Auth token for users

This commit is contained in:
Diego Najar 2017-07-05 23:30:30 +02:00
parent 168483f771
commit 967cbb5179
6 changed files with 39 additions and 44 deletions

View File

@ -237,14 +237,8 @@ class Plugin {
public function uninstall()
{
// Delete all files.
$files = Filesystem::listFiles( $this->phpPathDB() );
foreach($files as $file) {
unlink($file);
}
// Delete the directory.
rmdir(PATH_PLUGINS_DATABASES.$this->directoryName);
$path = PATH_PLUGINS_DATABASES.$this->directoryName;
return Filesystem::deleteRecursive($path);
}
public function installed()
@ -279,6 +273,7 @@ class Plugin {
return $this->save();
}
// Returns the parameters after the URI, FALSE if the URI doesn't match with the webhook
public function webhook($URI=false)
{
global $Url;
@ -296,7 +291,7 @@ class Plugin {
}
Log::set(__METHOD__.LOG_SEP.'Webhook requested.');
return true;
return mb_substr($URI, $length);
}
}

View File

@ -13,8 +13,6 @@ if($Login->role()!=='admin') {
// Functions
// ============================================================================
// ============================================================================
// Main before POST
// ============================================================================
@ -25,7 +23,7 @@ if($Login->role()!=='admin') {
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
if( addUser($_POST) ) {
if( createUser($_POST) ) {
Redirect::page('users');
}
}

View File

@ -70,6 +70,9 @@ class dbUsers extends dbJSON
$dataForDb['salt'] = Text::randomText(SALT_LENGTH);
$dataForDb['password'] = sha1($dataForDb['password'].$dataForDb['salt']);
// Auth token
$dataForDb['tokenAuth'] = $this->generateAuthToken();
// Save the database
$this->db[$dataForDb['username']] = $dataForDb;
return $this->save();
@ -118,6 +121,25 @@ class dbUsers extends dbJSON
return false;
}
public function generateAuthToken()
{
return md5( uniqid().time().DOMAIN );
}
public function setPassword($username, $password)
{
$salt = Text::randomText(SALT_LENGTH);
$hash = sha1($password.$salt);
$tokenAuth = $this->generateAuthToken();
$args['username'] = $username;
$args['salt'] = $salt;
$args['password'] = $hash;
$args['tokenAuth'] = $tokenAuth;
return $this->set($args);
}
// ---- OLD
// Returns array with the username databases filtered by username, FALSE otherwise
public function getDb($username)
@ -186,24 +208,4 @@ class dbUsers extends dbJSON
return $token;
}
public function setPassword($username, $password)
{
$salt = Text::randomText(SALT_LENGTH);
$hash = sha1($password.$salt);
$args['username'] = $username;
$args['salt'] = $salt;
$args['password'] = $hash;
return $this->set($args);
}
}

View File

@ -340,7 +340,7 @@ function deleteUser($args, $deleteContent=false)
return false;
}
function addUser($args) {
function createUser($args) {
global $dbUsers;
global $Language;
global $Syslog;

View File

@ -263,6 +263,8 @@
"new-category-created": "New category created",
"new-page-created": "New page created",
"page-deleted": "Page deleted",
"changes-on-settings": "Changes on settings"
"page-edited": "Page edited",
"changes-on-settings": "Changes on settings",
"plugin-installed": "Plugin installed"
}

View File

@ -38,7 +38,7 @@ class pluginAPI extends Plugin {
// API HOOKS
// ----------------------------------------------------------------------------
public function beforeRulesLoad()
public function beforeAll()
{
global $Url;
global $dbPages;
@ -46,17 +46,11 @@ class pluginAPI extends Plugin {
// CHECK URL
// ------------------------------------------------------------
// Check if the URI start with /api/
$startString = HTML_PATH_ROOT.'api/';
$URI = $Url->uri();
$length = mb_strlen($startString, CHARSET);
if( mb_substr($URI, 0, $length)!=$startString ) {
$URI = $this->webhook('api');
if( $URI===false ) {
return false;
}
// Remove the first part of the URI
$URI = mb_substr($URI, $length);
// METHOD
// ------------------------------------------------------------
$method = $this->getMethod();
@ -178,8 +172,12 @@ class pluginAPI extends Plugin {
break;
}
if(!is_string($inputs)) {
return false;
}
// Input data need to be JSON
$inputs = json_decode(file_get_contents('php://input'),true);
$inputs = json_decode($inputs,true);
// Sanitize inputs
foreach($inputs as $key=>$value) {