Apps
/
NotePost
2
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Merge BusinessAppTemplate

Browse Source
master
Skylar Ittner 5 years ago
parent b259642c0a d7ca7125ce
commit 6fdf9bd083
7 changed files with 47 additions and 74 deletions
Show Stats Download Patch File Download Diff File

46
index.php
Unescape Escape View File

@ -13,8 +13,19 @@ if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_
die(); die();
} }
if (!empty($_GET['logout'])) { /**
// Show a logout message instead of immediately redirecting to login flow * Show a simple HTML page with a line of text and a button. Matches the UI of
* the AccountHub login flow.
*
* @global type $SETTINGS
* @global type $SECURE_NONCE
* @global type $Strings
* @param string $title Text to show, passed through i18n
* @param string $button Button text, passed through i18n
* @param string $url URL for the button
*/
function showHTML(string $title, string $button, string $url) {
global $SETTINGS, $SECURE_NONCE, $Strings;
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<meta charset="UTF-8"> <meta charset="UTF-8">
@ -26,7 +37,6 @@ if (!empty($_GET['logout'])) {
<link rel="icon" href="static/img/logo.svg"> <link rel="icon" href="static/img/logo.svg">
<link href="static/css/bootstrap.min.css" rel="stylesheet"> <link href="static/css/bootstrap.min.css" rel="stylesheet">
<link href="static/css/svg-with-js.min.css" rel="stylesheet">
<style nonce="<?php echo $SECURE_NONCE; ?>"> <style nonce="<?php echo $SECURE_NONCE; ?>">
.display-5 { .display-5 {
font-size: 2.5rem; font-size: 2.5rem;
@ -40,11 +50,6 @@ if (!empty($_GET['logout'])) {
border: 1px solid grey; border: 1px solid grey;
border-radius: 15%; border-radius: 15%;
} }
.blank-image {
height: 100px;
margin: 2em auto;
}
</style> </style>
<div class="container mt-4"> <div class="container mt-4">
@ -54,24 +59,25 @@ if (!empty($_GET['logout'])) {
</div> </div>
<div class="col-12 text-center"> <div class="col-12 text-center">
<h1 class="display-5 mb-4"><?php $Strings->get("You have been logged out.") ?></h1> <h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>
</div> </div>
<div class="col-12 col-sm-8 col-lg-6"> <div class="col-12 col-sm-8 col-lg-6">
<div class="card mt-4"> <div class="card mt-4">
<div class="card-body"> <div class="card-body">
<a href="./index.php" class="btn btn-primary btn-block"><?php $Strings->get("Log in again"); ?></a> <a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
<script src="static/js/fontawesome-all.min.js"></script>
<?php <?php
die();
} }
if (!empty($_GET['logout'])) {
showHTML("You have been logged out.", "Log in again", "./index.php");
die();
}
if (empty($_SESSION["login_code"])) { if (empty($_SESSION["login_code"])) {
$redirecttologin = true; $redirecttologin = true;
} else { } else {
@ -82,10 +88,17 @@ if (empty($_SESSION["login_code"])) {
} }
if (is_numeric($uidinfo['uid'])) { if (is_numeric($uidinfo['uid'])) {
$user = new User($uidinfo['uid'] * 1); $user = new User($uidinfo['uid'] * 1);
foreach ($SETTINGS['permissions'] as $perm) {
if (!$user->hasPermission($perm)) {
showHTML("no access permission", "sign out", "./action.php?action=signout");
die();
}
}
Session::start($user); Session::start($user);
$_SESSION["login_code"] = null; $_SESSION["login_code"] = null;
header('Location: app.php'); header('Location: app.php');
die("Logged in, go to app.php"); showHTML("Logged in", "Continue", "./app.php");
die();
} else { } else {
throw new Exception(); throw new Exception();
} }
@ -108,7 +121,10 @@ if ($redirecttologin) {
$_SESSION["login_code"] = $codedata["code"]; $_SESSION["login_code"] = $codedata["code"];
header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl)); $locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl);
header("Location: $locationurl");
showHTML("Continue", "Continue", $locationurl);
die();
} catch (Exception $ex) { } catch (Exception $ex) {
sendError($ex->getMessage()); sendError($ex->getMessage());
} }

11
langs/en/core.json
Unescape Escape View File

@ -1,16 +1,7 @@
{ {
"You have been logged out.": "You have been logged out.",
"Log in again": "Log in again",
"login server unavailable": "Login server unavailable. Try again later or contact technical support.",
"welcome user": "Welcome, {user}!",
"sign out": "Sign out", "sign out": "Sign out",
"settings": "Settings",
"options": "Options",
"404 error": "404 Error", "404 error": "404 Error",
"page not found": "Page not found.", "page not found": "Page not found.",
"invalid parameters": "Invalid request parameters.", "invalid parameters": "Invalid request parameters.",
"login server error": "The login server returned an error: {arg}", "login server error": "The login server returned an error: {arg}"
"login server user data error": "The login server refused to provide account information. Try again or contact technical support.",
"captcha error": "There was a problem with the CAPTCHA (robot test). Try again.",
"no access permission": "You do not have permission to access this system."
} }

8
langs/en/index.json
Unescape Escape View File

@ -0,0 +1,8 @@
{
"You have been logged out.": "You have been logged out.",
"Log in again": "Log in again",
"login server unavailable": "Login server unavailable. Try again later or contact technical support.",
"no access permission": "You do not have permission to access this system.",
"Logged in": "Logged in",
"Continue": "Continue"
}

23
lib/Login.lib.php
Unescape Escape View File

@ -45,29 +45,6 @@ class Login {
return Login::LOGIN_OK; return Login::LOGIN_OK;
} }
public static function verifyCaptcha(string $session, string $answer, string $url): bool {
$data = [
'session_id' => $session,
'answer_id' => $answer,
'action' => "verify"
];
$options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
]
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$resp = json_decode($result, TRUE);
if (!$resp['result']) {
return false;
} else {
return true;
}
}
/** /**
* Check the login server API for sanity * Check the login server API for sanity
* @return boolean true if OK, else false * @return boolean true if OK, else false

9
required.php
Unescape Escape View File

@ -32,7 +32,6 @@ session_start(); // stick some cookies in it
// renew session cookie // renew session cookie
setcookie(session_name(), session_id(), time() + $session_length, "/", false, false); setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
$captcha_server = ($SETTINGS['captcha']['enabled'] === true ? preg_replace("/http(s)?:\/\//", "", $SETTINGS['captcha']['server']) : "");
if ($_SESSION['mobile'] === TRUE) { if ($_SESSION['mobile'] === TRUE) {
header("Content-Security-Policy: " header("Content-Security-Policy: "
. "default-src 'self';" . "default-src 'self';"
@ -42,8 +41,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'none'; " . "frame-src 'none'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'unsafe-inline' $captcha_server; " . "style-src 'self' 'unsafe-inline'; "
. "script-src 'self' 'unsafe-inline' $captcha_server"); . "script-src 'self' 'unsafe-inline'");
} else { } else {
header("Content-Security-Policy: " header("Content-Security-Policy: "
. "default-src 'self';" . "default-src 'self';"
@ -53,8 +52,8 @@ if ($_SESSION['mobile'] === TRUE) {
. "frame-src 'none'; " . "frame-src 'none'; "
. "font-src 'self'; " . "font-src 'self'; "
. "connect-src *; " . "connect-src *; "
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; " . "style-src 'self' 'nonce-$SECURE_NONCE'; "
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server"); . "script-src 'self' 'nonce-$SECURE_NONCE'");
} }
// //

9
settings.template.php
Unescape Escape View File

@ -39,14 +39,11 @@ $SETTINGS = [
// API key // API key
"key" => "123" "key" => "123"
], ],
// List of required user permissions to access this app.
"permissions" => [
],
// For supported values, see http://php.net/manual/en/timezones.php // For supported values, see http://php.net/manual/en/timezones.php
"timezone" => "America/Denver", "timezone" => "America/Denver",
// Use Captcheck on login screen to slow down bots
// https://captcheck.netsyms.com
"captcha" => [
"enabled" => false,
"server" => "https://captcheck.netsyms.com"
],
// Language to use for localization. See langs folder to add a language. // Language to use for localization. See langs folder to add a language.
"language" => "en", "language" => "en",
// Shown in the footer of all the pages. // Shown in the footer of all the pages.

15
static/css/index.css
Unescape Escape View File

@ -1,15 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
.banner-image {
max-height: 100px;
margin: 2em auto;
border: 1px solid grey;
border-radius: 15%;
}
.footer {
margin-top: 10em;
text-align: center;
}
Write Preview
Loading…
Cancel
Save