delf/anpdf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add auth

Browse Source
This commit is contained in:
Andrey Kuvshinov
2020-05-12 21:15:26 +03:00
parent 603f1fd96f
commit 85fc68c8d1
11 changed files with 306 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
app/api/apiclient.php
View File

@@ -13,15 +13,34 @@ function api_client_kuri($hash){
} }
function api_login($login, $password){
$sqlogin = "SELECT `client_id`, `clientpassword` FROM `clients` WHERE `clientmail` = '$login' LIMIT 1";
$client = dbl_get($sqlogin);
if (!isset($client['clientpassword']))
return ['error'=>'пользователь не найден'];
if ($client['clientpassword'] == '')
return ['error'=>'необходимо получить ссылку для доступа'];
if (!password_verify($password, $client['clientpassword']))
return ['error' => 'неверный пароль'];
return ['data' => $client];
}
function clientbuys_kuri($client_id, $page = 1){ function clientbuys_kuri($client_id, $page = 1){
$sql_sub = "SELECT number_id FROM anbuy WHERE client_id = '$client_id' AND `number_id` = 486 LIMIT 1"; $sql_sub = "SELECT number_id FROM anbuy WHERE client_id = '$client_id' AND `number_id` = 486 LIMIT 1";
$findsub = db_get($sql_sub); $findsub = db_get($sql_sub);
// if (isset($findsub['number_id'])) {// есть поп if (isset($findsub['number_id'])) {// есть поп
// return clients_arch($page); return clients_arch($page);
// } }
$limit = 25; $limit = 25;
$countsql = "SELECT DISTINCT COUNT(buy_id) as count FROM `anbuy` WHERE `client_id` = $client_id AND `buy_status` = '1' LIMIT 1"; $countsql = "SELECT DISTINCT COUNT(buy_id) as count FROM `anbuy` WHERE `client_id` = $client_id AND `buy_status` = '1' LIMIT 1";
@@ -54,7 +73,10 @@ function clientbuys_kuri($client_id, $page = 1){
function client_find_email($email){ function client_find_email($mail){
if (!filter_var($mail, FILTER_VALIDATE_EMAIL))
return ['error' => 'некорректный email'];
$pwd_query = "SELECT * FROM `clients` WHERE `clientmail` = '$mail' LIMIT 1"; $pwd_query = "SELECT * FROM `clients` WHERE `clientmail` = '$mail' LIMIT 1";
$client = db_get($pwd_query); $client = db_get($pwd_query);
@@ -62,37 +84,82 @@ function client_find_email($email){
if (isset($client['client_id'])) if (isset($client['client_id']))
return $client; return $client;
else else
return false; return ['error' => 'client not found'];
} }
function client_add_password($mail, $pwd, $pwd2){ function client_find_hash($hash){
$maxlen = 5;
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) $pwd_query = "SELECT * FROM `clients` WHERE `clienthash` = '$hash' LIMIT 1";
return 'некорректный email'; $client = db_get($pwd_query);
$find = client_find_email($email); if (isset($client['client_id']))
if ($find) return $client;
return 'email не найден'; else
return ['error' => 'client not found'];
if ($pwd == ''){ }
function client_find_id($id) {
$id_query = "SELECT * FROM `clients` WHERE `client_id` = '$id' LIMIT 1";
$client = db_get($id_query);
if (!isset($client['client_id'])){
return ['error' => 'client not found'];
}
return ['result' => $client];
}
function client_check_auth($login, $pwd){
$check_query = "SELECT * FROM `clients` WHERE `client_id` = '$login' LIMIT 1";
$client = dbl_get($check_query);
if (!isset($client['client_id'])){
return ['error' => 'client not found'];
}
$hash_pwd = md5($login.$client['clientpassword']);
if ($pwd == $hash_pwd){
return ['data' => $client];
}
else {
return ['error' => 'invalid hash'];
}
}
function client_add_password($client_id, $password, $confirm, $minlen = 5){
if ($password == ''){
return 'пароль не задан'; return 'пароль не задан';
} }
if (strlen($pwd) < $maxlen) { if (strlen($password) < $minlen) {
return "пароль должен быть не менее $maxlen символов"; return "пароль должен быть не менее $maxlen символов";
} }
if ($pwd == $pwd2){ if ($password !== $confirm){
return "пароли не совпадают"; return "пароли не совпадают";
} }
$clientpassword = password_hash($pwd); $clientpassword = password_hash($password, PASSWORD_DEFAULT);
$sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `clientmail` = '$mail'"; $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `client_id` = '$client_id'";
$result = db_get($sqlupdate, 'chitatel');
dbl_get($sqlupdate);
return True; return True;

6
app/confg.php
View File

@@ -1,7 +1,7 @@
<?php <?php
ini_set('display_errors', 1); ini_set('display_errors', 0);
ini_set('display_startup_errors', 1); ini_set('display_startup_errors', 0);
if (isset($_SERVER['HTTP_HOST'])) if (isset($_SERVER['HTTP_HOST']))
@@ -30,5 +30,5 @@ define('IMGSRV', 'https://imgurl.argumenti.ru/');
db_config('argumentiru', 'mysql:host=mysql;dbname=argumentiru', 'newser', 'Chjk90yuiREY'); db_config('argumentiru', 'mysql:host=mysql;dbname=argumentiru', 'newser', 'Chjk90yuiREY');
db_config('reader', 'mysql:host=mysql;dbname=argumentiru', 'reader', 'ghjyjkUIOhg56Fh'); db_config('reader', 'mysql:host=mysql;dbname=argumentiru', 'reader', 'ghjyjkUIOhg56Fh');
db_config('writer', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio'); db_config('chitatel', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio');

20
app/pub/css/an.css
View File

@@ -118,6 +118,26 @@ h1 {
position:relative; position:relative;
} }
#container_form{
width:450px;
height: 500px;
background-color: rgba(24, 33, 52, 0.7);
margin: 250px auto 0 auto;
text-align: center;
box-shadow: 0 -5px 0 #3adbfd;
}
input[type="text"],input[type="password"], input[type="email"]{
width: 300px;
height:50px;
font-size: 18px;
margin-bottom: 25px;
border-radius: 4px;
padding-left: 10px;
}
@media screen and (max-width: 560px) { @media screen and (max-width: 560px) {
#brand_title, #page_title { #brand_title, #page_title {
font-size: .8em; font-size: .8em;

2
app/routes/anpdf.php
View File

@@ -195,8 +195,6 @@ function promo_kuri($hash, $page = 1, $promo = true){
} }

126
app/routes/auth.php
View File

@@ -1,26 +1,132 @@
<?php <?php
function login(){ function login_kuri(){
if (isset($_POST['username']) and isset($_POST['password'])){
$result = api_login($_POST['username'], $_POST['password']);
if (isset($result['error'])){
$error = $result['error'];
}
if (isset($result['data'])) {
add_user_cookie($result['data']['client_id'], $result['data']['clientpassword']);
header('Location: '.SITE.'mybooks');
}
}
$tempcontent = VIEWPATH.'login.phtml';
include VIEWPATH.'layout_lite.phtml';
return true;
}
function out_kuri(){
unset($_COOKIE['user']);
setcookie('user', null, -1);
unset($_COOKIE['pwd']);
setcookie('pwd', null, -1);
header('Location: '.SITE.'login');
}
function add_user_cookie($user, $pwd){
$timeout = time()+(60*60*24*30);
// ini_set ("session.use_trans_sid", true);
// session_start();
setcookie ("user", $user, $timeout, '/', $_SERVER['HTTP_HOST']);
setcookie ("pwd", md5($user.$pwd), $timeout, '/', $_SERVER['HTTP_HOST']);
} }
function resetpwd_kuri($mail){ function check_login_kuri(){
//ini_set ("session.use_trans_sid", true);
//session_start();
$url = "/resetpwd/$mail"; $client = client_check_auth($_COOKIE['user'], $_COOKIE['pwd']);
if (isset($_POST['submit'])){ if (!isset($client['data'])){
$result = client_add_password($mail, $_POST['pass'], $_POST['pass2']); return $client;
if ($result){ }
echo 'пароль установлен'; else {
} return $client['data'];
} }
//$_SESSION['id'] = $row['id']; //записываем в сессию id пользователя
include VIEWPATH.'reset.phtml';
}
function redirect_login(){
header('Location: '.SITE.'login');
exit;
}
// if(password_verify($_POST["password"],$hashed_password))
function resetpwd_kuri($hash){
$url = "/resetpwd/$hash";
$minlen = 5;
$viewform = true;
$client = client_find_hash($hash);
if (isset($client['error'])) {
$error = $client['error'];
$viewform = False;
}
else if ($client['clientpassword'] !== ''){
$error = 'Пароль уже был изменен';
$viewform = False;
}
if (isset($_POST['reset-submit'])){ //пришла форма
$result = client_add_password($client['client_id'], $_POST['new-password'], $_POST['confirm-password'], $minlen);
if ($result){
add_user_cookie($client['client_id'], $_POST['new-password']);
$linklab = SITE.'mybooks';
$viewform = False;
}
else {
$error = $result['error'];
}
}
$tempcontent = VIEWPATH.'reset.phtml';
include VIEWPATH.'layout_lite.phtml'; //центральный шаблон
} }

13
app/routes/client.php
View File

@@ -80,11 +80,18 @@ function addcard($id, $date) {
} }
function mybooks_kuri($clienthash, $page = 1){ function mybooks_kuri($page = 1){
$login = check_login_kuri();
if (!isset($login['data']['clienthash'])){
// header('Location: '.SITE.'login');
// exit;
}
$limit = 25; $limit = 25;
$client = api_client_kuri($clienthash); $client = api_client_kuri($login['data']['clienthash']);
$baseurl = SITE."mybooks/$clienthash/"; $baseurl = SITE."mybooks/";
if (!$client) { if (!$client) {
echo 'Пользователь не найден'; echo 'Пользователь не найден';

9
app/views/blocks/auth.phtml Normal file
View File

@@ -0,0 +1,9 @@
<?$checklogin = check_login_kuri()?>
<div id="auth">
<?if ($checklogin == 'error'):?>
<a href="login">Войти</a>
<?else:?>
<a href="mybooks">Моя библиотека</a> /
<a href="out">Выйти</a>
<?endif?>
</div>

3
app/views/layout.phtml
View File

@@ -3,7 +3,7 @@
<title>Еженедельник Аргументы Недели - <?=$title?></title> <title>Еженедельник Аргументы Недели - <?=$title?></title>
<script src="/pub/scripts/pdf.min.js"></script> <script src="/pub/scripts/pdf.min.js"></script>
<script src="/pub/scripts/anviewer.js?ver=43"></script> <script src="/pub/scripts/anviewer.js?ver=43"></script>
<link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37"> <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=39">
<link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico"> <link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/pub/fontawesome/css/all.css"> <link rel="stylesheet" href="/pub/fontawesome/css/all.css">
@@ -55,6 +55,7 @@ _tmr.push({id: "1069168", type: "pageView", start: (new Date()).getTime()});
<h1> <h1>
<a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a><a id="page_title" href="<?=$baseurl?>"><?=$title?></a> <a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a><a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
</h1> </h1>
<?include('blocks/auth.phtml')?>
<div class="adv"> <div class="adv">
<!-- Yandex.RTB R-A-50615-61 --> <!-- Yandex.RTB R-A-50615-61 -->
<div id="yandex_rtb_R-A-50615-61"></div> <div id="yandex_rtb_R-A-50615-61"></div>

27
app/views/layout_lite.phtml Normal file
View File

@@ -0,0 +1,27 @@
<html>
<head>
<meta charset="utf-8">
<title>Еженедельник Аргументы Недели - <?=$title?></title>
<script src="/pub/scripts/pdf.min.js"></script>
<script src="/pub/scripts/anviewer.js?ver=43"></script>
<link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37">
<link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/pub/fontawesome/css/all.css">
<link rel="stylesheet" href="/pub/fontawesome/css/v4-shims.css">
</head>
<body>
<h1>
<a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a><a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
</h1>
<?if (isset($tempcontent))
include($tempcontent);
?>
</body>
</html>

14
app/views/login.phtml Normal file
View File

@@ -0,0 +1,14 @@
<div id="container_form">
<form method="POST" action="login">
<p><label for="username">Вход в личный кабинет</label></p>
<p><input name="username" type="email" autocomplete="on" placeholder="Введите электронную почту"/></p>
<p><input name="password" type="password" minlength="5" autocomplete="current-password" placeholder="Введите пароль"></p>
<p><input type="submit" value="ВОЙТИ"></p>
</form>
<?if (isset($error)):?>
<div id="error" style="color: red;"><?=$error?></div>
<?endif?>
</div>

24
app/views/reset.phtml
View File

@@ -1,10 +1,18 @@
<form method="POST" action="<?=$url?>"> <?if ($viewform):?>
<p>Придумайте пароль не менее 5 символов</p>
<p>Пароль:<input name="pass" type="password" required></p> <form method="POST" action="<?=$url?>">
<p>Повторить:<input name="pass2" type="password" required></p> <p><label for="new-password">Придумайте пароль не менее 5 символов и повторите его для подтверждения:</label></p>
<input name="submit" type="submit" value="Сохранить пароль"> <p><input name="new-password" id="new-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Введите пароль" required /></p>
</form> <p><input name="confirm-password" id="confirm-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Повторите пароль" required /></pdf>
<p><input name="reset-submit" type="submit" value="Сохранить пароль"></p>
</form>
<?if (isset($result)):?> <?endif?>
<div id="error" style="color: red;"><?=$result?></div>
<?if (isset($error)):?>
<div id="error" style="color: red;"><?=$error?></div>
<?endif?>
<?if (isset($linklab)):?>
<div id="info">Сохраните пароль в вашем браузере, чтобы каждый раз не вводить его вручную.<br>Ваша библиотека доступна по адресу <a href="<?=$linklab?>"><?=$linklab?></a></div>
<?endif?> <?endif?>