add auth

2020-05-12 21:15:26 +03:00
parent 603f1fd96f
commit 85fc68c8d1
11 changed files with 306 additions and 49 deletions
--- a/app/api/apiclient.php
+++ b/app/api/apiclient.php
@@ -13,15 +13,34 @@ function api_client_kuri($hash){
 }


+function api_login($login, $password){
+
+    $sqlogin = "SELECT `client_id`, `clientpassword` FROM `clients` WHERE `clientmail` = '$login' LIMIT 1";
+    $client = dbl_get($sqlogin);
+
+    if (!isset($client['clientpassword']))
+        return ['error'=>'пользователь не найден'];
+
+    if ($client['clientpassword'] == '')
+        return ['error'=>'необходимо получить ссылку для доступа'];    
+
+    if (!password_verify($password, $client['clientpassword'])) 
+        return ['error' => 'неверный пароль'];
+
+    return ['data' => $client];    
+
+}
+
+
 function clientbuys_kuri($client_id, $page = 1){

    $sql_sub = "SELECT number_id FROM anbuy WHERE client_id = '$client_id'  AND `number_id` = 486 LIMIT 1";
    $findsub =  db_get($sql_sub);

    
-  // if (isset($findsub['number_id'])) {// есть поп
-  //      return clients_arch($page);
-  //  }    
+   if (isset($findsub['number_id'])) {// есть поп
+        return clients_arch($page);
+    }    

   $limit  = 25;
   $countsql = "SELECT DISTINCT COUNT(buy_id) as count FROM `anbuy` WHERE `client_id` = $client_id AND `buy_status` = '1' LIMIT 1";
@@ -54,7 +73,10 @@ function clientbuys_kuri($client_id, $page = 1){



-function client_find_email($email){
+function client_find_email($mail){
+
+    if (!filter_var($mail, FILTER_VALIDATE_EMAIL))
+        return ['error' => 'некорректный email'];

    $pwd_query = "SELECT * FROM `clients` WHERE `clientmail` = '$mail' LIMIT 1";
    $client = db_get($pwd_query);
@@ -62,37 +84,82 @@ function client_find_email($email){
    if (isset($client['client_id']))
        return $client;
    else
-        return false;    
+        return ['error' => 'client not found'];   

 }

-function client_add_password($mail, $pwd, $pwd2){
+function client_find_hash($hash){

-    $maxlen = 5;

-    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
-        return 'некорректный email';
+    $pwd_query = "SELECT * FROM `clients` WHERE `clienthash` = '$hash' LIMIT 1";
+    $client = db_get($pwd_query);

-    $find = client_find_email($email);
-    if ($find)
-        return 'email не найден';
+    if (isset($client['client_id']))
+        return $client;
+    else
+        return ['error' => 'client not found'];   

-    if ($pwd == ''){
+}
+
+
+function client_find_id($id) {
+
+    $id_query = "SELECT * FROM `clients` WHERE `client_id` = '$id' LIMIT 1";
+    $client = db_get($id_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];    
+    }
+
+    return ['result' => $client];
+
+}
+
+
+function client_check_auth($login, $pwd){
+        
+    $check_query = "SELECT * FROM `clients` WHERE `client_id` = '$login' LIMIT 1";
+
+    $client = dbl_get($check_query);
+
+    if (!isset($client['client_id'])){
+        return ['error' => 'client not found'];
+    }
+
+    $hash_pwd = md5($login.$client['clientpassword']);
+
+    if ($pwd == $hash_pwd){
+        return ['data' => $client];
+    }
+    else {
+       return ['error' => 'invalid hash'];
+    }   
+        
+}
+
+
+function client_add_password($client_id, $password, $confirm, $minlen = 5){
+
+
+    if ($password == ''){
        return 'пароль не задан';
    }    
    
-    if (strlen($pwd) < $maxlen) {
+    if (strlen($password) < $minlen) {
        return  "пароль должен быть не менее $maxlen символов";
    }

-    if ($pwd == $pwd2){
+    if ($password !== $confirm){
        return "пароли не совпадают";
    }

-    $clientpassword = password_hash($pwd);  
-    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `clientmail` = '$mail'";
+    $clientpassword = password_hash($password, PASSWORD_DEFAULT);  
+    $sqlupdate = "UPDATE `clients` SET `clientpassword` = '$clientpassword' WHERE `client_id` = '$client_id'";
+
+   
+    $result =  db_get($sqlupdate, 'chitatel');
+  

-    dbl_get($sqlupdate);

    return True;

--- a/app/confg.php
+++ b/app/confg.php
@@ -1,7 +1,7 @@
 <?php

-ini_set('display_errors', 1);
-ini_set('display_startup_errors', 1);
+ini_set('display_errors', 0);
+ini_set('display_startup_errors', 0);


 if (isset($_SERVER['HTTP_HOST']))
@@ -30,5 +30,5 @@ define('IMGSRV', 'https://imgurl.argumenti.ru/');

 db_config('argumentiru', 'mysql:host=mysql;dbname=argumentiru', 'newser', 'Chjk90yuiREY');
 db_config('reader', 'mysql:host=mysql;dbname=argumentiru', 'reader', 'ghjyjkUIOhg56Fh');
-db_config('writer', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio');
+db_config('chitatel', 'mysql:host=mysql;dbname=argumentiru', 'chitatel', 'hjYu78kl*90Uio');

--- a/app/pub/css/an.css
+++ b/app/pub/css/an.css
@@ -118,6 +118,26 @@ h1 {
    position:relative;
 }

+#container_form{
+    width:450px;
+    height: 500px;
+    background-color: rgba(24, 33, 52, 0.7);
+    margin: 250px auto 0 auto;
+    text-align: center;
+    box-shadow: 0 -5px 0 #3adbfd;
+   }
+
+
+input[type="text"],input[type="password"], input[type="email"]{
+    width: 300px;
+    height:50px;
+    font-size: 18px;
+    margin-bottom: 25px;
+    border-radius: 4px;
+    padding-left: 10px;
+}    
+
+
@media screen and (max-width: 560px) {
    #brand_title, #page_title {
        font-size: .8em;
--- a/app/routes/anpdf.php
+++ b/app/routes/anpdf.php
@@ -195,8 +195,6 @@ function promo_kuri($hash, $page = 1, $promo = true){



-
-
 }


--- a/app/routes/auth.php
+++ b/app/routes/auth.php
@@ -1,26 +1,132 @@
 <?php

-function login(){
+function login_kuri(){
+
+
+    if (isset($_POST['username']) and isset($_POST['password'])){
+        $result = api_login($_POST['username'], $_POST['password']);
+
+        if (isset($result['error'])){
+            $error = $result['error'];
+        }
+
+
+        if (isset($result['data'])) {
+            
+            add_user_cookie($result['data']['client_id'], $result['data']['clientpassword']);
+            header('Location: '.SITE.'mybooks');
+        }    
+                 
+    }
+
+    $tempcontent =  VIEWPATH.'login.phtml';
+    include VIEWPATH.'layout_lite.phtml'; 
+
+    return true;
+
+}
+
+
+function out_kuri(){
+
+    unset($_COOKIE['user']); 
+    setcookie('user', null, -1); 
+
+    unset($_COOKIE['pwd']); 
+    setcookie('pwd', null, -1);   
+
+    header('Location: '.SITE.'login');
+
+
+}
+
+
+function add_user_cookie($user, $pwd){
+
+    $timeout = time()+(60*60*24*30);
+
+  //  ini_set ("session.use_trans_sid", true);
+   // session_start();
+
+    setcookie ("user", $user, $timeout, '/', $_SERVER['HTTP_HOST']);
+    setcookie ("pwd", md5($user.$pwd), $timeout, '/', $_SERVER['HTTP_HOST']);   

 }



-function resetpwd_kuri($mail){
+function check_login_kuri(){
+ //ini_set ("session.use_trans_sid", true);
+    //session_start(); 
    
-    $url = "/resetpwd/$mail";
+    $client = client_check_auth($_COOKIE['user'], $_COOKIE['pwd']);
    
-    if (isset($_POST['submit'])){
-        $result = client_add_password($mail, $_POST['pass'], $_POST['pass2']);
+    if (!isset($client['data'])){
+      return  $client;
+    }
+    else {
+        return $client['data'];
+    }
+
+
+     
+    //$_SESSION['id'] = $row['id'];   //записываем в сессию id пользователя     
+
+
+}
+
+
+function redirect_login(){
+    header('Location: '.SITE.'login');
+    exit;
+}
+
+
+
+
+
+
+// if(password_verify($_POST["password"],$hashed_password))
+
+function resetpwd_kuri($hash){
+
+    $url = "/resetpwd/$hash";
+    $minlen = 5;
+    $viewform = true;
+
+    $client = client_find_hash($hash);
+
+    if (isset($client['error'])) {
+        $error = $client['error'];
+        $viewform = False;
+        
+    }  
+    else if ($client['clientpassword'] !== ''){
+        $error = 'Пароль уже был изменен';
+        $viewform = False;
+    }
+
+    if (isset($_POST['reset-submit'])){ //пришла форма 
+       
+        $result = client_add_password($client['client_id'], $_POST['new-password'], $_POST['confirm-password'], $minlen);
        if ($result){
-            echo 'пароль установлен';
+            add_user_cookie($client['client_id'], $_POST['new-password']);
+            $linklab  = SITE.'mybooks';
+            $viewform = False;
        }  
+        else {
+            $error = $result['error'];
+        }  
+
    }
       
   

+    $tempcontent =  VIEWPATH.'reset.phtml';
+    include VIEWPATH.'layout_lite.phtml'; //центральный шаблон
+
+    
   
-    include VIEWPATH.'reset.phtml';


 }
--- a/app/routes/client.php
+++ b/app/routes/client.php
@@ -80,11 +80,18 @@ function addcard($id, $date) {
 }


-function mybooks_kuri($clienthash, $page = 1){
+function mybooks_kuri($page = 1){
+
+    $login = check_login_kuri();
+
+    if (!isset($login['data']['clienthash'])){
+     //  header('Location: '.SITE.'login');
+      //  exit;
+    }
    
    $limit = 25;
-    $client = api_client_kuri($clienthash);
-    $baseurl = SITE."mybooks/$clienthash/";
+    $client = api_client_kuri($login['data']['clienthash']);
+    $baseurl = SITE."mybooks/";

    if (!$client) {
        echo 'Пользователь не найден';
--- a/app/views/blocks/auth.phtml
+++ b/app/views/blocks/auth.phtml
@@ -0,0 +1,9 @@
+<?$checklogin = check_login_kuri()?>
+<div id="auth">
+    <?if ($checklogin == 'error'):?>
+        <a href="login">Войти</a>      
+    <?else:?>
+        <a href="mybooks">Моя библиотека</a> / 
+        <a href="out">Выйти</a>
+    <?endif?>
+</div>    
--- a/app/views/layout.phtml
+++ b/app/views/layout.phtml
@@ -3,7 +3,7 @@
  <title>Еженедельник Аргументы Недели - <?=$title?></title>
  <script src="/pub/scripts/pdf.min.js"></script>
  <script src="/pub/scripts/anviewer.js?ver=43"></script>
-  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37">
+  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=39">
  <link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link rel="stylesheet" href="/pub/fontawesome/css/all.css">
@@ -55,6 +55,7 @@ _tmr.push({id: "1069168", type: "pageView", start: (new Date()).getTime()});
 <h1>
    <a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a> → <a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
 </h1>
+<?include('blocks/auth.phtml')?>
 <div class="adv">
 <!-- Yandex.RTB R-A-50615-61 -->
 <div id="yandex_rtb_R-A-50615-61"></div>
--- a/app/views/layout_lite.phtml
+++ b/app/views/layout_lite.phtml
@@ -0,0 +1,27 @@
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Еженедельник Аргументы Недели - <?=$title?></title>
+  <script src="/pub/scripts/pdf.min.js"></script>
+  <script src="/pub/scripts/anviewer.js?ver=43"></script>
+  <link rel="stylesheet" type="text/css" href="/pub/css/an.css?ver=37">
+  <link rel="icon" type="image/ico" href="https://argumenti.ru/favicon.ico">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link rel="stylesheet" href="/pub/fontawesome/css/all.css">
+  <link rel="stylesheet" href="/pub/fontawesome/css/v4-shims.css">
+</head>
+<body>  
+
+
+
+<h1>
+    <a id="brand_title" href="https://argumenti.ru/"><span id="redb">А</span>ргументы <span id="redb">Н</span>едел<span id="redi">i</span></a> → <a id="page_title" href="<?=$baseurl?>"><?=$title?></a>
+</h1>
+
+    
+<?if (isset($tempcontent))
+    include($tempcontent);
+?>
+
+</body>
+</html> 
--- a/app/views/login.phtml
+++ b/app/views/login.phtml
@@ -0,0 +1,14 @@
+<div id="container_form">
+
+<form method="POST" action="login">
+    <p><label for="username">Вход в личный кабинет</label></p>
+    <p><input name="username" type="email" autocomplete="on" placeholder="Введите электронную почту"/></p>
+    <p><input name="password" type="password" minlength="5" autocomplete="current-password" placeholder="Введите пароль"></p>
+    <p><input type="submit" value="ВОЙТИ"></p>    
+</form>
+
+<?if (isset($error)):?>
+    <div id="error" style="color: red;"><?=$error?></div>
+<?endif?>
+
+</div>
--- a/app/views/reset.phtml
+++ b/app/views/reset.phtml
@@ -1,10 +1,18 @@
-<form method="POST" action="<?=$url?>">
-    <p>Придумайте пароль не менее 5 символов</p>
-    <p>Пароль:<input name="pass" type="password" required></p>
-    <p>Повторить:<input name="pass2" type="password" required></p>
-    <input name="submit" type="submit" value="Сохранить пароль">
-</form>
+<?if ($viewform):?>
+
+    <form method="POST" action="<?=$url?>">
+        <p><label for="new-password">Придумайте пароль не менее 5 символов и повторите его для подтверждения:</label></p>
+        <p><input name="new-password" id="new-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Введите пароль" required /></p>
+        <p><input name="confirm-password" id="confirm-password" type="password" autocomplete="new-password" minlength="<?=$minlen?>" placeholder="Повторите пароль" required /></pdf>
+        <p><input name="reset-submit" type="submit" value="Сохранить пароль"></p>
+    </form>

-<?if (isset($result)):?>
-    <div id="error" style="color: red;"><?=$result?></div>
+<?endif?>
+
+<?if (isset($error)):?>
+    <div id="error" style="color: red;"><?=$error?></div>
+<?endif?>
+
+<?if (isset($linklab)):?>
+    <div id="info">Сохраните пароль в вашем браузере, чтобы каждый раз не вводить его вручную.<br>Ваша библиотека доступна по адресу <a href="<?=$linklab?>"><?=$linklab?></a></div>
 <?endif?>
				`@@ -195,8 +195,6 @@ function promo_kuri($hash, $page = 1, $promo = true){`





				`}`