From 3f01ddce9dff69a49493541882de85854cbcebe5 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 8 Apr 2012 23:13:15 +0200 Subject: start working on users Signed-off-by: Florian Pritz --- application/config/example/config.php | 6 +-- application/config/example/routes.php | 1 + application/config/migration.php | 2 +- application/controllers/file.php | 57 +++++++++++++++------- application/controllers/user.php | 74 +++++++++++++++++++++++++++++ application/migrations/002_add_users.php | 46 ++++++++++++++++++ application/models/file_mod.php | 38 +++++---------- application/models/muser.php | 70 +++++++++++++++++++++++++++ application/views/file/delete_form.php | 8 +--- application/views/file/header.php | 10 ++++ application/views/file/upload_form.php | 7 ++- application/views/file/upload_history.php | 7 --- application/views/user/footer.php | 1 + application/views/user/header.php | 1 + application/views/user/index.php | 1 + application/views/user/login.php | 18 +++++++ application/views/user/login_successful.php | 1 + 17 files changed, 280 insertions(+), 68 deletions(-) create mode 100644 application/controllers/user.php create mode 100644 application/migrations/002_add_users.php create mode 100644 application/models/muser.php create mode 120000 application/views/user/footer.php create mode 120000 application/views/user/header.php create mode 100644 application/views/user/index.php create mode 100644 application/views/user/login.php create mode 100644 application/views/user/login_successful.php (limited to 'application') diff --git a/application/config/example/config.php b/application/config/example/config.php index bcd71a5ce..bd9ec40aa 100755 --- a/application/config/example/config.php +++ b/application/config/example/config.php @@ -224,7 +224,7 @@ $config['cache_path'] = ''; | MUST set an encryption key. See the user guide for info. | */ -$config['encryption_key'] = ''; +$config['encryption_key'] = ''; # set this to a 32char random string /* |-------------------------------------------------------------------------- @@ -248,7 +248,7 @@ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = FALSE; -$config['sess_use_database'] = FALSE; +$config['sess_use_database'] = true; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; @@ -379,8 +379,6 @@ $config['upload_max_age'] = 60*60*24*5; // 5 days // won't be deleted $config['small_upload_size'] = 1024*10; // 10KB -$config['passwordsalt'] = ''; // just enter any string you want here - $config['contact_me_url'] = ''; // ommiting this will remove the "contact me" line. /* End of file config.php */ diff --git a/application/config/example/routes.php b/application/config/example/routes.php index 2697c6b11..3ae891bfd 100755 --- a/application/config/example/routes.php +++ b/application/config/example/routes.php @@ -39,6 +39,7 @@ */ $route['default_controller'] = "file"; +$route['user/(:any)'] = "user/$1"; $route['file/(:any)'] = "file/$1"; $route['(:any)'] = "file/index/$1"; $route['404_override'] = ''; diff --git a/application/config/migration.php b/application/config/migration.php index 9a3034565..274e792a6 100644 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -21,7 +21,7 @@ $config['migration_enabled'] = true; | be upgraded / downgraded to. | */ -$config['migration_version'] = 1; +$config['migration_version'] = 2; /* diff --git a/application/controllers/file.php b/application/controllers/file.php index 5fe8a124e..a363edc00 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -24,6 +24,8 @@ class File extends CI_Controller { mb_internal_encoding('UTF-8'); $this->load->helper(array('form', 'filebin')); $this->load->model('file_mod'); + $this->load->model('muser'); + $this->var->cli_client = false; $this->file_mod->var->cli_client =& $this->var->cli_client; $this->var->latest_client = false; @@ -45,6 +47,17 @@ class File extends CI_Controller { } else { $this->var->view_dir = "file"; } + + if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { + if (!$this->muser->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { + // TODO: better message + echo "login failed.\n"; + exit; + } + } + + $this->data['username'] = $this->muser->get_username(); + } function index() @@ -87,6 +100,8 @@ class File extends CI_Controller { function upload_form() { + $this->muser->require_access(); + $data = array(); $data['title'] = 'Upload'; $data['small_upload_size'] = $this->config->item('small_upload_size'); @@ -94,6 +109,8 @@ class File extends CI_Controller { $data['upload_max_age'] = $this->config->item('upload_max_age')/60/60/24; $data['contact_me_url'] = $this->config->item('contact_me_url'); + $data['username'] = $this->muser->get_username(); + $this->load->view($this->var->view_dir.'/header', $data); $this->load->view($this->var->view_dir.'/upload_form', $data); if ($this->var->cli_client) { @@ -111,10 +128,12 @@ class File extends CI_Controller { function upload_history() { - $password = $this->file_mod->get_password(); + $this->muser->require_access(); + + $user = $this->muser->get_userid(); $this->load->library("MemcacheLibrary"); - if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$password)) { + if (! $cached = $this->memcachelibrary->get("history_".$this->var->view_dir."_".$user)) { $data = array(); $query = array(); $lengths = array(); @@ -124,14 +143,12 @@ class File extends CI_Controller { $lengths[$length_key] = 0; } - if ($password != "NULL") { - $query = $this->db->query(" - SELECT ".implode(",", $fields)." - FROM files - WHERE password = ? - ORDER BY date - ", array($password))->result_array(); - } + $query = $this->db->query(" + SELECT ".implode(",", $fields)." + FROM files + WHERE user = ? + ORDER BY date + ", array($user))->result_array(); foreach($query as $key => $item) { $query[$key]["date"] = date("r", $item["date"]); @@ -153,7 +170,7 @@ class File extends CI_Controller { $cached .= $this->load->view($this->var->view_dir.'/header', $data, true); $cached .= $this->load->view($this->var->view_dir.'/upload_history', $data, true); $cached .= $this->load->view($this->var->view_dir.'/footer', $data, true); - $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$password, $cached, 42); + $this->memcachelibrary->set('history_'.$this->var->view_dir."_".$user, $cached, 42); } echo $cached; @@ -162,12 +179,18 @@ class File extends CI_Controller { // Allow users to delete IDs if their password matches the one used when uploading function delete() { + $this->muser->require_access(); + $data = array(); $id = $this->uri->segment(3); - $password = $this->file_mod->get_password(); $data["title"] = "Delete"; $data["id"] = $id; + $process = $this->input->post("process"); + if ($this->var->cli_client) { + $process = true; + } + $data["filedata"] = $this->file_mod->get_filedata($id); if ($data["filedata"]) { $data["filedata"]["size"] = filesize($this->file_mod->file($data["filedata"]["hash"])); @@ -176,18 +199,14 @@ class File extends CI_Controller { if ($id && !$this->file_mod->id_exists($id)) { $this->output->set_status_header(404); $data["msg"] = "Unknown ID."; - } elseif ($password != "NULL") { + } elseif ($process) { if ($this->file_mod->delete_id($id)) { $this->load->view($this->var->view_dir.'/header', $data); $this->load->view($this->var->view_dir.'/deleted', $data); $this->load->view($this->var->view_dir.'/footer', $data); return; } else { - $data["msg"] = "Deletion failed. Is the password correct?"; - } - } else { - if ($this->var->cli_client) { - $data["msg"] = "No password supplied."; + $data["msg"] = "Deletion failed. Do you really own that file?"; } } $this->load->view($this->var->view_dir.'/header', $data); @@ -198,6 +217,8 @@ class File extends CI_Controller { // Handles uploaded files function do_upload() { + $this->muser->require_access(); + $data = array(); if ($this->uri->segment(3)) { diff --git a/application/controllers/user.php b/application/controllers/user.php new file mode 100644 index 000000000..4dc92bea2 --- /dev/null +++ b/application/controllers/user.php @@ -0,0 +1,74 @@ +load->library('migration'); + if ( ! $this->migration->current()) { + show_error($this->migration->error_string()); + } + + $this->load->model("muser"); + $this->data["title"] = "FileBin"; + + $this->load->helper('form'); + + $this->var->view_dir = "user/"; + } + + function index() + { + $this->data["username"] = $this->muser->get_username(); + + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'index', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + + function login() + { + $this->session->keep_flashdata("uri"); + + if ($this->input->post('process')) { + $username = $this->input->post('username'); + $password = $this->input->post('password'); + + $result = $this->muser->login($username, $password); + + if ($result !== true) { + $data['login_error'] = true; + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } else { + $uri = $this->session->flashdata("uri"); + if ($uri) { + redirect($uri); + } else { + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login_successful', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + } + } else { + $this->load->view($this->var->view_dir.'header', $this->data); + $this->load->view($this->var->view_dir.'login', $this->data); + $this->load->view($this->var->view_dir.'footer', $this->data); + } + } + + function logout() + { + $this->muser->logout(); + redirect('/'); + } + + function hash_password() + { + $password = $this->input->post("password"); + echo "hashing $password: "; + echo $this->muser->hash_password($password); + } +} diff --git a/application/migrations/002_add_users.php b/application/migrations/002_add_users.php new file mode 100644 index 000000000..297f89c09 --- /dev/null +++ b/application/migrations/002_add_users.php @@ -0,0 +1,46 @@ +db->query(" + CREATE TABLE IF NOT EXISTS `users` ( + `id` int(8) UNSIGNED NOT NULL AUTO INCREMENT, + `username` varchar(32) COLLATE ascii_general_ci NOT NULL, + `password` varchar(60) COLLATE ascii_general_ci NOT NULL, + `email` varchar(255) COLLATE ascii_general_ci NOT NULL, + PRIMARY KEY (`id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + "); + + $this->db->query(" + CREATE TABLE IF NOT EXISTS `ci_sessions` ( + `session_id` varchar(40) NOT NULL DEFAULT '0', + `ip_address` varchar(16) NOT NULL DEFAULT '0', + `user_agent` varchar(120) NOT NULL, + `last_activity` int(10) unsigned NOT NULL DEFAULT '0', + `user_data` text NOT NULL, + PRIMARY KEY (`session_id`), + KEY `last_activity_idx` (`last_activity`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8; + "); + + $this->db->query(" + ALTER TABLE `files` + ADD `user` INT(8) UNSIGNED NOT NULL DEFAULT '0', + ADD INDEX (`user`) + "); + } + + public function down() + { + $this->dbforge->drop_table('users'); + $this->dbforge->drop_table('ci_sessions'); + $this->db->query(" + ALTER TABLE `files` + DROP `user` + "); + } +} diff --git a/application/models/file_mod.php b/application/models/file_mod.php index 51557396a..08f43853c 100644 --- a/application/models/file_mod.php +++ b/application/models/file_mod.php @@ -20,7 +20,7 @@ class File_mod extends CI_Model { { $id = $this->random_id(3,6); - if ($this->id_exists($id) || $id == 'file') { + if ($this->id_exists($id) || $id == 'file' || $id == 'user') { return $this->new_id(); } else { return $id; @@ -74,32 +74,19 @@ class File_mod extends CI_Model { return $this->folder($hash).'/'.$hash; } - function hash_password($password) - { - return sha1($this->config->item('passwordsalt').$password); - } - - // Returns the password submitted by the user - function get_password() - { - $password = $this->input->post('password'); - if ($password !== false && $password !== "") { - return $this->hash_password($password); - } elseif (isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_PW'] !== '') { - return $this->hash_password($_SERVER['PHP_AUTH_PW']); - } - return 'NULL'; - } - // Add a hash to the DB // TODO: Should only update not insert; see new_id() function add_file($hash, $id, $filename) { + $this->muser->require_access(); + + $userid = $this->muser->get_userid(); + $mimetype = exec("perl ".FCPATH.'scripts/mimetype '.escapeshellarg($filename).' '.escapeshellarg($this->file($hash))); $query = $this->db->query(' - INSERT INTO `files` (`hash`, `id`, `filename`, `password`, `date`, `mimetype`) + INSERT INTO `files` (`hash`, `id`, `filename`, `user`, `date`, `mimetype`) VALUES (?, ?, ?, ?, ?, ?)', - array($hash, $id, $filename, $this->get_password(), time(), $mimetype)); + array($hash, $id, $filename, $userid, time(), $mimetype)); } function show_url($id, $mode) @@ -338,12 +325,9 @@ class File_mod extends CI_Model { function delete_id($id) { + $this->muser->require_access(); $filedata = $this->get_filedata($id); - $password = $this->get_password(); - - if ($password == "NULL") { - return false; - } + $userid = $this->muser->get_userid(); if(!$this->id_exists($id)) { return false; @@ -353,9 +337,9 @@ class File_mod extends CI_Model { DELETE FROM `files` WHERE `id` = ? - AND password = ? + AND user = ? LIMIT 1'; - $this->db->query($sql, array($id, $password)); + $this->db->query($sql, array($id, $userid)); if($this->id_exists($id)) { return false; diff --git a/application/models/muser.php b/application/models/muser.php new file mode 100644 index 000000000..0b3d26be7 --- /dev/null +++ b/application/models/muser.php @@ -0,0 +1,70 @@ +load->library("session"); + } + + function logged_in() + { + return $this->session->userdata('logged_in') == true; + } + + function login($username, $password) + { + $query = $this->db->query(' + SELECT * + FROM `users` + WHERE `username` = ? + ', array($username))->row_array(); + + if (crypt($password, $query["password"] == $password)) { + $this->session->set_userdata('logged_in', true); + $this->session->set_userdata('username', $username); + return true; + } else { + return false; + } + } + + function logout() + { + $this->session->unset_userdata('logged_in'); + $this->session->unset_userdata('username'); + } + + function get_username() + { + return $this->session->userdata('username'); + } + + function get_userid() + { + $query = $this->db->query(" + SELECT id + FROM users + WHERE username = ? + ", array($this->get_username()))->row_array(); + return $query["id"]; + } + + function require_access() + { + if ($this->logged_in()) { + return true; + } else { + $this->session->set_flashdata("uri", $this->uri->uri_string()); + redirect('user/login'); + } + } + + function hash_password($password) + { + $salt = random_alphanum(22); + return crypt($password, "$2a$10$$salt$"); + } + +} + diff --git a/application/views/file/delete_form.php b/application/views/file/delete_form.php index f617d25c7..64e0f9cd7 100644 --- a/application/views/file/delete_form.php +++ b/application/views/file/delete_form.php @@ -25,13 +25,7 @@ - - Password - - - - - + diff --git a/application/views/file/header.php b/application/views/file/header.php index e09f29f61..578ebe428 100644 --- a/application/views/file/header.php +++ b/application/views/file/header.php @@ -11,6 +11,16 @@
+ + +
+ + + + + +
+
diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php index 34dd5a77b..e1e4313a5 100644 --- a/application/views/file/upload_form.php +++ b/application/views/file/upload_form.php @@ -1,10 +1,9 @@ - +

File: -
- Optional password (for deletion and search): +