Big Update Added Services and Admin

controllers/authenticate.php

@@ -0,0 +1,70 @@
+<?php
+
+use Nickyeoman\Validation;
+$v = new Nickyeoman\Validation\Validate();
+
+$url_success = '/novaconium/dashboard';
+$url_fail = '/novaconium/login';
+
+
+// Don't go  further if already logged in
+if ( !empty($session->get('username')) ) {
+    $redirect->url($url_success);
+    makeitso();
+}
+
+// Make sure Session Token is correct
+if ($session->get('token') != $post->get('token')) {
+    $messages->addMessage('error', "Invalid Session.");
+    $log->error("Login Authentication - Invalid Session Token");
+}
+
+// Handle Username
+$rawUsername = $post->get('username', null);
+$cleanUsername = $v->clean($rawUsername); // Clean the input
+$username = strtolower($cleanUsername); // Convert to lowercase
+if (!$username) {
+    $messages->addMessage('error', "No Username given.");
+} 
+
+// Handle Password
+$password = $v->clean($post->get('password', null));
+if ( empty($password) ) {
+    $messages->addMessage('error', "Password Empty.");
+}
+
+/*************************************************************************************************************
+ * Query Database
+ ************************************************************************************************************/
+
+if ($messages->count('error') === 0) {
+    $query = "SELECT id, username, email, password, blocked FROM users WHERE username = ? OR email = ?";
+    $matched = $db->getRow($query, [$username, $username]);  
+    if (empty($matched)) {
+        $messages->addMessage('error', "User or Password incorrect.");
+        $log->warning("Login Authentication - Login Error, user doesn't exist");
+    }    
+}
+
+if ($messages->count('error') === 0) {
+    // Re-apply pepper
+    $peppered = hash_hmac('sha3-512', $password, $config['secure_key']);
+
+    // Verify hashed password
+    if (!password_verify($peppered, $matched['password'])) {
+        $messages->addMessage('error', "User or Password incorrect.");
+        $log->warning("Login Authentication - Login Error, password wrong");
+    }
+}
+
+// Process Login or Redirect
+if ($messages->count('error') === 0) {
+    $query = "SELECT groupName FROM user_groups WHERE user_id = ?";
+    $groups = $db->getRow($query, [$matched['id']]);
+    $session->set('username', $cleanUsername);
+    $session->set('group', $groups['groupName']);
+    $redirect->url($url_success);
+    $log->info("Login Authentication - Login Success);
+} else {
+    $redirect->url($url_fail);
+}

controllers/create_admin.php

@@ -0,0 +1,58 @@
+<?php
+
+use Nickyeoman\Validation;
+
+$validate = new Validation\Validate();
+$valid = true;
+$p = $post->all();
+
+// Check secure key
+if (empty($p['secure_key']) || $p['secure_key'] !== $config['secure_key']) {
+    $valid = false;
+}
+
+// Username
+$name = $validate->clean($p['username']);
+if (!$validate->minLength($name, 1)) {
+    $valid = false;
+}
+
+// Email
+if (empty($p['email'])) {
+    $valid = false;
+} elseif (!$validate->isEmail($p['email'])) {
+    $valid = false;
+}
+
+// Password
+if (empty($p['password'])) {
+    $valid = false;
+} else {
+    // Use pepper + Argon2id
+    $peppered = hash_hmac('sha3-512', $p['password'], $config['secure_key']);
+    $hashed_password = password_hash($peppered, PASSWORD_ARGON2ID);
+}
+
+if ($valid) {
+    // Insert user
+    $query = <<<EOSQL
+    INSERT INTO `users`
+        (`username`, `password`, `email`, `validate`, `confirmationToken`, `reset`, `created`, `updated`, `confirmed`, `blocked`) 
+    VALUES 
+        (?, ?, ?, NULL, NULL, NULL, NOW(), NOW(), 1, 0);
+EOSQL;
+
+    $params = [$name, $hashed_password, $p['email']];
+    $db->query($query, $params);
+    $userid = $db->lastid();
+
+    // Assign admin group
+    $groupInsertQuery = <<<EOSQL
+    INSERT INTO `user_groups` (`user_id`, `groupName`) VALUES (?, ?);
+EOSQL;
+
+    $db->query($groupInsertQuery, [$userid, 'admin']);
+}
+
+// Always redirect at end
+$redirect->url('/novaconium');

controllers/dashboard.php

@@ -0,0 +1,10 @@
+<?php
+$data['title'] = 'Novaconium Dashboard Page';
+
+if ( empty($session->get('username'))) {
+    $redirect->url('/novaconium/login');
+    $messages->error('You are not loggedin');
+    makeitso();
+}
+
+view('@novacore/dashboard', $data);

controllers/init.php

@@ -0,0 +1,128 @@
+<?php
+
+$data = [
+    'secure_key' => false,
+    'gen_key' => NULL,
+    'users_created' => false,
+    'empty_users' => false,
+    'show_login' => false,
+    'token' => $session->get('token'),
+    'title' => 'Novaconium Admin'
+];
+
+// Check if SECURE KEY is Set in 
+if ($config['secure_key'] !== null && strlen($config['secure_key']) === 64) {
+    $data['secure_key'] = true;
+} else {
+    $data['gen_key'] = substr(bin2hex(random_bytes(32)), 0, 64);
+    $log->warn('secure_key not detected');
+}
+
+// Check if user table exists
+$query = <<<EOSQL
+SELECT TABLE_NAME
+FROM information_schema.tables
+WHERE table_schema = DATABASE()
+  AND TABLE_NAME = 'users';
+EOSQL;
+$result = $db->query($query);
+
+if ($result->num_rows === 0) {
+    $query = <<<EOSQL
+    CREATE TABLE `users` (
+        `id` int(11) NOT NULL AUTO_INCREMENT,
+        `username` varchar(30) NOT NULL,
+        `password` varchar(255) NOT NULL,
+        `email` varchar(255) NOT NULL,
+        `validate` varchar(32) DEFAULT NULL,
+        `confirmationToken` varchar(255) DEFAULT NULL,
+        `reset` varchar(32) DEFAULT NULL,
+        `created` datetime NOT NULL,
+        `updated` datetime DEFAULT NULL,
+        `confirmed` tinyint(1) NOT NULL DEFAULT 0,
+        `blocked` tinyint(1) NOT NULL DEFAULT 0,
+        PRIMARY KEY (`id`)
+    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
+EOSQL;
+
+    $db->query($query);
+    $data['users_created'] = true;
+    $log->info('Users Table Created');
+
+}
+
+// Check Usergroup
+$query = <<<EOSQL
+SELECT TABLE_NAME
+FROM information_schema.tables
+WHERE table_schema = DATABASE()
+  AND TABLE_NAME = 'user_groups';
+EOSQL;
+$result = $db->query($query);
+
+if ($result->num_rows === 0) {
+    $query = <<<EOSQL
+        CREATE TABLE `user_groups` (
+            `id` INT(11) NOT NULL AUTO_INCREMENT,
+            `user_id` INT(11) UNSIGNED NOT NULL,
+            `groupName` VARCHAR(40) NOT NULL,
+            PRIMARY KEY (`id`)
+        ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+EOSQL;
+
+
+    $db->query($query);
+    $log->info('User_groups Table Created');
+
+}
+
+// Check Pages Table
+$query = <<<EOSQL
+SELECT TABLE_NAME
+FROM information_schema.tables
+WHERE table_schema = DATABASE()
+  AND TABLE_NAME = 'pages';
+EOSQL;
+$result = $db->query($query);
+
+if ($result->num_rows === 0) {
+    $query = <<<EOSQL
+    CREATE TABLE `pages` (
+        `id` int(11) NOT NULL,
+        `title` varchar(255) NOT NULL,
+        `heading` varchar(255) NOT NULL,
+        `description` varchar(255) NOT NULL,
+        `keywords` varchar(255) NOT NULL,
+        `author` varchar(255) NOT NULL,
+        `slug` varchar(255) NOT NULL,
+        `path` varchar(255) DEFAULT NULL,
+        `intro` text DEFAULT NULL,
+        `body` text DEFAULT NULL,
+        `notes` text DEFAULT NULL,
+        `created` datetime NOT NULL,
+        `updated` datetime DEFAULT NULL,
+        `draft` tinyint(1) NOT NULL DEFAULT 1,
+        `changefreq` varchar(7) NOT NULL DEFAULT 'monthly',
+        `priority` float(4,1) NOT NULL DEFAULT 0.0
+        ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
+EOSQL;
+
+    $db->query($query);
+    $log->info('Pages Table Created');
+
+}
+
+// Check if a user exists
+$result = $db->query("SELECT COUNT(*) as total FROM users");
+$row = $result->fetch_assoc();
+
+if ($row['total'] < 1) {
+  $data['empty_users'] = true;
+} else {
+    $log->info('Init Run complete, all sql tables exist with a user.');
+    // Everything is working, send them to login page
+    $redirect->url('/novaconium/login');
+    makeitso();
+}
+
+view('@novacore/init', $data);

controllers/login.php

@@ -0,0 +1,9 @@
+<?php
+$data['title'] = 'Novaconium Login Page';
+
+// Don't come here if logged in
+if ($session->get('username')) {
+    $redirect->url('/novaconium/dashboard');
+    makeitso();
+}
+view('@novacore/login');

controllers/logout.php

@@ -0,0 +1,5 @@
+<?php
+$session->kill();
+$log->info("Logout - Logout Success - " . $_SERVER['REMOTE_ADDR']);
+$redirect->url('/');
+makeitso();