Fix #3

kimbtech · kimbtech · commit ab0a8fde91a5 · 2020-09-26T23:00:37.000+02:00
diff --git a/VERSION b/VERSION
@@ -1,4 +1,4 @@
 latest
-0.2.8
-0.2
+0.3.0
+0.3
 0
diff --git a/php/core/Login.php b/php/core/Login.php
@@ -19,13 +19,15 @@ class Login {
 
 	private JSONReader $groupList;
 
-	public function __construct( string $group = '', string $client = '', string $token = '' ) {
+	public function __construct( string $group = '', string $token = '', string $client = '' ) {
 		$this->groupList = new JSONReader('groups');
 		if(!empty($group) && !empty($client) && !empty($token)){
 			$this->apiClientLogin($group, $client, $token);
 		}
-
-		if( TaskTimeTerminate === 'GUI' && session_status() === PHP_SESSION_ACTIVE ){
+		else if(!empty($group) && !empty($token)){
+			$this->sessionLogin($group, $token);
+		}
+		else if( TaskTimeTerminate === 'GUI' && session_status() === PHP_SESSION_ACTIVE ){
 			$this->userSessionLogin();
 		}
 	}
@@ -44,6 +46,18 @@ private function apiClientLogin(string $group, string $client, string $token) :
 		$this->logUserOut();
 	}
 
+	public function sessionLogin(string $group, string $token) : void {
+		if( $this->groupList->isValue([$group]) ){
+			$sid = $this->groupList->searchValue([$group, 'sessions'], $token, 'token');
+			if( $sid !== false ){
+				$this->logUserIn($group);
+				$this->groupList->setValue([$group, 'sessions', $sid, 'used'], time()); 
+				return;
+			}
+		}
+		$this->logUserOut();
+	}
+
 	private function userSessionLogin() : void {
 		$this->loggedIn = isset($_SESSION['login']) && $_SESSION['login'] === true
 			&& $_SESSION['login_time'] + 600 > time();
@@ -56,14 +70,27 @@ private function userSessionLogin() : void {
 		}
 	}
 
-	public function userLogin(string $group, string $password) : void {
+	public function userLogin(string $group, string $password, bool $stayLoggedIn = false) : ?string {
 		if( $this->groupList->isValue([$group]) ){
 			if(self::checkHashedPassword($password, $this->groupList->getValue([$group, 'passhash']))){
 				$this->logUserIn($group);
-				return;
+
+				if( $stayLoggedIn ) {
+					$token = Utilities::randomCode(50, Utilities::ID);
+					$this->groupList->setValue([$group, 'sessions', null], array(
+						"browseros" => Utilities::getBrowserOS(),
+						"used" => 0,
+						"token" => $token
+					));
+					return $token;
+				}
+				else{
+					return null;
+				}
 			}
 		}
 		$this->logUserOut();
+		return null;
 	}
 
 	private function logUserIn(string $group, string $device = "") : void {
diff --git a/php/core/ParamParser.php b/php/core/ParamParser.php
@@ -40,6 +40,11 @@ public function isLoginPost() : bool {
 			!empty($_POST['group']) && !empty($_POST['password']); 
 	}
 
+	public function isSessionPost() : bool {
+		return $_SERVER['REQUEST_METHOD'] === 'POST' &&
+			!empty($_POST['group']) && !empty($_POST['token']); 
+	}
+
 	public function isLogoutGet() : bool {
 		return $_SERVER['REQUEST_METHOD'] === 'GET' &&
 			isset($_GET['logout']);
@@ -57,6 +62,9 @@ public function loginPost(string $name) : string {
 				}
 			}
 		}
+		else if($name === 'token' ){
+			return !empty($_POST['token']) && is_string($_POST['token']) ? preg_replace('/[^A-Za-z0-9]/', '', $_POST['token']) : '';
+		}
 		return '';
 	}
 
diff --git a/php/core/WebGUI.php b/php/core/WebGUI.php
@@ -31,14 +31,6 @@ public function __construct( ParamParser $param, Login $login ) {
 		$this->param = $param;
 
 		$this->mainTemp = new Template('main');
-		if($this->login->isLoggedIn()){
-			$this->mainTemp->setContent('DISPLAYLOGOUTBOX', '');
-			$this->mainTemp->setContent('GROUP', $this->login->getGroup());
-		}
-		else{
-			$this->mainTemp->setContent('HOMELINK', '');
-		}
-
 		$this->fillTemplateWithImprint($this->mainTemp);
 	}
 
@@ -152,14 +144,18 @@ public function accountManage() : void {
 		}
 	}
 
+	public function showLoginToken(string $token) : void {
+		$this->mainTemp->setContent('MOREHEADER', '<script>localStorage.setItem("loginToken", "'. $token .','. $this->login->getGroup() .'");</script>');
+	}
+
 	public function deviceManage() : void {
 		$this->mainTemp->setContent('TITLE', 'Device Management');
 		$device = new Template('device');
 		$this->mainTemp->includeTemplate($device);
 
 		$r = $this->login->getGroupList();
 		$myGroup = $this->login->getGroup();
-		if( !empty($_POST['device']) || !empty($_GET['regenerate']) || !empty($_GET['delete']) ){
+		if( !empty($_POST['device']) || !empty($_GET['regenerate']) || !empty($_GET['delete']) || isset($_GET['remove']) ){
 			$device->setContent('NOTEDISABLE','');
 			if( !empty($_POST['device']) && InputParser::checkDeviceName($_POST['device']) ){
 				$name = $_POST['device'];
@@ -208,6 +204,13 @@ public function deviceManage() : void {
 					$device->setContent('NOTEMSG','Device does not exist!');
 				}
 			}
+			else if( isset($_GET['remove']) && preg_match('/^[0-9]+$/', $_GET['remove'] ) === 1 ){
+				$device->setContent(
+					'NOTEMSG',
+					$r->isValue([$myGroup, 'sessions', $_GET['remove']]) && $r->setValue([$myGroup, 'sessions', $_GET['remove']], null) ?
+						'Deleted session!': 'Error deleting session!'
+				);
+			}
 			else{
 				$device->setContent('NOTEMSG','Invalid format!');
 			}
@@ -271,7 +274,8 @@ public function home() : void {
 			if(!empty($e)){
 				$tasks[] = array(
 					'NAME' => $this->nameList[$k],
-					'PARAM' => $e
+					'PARAM' => $e,
+					'ACTIVE' => $k === ParamParser::TASK_HOME ? 'active' : ''
 				);
 			}
 		}
@@ -292,6 +296,14 @@ public function loginForm() : void {
 	}
 
 	public function __destruct(){
+		if($this->login->isLoggedIn()){
+			$this->mainTemp->setContent('DISPLAYLOGOUTBOX', '');
+			$this->mainTemp->setContent('GROUP', $this->login->getGroup());
+		}
+		else{
+			$this->mainTemp->setContent('HOMELINK', '');
+		}
+		
 		$this->mainTemp->output();
 	}
 }
diff --git a/php/core/api/API.php b/php/core/api/API.php
@@ -35,7 +35,7 @@ public function __construct() {
 	public function request(array $post) : void {
 		$this->validatePost($post);
 		if( !$this->hasError ){
-			$this->login = new Login($post['group'], $post['client'], $post['token']);
+			$this->login = new Login($post['group'], $post['token'], $post['client']);
 			if( $this->login->isLoggedIn()){
 				$this->handleAPITask();
 			}
diff --git a/php/core/templates/home.json b/php/core/templates/home.json
@@ -2,7 +2,8 @@
 	"multiples" : {
 		"Links" : {
 			"%%NAME%%" : "",
-			"%%PARAM%%" : ""
+			"%%PARAM%%" : "",
+			"%%ACTIVE%%" : ""
 		}
 	}
 }
diff --git a/php/core/templates/home_en.html b/php/core/templates/home_en.html
@@ -1,7 +1,7 @@
 <center>
-	<ul  class="list-group">
+	<div  class="list-group">
 	<!--MULTIPLE-Links-BEGIN-->
-		<li  class="list-group-item"><a href="%%SERVERURL%%/?task=%%PARAM%%">%%NAME%%</a></li>
+		<a href="%%SERVERURL%%/?task=%%PARAM%%" class="list-group-item list-group-item-action %%ACTIVE%%">%%NAME%%</a>
 	<!--MULTIPLE-Links-END-->
-	</ul>
+	</div>
 </center>
diff --git a/php/core/templates/login_en.html b/php/core/templates/login_en.html
@@ -15,9 +15,13 @@
 	</div>
 	<div class="form-group row">
 		<div class="col-sm-2">&nbsp;</div>
-		<div class="col-sm-10">
+		<div class="col-sm-2">
 			<input type="submit" value="Login" class="btn btn-secondary">
 		</div>
+		<div class="col-sm-8 form-group form-check">
+			<input type="checkbox" name="stayloggedin" id="stayloggedin" value="yes" class="form-check-input">
+			<label class="form-check-label" for="stayloggedin">Stay logged in</label>
+		</div>
 	</div>
 	<div class="alert alert-info %%COOKIEBANNER%%" role="alert">
 		<h4 class="alert-heading">Cookies</h4>
@@ -27,5 +31,4 @@ <h4 class="alert-heading">Cookies</h4>
 		For more information see about cookies and privacy see <a href="%%IMPRESSUMURL%%" target="_blank">%%IMPRESSUMNAME%%</a>.
 	</div>
 </form>
-
-
+<script>checkForLoginCode();</script>
diff --git a/php/index.php b/php/index.php
@@ -15,13 +15,31 @@
 
 $param = new ParamParser();
 $login = new Login();
-if( !$login->isLoggedIn() && $param->isLoginPost() ){
-	$login->userLogin($param->loginPost('group'), $param->loginPost('password'));
+$gui = new WebGUI($param, $login);
+
+if( $login->isLoggedIn() ){
+	if($param->isLogoutGet()){
+		$login->logUserOut();
+	}
 }
-if($login->isLoggedIn() && $param->isLogoutGet()){
-	$login->logUserOut();
+else {
+	if( $param->isLoginPost() ){
+		$token = $login->userLogin(
+			$param->loginPost('group'),
+			$param->loginPost('password'),
+			!empty($_POST['stayloggedin']) && $_POST['stayloggedin'] === 'yes'
+		);
+		if(!is_null($token)){
+			$gui->showLoginToken($token);
+		}
+	}
+	else if( $param->isSessionPost() ) {
+		$login->sessionLogin(
+			$param->loginPost('group'),
+			$param->loginPost('token')
+		);
+	}
 }
-$gui = new WebGUI($param, $login);
 
 if( isset($_GET['err']) && in_array($_GET['err'], array(404, 403)) ){
 	$gui->errorPage($_GET['err']);
diff --git a/php/load/main.js b/php/load/main.js
@@ -34,4 +34,18 @@ $(() => {
 				}
 		});
 	});
-});
+});
+
+function checkForLoginCode(){
+	var url = window.location.href;
+	if(	localStorage.hasOwnProperty("loginToken") &&
+		( !sessionStorage.hasOwnProperty("tokenUsed") || parseInt(sessionStorage.getItem('tokenUsed')) + 10000 < Date.now() ) &&
+		url.substring(url.length - 6) !== 'logout'
+	){
+		sessionStorage.setItem("tokenUsed", Date.now());
+		let data = localStorage.getItem("loginToken").split(',');
+		$.post(url, { "group": data[1], "token": data[0]}, () => {
+			window.location.reload();
+		});
+	}
+}
diff --git a/start/migrations.php b/start/migrations.php
@@ -0,0 +1,27 @@
+<?php
+if( php_sapi_name() !== 'cli' ){
+	die('Commandline only!');
+}
+
+/** 
+ * TaskTimeTerminate Sync-Server
+ * https://github.com/KIMB-technologies/TaskTimeTerminate
+ * 
+ * (c) 2020 KIMB-technologies 
+ * https://github.com/KIMB-technologies/
+ * 
+ * released under the terms of GNU Public License Version 3
+ * https://www.gnu.org/licenses/gpl-3.0.txt
+ */
+define( 'TaskTimeTerminate', 'CLI' );
+
+require_once( '/php-code/core/load.php' );
+
+// group.json for each user empty session array
+$g = new JSONReader('groups');
+foreach( $g->getArray() as $group => $data ){
+	if(!isset($data['sessions']) || !is_array($data['sessions'])){
+		$g->setValue([$group, 'sessions'], array());
+	}
+}
+?>
diff --git a/startup-before.sh b/startup-before.sh
@@ -3,6 +3,8 @@
 
 # account
 php /start/account.php
+# data storage migrations
+php /start/migrations.php
 
 # file rights
 chown -R www-data:www-data /php-code/data/

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`latest`
`2`		`-0.2.8`
`3`		`-0.2`
	`2`	`+0.3.0`
	`3`	`+0.3`
`4`	`4`	`0`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,11 @@ public function isLoginPost() : bool {`
`40`	`40`	`!empty($_POST['group']) && !empty($_POST['password']);`
`41`	`41`	`}`
`42`	`42`
	`43`	`+ public function isSessionPost() : bool {`
	`44`	`+ return $_SERVER['REQUEST_METHOD'] === 'POST' &&`
	`45`	`+ !empty($_POST['group']) && !empty($_POST['token']);`
	`46`	`+ }`
	`47`	`+`
`43`	`48`	`public function isLogoutGet() : bool {`
`44`	`49`	`return $_SERVER['REQUEST_METHOD'] === 'GET' &&`
`45`	`50`	`isset($_GET['logout']);`
`@@ -57,6 +62,9 @@ public function loginPost(string $name) : string {`
`57`	`62`	`}`
`58`	`63`	`}`
`59`	`64`	`}`
	`65`	`+ else if($name === 'token' ){`
	`66`	`+ return !empty($_POST['token']) && is_string($_POST['token']) ? preg_replace('/[^A-Za-z0-9]/', '', $_POST['token']) : '';`
	`67`	`+ }`
`60`	`68`	`return '';`
`61`	`69`	`}`
`62`	`70`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ public function __construct() {`
`35`	`35`	`public function request(array $post) : void {`
`36`	`36`	`$this->validatePost($post);`
`37`	`37`	`if( !$this->hasError ){`
`38`		`- $this->login = new Login($post['group'], $post['client'], $post['token']);`
	`38`	`+ $this->login = new Login($post['group'], $post['token'], $post['client']);`
`39`	`39`	`if( $this->login->isLoggedIn()){`
`40`	`40`	`$this->handleAPITask();`
`41`	`41`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,8 @@`
`2`	`2`	`"multiples" : {`
`3`	`3`	`"Links" : {`
`4`	`4`	`"%%NAME%%" : "",`
`5`		`- "%%PARAM%%" : ""`
	`5`	`+ "%%PARAM%%" : "",`
	`6`	`+ "%%ACTIVE%%" : ""`
`6`	`7`	`}`
`7`	`8`	`}`
`8`	`9`	`}`