nobigtech
/
soselo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement user/password solid system (loaded from configuration)

This commit is contained in:
Bofh 2022-12-10 15:49:02 +01:00
parent 451a7b5ef3
commit 374a60ee50
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/users.php.example Normal file
View File

@ -0,0 +1,16 @@
<?php
$GLOBALS['appconf']['users_hash_secret'] = 'change me to a stronger secret here';
$GLOBALS['appconf']['users'] = [];
$users = explode("\n", <<<EOSU
#start_users
admin 7b838b6df1976f81ba93ecd33b65d0c3ff676cb431d55d6251240d04e81bc783 # pass: 1234
#end_users
EOSU);
foreach ($users as $user) {
$user = trim($user);
if ($user[0] === '#' || $user === '')
continue;
$ps = explode(' ', $user);
$GLOBALS['appconf']['users'][$ps[0]] = $ps[1];
}

14
login.php
View File

@ -1,10 +1,18 @@
<?php <?php
if (isset($_POST['username']) && isset($_POST['password'])) { if (isset($_POST['username']) && isset($_POST['password']))
{
require 'config/application.php';
$username = trim($_POST['username']); $username = trim($_POST['username']);
$password = trim($_POST['password']); $password = trim($_POST['password']);
// TODO: implement a way to check user passwords
$session = $username.'.'.sha1(strval(microtime(true))); if (!isset($GLOBALS['appconf']['users'][$username]))
die('Incorrect user or password');
$pass_hash = hash_hmac('sha256', $password, $GLOBALS['appconf']['users_hash_secret']);
if ($pass_hash !== $GLOBALS['appconf']['users'][$username])
die('Incorrect user or password');
$session = $username.'.'.sha1(strval(microtime(true).$pass_hash));
setcookie('_session', $session); setcookie('_session', $session);
file_put_contents('/tmp/apcontrol-sessions', $session."\n", FILE_APPEND); file_put_contents('/tmp/apcontrol-sessions', $session."\n", FILE_APPEND);
header('Location: ..'); header('Location: ..');