71 lines
2.3 KiB
PHP
71 lines
2.3 KiB
PHP
<?php
|
|
|
|
use Nickyeoman\Validation;
|
|
$v = new Nickyeoman\Validation\Validate();
|
|
|
|
$url_success = '/novaconium/dashboard';
|
|
$url_fail = '/novaconium/login';
|
|
|
|
|
|
// Don't go further if already logged in
|
|
if ( !empty($session->get('username')) ) {
|
|
$redirect->url($url_success);
|
|
makeitso();
|
|
}
|
|
|
|
// Make sure Session Token is correct
|
|
if ($session->get('token') != $post->get('token')) {
|
|
$messages->addMessage('error', "Invalid Session.");
|
|
$log->error("Login Authentication - Invalid Session Token");
|
|
}
|
|
|
|
// Handle Username
|
|
$rawUsername = $post->get('username', null);
|
|
$cleanUsername = $v->clean($rawUsername); // Clean the input
|
|
$username = strtolower($cleanUsername); // Convert to lowercase
|
|
if (!$username) {
|
|
$messages->addMessage('error', "No Username given.");
|
|
}
|
|
|
|
// Handle Password
|
|
$password = $v->clean($post->get('password', null));
|
|
if ( empty($password) ) {
|
|
$messages->addMessage('error', "Password Empty.");
|
|
}
|
|
|
|
/*************************************************************************************************************
|
|
* Query Database
|
|
************************************************************************************************************/
|
|
|
|
if ($messages->count('error') === 0) {
|
|
$query = "SELECT id, username, email, password, blocked FROM users WHERE username = ? OR email = ?";
|
|
$matched = $db->getRow($query, [$username, $username]);
|
|
if (empty($matched)) {
|
|
$messages->addMessage('error', "User or Password incorrect.");
|
|
$log->warning("Login Authentication - Login Error, user doesn't exist");
|
|
}
|
|
}
|
|
|
|
if ($messages->count('error') === 0) {
|
|
// Re-apply pepper
|
|
$peppered = hash_hmac('sha3-512', $password, $config['secure_key']);
|
|
|
|
// Verify hashed password
|
|
if (!password_verify($peppered, $matched['password'])) {
|
|
$messages->addMessage('error', "User or Password incorrect.");
|
|
$log->warning("Login Authentication - Login Error, password wrong");
|
|
}
|
|
}
|
|
|
|
// Process Login or Redirect
|
|
if ($messages->count('error') === 0) {
|
|
$query = "SELECT groupName FROM user_groups WHERE user_id = ?";
|
|
$groups = $db->getRow($query, [$matched['id']]);
|
|
$session->set('username', $cleanUsername);
|
|
$session->set('group', $groups['groupName']);
|
|
$redirect->url($url_success);
|
|
$log->info("Login Authentication - Login Success");
|
|
} else {
|
|
$redirect->url($url_fail);
|
|
}
|