private function _handleLogin()
{
$errors = array();
if (empty($_POST['username'])) {
$errors['username'] = '******';
}
if (empty($_POST['password'])) {
$errors['password'] = '******';
}
if (empty($errors)) {
$existing = $this->userDAO->selectByUsername($_POST['username']);
if (!empty($existing)) {
$hasher = new \Phpass\Hash();
if ($hasher->checkPassword($_POST['password'], $existing['password'])) {
$_SESSION['user'] = $existing;
$this->redirect('backbone.html');
} else {
$_SESSION['error'] = 'Unknown username / password';
}
} else {
$_SESSION['error'] = 'Unknown username / password';
}
} else {
$_SESSION['error'] = 'Unknown username / password';
}
$this->set('errors', $errors);
}
use Michelf\Markdown;
use Dropplets\Actions;
use Dropplets\Settings;
use Dropplets\Layout;
use Dropplets\PostHelper;
/*-----------------------------------------------------------------------------------*/
/* User Machine
/*-----------------------------------------------------------------------------------*/
$login_error = null;
if (isset($_GET['action'])) {
$action = $_GET['action'];
switch ($action) {
// Logging in.
case 'login':
// Password hashing via phpass.
$hasher = new \Phpass\Hash();
$settings = Settings::instance();
$password = $settings->get('password');
if (isset($_POST['password']) && $hasher->CheckPassword($_POST['password'], $password)) {
$_SESSION['user'] = true;
// Redirect if authenticated.
header('Location: ' . './');
} else {
// Display error if not authenticated.
$login_error = 'Nope, try again!';
}
break;
// Logging out.
// Logging out.
case 'logout':
session_unset();
/**
* Check Password
*
* Check that the password supplied to this method equates to the same password hash that is stored in the
* database for the user identified by the current (this) model instance.
*
* @access public
* @param string $password
* @return boolean
*/
public function password($password)
{
$phpass = new \Phpass\Hash();
return $phpass->checkPassword($password, $this->password);
}
/**
* Migrate Up
*
* @access public
* @return void
*/
public function up()
{
// Create a user.
$phpass = new \Phpass\Hash();
$this->insert('{{user}}', array('username' => 'admin', 'password' => $phpass->hashPassword('admin'), 'firstname' => 'System', 'nickname' => 'Sysadmin', 'lastname' => 'Administrator', 'created' => microtime(true)));
}
<?php
$userDAO = new UserDAO();
$app->post('/login/?', function () use($app, $userDAO) {
header("Content-Type: application/json");
$post = $app->request->post();
if (empty($post)) {
$post = (array) json_decode($app->request()->getBody());
}
if (!empty($post['email']) && !empty($post['password'])) {
$user = $userDAO->selectByEmail($post['email']);
if (!empty($user)) {
$hasher = new \Phpass\Hash();
if ($hasher->checkPassword($post['password'], $user['password'])) {
$user = $userDAO->selectById($user['id']);
$user["loggedIn"] = true;
$_SESSION['user'] = $user;
echo json_encode($user, JSON_NUMERIC_CHECK);
} else {
echo '{"error":"Fout wachtwoord."}';
}
} else {
echo '{"error":"Foute gebruiker."}';
}
} else {
echo '{"error":"Vul alles in..."}';
}
});
$post = $app->request->post();
if (empty($post)) {
$post = (array) json_decode($app->request()->getBody());
}
if (!empty($post['name']) && !empty($post['email']) && !empty($post['password'])) {
$errors = array();
$words = explode(' ', $post['name']);
if (count($words) < 2) {
array_push($errors, "Voor -en achternaam.");
}
$pattern = "/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\$/";
if (preg_match($pattern, $post['email']) == 0) {
array_push($errors, "Foute email...");
}
if (count($errors) == 1) {
echo '{"error": "' . $errors[0] . '"}';
}
if (count($errors) == 2) {
echo '{"error": "Foute naam en email."}';
} else {
if (count($errors) == 0) {
$hasher = new \Phpass\Hash();
$passwordHash = $hasher->hashPassword($post["password"]);
$post["password"] = $passwordHash;
echo json_encode($userDAO->insert($post), JSON_NUMERIC_CHECK);
}
}
} else {
echo '{"error": "Vul alles in..."}';
}
});
public function save()
{
if ($_POST["submit"] == "submit" && (!file_exists($this->settings_file) || isset($_SESSION['user']))) {
$hasher = new \Phpass\Hash();
$settings = Settings::instance();
$blog_email = $settings->get('blog_email');
$blog_twitter = $settings->get('blog_twitter');
$blog_url = $settings->get('blog_url');
$blog_title = $settings->get('blog_title');
$meta_description = $settings->get('meta_description');
$intro_title = $settings->get('intro_title');
$intro_text = $settings->get('intro_text');
$template = $settings->get('template');
$password = $settings->get('password');
$header_inject = $settings->get('header_inject');
$footer_inject = $settings->get('footer_inject');
// Get submitted setup values.
if (isset($_POST["blog_email"])) {
$blog_email = $_POST["blog_email"];
}
if (isset($_POST["blog_twitter"])) {
$blog_twitter = $_POST["blog_twitter"];
}
if (isset($_POST["blog_url"])) {
$blog_url = $_POST["blog_url"];
}
if (isset($_POST["blog_title"])) {
$blog_title = $_POST["blog_title"];
}
if (isset($_POST["meta_description"])) {
$meta_description = $_POST["meta_description"];
}
if (isset($_POST["intro_title"])) {
$intro_title = $_POST["intro_title"];
}
if (isset($_POST["intro_text"])) {
$intro_text = $_POST["intro_text"];
}
if (isset($_POST["template"])) {
$template = $_POST["template"];
}
// There must always be a $password, but it can be changed optionally in the
// settings, so you might not always get it in $_POST.
if (!isset($password) || !empty($_POST["password"])) {
$password = $hasher->HashPassword($_POST["password"]);
}
if (!isset($header_inject)) {
$header_inject = "";
}
if (isset($_POST["header_inject"])) {
$header_inject = addslashes($_POST["header_inject"]);
}
if (!isset($footer_inject)) {
$footer_inject = "";
}
if (isset($_POST["footer_inject"])) {
$footer_inject = addslashes($_POST["footer_inject"]);
}
// Get subdirectory
$this->dir .= str_replace('dropplets/save.php', '', $_SERVER["REQUEST_URI"]);
// Output submitted setup values.
$config[] = $this->settings_format("blog_email", $blog_email);
$config[] = $this->settings_format("blog_twitter", $blog_twitter);
$config[] = $this->settings_format("blog_url", $blog_url);
$config[] = $this->settings_format("blog_title", $blog_title);
$config[] = $this->settings_format("meta_description", $meta_description);
$config[] = $this->settings_format("intro_title", $intro_title);
$config[] = $this->settings_format("intro_text", $intro_text);
$config[] = "password = '******'";
$config[] = $this->settings_format("header_inject", $header_inject);
$config[] = $this->settings_format("footer_inject", $footer_inject);
$config[] = $this->settings_format("template", $template);
// Create the settings file.
file_put_contents($this->settings_file, implode("\n", $config));
// Generate the .htaccess file on initial setup only.
if (!file_exists($this->htaccess_file)) {
// Parameters for the htaccess file.
$htaccess[] = "# Pretty Permalinks";
$htaccess[] = "RewriteRule ^(images)(\$|/) - [L]";
$htaccess[] = "RewriteCond %{REQUEST_URI} !^action=logout [NC]";
$htaccess[] = "RewriteCond %{REQUEST_URI} !^action=login [NC]";
$htaccess[] = "Options +FollowSymLinks -MultiViews";
$htaccess[] = "RewriteEngine on";
$htaccess[] = "RewriteBase " . $this->dir;
$htaccess[] = "RewriteCond %{REQUEST_URI} !index\\.php";
$htaccess[] = "RewriteCond %{REQUEST_FILENAME} !-f";
$htaccess[] = "RewriteRule ^(.*)\$ index.php?filename=\$1 [NC,QSA,L]";
// Generate the .htaccess file.
file_put_contents($this->htaccess_file, implode("\n", $htaccess));
}
// Redirect
header("Location: " . $blog_url);
}
}
public function save()
{
if ($_POST["submit"] == "submit" && (!file_exists($this->settings_file) || isset($_SESSION['user']))) {
$hasher = new \Phpass\Hash();
$settings = Settings::instance();
$blog_email = $settings->get('blog_email');
$blog_twitter = $settings->get('blog_twitter');
$blog_url = $settings->get('blog_url');
$blog_title = $settings->get('blog_title');
$meta_description = $settings->get('meta_description');
$intro_title = $settings->get('intro_title');
$intro_text = $settings->get('intro_text');
$template = $settings->get('template');
$password = $settings->get('password');
$header_inject = $settings->get('header_inject');
$footer_inject = $settings->get('footer_inject');
// Get submitted setup values.
if (isset($_POST["blog_email"])) {
$blog_email = $_POST["blog_email"];
}
if (isset($_POST["blog_twitter"])) {
$blog_twitter = $_POST["blog_twitter"];
}
if (isset($_POST["blog_url"])) {
$blog_url = $_POST["blog_url"];
}
if (isset($_POST["blog_title"])) {
$blog_title = $_POST["blog_title"];
}
if (isset($_POST["meta_description"])) {
$meta_description = $_POST["meta_description"];
}
if (isset($_POST["intro_title"])) {
$intro_title = $_POST["intro_title"];
}
if (isset($_POST["intro_text"])) {
$intro_text = $_POST["intro_text"];
}
if (isset($_POST["template"])) {
$template = $_POST["template"];
}
if (isset($_POST["file_ext"])) {
$file_ext = $_POST["file_ext"];
}
// There must always be a $password, but it can be changed optionally in the
// settings, so you might not always get it in $_POST.
if (!isset($password) || !empty($_POST["password"])) {
$password = $hasher->HashPassword($_POST["password"]);
}
if (!isset($header_inject)) {
$header_inject = "";
}
if (isset($_POST["header_inject"])) {
$header_inject = addslashes($_POST["header_inject"]);
}
if (!isset($footer_inject)) {
$footer_inject = "";
}
if (isset($_POST["footer_inject"])) {
$footer_inject = addslashes($_POST["footer_inject"]);
}
// Output submitted setup values.
$config[] = $this->settings_format("blog_email", $blog_email);
$config[] = $this->settings_format("blog_twitter", $blog_twitter);
$config[] = $this->settings_format("blog_url", $blog_url);
$config[] = $this->settings_format("blog_title", $blog_title);
$config[] = $this->settings_format("meta_description", $meta_description);
$config[] = $this->settings_format("intro_title", $intro_title);
$config[] = $this->settings_format("intro_text", $intro_text);
$config[] = "password = '******'";
$config[] = $this->settings_format("header_inject", $header_inject);
$config[] = $this->settings_format("footer_inject", $footer_inject);
$config[] = $this->settings_format("template", $template);
$config[] = $this->settings_format("file_ext", $file_ext);
// Create the settings file.
file_put_contents($this->settings_file, implode("\n", $config));
// Redirect
header("Location: " . $blog_url);
}
}
