diff --git a/Docs_api.txt b/Docs_api.txt new file mode 100644 index 0000000..2a4d42d --- /dev/null +++ b/Docs_api.txt @@ -0,0 +1,4 @@ +Login +https://dev.steelants.cz/vasek/home/apiFront.php +```json +{"username":"username","password":"password"}``` \ No newline at end of file diff --git a/apiFront.php b/apiFront.php index 55175f6..ef8f9c5 100644 --- a/apiFront.php +++ b/apiFront.php @@ -38,6 +38,61 @@ if (API_DEBUGMOD == 1) { $apiLogManager->write("[API] request body\n" . json_encode($obj, JSON_PRETTY_PRINT), LogRecordType::INFO); } -unset($logManager); -Db::disconect(); +$apiManager = new ApiManager(); +echo $apiManager->generateToken($obj['username'],$obj['password']); die(); + +/* +if ( + isset($obj['username']) && + $obj['username'] != '' && + isset($obj['password']) && + $obj['password'] != '' +){ + $ota = false; + $userName = $_POST['username']; + $userPassword = $_POST['password']; + $rememberMe = (isset ($_POST['remember']) ? $_POST['remember'] : ""); + $ota = $userManager->haveOtaEnabled($userName); + if ($ota == "") { + $landingPage = $userManager->login($userName, $userPassword, $rememberMe); + header('Location: ' . BASEDIR . $landingPage); + die(); + } + + $_SESSION['USERNAME'] = $userName; + $_SESSION['PASSWORD'] = $userPassword; + $_SESSION['REMEMBER'] = $rememberMe; + $_SESSION['OTA'] = $ota; +} else if ( + isset($_POST['otaCode']) && + $_POST['otaCode'] != '' +) { + + $otaCode = $_POST['otaCode']; + $otaSecret = $_POST['otaSecret']; + + $ga = new PHPGangsta_GoogleAuthenticator(); + $ota = $_SESSION['OTA']; + $userName = $_SESSION['USERNAME']; + $userPassword = $_SESSION['PASSWORD']; + $rememberMe = $_SESSION['REMEMBER']; + unset($_SESSION['OTA']); + $checkResult = $ga->verifyCode($otaSecret, $otaCode, 2); // 2 = 2*30sec clock tolerance + if ($checkResult) { + $landingPage = $userManager->login($userName, $userPassword, $rememberMe); + header('Location: ' . BASEDIR . $landingPage); + echo 'OK'; + } else { + echo 'FAILED'; + } + //TODO: upravi a ověřit jeslti ja zabezpečené + //TODO: + die(); +} +*/ + + +/*unset($logManager); +Db::disconect(); +die();*/ diff --git a/app/class/ApiManager.php b/app/class/ApiManager.php new file mode 100644 index 0000000..f559040 --- /dev/null +++ b/app/class/ApiManager.php @@ -0,0 +1,30 @@ +loginNew($username, $password); + + if ($userLogedIn != false){ + // Create token header as a JSON string + $header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']); + // Create token payload as a JSON string + $payload = json_encode(['user_id' => $userLogedIn]); + // Encode Header to Base64Url String + $base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header)); + // Encode Payload to Base64Url String + $base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload)); + // Create Signature Hash + $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, 'abC123!', true); + // Encode Signature to Base64Url String + $base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature)); + // Create JWT + $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature; + + return $jwt; + } + } + return false; + } +} diff --git a/app/class/UserManager.php b/app/class/UserManager.php index 9d69a29..8d95008 100644 --- a/app/class/UserManager.php +++ b/app/class/UserManager.php @@ -65,6 +65,24 @@ class UserManager } } + public function loginNew ($username, $password) { + try { + if ($user = Db::loadOne ('SELECT * FROM users WHERE LOWER(username)=LOWER(?)', array ($username))) { + if ($user['password'] == UserManager::getHashPassword($password)) { + echo "user loged in"; + return $user['user_id']; + } else { + return false; + } + } else { + return false; + } + } catch(PDOException $error) { + echo $error->getMessage(); + die(); + } + } + public function isLogin () { if (isset ($_SESSION['user']) && isset($_SESSION['user']['id'])) { return true;