Auth token for users
This commit is contained in:
Diego Najar
parent
168483f771
commit
967cbb5179
|
|
@ -237,14 +237,8 @@ class Plugin {
|
|||
|
||||
public function uninstall()
|
||||
{
|
||||
// Delete all files.
|
||||
$files = Filesystem::listFiles( $this->phpPathDB() );
|
||||
foreach($files as $file) {
|
||||
unlink($file);
|
||||
}
|
||||
|
||||
// Delete the directory.
|
||||
rmdir(PATH_PLUGINS_DATABASES.$this->directoryName);
|
||||
$path = PATH_PLUGINS_DATABASES.$this->directoryName;
|
||||
return Filesystem::deleteRecursive($path);
|
||||
}
|
||||
|
||||
public function installed()
|
||||
|
|
@ -279,6 +273,7 @@ class Plugin {
|
|||
return $this->save();
|
||||
}
|
||||
|
||||
// Returns the parameters after the URI, FALSE if the URI doesn't match with the webhook
|
||||
public function webhook($URI=false)
|
||||
{
|
||||
global $Url;
|
||||
|
|
@ -296,7 +291,7 @@ class Plugin {
|
|||
}
|
||||
|
||||
Log::set(__METHOD__.LOG_SEP.'Webhook requested.');
|
||||
return true;
|
||||
return mb_substr($URI, $length);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -13,8 +13,6 @@ if($Login->role()!=='admin') {
|
|||
// Functions
|
||||
// ============================================================================
|
||||
|
||||
|
||||
|
||||
// ============================================================================
|
||||
// Main before POST
|
||||
// ============================================================================
|
||||
|
|
@ -25,7 +23,7 @@ if($Login->role()!=='admin') {
|
|||
|
||||
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
||||
{
|
||||
if( addUser($_POST) ) {
|
||||
if( createUser($_POST) ) {
|
||||
Redirect::page('users');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,6 +70,9 @@ class dbUsers extends dbJSON
|
|||
$dataForDb['salt'] = Text::randomText(SALT_LENGTH);
|
||||
$dataForDb['password'] = sha1($dataForDb['password'].$dataForDb['salt']);
|
||||
|
||||
// Auth token
|
||||
$dataForDb['tokenAuth'] = $this->generateAuthToken();
|
||||
|
||||
// Save the database
|
||||
$this->db[$dataForDb['username']] = $dataForDb;
|
||||
return $this->save();
|
||||
|
|
@ -118,6 +121,25 @@ class dbUsers extends dbJSON
|
|||
return false;
|
||||
}
|
||||
|
||||
public function generateAuthToken()
|
||||
{
|
||||
return md5( uniqid().time().DOMAIN );
|
||||
}
|
||||
|
||||
public function setPassword($username, $password)
|
||||
{
|
||||
$salt = Text::randomText(SALT_LENGTH);
|
||||
$hash = sha1($password.$salt);
|
||||
$tokenAuth = $this->generateAuthToken();
|
||||
|
||||
$args['username'] = $username;
|
||||
$args['salt'] = $salt;
|
||||
$args['password'] = $hash;
|
||||
$args['tokenAuth'] = $tokenAuth;
|
||||
|
||||
return $this->set($args);
|
||||
}
|
||||
|
||||
// ---- OLD
|
||||
// Returns array with the username databases filtered by username, FALSE otherwise
|
||||
public function getDb($username)
|
||||
|
|
@ -186,24 +208,4 @@ class dbUsers extends dbJSON
|
|||
return $token;
|
||||
}
|
||||
|
||||
public function setPassword($username, $password)
|
||||
{
|
||||
$salt = Text::randomText(SALT_LENGTH);
|
||||
$hash = sha1($password.$salt);
|
||||
|
||||
$args['username'] = $username;
|
||||
$args['salt'] = $salt;
|
||||
$args['password'] = $hash;
|
||||
|
||||
return $this->set($args);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -340,7 +340,7 @@ function deleteUser($args, $deleteContent=false)
|
|||
return false;
|
||||
}
|
||||
|
||||
function addUser($args) {
|
||||
function createUser($args) {
|
||||
global $dbUsers;
|
||||
global $Language;
|
||||
global $Syslog;
|
||||
|
|
|
|||
|
|
@ -263,6 +263,8 @@
|
|||
"new-category-created": "New category created",
|
||||
"new-page-created": "New page created",
|
||||
"page-deleted": "Page deleted",
|
||||
"changes-on-settings": "Changes on settings"
|
||||
"page-edited": "Page edited",
|
||||
"changes-on-settings": "Changes on settings",
|
||||
"plugin-installed": "Plugin installed"
|
||||
|
||||
}
|
||||
|
|
@ -38,7 +38,7 @@ class pluginAPI extends Plugin {
|
|||
// API HOOKS
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
public function beforeRulesLoad()
|
||||
public function beforeAll()
|
||||
{
|
||||
global $Url;
|
||||
global $dbPages;
|
||||
|
|
@ -46,17 +46,11 @@ class pluginAPI extends Plugin {
|
|||
|
||||
// CHECK URL
|
||||
// ------------------------------------------------------------
|
||||
// Check if the URI start with /api/
|
||||
$startString = HTML_PATH_ROOT.'api/';
|
||||
$URI = $Url->uri();
|
||||
$length = mb_strlen($startString, CHARSET);
|
||||
if( mb_substr($URI, 0, $length)!=$startString ) {
|
||||
$URI = $this->webhook('api');
|
||||
if( $URI===false ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Remove the first part of the URI
|
||||
$URI = mb_substr($URI, $length);
|
||||
|
||||
// METHOD
|
||||
// ------------------------------------------------------------
|
||||
$method = $this->getMethod();
|
||||
|
|
@ -178,8 +172,12 @@ class pluginAPI extends Plugin {
|
|||
break;
|
||||
}
|
||||
|
||||
if(!is_string($inputs)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Input data need to be JSON
|
||||
$inputs = json_decode(file_get_contents('php://input'),true);
|
||||
$inputs = json_decode($inputs,true);
|
||||
|
||||
// Sanitize inputs
|
||||
foreach($inputs as $key=>$value) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue