add auth

app/api/apiclient.php

@@ -13,15 +13,34 @@ function api_client_kuri($hash){
 }
 
 
+function api_login($login, $password){
+
+    $sqlogin = "SELECT `client_id`, `clientpassword` FROM `clients` WHERE `clientmail` = '$login' LIMIT 1";
+    $client = dbl_get($sqlogin);
+
+    if (!isset($client['clientpassword']))
+        return ['error'=>'пользователь не найден'];
+
+    if ($client['clientpassword'] == '')
+        return ['error'=>'необходимо получить ссылку для доступа'];    
+
+    if (!password_verify($password, $client['clientpassword'])) 
+        return ['error' => 'неверный пароль'];
+
+    return ['data' => $client];    
+
+}
+
+
 function clientbuys_kuri($client_id, $page = 1){
 
     $sql_sub = "SELECT number_id FROM anbuy WHERE client_id = '$client_id'  AND `number_id` = 486 LIMIT 1";
     $findsub =  db_get($sql_sub);
 
     
-  // if (isset($findsub['number_id'])) {// есть поп
-  //      return clients_arch($page);
-  //  }    
+   if (isset($findsub['number_id'])) {// есть поп
+        return clients_arch($page);
+    }    
 
    $limit  = 25;
    $countsql = "SELECT DISTINCT COUNT(buy_id) as count FROM `anbuy` WHERE `client_id` = $client_id AND `buy_status` = '1' LIMIT 1";
@@ -54,7 +73,10 @@ function clientbuys_kuri($client_id, $page = 1){
 
 
 
-function client_find_email($email){
+function client_find_email($mail){
+
+    if (!filter_var($mail, FILTER_VALIDATE_EMAIL))
+        return ['error' => 'некорректный email'];
 
     $pwd_query = "SELECT * FROM `clients` WHERE `clientmail` = '$mail' LIMIT 1";
     $client = db_get($pwd_query);
@@ -62,37 +84,82 @@ function client_find_email($email){
     if (isset($client['client_id']))
         return $client;
     else
-        return false;    
+        return ['error' => 'client not found'];   
 
 }
 
-function client_add_password($mail, $pwd, $pwd2){
-    
-    $maxlen = 5;
+function client_find_hash($hash){
 
-    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
-        return 'некорректный email';
 
-    $find = client_find_email($email);
-    if ($find)
-        return 'email не найден';
-   
-    if ($pwd == ''){
+    $pwd_query = "SELECT * FROM `clients` WHERE `clienthash` = '$hash' LIMIT 1";
+    $client = db_get($pwd_query);
+
+    if (isset($client['client_id']))
+        return $client;
+    else
+        return ['error' => 'client not found'];   
+
+}
+
+
+function client_find_id($id) {
+
+    $id_query = "SELECT * FROM `clients` WHERE `client_id` = '$id' LIMIT 1";
+    $client = db_get($id_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];    
+    }
+
+    return ['result' => $client];
+
+}
+
+
+function client_check_auth($login, $pwd){
+        
+    $check_query = "SELECT * FROM `clients` WHERE `client_id` = '$login' LIMIT 1";
+
+    $client = dbl_get($check_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];
+    }
+
+    $hash_pwd = md5($login.$client['clientpassword']);
+
+    if ($pwd == $hash_pwd){
+        return ['data' => $client];
+    }
+    else {
+       return ['error' => 'invalid hash'];
+    }   
+        
+}
+
+
+function client_add_password($client_id, $password, $confirm, $minlen = 5){
+
+
+    if ($password == ''){
         return 'пароль не задан';
     }    
     
-    if (strlen($pwd) < $maxlen) {
+    if (strlen($password) < $minlen) {
         return  "пароль должен быть не менее $maxlen символов";
     }
 
-    if ($pwd == $pwd2){
+    if ($password !== $confirm){
         return "пароли не совпадают";
     }
 
-    $clientpassword = password_hash($pwd);  
-    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `clientmail` = '$mail'";
+    $clientpassword = password_hash($password, PASSWORD_DEFAULT);  
+    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `client_id` = '$client_id'";
+
+   
+    $result =  db_get($sqlupdate, 'chitatel');
+  
 
-    dbl_get($sqlupdate);
 
     return True;
 

app/confg.php

@@ -1,7 +1,7 @@
 <?php
 
-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
+ini_set('display_errors', 0);
+ini_set('display_startup_errors', 0);
 
 
 if (isset($_SERVER['HTTP_HOST']))
@@ -30,5 +30,5 @@ define('IMGSRV', 'https://imgurl.argumenti.ru/');
 
 db_config('argumentiru', 'mysql:host=mysql;dbname=argumentiru', 'newser', 'Chjk90yuiREY');
 db_config('reader', 'mysql:host=mysql;dbname=argumentiru', 'reader', 'ghjyjkUIOhg56Fh');
-db_config('writer', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio');
+db_config('chitatel', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio');
 

app/pub/css/an.css

@@ -118,6 +118,26 @@ h1 {
     position:relative;
 }
 
+#container_form{
+    width:450px;
+    height: 500px;
+    background-color: rgba(24, 33, 52, 0.7);
+    margin: 250px auto 0 auto;
+    text-align: center;
+    box-shadow: 0 -5px 0 #3adbfd;
+   }
+
+
+input[type="text"],input[type="password"], input[type="email"]{
+    width: 300px;
+    height:50px;
+    font-size: 18px;
+    margin-bottom: 25px;
+    border-radius: 4px;
+    padding-left: 10px;
+}    
+
+
 @media screen and (max-width: 560px) {
     #brand_title, #page_title {
         font-size: .8em;

app/routes/anpdf.php

@@ -189,14 +189,12 @@ function promo_kuri($hash, $page = 1, $promo = true){
    }
    
 
-    
+
    $tempcontent = VIEWPATH.'anpdf2.phtml'; //подшаблон
    include VIEWPATH.'layout.phtml'; //центральный шаблон
 
 
 
-
-
 }
 
 

app/routes/auth.php

@@ -1,26 +1,132 @@
 <?php
 
-function login(){
+function login_kuri(){
+
+
+    if (isset($_POST['username']) and isset($_POST['password'])){
+        $result = api_login($_POST['username'], $_POST['password']);
+
+        if (isset($result['error'])){
+            $error = $result['error'];
+        }
+
+
+        if (isset($result['data'])) {
+            
+            add_user_cookie($result['data']['client_id'], $result['data']['clientpassword']);
+            header('Location: '.SITE.'mybooks');
+        }    
+                 
+    }
+
+    $tempcontent =  VIEWPATH.'login.phtml';
+    include VIEWPATH.'layout_lite.phtml'; 
+
+    return true;
+
+}
+
+
+function out_kuri(){
+
+    unset($_COOKIE['user']); 
+    setcookie('user', null, -1); 
+
+    unset($_COOKIE['pwd']); 
+    setcookie('pwd', null, -1);   
+
+    header('Location: '.SITE.'login');
+
+
+}
+
+
+function add_user_cookie($user, $pwd){
+
+    $timeout = time()+(60*60*24*30);
+
+  //  ini_set ("session.use_trans_sid", true);
+   // session_start();
+
+    setcookie ("user", $user, $timeout, '/', $_SERVER['HTTP_HOST']);
+    setcookie ("pwd", md5($user.$pwd), $timeout, '/', $_SERVER['HTTP_HOST']);   
 
 }
 
 
 
-function resetpwd_kuri($mail){
-
-    $url = "/resetpwd/$mail";
+function check_login_kuri(){
+ //ini_set ("session.use_trans_sid", true);
+    //session_start(); 
     
-    if (isset($_POST['submit'])){
-        $result = client_add_password($mail, $_POST['pass'], $_POST['pass2']);
-        if ($result){
-            echo 'пароль установлен';
-        }    
+    $client = client_check_auth($_COOKIE['user'], $_COOKIE['pwd']);
+    
+    if (!isset($client['data'])){
+      return  $client;
     }
+    else {
+        return $client['data'];
+    }
+
+
+     
+    //$_SESSION['id'] = $row['id'];   //записываем в сессию id пользователя     
+
+
+}
+
+
+function redirect_login(){
+    header('Location: '.SITE.'login');
+    exit;
+}
+
+
+
+
+
+
+// if(password_verify($_POST["password"],$hashed_password))
+
+function resetpwd_kuri($hash){
+
+    $url = "/resetpwd/$hash";
+    $minlen = 5;
+    $viewform = true;
+
+    $client = client_find_hash($hash);
+
+    if (isset($client['error'])) {
+        $error = $client['error'];
+        $viewform = False;
         
+    }  
+    else if ($client['clientpassword'] !== ''){
+        $error = 'Пароль уже был изменен';
+        $viewform = False;
+    }
+
+    if (isset($_POST['reset-submit'])){ //пришла форма 
+       
+        $result = client_add_password($client['client_id'], $_POST['new-password'], $_POST['confirm-password'], $minlen);
+        if ($result){
+            add_user_cookie($client['client_id'], $_POST['new-password']);
+            $linklab  = SITE.'mybooks';
+            $viewform = False;
+        }  
+        else {
+            $error = $result['error'];
+        }  
+
+    }
+       
+   
+
+    $tempcontent =  VIEWPATH.'reset.phtml';
+    include VIEWPATH.'layout_lite.phtml'; //центральный шаблон
 
     
    
-    include VIEWPATH.'reset.phtml';
 
 
 }

app/routes/client.php

@@ -80,11 +80,18 @@ function addcard($id, $date) {
 }
 
 
-function mybooks_kuri($clienthash, $page = 1){
+function mybooks_kuri($page = 1){
 
+    $login = check_login_kuri();
+
+    if (!isset($login['data']['clienthash'])){
+     //  header('Location: '.SITE.'login');
+      //  exit;
+    }
+    
     $limit = 25;
-    $client = api_client_kuri($clienthash);
-    $baseurl = SITE."mybooks/$clienthash/";
+    $client = api_client_kuri($login['data']['clienthash']);
+    $baseurl = SITE."mybooks/";
 
     if (!$client) {
         echo 'Пользователь не найден';

app/views/blocks/auth.phtml

@@ -0,0 +1,9 @@
+<?$checklogin = check_login_kuri()?>
+<div id="auth">
+    <?if ($checklogin == 'error'):?>
+        <a href="login">Войти</a>      
+    <?else:?>
+        <a href="mybooks">Моя библиотека</a> / 
+        <a href="out">Выйти</a>
+    <?endif?>
+</div>    

app/views/layout.phtml

@@ -3,7 +3,7 @@
   <title>Еженедельник Аргументы Недели - <?=$title?></title>
   <script src="/pub/scripts/pdf.min.js"></script>
   <script src="/pub/scripts/anviewer.js?ver=43"></script>
-  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37">
+  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=39">
   <link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <link rel="stylesheet" href="/pub/fontawesome/css/all.css">
@@ -55,6 +55,7 @@ _tmr.push({id: "1069168", type: "pageView", start: (new Date()).getTime()});
 <h1>
     <a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a> → <a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
 </h1>
+<?include('blocks/auth.phtml')?>
 <div class="adv">
 <!-- Yandex.RTB R-A-50615-61 -->
 <div id="yandex_rtb_R-A-50615-61"></div>

app/views/layout_lite.phtml

@@ -0,0 +1,27 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Еженедельник Аргументы Недели - <?=$title?></title>
+  <script src="/pub/scripts/pdf.min.js"></script>
+  <script src="/pub/scripts/anviewer.js?ver=43"></script>
+  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37">
+  <link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link rel="stylesheet" href="/pub/fontawesome/css/all.css">
+  <link rel="stylesheet" href="/pub/fontawesome/css/v4-shims.css">
+</head>
+<body>  
+
+
+
+<h1>
+    <a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a> → <a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
+</h1>
+
+    
+<?if (isset($tempcontent))
+    include($tempcontent);
+?>
+
+</body>
+</html> 

app/views/login.phtml

@@ -0,0 +1,14 @@
+<div id="container_form">
+
+<form method="POST" action="login">
+    <p><label for="username">Вход в личный кабинет</label></p>
+    <p><input name="username" type="email" autocomplete="on" placeholder="Введите электронную почту"/></p>
+    <p><input name="password" type="password" minlength="5" autocomplete="current-password" placeholder="Введите пароль"></p>
+    <p><input type="submit" value="ВОЙТИ"></p>    
+</form>
+
+<?if (isset($error)):?>
+    <div id="error" style="color: red;"><?=$error?></div>
+<?endif?>
+
+</div>

app/views/reset.phtml

@@ -1,10 +1,18 @@
-<form method="POST" action="<?=$url?>">
-    <p>Придумайте пароль не менее 5 символов</p>
-    <p>Пароль:<input name="pass" type="password" required></p>
-    <p>Повторить:<input name="pass2" type="password" required></p>
-    <input name="submit" type="submit" value="Сохранить пароль">
-</form>
+<?if ($viewform):?>
 
-<?if (isset($result)):?>
-    <div id="error" style="color: red;"><?=$result?></div>
-<?endif?>
+    <form method="POST" action="<?=$url?>">
+        <p><label for="new-password">Придумайте пароль не менее 5 символов и повторите его для подтверждения:</label></p>
+        <p><input name="new-password" id="new-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Введите пароль" required /></p>
+        <p><input name="confirm-password" id="confirm-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Повторите пароль" required /></pdf>
+        <p><input name="reset-submit" type="submit" value="Сохранить пароль"></p>
+    </form>
+
+<?endif?>
+
+<?if (isset($error)):?>
+    <div id="error" style="color: red;"><?=$error?></div>
+<?endif?>
+
+<?if (isset($linklab)):?>
+    <div id="info">Сохраните пароль в вашем браузере, чтобы каждый раз не вводить его вручную.<br>Ваша библиотека доступна по адресу <a href="<?=$linklab?>"><?=$linklab?></a></div>
+<?endif?>