4lt/novaconium
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 6 Wiki Activity
novaconium/controllers/authenticate.php

71 lines
2.3 KiB
PHP
Raw Permalink Blame History

<?php
use Nickyeoman\Validation;
$v = new Nickyeoman\Validation\Validate();
$url_success = '/novaconium/dashboard';
$url_fail = '/novaconium/login';
// Don't go further if already logged in
if ( !empty($session->get('username')) ) {
$redirect->url($url_success);
makeitso();
}
// Make sure Session Token is correct
if ($session->get('token') != $post->get('token')) {
$messages->addMessage('error', "Invalid Session.");
$log->error("Login Authentication - Invalid Session Token");
}
// Handle Username
$rawUsername = $post->get('username', null);
$cleanUsername = $v->clean($rawUsername); // Clean the input
$username = strtolower($cleanUsername); // Convert to lowercase
if (!$username) {
$messages->addMessage('error', "No Username given.");
}
// Handle Password
$password = $v->clean($post->get('password', null));
if ( empty($password) ) {
$messages->addMessage('error', "Password Empty.");
}
/*************************************************************************************************************
* Query Database
************************************************************************************************************/
if ($messages->count('error') === 0) {
$query = "SELECT id, username, email, password, blocked FROM users WHERE username = ? OR email = ?";
$matched = $db->getRow($query, [$username, $username]);
if (empty($matched)) {
$messages->addMessage('error', "User or Password incorrect.");
$log->warning("Login Authentication - Login Error, user doesn't exist");
}
}
if ($messages->count('error') === 0) {
// Re-apply pepper
$peppered = hash_hmac('sha3-512', $password, $config['secure_key']);
// Verify hashed password
if (!password_verify($peppered, $matched['password'])) {
$messages->addMessage('error', "User or Password incorrect.");
$log->warning("Login Authentication - Login Error, password wrong");
}
}
// Process Login or Redirect
if ($messages->count('error') === 0) {
$query = "SELECT groupName FROM user_groups WHERE user_id = ?";
$groups = $db->getRow($query, [$matched['id']]);
$session->set('username', $cleanUsername);
$session->set('group', $groups['groupName']);
$redirect->url($url_success);
$log->info("Login Authentication - Login Success);
} else {
$redirect->url($url_fail);
}
Reference in New Issue View Git Blame Copy Permalink