Big Update Added Services and Admin
This commit is contained in:
70
controllers/authenticate.php
Normal file
70
controllers/authenticate.php
Normal file
@@ -0,0 +1,70 @@
|
||||
<?php
|
||||
|
||||
use Nickyeoman\Validation;
|
||||
$v = new Nickyeoman\Validation\Validate();
|
||||
|
||||
$url_success = '/novaconium/dashboard';
|
||||
$url_fail = '/novaconium/login';
|
||||
|
||||
|
||||
// Don't go further if already logged in
|
||||
if ( !empty($session->get('username')) ) {
|
||||
$redirect->url($url_success);
|
||||
makeitso();
|
||||
}
|
||||
|
||||
// Make sure Session Token is correct
|
||||
if ($session->get('token') != $post->get('token')) {
|
||||
$messages->addMessage('error', "Invalid Session.");
|
||||
$log->error("Login Authentication - Invalid Session Token");
|
||||
}
|
||||
|
||||
// Handle Username
|
||||
$rawUsername = $post->get('username', null);
|
||||
$cleanUsername = $v->clean($rawUsername); // Clean the input
|
||||
$username = strtolower($cleanUsername); // Convert to lowercase
|
||||
if (!$username) {
|
||||
$messages->addMessage('error', "No Username given.");
|
||||
}
|
||||
|
||||
// Handle Password
|
||||
$password = $v->clean($post->get('password', null));
|
||||
if ( empty($password) ) {
|
||||
$messages->addMessage('error', "Password Empty.");
|
||||
}
|
||||
|
||||
/*************************************************************************************************************
|
||||
* Query Database
|
||||
************************************************************************************************************/
|
||||
|
||||
if ($messages->count('error') === 0) {
|
||||
$query = "SELECT id, username, email, password, blocked FROM users WHERE username = ? OR email = ?";
|
||||
$matched = $db->getRow($query, [$username, $username]);
|
||||
if (empty($matched)) {
|
||||
$messages->addMessage('error', "User or Password incorrect.");
|
||||
$log->warning("Login Authentication - Login Error, user doesn't exist");
|
||||
}
|
||||
}
|
||||
|
||||
if ($messages->count('error') === 0) {
|
||||
// Re-apply pepper
|
||||
$peppered = hash_hmac('sha3-512', $password, $config['secure_key']);
|
||||
|
||||
// Verify hashed password
|
||||
if (!password_verify($peppered, $matched['password'])) {
|
||||
$messages->addMessage('error', "User or Password incorrect.");
|
||||
$log->warning("Login Authentication - Login Error, password wrong");
|
||||
}
|
||||
}
|
||||
|
||||
// Process Login or Redirect
|
||||
if ($messages->count('error') === 0) {
|
||||
$query = "SELECT groupName FROM user_groups WHERE user_id = ?";
|
||||
$groups = $db->getRow($query, [$matched['id']]);
|
||||
$session->set('username', $cleanUsername);
|
||||
$session->set('group', $groups['groupName']);
|
||||
$redirect->url($url_success);
|
||||
$log->info("Login Authentication - Login Success);
|
||||
} else {
|
||||
$redirect->url($url_fail);
|
||||
}
|
||||
Reference in New Issue
Block a user