r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Auth token for users

This commit is contained in:
Diego Najar 2017-07-05 23:30:30 +02:00
parent 168483f771
commit 967cbb5179
6 changed files with 39 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bl-kernel/abstract/plugin.class.php
View File

@ -237,14 +237,8 @@ class Plugin {
public function uninstall() public function uninstall()
{ {
// Delete all files. $path = PATH_PLUGINS_DATABASES.$this->directoryName;
$files = Filesystem::listFiles( $this->phpPathDB() ); return Filesystem::deleteRecursive($path);
foreach($files as $file) {
unlink($file);
}
// Delete the directory.
rmdir(PATH_PLUGINS_DATABASES.$this->directoryName);
} }
public function installed() public function installed()
@ -279,6 +273,7 @@ class Plugin {
return $this->save(); return $this->save();
} }
// Returns the parameters after the URI, FALSE if the URI doesn't match with the webhook
public function webhook($URI=false) public function webhook($URI=false)
{ {
global $Url; global $Url;
@ -296,7 +291,7 @@ class Plugin {
} }
Log::set(__METHOD__.LOG_SEP.'Webhook requested.'); Log::set(__METHOD__.LOG_SEP.'Webhook requested.');
return true; return mb_substr($URI, $length);
} }
} }

4
bl-kernel/admin/controllers/add-user.php
View File

@ -13,8 +13,6 @@ if($Login->role()!=='admin') {
// Functions // Functions
// ============================================================================ // ============================================================================
// ============================================================================ // ============================================================================
// Main before POST // Main before POST
// ============================================================================ // ============================================================================
@ -25,7 +23,7 @@ if($Login->role()!=='admin') {
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{ {
if( addUser($_POST) ) { if( createUser($_POST) ) {
Redirect::page('users'); Redirect::page('users');
} }
} }

42
bl-kernel/dbusers.class.php
View File

@ -70,6 +70,9 @@ class dbUsers extends dbJSON
$dataForDb['salt'] = Text::randomText(SALT_LENGTH); $dataForDb['salt'] = Text::randomText(SALT_LENGTH);
$dataForDb['password'] = sha1($dataForDb['password'].$dataForDb['salt']); $dataForDb['password'] = sha1($dataForDb['password'].$dataForDb['salt']);
// Auth token
$dataForDb['tokenAuth'] = $this->generateAuthToken();
// Save the database // Save the database
$this->db[$dataForDb['username']] = $dataForDb; $this->db[$dataForDb['username']] = $dataForDb;
return $this->save(); return $this->save();
@ -118,6 +121,25 @@ class dbUsers extends dbJSON
return false; return false;
} }
public function generateAuthToken()
{
return md5( uniqid().time().DOMAIN );
}
public function setPassword($username, $password)
{
$salt = Text::randomText(SALT_LENGTH);
$hash = sha1($password.$salt);
$tokenAuth = $this->generateAuthToken();
$args['username'] = $username;
$args['salt'] = $salt;
$args['password'] = $hash;
$args['tokenAuth'] = $tokenAuth;
return $this->set($args);
}
// ---- OLD // ---- OLD
// Returns array with the username databases filtered by username, FALSE otherwise // Returns array with the username databases filtered by username, FALSE otherwise
public function getDb($username) public function getDb($username)
@ -186,24 +208,4 @@ class dbUsers extends dbJSON
return $token; return $token;
} }
public function setPassword($username, $password)
{
$salt = Text::randomText(SALT_LENGTH);
$hash = sha1($password.$salt);
$args['username'] = $username;
$args['salt'] = $salt;
$args['password'] = $hash;
return $this->set($args);
}
} }

2
bl-kernel/functions.php
View File

@ -340,7 +340,7 @@ function deleteUser($args, $deleteContent=false)
return false; return false;
} }
function addUser($args) { function createUser($args) {
global $dbUsers; global $dbUsers;
global $Language; global $Language;
global $Syslog; global $Syslog;

4
bl-languages/en_US.json
View File

@ -263,6 +263,8 @@
"new-category-created": "New category created", "new-category-created": "New category created",
"new-page-created": "New page created", "new-page-created": "New page created",
"page-deleted": "Page deleted", "page-deleted": "Page deleted",
"changes-on-settings": "Changes on settings" "page-edited": "Page edited",
"changes-on-settings": "Changes on settings",
"plugin-installed": "Plugin installed"
} }

18
bl-plugins/api/plugin.php
View File

@ -38,7 +38,7 @@ class pluginAPI extends Plugin {
// API HOOKS // API HOOKS
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
public function beforeRulesLoad() public function beforeAll()
{ {
global $Url; global $Url;
global $dbPages; global $dbPages;
@ -46,17 +46,11 @@ class pluginAPI extends Plugin {
// CHECK URL // CHECK URL
// ------------------------------------------------------------ // ------------------------------------------------------------
// Check if the URI start with /api/ $URI = $this->webhook('api');
$startString = HTML_PATH_ROOT.'api/'; if( $URI===false ) {
$URI = $Url->uri();
$length = mb_strlen($startString, CHARSET);
if( mb_substr($URI, 0, $length)!=$startString ) {
return false; return false;
} }
// Remove the first part of the URI
$URI = mb_substr($URI, $length);
// METHOD // METHOD
// ------------------------------------------------------------ // ------------------------------------------------------------
$method = $this->getMethod(); $method = $this->getMethod();
@ -178,8 +172,12 @@ class pluginAPI extends Plugin {
break; break;
} }
if(!is_string($inputs)) {
return false;
}
// Input data need to be JSON // Input data need to be JSON
$inputs = json_decode(file_get_contents('php://input'),true); $inputs = json_decode($inputs,true);
// Sanitize inputs // Sanitize inputs
foreach($inputs as $key=>$value) { foreach($inputs as $key=>$value) {