flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Auth is almost complete

Browse source
This commit is contained in:
flash 2015-04-24 19:31:09 +00:00
parent 3229dc1108
commit c70c7e058a
7 changed files with 73 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
_sakura/components/Users.php
View file

@ -77,6 +77,10 @@ class Users {
// Log a user in
public static function login($username, $password, $remember = false) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Check if the user that's trying to log in actually exists
if(!$uid = self::userExists($username, false))
return [0, 'USER_NOT_EXIST'];
@ -145,6 +149,10 @@ class Users {
// Register user
public static function register($username, $password, $confirmpass, $email, $tos, $captcha = null, $regkey = null) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Check if registration is even enabled
if(Configuration::getConfig('disable_registration'))
return [0, 'DISABLED'];
@ -182,18 +190,6 @@ class Users {
if(strlen($username) > 16)
return [0, 'NAME_TOO_LONG'];
// Password too short
if(strlen($password) < 8)
return [0, 'PASS_TOO_SHORT'];
// Password too long
if(strlen($password) > 256)
return [0, 'PASS_TOO_LONG'];
// Passwords do not match
if($password != $confirmpass)
return [0, 'PASS_NOT_MATCH'];
// Check if the given email address is formatted properly
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
return [0, 'INVALID_EMAIL'];
@ -202,6 +198,14 @@ class Users {
if(!Main::checkMXRecord($email))
return [0, 'INVALID_MX'];
// Check password entropy
if(Main::pwdEntropy($password) < Configuration::getConfig('min_entropy'))
return [0, 'PASS_TOO_SHIT'];
// Passwords do not match
if($password != $confirmpass)
return [0, 'PASS_NOT_MATCH'];
// Set a few variables
$usernameClean = Main::cleanString($username, true);
$emailClean = Main::cleanString($email, true);
@ -257,6 +261,10 @@ class Users {
// Check if a user exists and then resend the activation e-mail
public static function resendActivationMail($username, $email) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Clean username string
$usernameClean = Main::cleanString($username, true);
$emailClean = Main::cleanString($email, true);

3
_sakura/sakura.php
View file

@ -8,7 +8,7 @@
namespace Sakura;
// Define Sakura version
define('SAKURA_VERSION', '20150421');
define('SAKURA_VERSION', '20150424');
// Define Sakura Path
define('ROOT', str_replace(basename(__DIR__), '', dirname(__FILE__)));
@ -60,6 +60,7 @@ $renderData = array(
'recaptcha_enable' => Configuration::getConfig('recaptcha'),
'resources' => '//'. Configuration::getLocalConfig('urls')['content'] .'/data/'. strtolower(Templates::$_TPL),
'disableregister' => Configuration::getConfig('disable_registration'),
'lockauth' => Configuration::getConfig('lock_authentication'),
'requireregcodes' => Configuration::getConfig('require_registration_code'),
'requireactiveate' => Configuration::getConfig('require_activation'),
'sitename' => Configuration::getConfig('sitename')

10
_sakura/templates/yuuno/global/header.tpl
View file

@ -17,7 +17,7 @@
<!-- JS -->
<script type="text/javascript" src="{{ sakura.resources }}/js/yuuno.js?s={{ php.time }}"></script>
<script type="text/javascript">
{% if not user.checklogin %}
{% if not user.checklogin and not sakura.lockauth %}
// Setting the shit so clicking the login link doesn't redirect to /login
function initHeaderLoginForm() {
@ -45,7 +45,7 @@
}
{% else %}
{% elseif user.checklogin %}
// Prepare header logout stuff
function initHeaderLoginForm() {
@ -74,7 +74,7 @@
// Login form under header and ajax logout
initHeaderLoginForm();
{% if php.self == '/authenticate.php' %}
{% if php.self == '/authenticate.php' and not sakura.lockauth %}
// AJAX Form Submission
var forms = {
{% if not auth.changingPass %}
@ -132,8 +132,12 @@
<a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a>
{% else %}
{% if sakura.lockauth %}
<div class="menu-item" style="padding-left: 10px; padding-right: 10px;">Authentication is locked</div>
{% else %}
<a class="menu-item" id="headerLoginLink" href="//{{ sakura.urls.main }}/login" title="Login to Flashii">Login</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/register" title="Create an account">Register</a>
{% endif %}
{% endif %}
</div>
<div class="menu-mob">

8
_sakura/templates/yuuno/main/authenticate.tpl
View file

@ -1,4 +1,7 @@
{% include 'global/header.tpl' %}
{% if sakura.lockauth %}
<h1 class="stylised" style="line-height: 1.8em; text-align: center;">Authentication is currently disallowed, try again later.</h1>
{% else %}
<div class="loginPage">
{% if auth.redirect == sakura.urls.chat %}<h1 class="stylised" style="line-height: 1.8em; text-align: center;">You need to be logged in to use the chat.</h1>{% endif %}
<div class="loginCont">
@ -55,7 +58,7 @@
<input class="inputStyling" type="submit" name="submit" value="Request Password" />
</div>
<div class="subLinks centreAlign">
If you lost access to your e-mail address please <a href="/contact" class="default" target="_blank">contact us</a>.
If you lost access to the e-mail address you registered with then there's not much we can do, it's your own responsibility to keep track of it and attaching a working one to your account.
</div>
</form>
</div>
@ -179,7 +182,7 @@
<input class="inputStyling" type="submit" name="submit" value="Request Activation" />
</div>
<div class="subLinks centreAlign">
If you lost access to your e-mail address please <a href="/contact" class="default" target="_blank">contact us</a>.
Read the footnote on the Lost Password form.
</div>
</form>
</div>
@ -187,4 +190,5 @@
</div>
<div class="clear"></div>
</div>
{% endif %}
{% include 'global/footer.tpl' %}

5
_sakura/templates/yuuno/main/index.tpl
View file

@ -11,10 +11,15 @@
</ul>
<div class="clear"></div>
{% else %}
{% if sakura.lockauth %}
<div class="head">Whoops!</div>
You caught the site at the wrong moment! Right now registration <i>and</i> logging in is disabled for unspecified reasons. Sorry for the inconvenience but please try again later!
{% else %}
<div class="head">Welcome!</div>
Welcome to Flashii! This is a site for a bunch of friends to hang out, nothing special. Anyone is pretty much welcome to register so why not have a go?
<a class="button registerbutton" href="/register">Register!</a>
<a class="button loginbutton" href="/login">Login</a>
{% endif %}
{% endif %}
<div class="head">Stats</div>
We have <b>{{ stats.userCount }}</b>,

10
content/status-catch.html Normal file
View file

@ -0,0 +1,10 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Status Catcher</title>
</head>
<body>
This page is here so the status page doesn't give a 403 to the user when checking.
</body>
</html>

25
main/authenticate.php
View file

@ -134,6 +134,7 @@ if(isset($_REQUEST['mode'])) {
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The user you tried to activate does not exist (confirm the username/email combination).',
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
'SUCCESS' => 'The activation e-mail has been sent to the address associated with your account.'
@ -157,6 +158,7 @@ if(isset($_REQUEST['mode'])) {
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The user you tried to log into does not exist.',
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'DEACTIVATED' => 'Your account is deactivated.',
@ -199,6 +201,7 @@ if(isset($_REQUEST['mode'])) {
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'DISABLED' => 'Registration is currently disabled.',
'INVALID_REG_KEY' => 'The given registration code was invalid.',
'TOS' => 'You are required to agree to the Terms of Service.',
@ -206,8 +209,7 @@ if(isset($_REQUEST['mode'])) {
'USER_EXISTS' => 'A user with this username already exists, if you lost your password try using the Lost Password form.',
'NAME_TOO_SHORT' => 'Your name must be at least 3 characters long.',
'NAME_TOO_LONG' => 'Your name can\'t be longer than 16 characters.',
'PASS_TOO_SHORT' => 'Your password is too short, it must be at least 8 characters.',
'PASS_TOO_LONG' => 'A password longer than 256 characters? Seriously?',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'INVALID_EMAIL' => 'Your e-mail address is formatted incorrectly.',
'INVALID_MX' => 'No valid MX-Record found on the e-mail address you supplied.',
@ -301,5 +303,24 @@ if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
}
// Check if the user is already logged in
if(Users::checkLogin()) {
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => (
isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] :
'/'
),
'message' => 'You are already logged in, log out to access this page.'
];
print Templates::render('errors/information.tpl', $renderData);
exit;
}
// Print page contents
print Templates::render('main/authenticate.tpl', $renderData);