WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
373118365462d65ff3dd49594e37fd218b329a0c
WKVS/www/intern/otlogin.php

481 lines
15 KiB
PHP
Raw Blame History

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
use Dotenv\Dotenv;
if (!isset($baseDir)) {
$baseDir = $_SERVER['DOCUMENT_ROOT'];
}
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session(true);
$oturl = $_GET['otl'] ?? '';
if (!$oturl) {
http_response_code(404);
exit;
}
require $baseDir . '/../scripts/db/db-functions.php';
require $baseDir . '/../scripts/db/db-tables.php';
$error = '';
class otl {
private function connectToDB() {
global $mysqli, $baseDir;
if (isset($mysqli)) { return $mysqli; }
$_SESSION['access_granted_db_otl'] = true;
$type = 'otl';
// DB
$dbconnection = require $baseDir .'/../scripts/db/db-verbindung-script.php';
if ($dbconnection['success'] !== true){
return "DB Error";
}
$_SESSION['access_granted_db_otl'] = false;
return $mysqli;
}
private function pwProcessing() {
global $baseDir;
require $baseDir . '/../composer/vendor/autoload.php';
$envFile = realpath($baseDir . '/../config/.env.pw-encryption-key');
if ($envFile === false) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => "Environment file not found"
]);
exit;
}
try {
$envDir = dirname($envFile);
$dotenv = Dotenv::createImmutable($envDir, '.env.pw-encryption-key');
$dotenv->load();
} catch (Throwable $e) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => "Dotenv error"
]);
}
$password = trim($_POST['password1']);
$passwordRep = trim($_POST['password2']);
if ($password === '' || $passwordRep === '') {
return 'Beide Felder müssen ausgefüllt sein';
}
if ($password !== $passwordRep) {
return 'Beide Passwörter müssen identisch sein';
}
$hash = password_hash($password, PASSWORD_ARGON2ID);
$iv_length = openssl_cipher_iv_length('aes-256-cbc');
$iv = random_bytes($iv_length);
$encrypted = openssl_encrypt(
'SET_BY_OTL',
'aes-256-cbc',
$_ENV['PW_ENCRYPTION_KEY'],
0,
$iv
);
$cipher_store = base64_encode($iv . $encrypted);
return ['success' => true, 'hash' => $hash, 'encpw' => $cipher_store];
}
public function logIn(int $id) {
global $baseDir;
$mysqli = $this->connectToDB();
require $baseDir . '/../scripts/db/db-tables.php';
// delete the one-time token
if (!isset($_SESSION['otl_dbid'])) {
return 'Interner Fehler';
}
$dbid = intval($_SESSION['otl_dbid']);
$stmt = $mysqli->prepare("DELETE FROM $tableOTL WHERE id = ?");
$stmt->bind_param("i", $dbid);
if (!$stmt->execute()) {
return "DB Error";
}
$stmt->close();
$sql = "SELECT freigabe FROM $tableInternUsers WHERE id = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$freigabe = $row['freigabe'];
$stmt->close();
$mysqli->close();
unset($_SESSION['set_new_password_id_user'], $_SESSION['set_new_password_granted'], $_SESSION['otl_dbid']);
$freigabenArray = json_decode($freigabe, true) ?? [];
$freigabenTypeArray = $freigabenArray['types'] ?? [];
if (count($freigabenTypeArray) > 0) {
$_SESSION = array();
session_destroy();
session_start();
}
foreach ($freigabenTypeArray as $freigabeType){
$_SESSION['access_granted_'.$freigabeType] = true;
$_SESSION['user_id_'.$freigabeType] = $id;
}
var_dump($_SESSION);
if (in_array('wk_leitung', $freigabenTypeArray)) {
header("Location: /intern/wk-leitung/logindata");
exit;
} elseif (in_array('trainer', $freigabenTypeArray)) {
header("Location: /intern/trainer");
exit;
} elseif (in_array('kampfrichter', $freigabenTypeArray)) {
header("Location: /intern/kampfrichter");
exit;
} else {
return 'Dieser Benutzer hat keine Berechtigungen.';
}
}
public function resetPW() {
global $baseDir;
$iduser = intval($_POST['user_id']);
// security: user must have passed one-time-login first
if (empty($_SESSION['set_new_password_id_user']) || empty($_SESSION['set_new_password_granted']) || $_SESSION['set_new_password_id_user'] !== $iduser || $_SESSION['set_new_password_granted'] !== true) {
http_response_code(403);
exit;
}
require $baseDir . '/../scripts/db/db-tables.php';
$mysqli = $this->connectToDB();
$pwArray = $this->pwProcessing();
if (!isset($pwArray['success']) || !$pwArray['success']) {
return 'Passwort konnte nicht verarbeitet werden';
}
// update password
$updateResult = db_update($mysqli, $tableInternUsers, ['password_hash' => $pwArray['hash'] ?? '', 'password_cipher' => $pwArray['encpw'] ?? '', 'edited_by' => 'otlogin'], ['id' => $iduser]);
if ($updateResult === false) {
return 'Passwork konnte nicht neu gesetzt werden';
}
// delete the one-time token
if (!isset($_SESSION['otl_dbid'])) {
return 'Interner Fehler';
}
$dbid = intval($_SESSION['otl_dbid']);
$stmt = $mysqli->prepare("DELETE FROM $tableOTL WHERE id = ?");
$stmt->bind_param("i", $dbid);
if (!$stmt->execute()) {
return "DB Error";
}
$stmt->close();
$this->logIn($iduser);
}
public function createUser() {
global $baseDir;
$iduser = intval($_POST['user_id']);
if (empty($_SESSION['set_new_user_id_user']) || empty($_SESSION['set_new_user_granted']) || $_SESSION['set_new_user_id_user'] !== $iduser || $_SESSION['set_new_user_granted'] !== true) {
http_response_code(403);
exit;
}
require $baseDir . '/../scripts/db/db-tables.php';
$mysqli = $this->connectToDB();
$arrayDB = [];
if (isset($_POST['password1'], $_POST['password2'])) {
$pwArray = $this->pwProcessing();
if (!isset($pwArray['success']) || !$pwArray['success']) {
return 'Passwort konnte nicht verarbeitet werden';
}
$arrayDB[] = ["name" => 'password_hash', "value" => $pwArray['hash']];
$arrayDB[] = ["name" => 'password_cipher', "value" => $pwArray['encpw']];
}
if (isset($_POST['username'])) {
$arrayDB[] = ["name" => 'username', "value" => htmlspecialchars(trim($_POST['username']))];
}
if (isset($_POST['name_person'])) {
$arrayDB[] = ["name" => 'name_person', "value" => htmlspecialchars(trim($_POST['name_person']))];
}
// --- NEW LOGIC TO UTILIZE $arrayDB ---
$updateData = [
'edited_by' => 'otlogin',
'login_active' => 1
];
// Convert the $arrayDB list into a flat associative array
if (!empty($arrayDB)) {
foreach ($arrayDB as $entry) {
$updateData[$entry['name']] = $entry['value'];
}
}
// Execute update using the dynamically built array
$updateResult = db_update(
$mysqli,
$tableInternUsers,
$updateData,
['id' => $iduser]
);
if ($updateResult === false) {
return 'Nutzer konnte nicht aktualisiert werden';
}
$this->logIn($iduser);
}
}
$pwClass = New otl();
/* ============================================================
PASSWORD SET ON POST
============================================================ */
/* ============================================================
ONE-TIME-LOGIN VALIDATION (GET)
============================================================ */
require $baseDir .'/../scripts/db/db-verbindung-script-guest.php';
// fetch one-time login record
$result = db_select(
$guest,
$tableOTL,
'id, user_id, `type`',
'url = ? AND timestamp >= NOW() - INTERVAL 24 HOUR',
[$oturl]
);
if (!$result || count($result) !== 1) {
echo 'forbidden';
http_response_code(403);
exit;
}
$dbid = intval($result[0]['id']);
$iduser = intval($result[0]['user_id']);
if (isset($_POST['password1'], $_POST['password2'], $_POST['setpasswordbtn'], $_POST['user_id']) && $result[0]['type'] === 'pwreset') { $error = $pwClass->resetPW() ?? ''; }
elseif (isset($_POST['setpasswordbtn'], $_POST['user_id']) && $result[0]['type'] === 'create_profile') { $error = $pwClass->createUser() ?? ''; }
// store dbid for later deletion
$_SESSION['otl_dbid'] = $dbid;
if ($result[0]['type'] === 'login') {
$pwClass->logIn($iduser);
}
if ($result[0]['type'] === 'pwreset') {
$userinfo = db_select($guest, $tableInternUsers, 'username', 'id = ?', [$iduser]);
$username = $userinfo[0]['username'];
if (!$userinfo || count($userinfo) !== 1) {
echo 'Ungültige Benutzerinformationen';
exit;
}
// set session token that grants password reset
$_SESSION['set_new_password_id_user'] = $iduser;
$_SESSION['set_new_password_granted'] = true;
$hasUsername = true;
$hasName = true;
} elseif ($result[0]['type'] === 'create_profile') {
$userinfo = db_select($guest, $tableInternUsers, 'username, `password_hash`, `name_person`', 'id = ?', [$iduser]);
if (!$userinfo || count($userinfo) !== 1) {
echo 'Ungültige Benutzerinformationen';
exit;
}
$hasPW = $userinfo[0]['password_hash'] !== null;
$hasUsername = $userinfo[0]['username'] !== '';
$username = $userinfo[0]['username'];
$hasName = $userinfo[0]['name_person'] !== '';
unset($userinfo);
// set session token that grants password reset
$_SESSION['set_new_user_id_user'] = $iduser;
$_SESSION['set_new_user_granted'] = true;
}
// fetch user
$guest->close();
?>
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="png" href="/intern/img/icon.png">
<title>Einmal Login</title>
<script src="/intern/js/jquery/jquery-3.7.1.min.js"></script>
<link href="/files/fonts/fonts.css" rel="stylesheet">
<link href="/intern/css/otl.css" rel="stylesheet">
<script src="/intern/js/custom-msg-display.js"></script>
</head>
<body>
<section class="page-secure-login">
<div class="bg-picture-secure-login">
<img src="/intern/img/login/bgOtl.webp">
</div>
<div class="bg-secure-login">
<div class="bg-secure-login-form">
<h1>Einmal-Login</h1>
<p style="font-weight:400; line-height: 1.5; margin-bottom: 50px;">
</p>
<form method="post">
<?php if (!$hasUsername) : ?>
<label for="username">Benutzername</label><br>
<div class="divShowPw">
<input type="text" name="username" id="username" placeholder="Benutzername" required>
</div><br>
<?php endif; ?>
<?php if (!$hasName) : ?>
<label for="name_person">Name</label><br>
<div class="divShowPw">
<input type="text" name="name_person" id="name_person" placeholder="Max Muster" required>
</div><br>
<?php endif; ?>
<label for="password1">Neues Passwort eingeben</label><br>
<div class="divShowPw">
<input type="password" name="password1" id="password1" placeholder="Passwort" required>
<button type="button" class="togglePassword">
<svg class="eyeIcon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" stroke="#000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/>
<circle cx="12" cy="12" r="3"/>
</svg>
</button>
</div><br>
<label for="password2">Neues Passwort wiederholen</label><br>
<div class="divShowPw" id="lastDivShowPw">
<input type="password" name="password2" id="password2" placeholder="Passwort" required>
<button type="button" class="togglePassword">
<svg class="eyeIcon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" stroke="#000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/>
<circle cx="12" cy="12" r="3"/>
</svg>
</button>
</div>
<input type="hidden" name="user_id" value="<?= $iduser ?>">
<input type="submit" name="setpasswordbtn" value="Einloggen">
</form>
<?php if ($error !== ''): ?>
<p style="color:red;"><?php echo $error; ?></p>
<?php endif; ?>
</div>
</div>
</section>
<a class="seclog_home_link" href="/"><img src="/intern/img/logo-normal.png" width="64" height="64"></a>
<script>
const toggleButtons = document.querySelectorAll('.togglePassword');
toggleButtons.forEach((el) => {
el.addEventListener('click', () => {
const passwordInput = el.parentElement.querySelector("input");
const eyeIcon = el.querySelector(".eyeIcon");
const type = passwordInput.getAttribute('type') === 'password' ? 'text' : 'password';
passwordInput.setAttribute('type', type);
// Swap between eye and eye-with-line
if (type === 'password') {
// Eye (show)
eyeIcon.innerHTML = '<path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/>';
} else {
// Eye with slash (hide)
eyeIcon.innerHTML = '<path d="M17.94 17.94L6.06 6.06"/><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/>';
}
});
});
</script>
</body>
</html>
<?php /*<form id="setpasswordform" method="post">
<label for="password">Neues Passwort setzen:</label>
<input type="text" name="password" id="password" placeholder="Neues Passwort hier eingeben">
<input name="setpasswordbtn" type="submit" value="Passwort setzen">
</form>*/
?>
Reference in New Issue View Git Blame Copy Permalink