
+++ b/libs/includes/UserSession.class.php
@@ -15,11 +15,13 @@ class UserSession
            $conn = Database::getConnection();
            $ip = $_SERVER['REMOTE_ADDR'];
            $agent = $_SERVER['HTTP_USER_AGENT'];
+            $fingerprint = $_POST['fingerprint'];
            $token = md5(rand(0, 9999999) . $ip . $agent . time());
-            $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`)
-            VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1')";
+            $sql = "INSERT INTO `session` (`uid`, `token`, `login_time`, `ip`, `user_agent`, `active`, `fingerprint`)
+            VALUES ('$user->id', '$token', now(), '$ip', '$agent', '1', '$fingerprint')";
            if ($conn->query($sql)) {
                Session::set('session_token', $token);
+                Session::set('fingerprint');
                return $token;
            } else {
                return false;
@@ -46,7 +48,9 @@ class UserSession
                if ($session->isValid() and $session->isActive()) {
                    if ($_SERVER['REMOTE_ADDR'] == $session->getIP()) {
                        if ($_SERVER['HTTP_USER_AGENT'] == $session->getUserAgent()) {
-                            return true;
+                            if ($session->getFingerprint() == $_SESSION['fingerprint']){
+                                return true;
+                            } else throw new Exception("FingerPrint doesn't match");
                        } else throw new Exception("User agent does't match");
                    } else throw new Exception("IP does't match");
                } else {
@@ -123,6 +127,12 @@ class UserSession
        }
    }

+    public function getFingerprint(){
+        if (isset($this->data['fingerprint'])) {
+            return $this->data['fingerprint'] ? true : false;
+        }
+    }
+
    //This function remove current session
    public function removeSession()
    {