diff --git a/api.php b/api.php index 7c411ce..ce72603 100644 --- a/api.php +++ b/api.php @@ -172,7 +172,7 @@ if ($values != null || $values != "") { ]; break; } - + if (DEBUGMOD) $notificationData['body'] .= ' value='.$value['value']; if ($notificationData != []) { $subscribers = $notificationMng::getSubscription(); foreach ($subscribers as $key => $subscriber) { diff --git a/app/class/UserManager.php b/app/class/UserManager.php index cc9e54a..af04549 100644 --- a/app/class/UserManager.php +++ b/app/class/UserManager.php @@ -3,8 +3,8 @@ class UserManager { public function getUsers () { try { - $allRoom = Db::loadAll ("SELECT * FROM users"); - return $allRoom; + $allUsers = Db::loadAll ("SELECT user_id, username, at_home, ota FROM users"); + return $allUsers; } catch(PDOException $error) { echo $error->getMessage(); die(); @@ -26,12 +26,12 @@ class UserManager if ($user = Db::loadOne ('SELECT * FROM users WHERE LOWER(username)=LOWER(?)', array ($username))) { if ($user['password'] == UserManager::getHashPassword($password)) { if (isset($rememberMe) && $rememberMe == 'true') { - setcookie ("rememberMe", $this->setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])), $_SERVER['HTTP_HOST'], 1); + setcookie ("rememberMe", $this->setEncryptedCookie($user['username']), time () + (30 * 24 * 60 * 60 * 1000), BASEDIR, $_SERVER['HTTP_HOST'], 1); } $_SESSION['user']['id'] = $user['user_id']; - $page = "./index.php"; + $page = ""; if ($user["startPage"] == 1) { - $page = "./dashboard.php"; + $page = "dashboard"; } unset($_POST['login']); return $page; @@ -62,9 +62,12 @@ class UserManager } public function logout () { - setcookie ("rememberMe","", time() - (30 * 24 * 60 * 60 * 1000), str_replace("login", "", str_replace('https://' . $_SERVER['HTTP_HOST'], "", $_SERVER['REQUEST_URI'])), $_SERVER['HTTP_HOST'], 1); unset($_SESSION['user']); session_destroy(); + if (isset($_COOKIE['rememberMe'])){ + unset($_COOKIE['rememberMe']); + setcookie("rememberMe", 'false', time(), BASEDIR, $_SERVER['HTTP_HOST']); + } } public function setEncryptedCookie($value){ @@ -98,12 +101,14 @@ class UserManager return false; } - public static function getUserData ($type) { + public static function getUserData ($type, $userId = '') { if (isset($_SESSION['user']['id'])) { - $user = Db::loadOne ('SELECT ' . $type . ' FROM users WHERE user_id=?', array ($_SESSION['user']['id'])); - return $user[$type]; + $userId = $_SESSION['user']['id']; + } else { + return ""; } - return ""; + $user = Db::loadOne ('SELECT ' . $type . ' FROM users WHERE user_id=?', array ($userId)); + return $user[$type]; } public function setUserData ($type, $value) { @@ -118,63 +123,59 @@ class UserManager return $hashPassword; } - public function ulozitObrazek ($file, $path = "", $name = "") { - if (!@is_array (getimagesize($file['tmp_name']))) { - throw new ChybaUzivatele("Formát obrázku ". $file['name'] ." není podporován!"); - } else { - $extension = strtolower(strrchr($file['name'], '.')); - switch ($extension) { - case '.jpg': - case '.jpeg': - $img = @imagecreatefromjpeg($file['tmp_name']); - break; - case '.gif': - $img = @imagecreatefromgif($file['tmp_name']); - break; - case '.png': - $img2 = @imagecreatefrompng($file['tmp_name']); - break; - case '.ico': - $img3 = @$file['tmp_name']; - break; - default: - $img = false; - break; - } - if($name == ""){ - $nazev = substr($file['name'], 0, strpos($file['name'], ".")) ."_". round(microtime(true) * 1000); - }else{ - $nazev = $name; - } - if(!file_exists($path)){ - mkdir($path, 0777, true); - } - if (@$img) { - if (!imagejpeg ($img, $path . $nazev .".jpg", 95)) { - throw new ChybaUzivatele ("Obrázek neuložen!"); - } - imagedestroy ($img); - } else if (@$img2) { - if (!imagepng ($img2, $path . $nazev .".jpg")) { - throw new ChybaUzivatele ("Obrázek neuložen!"); - } - imagedestroy ($img2); - } else if (@$img3) { - if (!copy($img3, $path . $nazev .'.ico')) { - throw new ChybaUzivatele ("Obrázek neuložen!"); - } - } - return array('success' => true, 'url' => $path . $nazev .".jpg"); - } - } - - public function atHome($userId, $atHome){ - try { - Db::edit ('users', ['at_home' => $atHome], 'WHERE user_id = ?', array($userId)); - } catch(PDOException $error) { - echo $error->getMessage(); - die(); - } + public function atHome($userId, $atHome){ + try { + Db::edit ('users', ['at_home' => $atHome], 'WHERE user_id = ?', array($userId)); + } catch(PDOException $error) { + echo $error->getMessage(); + die(); } } - ?> + + public function changePassword($oldPassword, $newPassword, $newPassword2){ + if ($newPassword == $newPassword2) { + //Password Criteria + $oldPasswordSaved = self::getUserData('password'); + if (self::getHashPassword($oldPassword) == $oldPasswordSaved) { + self::setUserData('password', self::getHashPassword($newPassword)); + } else { + throw new Exception ("old password did not match"); + } + } else { + throw new Exception ("new password arent same"); + } + } + + public function createUser($userName, $password){ + $userId = Db::loadOne('SELECT * FROM users WHERE username = ?;', array($userName))['user_id']; + if ($userId != null) { + return false; + }; + try { + $user = [ + 'username' => $userName, + 'password' => self::getHashPassword($password), + ]; + return Db::add ('users', $user); + } catch(PDOException $error) { + echo $error->getMessage(); + die(); + } + } + + public function haveOtaEnabled($userName){ + $ota = $this->getUser($userName)['ota']; + + if ($ota != ''){ + return ($ota != '' ? $ota : false); + } else { + return false; + } + } + + public function setOta($code, $secret){ + $userId = $_SESSION['user']['id']; + Db::edit ('users', ['ota' => $secret], 'WHERE user_id = ?', array($userId)); + } +} +?> diff --git a/app/controls/login.php b/app/controls/login.php new file mode 100644 index 0000000..a8b685e --- /dev/null +++ b/app/controls/login.php @@ -0,0 +1,51 @@ +haveOtaEnabled($userName); + if ($ota == "") { + $landingPage = $userManager->login($userName, $userPassword, $rememberMe); + header('Location: ' . BASEDIR . $landingPage); + die(); + } + + $_SESSION['USERNAME'] = $userName; + $_SESSION['PASSWORD'] = $userPassword; + $_SESSION['REMEMBER'] = $rememberMe; + $_SESSION['OTA'] = $ota; +} else if ( + isset($_POST['otaCode']) && + $_POST['otaCode'] != '' +) { + + $otaCode = $_POST['otaCode']; + $otaSecret = $_POST['otaSecret']; + + $ga = new PHPGangsta_GoogleAuthenticator(); + $ota = $_SESSION['OTA']; + $userName = $_SESSION['USERNAME']; + $userPassword = $_SESSION['PASSWORD']; + $rememberMe = $_SESSION['REMEMBER']; + unset($_SESSION['OTA']); + $checkResult = $ga->verifyCode($otaSecret, $otaCode, 2); // 2 = 2*30sec clock tolerance + if ($checkResult) { + $landingPage = $userManager->login($userName, $userPassword, $rememberMe); + header('Location: ' . BASEDIR . $landingPage); + echo 'OK'; + } else { + echo 'FAILED'; + } + //TODO: upravi a ověřit jeslti ja zabezpečené + //TODO: + die(); +} diff --git a/app/controls/setting.php b/app/controls/setting.php new file mode 100644 index 0000000..3bde544 --- /dev/null +++ b/app/controls/setting.php @@ -0,0 +1,29 @@ +verifyCode($otaSecret, $otaCode, 2); // 2 = 2*30sec clock tolerance + if ($checkResult) { + UserManager::setOta($otaCode, $otaSecret); + } + header('Location: ' . BASEDIR . 'setting'); + die(); + } +} diff --git a/app/templates/part/deviceDetail.phtml b/app/templates/part/deviceDetail.phtml index 7197648..d0bcbe0 100644 --- a/app/templates/part/deviceDetail.phtml +++ b/app/templates/part/deviceDetail.phtml @@ -10,66 +10,72 @@
- - - - - + + - - + + - - - - - +
+ + + $value) { ?> - - + + + + + @@ -77,4 +83,4 @@
echo('t_time');?>echo('t_raw');?> echo('t_state');?>
format(DATEFORMAT); ?>format(DATEFORMAT); ?>
- \ No newline at end of file + diff --git a/app/templates/setting.phtml b/app/templates/setting.phtml index 78a4c54..e6d2356 100644 --- a/app/templates/setting.phtml +++ b/app/templates/setting.phtml @@ -21,7 +21,7 @@
-

+

echo('t_pageAfterLogIn') ?>

@@ -56,15 +56,91 @@ echo('b_rooms') ?>
+
+

echo('t_changePassword') ?>

+ +
+
echo('l_oldPassword') ?>:
+ +
+
+
echo('l_newPassword') ?>:
+ +
+
+
echo('l_newPassword') ?>:
+ +
+
+ +
+ +
+
+

echo('t_ota') ?>

+ + + +
+
+
echo('l_gooleAutenticatorOtaCode') ?>:
+ + +
+
+ +
+
+ + + +
+
+

echo('t_listUsers') ?>

+ + + + + + + + + + $user) { ?> + + + + + + + +
echo('t_userName');?>echo('t_ota');?>echo('t_action');?>
' : ''); ?>
+
+
+

echo('t_createuser') ?>

+
+
+
echo('l_userName') ?>:
+ +
+
+
echo('l_password') ?>:
+ +
+
+ +
+
+
- - + + - render(); ?> - + + diff --git a/app/views/Home.php b/app/views/Home.php index 0f2cb2a..7ef00a1 100644 --- a/app/views/Home.php +++ b/app/views/Home.php @@ -22,10 +22,10 @@ class Home extends Template $usersAtHome = ''; $i = 0; foreach ($users as $user) { - $i++; if ($user['at_home'] == 'true') { + $i++; $usersAtHome .= $user['username']; - if ($usersAtHome != "" && isset($users[$i + 1])){ + if ($usersAtHome != "" && isset($users[$i + 1]) && $users[$i + 1]['at_home'] == 'true'){ $usersAtHome .= ', '; } } @@ -44,6 +44,7 @@ class Home extends Template foreach ($subDevicesData as $subDeviceKey => $subDeviceData) { $events = RecordManager::getLastRecord($subDeviceData['subdevice_id'], 5); + $eventsRaw = $events; $connectionError = true; $parsedValue = ""; @@ -103,6 +104,7 @@ class Home extends Template $parsedValue = $replacementTrue; } + //parsing last events values foreach ($events as $key => $value) { $events[$key]['value'] = $replacementFalse; @@ -127,6 +129,7 @@ class Home extends Template $subDevices[$subDeviceData['subdevice_id']] = [ 'events'=> $events, + 'eventsRaw'=> $eventsRaw, 'type' => $subDeviceData['type'], 'unit' => $subDeviceData['unit'], 'comError' => $connectionError, diff --git a/app/views/Setting.php b/app/views/Setting.php index 79618d9..dc80af2 100644 --- a/app/views/Setting.php +++ b/app/views/Setting.php @@ -3,6 +3,7 @@ class Setting extends Template { function __construct() { + global $userManager; global $langMng; @@ -27,6 +28,24 @@ class Setting extends Template $template->prepare('langMng', $langMng); $template->prepare('automations', $automations); + $users = $userManager->getUsers(); + $template->prepare('users', $users); + + if ($userManager->getUserData('ota') == ''){ + $ga = new PHPGangsta_GoogleAuthenticator(); + $otaSecret = $ga->createSecret(); + $qrCodeUrl = $ga->getQRCodeGoogleUrl('Smart Home', $otaSecret); + $oneCode = $ga->getCode($otaSecret); + $template->prepare('qrUrl', $qrCodeUrl); + $template->prepare('otaSecret', $otaSecret); + $template->prepare('otaCode', $oneCode); + + // echo "Secret is: ".$secret."\n\n"; + // echo "Google Charts URL for the QR-Code: ".$qrCodeUrl."\n\n"; + // echo "Checking Code '$oneCode' and Secret '$otaSecret':\n"; + } + + $template->render(); } }