API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 1st, 2016
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.03 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*!
  3. * OS.js - JavaScript Operating System
  4. *
  5. * Mysql Handler: Login screen and session/settings handling via database
  6. * PLEASE NOTE THAT THIS AN EXAMPLE ONLY, AND SHOUD BE MODIFIED BEFORE USAGE
  7. *
  8. * Copyright (c) 2011-2016, Anders Evenrud <andersevenrud@gmail.com>
  9. * All rights reserved.
  10. *
  11. * Redistribution and use in source and binary forms, with or without
  12. * modification, are permitted provided that the following conditions are met:
  13. *
  14. * 1. Redistributions of source code must retain the above copyright notice, this
  15. * list of conditions and the following disclaimer.
  16. * 2. Redistributions in binary form must reproduce the above copyright notice,
  17. * this list of conditions and the following disclaimer in the documentation
  18. * and/or other materials provided with the distribution.
  19. *
  20. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
  21. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  22. * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  23. * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
  24. * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  25. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  26. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  27. * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  28. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  29. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30. *
  31. * @author Anders Evenrud <andersevenrud@gmail.com>
  32. * @licence Simplified BSD License
  33. */
  34.  
  35. /*
  36. See doc/example-handler.txt
  37. */
  38.  
  39. define("APIHANDLER_DSN", "mysql:host=localhost;dbname=osjs");
  40. define("APIHANDLER_USER", "osjs");
  41. define("APIHANDLER_PASS", "osjs");
  42. define("PASSWORD_BCRYPT", true);
  43.  
  44. /**
  45. * MysqlAPIHandler for sessions via database
  46. */
  47. class MysqlAPIHandler
  48. {
  49. /**
  50. * Create the database connection
  51. * @return PDO
  52. * @throws Exception
  53. */
  54. protected static function _initDB() {
  55. $args = [1002 => "SET NAMES 'utf8'"];
  56.  
  57. if ( !($db = new PDO(APIHANDLER_DSN, APIHANDLER_USER, APIHANDLER_PASS, $args)) ) {
  58. throw new Exception("Could not set up database connection");
  59. }
  60.  
  61. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  62.  
  63. return $db;
  64. }
  65.  
  66. /**
  67. * This login an user
  68. *
  69. * @param array $arguments
  70. * @return array
  71. * @throws Exception
  72. */
  73. public static function login(array $arguments) {
  74. $db = self::_initDB();
  75.  
  76. unset($_SESSION['user']);
  77.  
  78. self::checkPassword($arguments['username'], $arguments['password']);
  79.  
  80. $q = "SELECT `id`, `username`, `name`, `groups`, `settings` FROM `users` WHERE `username` = ? LIMIT 1;";
  81. $a = [$arguments['username']];
  82.  
  83. $response = false;
  84. if ( $stmt = $db->prepare($q) ) {
  85. $stmt->setFetchMode(PDO::FETCH_ASSOC);
  86. if ( $stmt->execute($a) ) {
  87. if ( $row = $stmt->fetch() ) {
  88.  
  89. $response = [
  90. "userData" => [
  91. "id" => (int)$row['id'],
  92. "username" => $row['username'],
  93. "name" => $row['name'],
  94. "groups" => (array)json_decode($row['groups'])
  95. ],
  96. "userSettings" => (array)json_decode($row['settings'])
  97. ];
  98.  
  99. if ( !$response['userData']['groups'] ) {
  100. $response['userData']['groups'] = [];
  101. }
  102. if ( !$response['userSettings'] ) {
  103. $response['userSettings'] = null;
  104. }
  105. }
  106. }
  107. }
  108.  
  109. if ( $response ) {
  110. $settings = Settings::get();
  111. $user = APIUser::login($response["userData"]);
  112.  
  113. $homedir = sprintf("%s/%s", $settings['vfs']['homes'], $user->getUsername());
  114. if ( !file_exists($homedir) ) {
  115. @mkdir($homedir);
  116. @mkdir("{$homedir}/.packages");
  117. }
  118. }
  119.  
  120. return [false, $response];
  121. }
  122.  
  123. /**
  124. * This logout the authenticated user
  125. *
  126. * @param array $arguments
  127. * @return array
  128. * @throws Exception
  129. */
  130. public static function logout(array $arguments) {
  131. $db = self::_initDB();
  132.  
  133. APIUser::logout();
  134.  
  135. return [false, true];
  136. }
  137.  
  138. /**
  139. * This updates the settings of the authenticated user
  140. *
  141. * @param array $arguments
  142. * @return array
  143. * @throws Exception
  144. */
  145. public static function settings(array $arguments) {
  146. $db = self::_initDB();
  147.  
  148. $result = false;
  149.  
  150. if ( !isset($_SESSION['user']) ) {
  151. throw new Exception("Cannot set settings without user session");
  152. }
  153.  
  154. $q = "UPDATE `users` SET `settings` = ? WHERE `id` = ?;";
  155. $a = [json_encode($arguments['settings']), $_SESSION['user']['id']];
  156.  
  157. if ( $stmt = $db->prepare($q) ) {
  158. $result = $stmt->execute($a);
  159. }
  160.  
  161. return [false, $result];
  162. }
  163.  
  164. /**
  165. * This checks the password for a given username
  166. *
  167. * @param $username
  168. * @param $password
  169. * @return bool
  170. * @throws Exception
  171. */
  172. public static function checkPassword($username, $password) {
  173. $db = self::_initDB();
  174.  
  175. $q = "SELECT `password` FROM `osjs_users` WHERE `username` = ? LIMIT 1;";
  176. $a = [$username];
  177.  
  178. if ( $stmt = $db->prepare($q) ) {
  179. $stmt->setFetchMode(PDO::FETCH_ASSOC);
  180. if ( $stmt->execute($a) ) {
  181. if ( $row = $stmt->fetch() ) {
  182.  
  183. if ( PASSWORD_BCRYPT === true) {
  184. $status = password_verify($password, $row['password']);
  185. } else {
  186. $status = ($password == $row['password']);
  187. }
  188.  
  189. if ( $status ) {
  190. return true;
  191. }
  192. }
  193. }
  194. }
  195.  
  196. throw new Exception("Invalid login credentials");
  197. }
  198.  
  199. /**
  200. * This enables full privileges for all users. Simply remove to make use of the groups
  201. *
  202. * @see APIUser
  203. * @param null $requires
  204. * @throws Exception
  205. */
  206. public static function checkPrivilege($requires = null) {
  207. APIHandler::checkPrivilege(true);
  208. }
  209. }
  210.  
  211.  
  212. API::AddHandler('login', ['MysqlAPIHandler', 'login']);
  213. API::AddHandler('logout', ['MysqlAPIHandler', 'logout']);
  214. API::AddHandler('settings', ['MysqlAPIHandler', 'settings']);
  215. API::SetHandler('MysqlAPIHandler');
  216.  
  217. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!