瀏覽代碼

login enforced now.

Nathaniel van Diepen 11 年之前
父節點
當前提交
10fb5ab06f
共有 8 個文件被更改,包括 63 次插入9 次删除
  1. 6 1
      api.php
  2. 5 0
      data/index.template.html
  3. 4 0
      data/logout.template.html
  4. 7 0
      js/index.js
  5. 11 0
      php/database.php
  6. 1 6
      php/include.php
  7. 23 0
      php/security.php
  8. 6 2
      php/user.php

+ 6 - 1
api.php

@@ -24,7 +24,12 @@
 				break;
 				case 'template':
 					$ret['template'] = file_get_contents('data/'.$id.'.template.html');
-					$ret['context'] = json_decode(file_get_contents('data/'.$id.'.context.json'));
+					if(file_exists(PATH_DATA.$id.'.context.json')){
+						$context = json_decode(file_get_contents(PATH_DATA.$id.'.context.json'));
+					}else{
+						$context = Array();
+					}
+					$ret['context'] = $context;
 					retj($ret,$id);
 				break;
 				case 'action':

+ 5 - 0
data/index.template.html

@@ -5,7 +5,12 @@
 	Welcome to bugs!
 </p>
 <p>
+	{{#unless key}}
 	<a href="#page-login">Login</a>
 	-
 	<a href="#page-register">Register</a>
+	{{/unless}}
+	{{#if key}}
+	<a href="#page-logout">Logout</a>
+	{{/if}}
 </p>

+ 4 - 0
data/logout.template.html

@@ -0,0 +1,4 @@
+<script>
+	setKey(null);
+	apiState('page-index');
+</script>

+ 7 - 0
js/index.js

@@ -8,6 +8,7 @@
 		},
 		setKey = window.setKey = function(key){
 			Key = key;
+			$.cookie('key',key);
 		},
 		getKey = window.getKey = function(){
 			return Key;
@@ -57,6 +58,9 @@
 				}
 			},'json');
 		};
+	if(exists($.cookie('key'))){
+		setKey($.cookie('key'));
+	}
 	$(document).ready(function(){
 		$(window).on('statechange',function(){
 			var Old = State;
@@ -76,6 +80,9 @@
 				switch(State.data.type){
 					case 'template':
 						api(State.data,function(d){
+							if(Key !== null){
+								d.context.key = Key
+							}
 							$('#content').html(Handlebars.compile(d.template)(d.context)).mCustomScrollbar('destroy');
 							$('#content,.scroll').mCustomScrollbar({
 								theme: 'dark-2',

+ 11 - 0
php/database.php

@@ -5,4 +5,15 @@
 		echo "Failed to connect to MySQL: ".$mysqli->connect_error;
 	}
 	$mysqli->autocommit(true);
+	function query($query,$args = []){
+		global $mysqli;
+		for ($i=0;$i<count($args);$i++){
+			$args[$i] = $mysqli->real_escape_string($args[$i]);
+		}
+		$result = $mysqli->query(vsprintf($query,$args));
+		if (!$result){
+			die("Query: ".vsprintf($query,$args));
+		}
+		return $result;
+	}
 ?>

+ 1 - 6
php/include.php

@@ -5,10 +5,5 @@
 	require_once(PATH_PHP.'functions.php');
 	require_once(PATH_PHP.'security.php');
 	require_once(PATH_PHP.'user.php');
-	if(isset($_GET['key'])&&isset($SESSION['key'])){
-		if($_GET['key'] != $SESSION['key']){
-			unset($SESSION['key']);
-			retj(Array('error'=>'Invalid key, you were logged out.'));
-		}
-	}
+	authenticate();
 ?>

+ 23 - 0
php/security.php

@@ -15,4 +15,27 @@
 	function securityKey($username,$salt){
 		return saltedHash($username,$salt);
 	}
+	function authenticate(){
+		global $SESSION;
+		if(isset($_GET['key'])&&isset($SESSION['key'])&&isset($SESSION['username'])&&isUser($SESSION['usernamed'])){
+			if($_GET['key'] != $SESSION['key']){
+				setKey(null);
+				retj(Array('error'=>'Invalid key, you were logged out.'));
+			}
+			setKey($SESSION['key']);
+		}else{
+			setKey(null);
+		}
+	}
+	function setKey($key){
+		global $SESSION;
+		if($key == null){
+			unset($SESSION['key']);
+			unset($SESSION['username']);
+			setcookie('key','',time()-3600);
+		}else{
+			$SESSION['key'] = $key;
+			setcookie('key',$key,time()+3600);
+		}
+	}
 ?>

+ 6 - 2
php/user.php

@@ -23,7 +23,11 @@
 		}
 		return false;
 	}
-	function setKey($key){
-		$SESSION['key'] = $key;
+	function isUser($name){
+		if(query("SELECT id FROM `".get('database')."`.`users` WHERE name='%s'",Array($name))){
+			return true;
+		}else{
+			return false;
+		}
 	}
 ?>