Browse Source

Yhdistä ylläpitäjä- ja asetussalasanakirjautumislomakkeet

tags/0.8
Linus Vanas 2 months ago
parent
commit
97629b8f55
7 changed files with 87 additions and 133 deletions
  1. +41
    -39
      includes/admin_util.php
  2. +0
    -9
      includes/config.php
  3. +5
    -1
      turnsim/RUN_TURNSIM.php
  4. +7
    -17
      www/admin/config/client/index.php
  5. +27
    -48
      www/admin/config/database/index.php
  6. +5
    -18
      www/admin/config/postconfig/index.php
  7. +2
    -1
      www/admin/config/preconfig/index.php

+ 41
- 39
includes/admin_util.php View File

@@ -57,19 +57,6 @@
return htmlspecialchars($str, ENT_QUOTES | ENT_HTML5, "UTF-8");
}

/**
* Lisää sisältörivitaulukkoon asetusten tunnistautumiskenttä.
* @param {array} content sisältörivitaulukko
*/
function add_config_auth_fieldset(&$content)
{
$content[] = "\t<fieldset>";
$content[] = "\t\t<legend>"._("Authorization")."</legend>";
$content[] = "\t<input disabled name=configusername value='"._("Veturi configuration password")."' class='hidden'>";
$content[] = "\t<label>"._("Config password:")." <input type=password name=configpassword></label>";
$content[] = "\t</fieldset>";
}

/**
* Vaadi kirjautuminen ylläpitäjänä sivun näyttämiseksi.
* Keskeyttää skriptin suorituksen, jos käyttäjä ei ole ylläpitäjä.
@@ -99,45 +86,60 @@

//Varmista, että tunnukset ovat oikein.

require_once("Database.php");
try
//Asetussalasana
if (!$_POST["username"])
{
$db = new Database();

$user = $db->getUserData($_POST["username"]);
if (!$user)
if (!password_verify($_POST["password"],CONFIG["password"]))
{
$content[] = _("User doesn't exist.");
$content[] = _("Incorrect password.");
add_auth_form($content);
print_admin_page($pagedepth,$pagetitle,$content);
die();
}
}
//Käyttäjätili
else
{
require_once("Database.php");
try
{
$db = new Database();

$user = $db->getUserData($_POST["username"]);
if (!$user)
{
$content[] = _("User doesn't exist.");
add_auth_form($content);
print_admin_page($pagedepth,$pagetitle,$content);
die();
}

$passwd = $user["password"];
if (!password_verify($_POST["password"],$passwd))
{
$content[] = _("Incorrect password.");
add_auth_form($content);
print_admin_page($pagedepth,$pagetitle,$content);
die();
}
}
catch (PDOException $e)
{
$content[] = _("Connecting to the database failed.");
print_admin_page($pagedepth,$pagetitle,$content);
die();
}

$passwd = $user["password"];
if (!password_verify($_POST["password"],$passwd))
//Varmista, että käyttäjä on ylläpitäjä
$admin = $db->getAdminData($_POST["username"]);
if (!$admin)
{
$content[] = _("Incorrect password.");
$content[] = _("User is not an admin.");
add_auth_form($content);
print_admin_page($pagedepth,$pagetitle,$content);
die();
}
}
catch (PDOException $e)
{
$content[] = _("Connecting to the database failed.");
print_admin_page($pagedepth,$pagetitle,$content);
die();
}

//Varmista, että käyttäjä on ylläpitäjä
$admin = $db->getAdminData($_POST["username"]);
if (!$admin)
{
$content[] = _("User is not an admin.");
add_auth_form($content);
print_admin_page($pagedepth,$pagetitle,$content);
die();
}
}

/**


+ 0
- 9
includes/config.php View File

@@ -26,13 +26,4 @@
return file_put_contents(ROOT."/config.json",json_encode($CONFIG)) > 0;

}

/**
* @param {string} password tarkistettava salasana
* @return {bool} true jos annettu salasana on sama kuin asetusten salasana, false muutoin
*/
function verify_config_password($password)
{
return isset(CONFIG["password"]) && $password === CONFIG["password"];
}
?>

+ 5
- 1
turnsim/RUN_TURNSIM.php View File

@@ -90,7 +90,11 @@
file_put_contents("../www/world.json",json_encode($newWorld));

//Kasvata maailman välimuisti-versionumeroa
$rev = json_decode(file_get_contents(ROOT."/www/rev.json"),true) or array();
$rev = json_decode(file_get_contents(ROOT."/www/rev.json"),true);
if (!$rev)
{
$rev = array();
}
if (isset($rev["world"]))
{
$rev["world"] = $rev["world"] + 1;


+ 7
- 17
www/admin/config/client/index.php View File

@@ -14,21 +14,7 @@
die();
}
//Varmista käyttäjän oikeus nähdä ja muokata asetuksia.
if (!isset($_POST["configpassword"]) || !verify_config_password($_POST["configpassword"]))
{
if (isset($_POST["configpassword"]))
{
$content[] = _("Incorrect password.");
}

$content[] = "<form method=post>";
add_config_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";

print_admin_page($pagedepth,$pagetitle,$content);
die();
}
require_admin_login($pagedepth,$pagetitle,$content);

//Hae vanhat asetukset
$client_conf = json_decode(file_get_contents(ROOT."/www/custom/config.json"),true);
@@ -40,7 +26,11 @@
//Tallenna muutetut asetukset
if (isset($_POST["lang"]))
{
$rev = json_decode(file_get_contents(ROOT."/www/rev.json"),true) or array();
$rev = json_decode(file_get_contents(ROOT."/www/rev.json"),true);
if (!$rev)
{
$rev = array();
}
if (isset($rev["config"]))
{
$rev["config"] = $rev["config"] + 1;
@@ -150,7 +140,7 @@
$content[] = "\t\t<label>"._("Width:")." <input type=number min=1 name=world_width value=".$client_conf["world_width"]."></label>";
$content[] = "\t\t<label>"._("Height:")." <input type=number min=1 name=world_height value=".$client_conf["world_height"]."></label>";
$content[] = "\t</fieldset>";
add_config_auth_fieldset($content);
add_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";



+ 27
- 48
www/admin/config/database/index.php View File

@@ -14,65 +14,44 @@
die();
}
//Varmista käyttäjän oikeus nähdä ja muokata asetuksia.
if (!isset($_POST["configpassword"]) || !verify_config_password($_POST["configpassword"]))
{
if (isset($_POST["configpassword"]))
{
$content[] = _("Incorrect password.");
}
require_admin_login($pagedepth,$pagetitle,$content);

$content[] = "<form method=post>";
add_config_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";

print_admin_page($pagedepth,$pagetitle,$content);
die();
}
//Käsittele lomake
if (isset($_POST["dsn"]))
{
//Tee muutokset asetuksiin, jos annettu salasana on oikein
if (verify_config_password($_POST["configpassword"]))
{
$CONFIG["database"]["dsn"] = $_POST["dsn"];
$CONFIG["database"]["username"] = $_POST["db_username"];
$CONFIG["database"]["password"] = $_POST["db_password"];
$CONFIG["database"]["dsn"] = $_POST["dsn"];
$CONFIG["database"]["username"] = $_POST["db_username"];
$CONFIG["database"]["password"] = $_POST["db_password"];

if (write_config())
{
$content[] = _("Configuration saved.");
}
else
{
$content[] = _("Saving configuration failed.");
}
if (write_config())
{
$content[] = _("Configuration saved.");
}
else
{
$content[] = _("Saving configuration failed.");
}

//Alusta tietokanta
if (isset ($_POST["initdb"]))
//Alusta tietokanta
if (isset ($_POST["initdb"]))
{
require_once "Database.php";
try
{
require_once "Database.php";
try
$db = new Database();
if ($db->createTables())
{
$db = new Database();
if ($db->createTables())
{
$content[] = _("Database initialized.");
}
else
{
$content[] = _("Database initialization failed.");
}
$content[] = _("Database initialized.");
}
catch (PDOException $e)
else
{
$content[] = _("Connecting to the database failed.");
$content[] = _("Database initialization failed.");
}
}
}
else
{
$content[] = _("Incorrect password.");
catch (PDOException $e)
{
$content[] = _("Connecting to the database failed.");
}
}
}
else if (!isset($CONFIG["database"]))
@@ -90,7 +69,7 @@
$content[] = "\t<label>"._("Password:")." <input type=password name=db_password value='".hsc($CONFIG["database"]["password"])."'></label>";
$content[] = "\t<label>"._("Initialize database:")." <input type=checkbox name=initdb></label>";
$content[] = "\t</fieldset>";
add_config_auth_fieldset($content);
add_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";



+ 5
- 18
www/admin/config/postconfig/index.php View File

@@ -15,21 +15,8 @@
die();
}
//Varmista käyttäjän oikeus nähdä ja muokata asetuksia.
if (!isset($_POST["configpassword"]) || !verify_config_password($_POST["configpassword"]))
{
if (isset($_POST["configpassword"]))
{
$content[] = _("Incorrect password.");
}

$content[] = "<form method=post>";
add_config_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";
require_admin_login($pagedepth,$pagetitle,$content);

print_admin_page($pagedepth,$pagetitle,$content);
die();
}
//Luo ylläpitäjätili
if (isset($_POST["username"]))
{
@@ -38,9 +25,9 @@
try
{
$db = new Database();
if ($db->addUser($_POST["username"],password_hash($passw,PASSWORD_DEFAULT)) && $db->addAdmin($_POST["username"]))
if ($db->addUser($_POST["new_username"],password_hash($passw,PASSWORD_DEFAULT)) && $db->addAdmin($_POST["new_username"]))
{
$content[] = sprintf(_("An admin account \"%1\$s\" was created with the password \"%2\$s\" (without the quotes)."),$_POST["username"],$passw);
$content[] = sprintf(_("An admin account \"%1\$s\" was created with the password \"%2\$s\" (without the quotes)."),$_POST["new_username"],$passw);
}
else
{
@@ -57,9 +44,9 @@
$content[] = "<form method=post>";
$content[] = "\t<fieldset>";
$content[] = "\t\t<legend>"._("Account")."</legend>";
$content[] = "\t\t<label>"._("Username:")." <input name=username></label>";
$content[] = "\t\t<label>"._("Username:")." <input name=new_username required></label>";
$content[] = "\t</fieldset>";
add_config_auth_fieldset($content);
add_auth_fieldset($content);
$content[] = "\t<input type=submit>";
$content[] = "</form>";



+ 2
- 1
www/admin/config/preconfig/index.php View File

@@ -15,9 +15,10 @@
putenv("LC_MESSAGES=".$_POST["lang"]);
setlocale(LC_MESSAGES,$_POST["lang"]);
$passw = generate_password();
if (write_config(["lang" => $_POST["lang"], "password" => $passw]))
if (write_config(["lang" => $_POST["lang"], "password" => password_hash($passw,PASSWORD_DEFAULT);]))
{
$content[] = sprintf(_("A config has been created. The password to edit it further is \"%1\$s\" (without the quotes)."),$passw);
$content[] = _("To use the configuration password, leave the username empty.");
}
else
{


Loading…
Cancel
Save