2015-04-06 21:23:54 +00:00
|
|
|
<?php
|
|
|
|
/*
|
|
|
|
* Sakura Authentication Page
|
|
|
|
*/
|
|
|
|
|
|
|
|
// Declare Namespace
|
|
|
|
namespace Sakura;
|
|
|
|
|
|
|
|
// Include components
|
|
|
|
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php';
|
|
|
|
|
2015-04-08 17:18:19 +00:00
|
|
|
// Page actions
|
|
|
|
if(
|
|
|
|
isset($_REQUEST['mode']) &&
|
|
|
|
isset($_REQUEST['time']) &&
|
|
|
|
isset($_REQUEST['session'])
|
|
|
|
) {
|
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Continue
|
|
|
|
$continue = true;
|
2015-04-08 17:18:19 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Compare time and session so we know the link isn't forged
|
|
|
|
if($_REQUEST['time'] < time() - 1000) {
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Action failed',
|
|
|
|
'redirect' => '/authenticate',
|
|
|
|
'message' => 'Timestamps differ too much, please try again.'
|
|
|
|
];
|
2015-04-12 13:33:59 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Prevent
|
|
|
|
$continue = false;
|
2015-04-12 13:33:59 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Match session ids for the same reason
|
|
|
|
if($_REQUEST['session'] != session_id()) {
|
|
|
|
|
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Action failed',
|
|
|
|
'redirect' => '/authenticate',
|
|
|
|
'message' => 'Session IDs do not match.'
|
|
|
|
];
|
|
|
|
|
|
|
|
// Prevent
|
|
|
|
$continue = false;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2015-04-18 11:35:16 +00:00
|
|
|
// Login check
|
|
|
|
if(Users::checkLogin()) {
|
|
|
|
|
|
|
|
if($_REQUEST['mode'] != 'logout')
|
|
|
|
$continue = false;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
if($continue) {
|
|
|
|
switch($_REQUEST['mode']) {
|
|
|
|
|
|
|
|
case 'logout':
|
|
|
|
|
|
|
|
// Attempt logout
|
|
|
|
$logout = Users::logout();
|
|
|
|
|
|
|
|
// Add page specific data
|
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Logout',
|
|
|
|
'redirect' => ($logout ? $_REQUEST['redirect'] : '/authenticate'),
|
|
|
|
'message' => $logout ? 'You are now logged out.' : 'Logout failed.'
|
|
|
|
];
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
// Login processing
|
|
|
|
case 'login':
|
|
|
|
|
|
|
|
// Attempt login
|
|
|
|
$login = Users::login($_REQUEST['username'], $_REQUEST['password'], isset($_REQUEST['remember']));
|
|
|
|
|
|
|
|
// Array containing "human understandable" messages
|
|
|
|
$messages = [
|
|
|
|
'USER_NOT_EXIST' => 'The user you tried to log into does not exist.',
|
|
|
|
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
|
|
|
|
'DEACTIVATED' => 'Your account is deactivated.',
|
2015-04-18 18:26:52 +00:00
|
|
|
'NO_LOGIN' => 'Logging into this account is disabled.',
|
2015-04-17 22:51:53 +00:00
|
|
|
'LEGACY_SUCCESS' => 'Login successful! Taking you to the password changing page...',
|
|
|
|
'LOGIN_SUCESS' => 'Login successful!'
|
|
|
|
];
|
|
|
|
|
|
|
|
// Add page specific things
|
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Login',
|
|
|
|
'redirect' => ($login[0] ? $_REQUEST['redirect'] : '/authenticate'),
|
|
|
|
'message' => $messages[$login[1]]
|
|
|
|
];
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
break;
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Registration processing
|
|
|
|
case 'register':
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Add page specific things
|
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Register on Flashii',
|
|
|
|
'redirect' => $_SERVER['PHP_SELF'],
|
|
|
|
'message' => 'what'
|
|
|
|
];
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
break;
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Unforgetting passwords
|
|
|
|
case 'forgotpassword':
|
2015-04-08 19:27:51 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
// Add page specific things
|
|
|
|
$renderData['page'] = [
|
|
|
|
'title' => 'Forgot Password',
|
|
|
|
'redirect' => $_SERVER['PHP_SELF'],
|
|
|
|
'message' => 'what'
|
|
|
|
];
|
2015-04-08 17:18:19 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
break;
|
2015-04-08 17:18:19 +00:00
|
|
|
|
2015-04-17 22:51:53 +00:00
|
|
|
}
|
2015-04-08 17:18:19 +00:00
|
|
|
}
|
|
|
|
|
2015-04-12 13:33:59 +00:00
|
|
|
// Print page contents or if the AJAX request is set only display the render data
|
|
|
|
print isset($_REQUEST['ajax']) ?
|
|
|
|
(
|
|
|
|
$renderData['page']['title']
|
|
|
|
. ':'
|
|
|
|
. $renderData['page']['message']
|
|
|
|
. ':'
|
|
|
|
. $renderData['page']['redirect']
|
|
|
|
) :
|
|
|
|
Templates::render('errors/information.tpl', $renderData);
|
2015-04-08 19:27:51 +00:00
|
|
|
exit;
|
|
|
|
|
2015-04-08 17:18:19 +00:00
|
|
|
}
|
|
|
|
|
2015-04-06 21:23:54 +00:00
|
|
|
// Add page specific things
|
|
|
|
$renderData['page'] = [
|
2015-04-08 17:18:19 +00:00
|
|
|
'title' => 'Login to Flashii'
|
2015-04-06 21:23:54 +00:00
|
|
|
];
|
|
|
|
$renderData['auth'] = [
|
|
|
|
'redirect' => (
|
|
|
|
isset($_REQUEST['chat']) ?
|
|
|
|
Configuration::getLocalConfig('urls', 'chat') :
|
|
|
|
(
|
|
|
|
isset($_SERVER['HTTP_REFERER']) ?
|
|
|
|
$_SERVER['HTTP_REFERER'] :
|
|
|
|
Configuration::getLocalConfig('urls', 'main')
|
|
|
|
)
|
|
|
|
),
|
|
|
|
'blockRegister' => [
|
2015-04-18 18:26:52 +00:00
|
|
|
'do' => false
|
2015-04-06 21:23:54 +00:00
|
|
|
]
|
|
|
|
];
|
|
|
|
|
2015-04-18 18:26:52 +00:00
|
|
|
// Check if a user has already registered from the current IP address
|
|
|
|
if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
|
|
|
|
|
|
|
|
$renderData['auth']['blockRegister'] = [
|
|
|
|
'do' => true,
|
|
|
|
'username' => $regUserIP[array_rand($regUserIP)]['username']
|
|
|
|
];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2015-04-06 21:23:54 +00:00
|
|
|
// Print page contents
|
2015-04-06 21:57:17 +00:00
|
|
|
print Templates::render('main/authenticate.tpl', $renderData);
|