gregorio/lepisi-pengumuman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed login/logout issue

Browse Source
This commit is contained in:
Gregorio Chiko Putra 2017-10-25 15:35:56 +07:00
parent 5e73adada1
commit 0c56440363
8 changed files with 123 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
App/Controllers/Home.php
View File

@ -14,12 +14,6 @@ use Defuse\Crypto\Key;
class Home
{
// public $model;
//
// public function __construct()
// {
// $this->model = new Access();
// }
/* Routes */
public function index()
@ -30,11 +24,6 @@ class Home
public function login($args = [])
{
// if (Session::exists('userid')) {
// Session::flash('info', 'Anda telah masuk');
// Redirect::to('/');
// die();
// }
// Login
if ($args) {
@ -105,6 +94,7 @@ class Home
} else {
$this->delete();
}
session_destroy();
header('X-Token: ');
setcookie('signal', '', time()-3600);
@ -203,44 +193,25 @@ class Home
public function delete($id = '')
{
// if (Session::exists('userid') == false) {
// throw new \Exception("Bad request but thrown as 404", 404);
// }
// $client = ClientSession::fetch([
//
// ])
// $userid = Session::get('userid');
//
// $user = Access::showAll([
// ['id', '=', $userid]
// ]);
// $max_user = $user['max_user'] + 1;
//
// if (Access::update(
// [
// 'max_user' => $max_user
// ],
// $userid
// ) != true) {
// throw new \Exception("Bad request", 400);
// }
// return true;
if ($id) {
$uid = $id;
} elseif (isset($_SERVER['HTTP_X_TOKEN'])) {
$token = Token::fetch($_SERVER['HTTP_X_TOKEN']);
if ($token == '') {
throw new \Exception("Token invalid");
}
$uid = $token['uid'];
} elseif (isset($_SERVER['HTTP_X_QUERY'])) {
// if ($id) {
// $uid = $id;
// } elseif (isset($_SERVER['HTTP_X_TOKEN'])) {
// $token = Token::fetch($_SERVER['HTTP_X_TOKEN']);
// if ($token == '') {
// throw new \Exception("Token invalid");
// }
// $uid = $token['uid'];
// } elseif (isset($_SERVER['HTTP_X_QUERY'])) {
$query_string = $_SERVER['HTTP_X_QUERY'];
$exploded = explode('&', $query_string);
$uid = $exploded[1];
}
ClientSession::remove($uid);
$uid = explode('=', $uid);
$uid = $uid[1];
// }
$ip = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
ClientSession::remove($ip, $uid);
Access::update(['flag' => 0], $uid);
return true;
}

7
App/Models/ClientSession.php
View File

@ -75,14 +75,15 @@ class ClientSession
return $result;
}
public static function remove($id)
public static function remove($ip, $id)
{
$sql = "DELETE FROM `client_session` WHERE `uid` = ?";
$sql = "DELETE FROM `client_session` WHERE `ip_address` = ? AND `uid` = ?";
try {
$db = static::connectDB();
$query = $db->prepare($sql);
$query->bindValue(1, $id);
$query->bindValue(1, $ip);
$query->bindValue(2, $id);
$query->execute();
$result = self::fetch(['uid' => $id]);

76
Core/Router.php
View File

@ -52,46 +52,60 @@ class Router
public function dispatch($url)
{
// Check token
if (isset($_SERVER['HTTP_X-Token'])) {
if (!$this->checkToken($_SERVER['HTTP_X-Token'])) {
if (isset($_SERVER['HTTP_X_Token'])) {
if (!$this->checkToken($_SERVER['HTTP_X_Token'])) {
// Logout
$controller = 'Home';
$controller = $this->getNamespace($controller);
$obj = new $controller();
$obj->logout();
Redirect::to('/mithril');
Redirect::to('/');
}
}
$query_string = $this->getQueryStringVariable($url);
if ($query_string) {
$sessid = explode('=', $query_string[0]);
$sessid = $sessid[1];
$userid = explode('=', $query_string[1]);
$userid = $userid[1];
if ($url != '/login' && $url != '/') {
$query_string = $this->getQueryStringVariable($url);
if ($query_string) {
$sessid = explode('=', $query_string[0]);
$sessid = $sessid[1];
$userid = explode('=', $query_string[1]);
$userid = $userid[1];
// Check if user login
if (is_array(\App\Models\ClientSession::fetch([
'uid' => $userid,
'id' => $sessid
]))) {
$token = Token::generate($userid);
header("X-Token: $token");
}
} elseif ($query_string == false) {
// echo ['status' => true, 'message' => 'atas'];die();
// Get user ip
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
$record = \App\Models\ClientSession::fetch(['ip_address' => $ip_address]);
if (is_array($record)) {
$obj = 'Home';
$obj = $this->getNamespace($obj);
$obj = new $obj();
$obj->logout($record['uid']);
header('Location: http://lepisi.dev/mithril');
// Redirect::to('/mithril');
die();
// Check if user login
$session = \App\Models\ClientSession::fetch([
'uid' => $userid,
'id' => $sessid
]);
if (is_array($session)) {
$token = Token::generate($userid);
header("X-Token: $token");
} else {
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
$record = \App\Models\ClientSession::fetch(['ip_address' => $ip_address]);
$obj = 'Home';
$obj = $this->getNamespace($obj);
if (is_array($record)) {
$obj = new $obj();
$obj->logout($record['uid']);
die();
} else {
$obj = new $obj();
$obj->logout($userid);
}
header('Location: /');
}
} elseif ($query_string == false) {
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
$record = \App\Models\ClientSession::fetch(['ip_address' => $ip_address]);
if (is_array($record)) {
$obj = 'Home';
$obj = $this->getNamespace($obj);
$obj = new $obj();
$obj->logout($record['uid']);
header('Location: /');
die();
}
}
}
@ -151,7 +165,7 @@ class Router
return $parts[0];
}
private function getQueryStringVariable($url)
protected function getQueryStringVariable($url)
{
$exploded = explode('?', $url);
if (isset($exploded[1])) {

44
Core/RouterApi.php
View File

@ -12,12 +12,48 @@ class RouterApi extends Router
// Logout
$obj = new Home();
$obj->logout();
header('Location: /mithril');
header('Location: /');
}
// $request = Token::generate(2);
// var_dump($request, Token::validate($request));
// return true;
if (isset($_SERVER['HTTP_X_QUERY'])) {
// $obj = new Home();
// $obj->logout();
// header('Location: /');
$query_string = $this->getQueryStringVariable($_SERVER['HTTP_X_QUERY']);
$sessid = explode('=', $query_string[0]);
$sessid = $sessid[1];
$userid = explode('=', $query_string[1]);
$userid = $userid[1];
// Check if user login
$session = \App\Models\ClientSession::fetch([
'uid' => $userid,
'id' => $sessid
]);
if (is_array($session)) {
$token = Token::generate($userid);
header("X-Token: $token");
} else {
$response = [];
$response['status'] = 401;
$response['message'] = 'Unauthorized';
echo json_encode($response); die();
// $ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
// $record = \App\Models\ClientSession::fetch(['ip_address' => $ip_address]);
// $obj = 'Home';
// $obj = $this->getNamespace($obj);
// if (is_array($record)) {
// $obj = new $obj();
// $obj->logout($record['uid']);
// } else {
// $obj = new $obj();
// $obj->logout($userid);
// }
// header('Location: /');
die();
}
}
$object = new Api();
if (isset($this->params['action'])) {

21
assets/js/models/category.js
View File

@ -1,6 +1,7 @@
let m = require('mithril')
let _ = require('lodash')
let post = require('./post')
let user = require('./user')
var category = {
loading: false,
@ -36,14 +37,16 @@ var category = {
method: 'PUT',
url: '/api/kategori',
data: category.current,
withCredentials: true
withCredentials: true,
headers: {'x-query': window.location.search}
})
.then(function(result) {
console.log(result)
category.current = {}
if (result.status) {
if (result.status == true) {
m.route.set('/kategori')
} else {
console.log(result)
} else if (result.status == 401) {
user.logout();
}
})
},
@ -52,13 +55,15 @@ var category = {
method: 'POST',
url: '/api/kategori',
data: category.current,
withCredentials: true
withCredentials: true,
headers: {'x-query': window.location.search}
})
.then(function(result) {
if (result.status) {
console.log(result);
if (result.status == true) {
category.loadList()
} else {
console.log(result.status)
} else if (result.status == 401) {
user.logout()
}
})
},

2
assets/js/models/user.js
View File

@ -38,7 +38,7 @@ var user = {
url: '/post',
data: user.current,
withCredentials: true,
headers: {client: 'api'}
headers: {client: 'api', 'x-query': window.location.search}
})
.then(function(response) {
if (response.status == true) {

2
public/js/index.js
View File

@ -116,7 +116,7 @@ eval("var __WEBPACK_AMD_DEFINE_RESULT__;(function (main) {\n 'use strict';\n\n
/*! all exports used */
/***/ (function(module, exports, __webpack_require__) {
eval("let m = __webpack_require__(/*! mithril */ 0)\n\nvar user = {\n current: {},\n login: function() {\n return m.request({\n method: 'POST',\n url: '/login',\n data: user.current,\n withCredentials: true,\n headers: {client: 'api'}\n })\n .then(function(response) {\n if (response.status == true) {\n window.location = response.redirect_to\n } else {\n console.log(response.status);\n }\n })\n },\n logout: function() {\n return m.request({\n method: 'GET',\n url: '/logout',\n withCredentials: true,\n headers: {client: 'api', 'x-query': window.location.search}\n })\n .then(function(response) {\n console.log(response);\n if (response.status) {\n window.location = response.redirect_to\n }\n })\n },\n register: function() {\n return m.request({\n method: 'POST',\n url: '/post',\n data: user.current,\n withCredentials: true,\n headers: {client: 'api'}\n })\n .then(function(response) {\n if (response.status == true) {\n m.route.set(response.route_to)\n } else {\n console.log(response);\n }\n })\n }\n}\n\nmodule.exports = user\n//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiNC5qcyIsInNvdXJjZXMiOlsid2VicGFjazovLy8uL2Fzc2V0cy9qcy9tb2RlbHMvdXNlci5qcz9mYTlmIl0sInNvdXJjZXNDb250ZW50IjpbImxldCBtID0gcmVxdWlyZSgnbWl0aHJpbCcpXG5cbnZhciB1c2VyID0ge1xuICAgIGN1cnJlbnQ6IHt9LFxuICAgIGxvZ2luOiBmdW5jdGlvbigpIHtcbiAgICAgICAgcmV0dXJuIG0ucmVxdWVzdCh7XG4gICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgIHVybDogJy9sb2dpbicsXG4gICAgICAgICAgICBkYXRhOiB1c2VyLmN1cnJlbnQsXG4gICAgICAgICAgICB3aXRoQ3JlZGVudGlhbHM6IHRydWUsXG4gICAgICAgICAgICBoZWFkZXJzOiB7Y2xpZW50OiAnYXBpJ31cbiAgICAgICAgfSlcbiAgICAgICAgLnRoZW4oZnVuY3Rpb24ocmVzcG9uc2UpIHtcbiAgICAgICAgICAgIGlmIChyZXNwb25zZS5zdGF0dXMgPT0gdHJ1ZSkge1xuICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9IHJlc3BvbnNlLnJlZGlyZWN0X3RvXG4gICAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKHJlc3BvbnNlLnN0YXR1cyk7XG4gICAgICAgICAgICB9XG4gICAgICAgIH0pXG4gICAgfSxcbiAgICBsb2dvdXQ6IGZ1bmN0aW9uKCkge1xuICAgICAgICByZXR1cm4gbS5yZXF1ZXN0KHtcbiAgICAgICAgICAgIG1ldGhvZDogJ0dFVCcsXG4gICAgICAgICAgICB1cmw6ICcvbG9nb3V0JyxcbiAgICAgICAgICAgIHdpdGhDcmVkZW50aWFsczogdHJ1ZSxcbiAgICAgICAgICAgIGhlYWRlcnM6IHtjbGllbnQ6ICdhcGknLCAneC1xdWVyeSc6IHdpbmRvdy5sb2NhdGlvbi5zZWFyY2h9XG4gICAgICAgIH0pXG4gICAgICAgIC50aGVuKGZ1bmN0aW9uKHJlc3BvbnNlKSB7XG4gICAgICAgICAgICBjb25zb2xlLmxvZyhyZXNwb25zZSk7XG4gICAgICAgICAgICBpZiAocmVzcG9uc2Uuc3RhdHVzKSB7XG4gICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uID0gcmVzcG9uc2UucmVkaXJlY3RfdG9cbiAgICAgICAgICAgIH1cbiAgICAgICAgfSlcbiAgICB9LFxuICAgIHJlZ2lzdGVyOiBmdW5jdGlvbigpIHtcbiAgICAgICAgcmV0dXJuIG0ucmVxdWVzdCh7XG4gICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgIHVybDogJy9wb3N0JyxcbiAgICAgICAgICAgIGRhdGE6IHVzZXIuY3VycmVudCxcbiAgICAgICAgICAgIHdpdGhDcmVkZW50aWFsczogdHJ1ZSxcbiAgICAgICAgICAgIGhlYWRlcnM6IHtjbGllbnQ6ICdhcGknfVxuICAgICAgICB9KVxuICAgICAgICAudGhlbihmdW5jdGlvbihyZXNwb25zZSkge1xuICAgICAgICAgICAgaWYgKHJlc3BvbnNlLnN0YXR1cyA9PSB0cnVlKSB7XG4gICAgICAgICAgICAgICAgbS5yb3V0ZS5zZXQocmVzcG9uc2Uucm91dGVfdG8pXG4gICAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKHJlc3BvbnNlKTtcbiAgICAgICAgICAgIH1cbiAgICAgICAgfSlcbiAgICB9XG59XG5cbm1vZHVsZS5leHBvcnRzID0gdXNlclxuXG5cblxuLy8vLy8vLy8vLy8vLy8vLy8vXG4vLyBXRUJQQUNLIEZPT1RFUlxuLy8gLi9hc3NldHMvanMvbW9kZWxzL3VzZXIuanNcbi8vIG1vZHVsZSBpZCA9IDRcbi8vIG1vZHVsZSBjaHVua3MgPSAwIDEiXSwibWFwcGluZ3MiOiJBQUFBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7Iiwic291cmNlUm9vdCI6IiJ9\n//# sourceURL=webpack-internal:///4\n");
eval("let m = __webpack_require__(/*! mithril */ 0)\n\nvar user = {\n current: {},\n login: function() {\n return m.request({\n method: 'POST',\n url: '/login',\n data: user.current,\n withCredentials: true,\n headers: {client: 'api'}\n })\n .then(function(response) {\n if (response.status == true) {\n window.location = response.redirect_to\n } else {\n console.log(response.status);\n }\n })\n },\n logout: function() {\n return m.request({\n method: 'GET',\n url: '/logout',\n withCredentials: true,\n headers: {client: 'api', 'x-query': window.location.search}\n })\n .then(function(response) {\n console.log(response);\n if (response.status) {\n window.location = response.redirect_to\n }\n })\n },\n register: function() {\n return m.request({\n method: 'POST',\n url: '/post',\n data: user.current,\n withCredentials: true,\n headers: {client: 'api', 'x-query': window.location.search}\n })\n .then(function(response) {\n if (response.status == true) {\n m.route.set(response.route_to)\n } else {\n console.log(response);\n }\n })\n }\n}\n\nmodule.exports = user\n//# sourceURL=[module]\n//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiNC5qcyIsInNvdXJjZXMiOlsid2VicGFjazovLy8uL2Fzc2V0cy9qcy9tb2RlbHMvdXNlci5qcz9mYTlmIl0sInNvdXJjZXNDb250ZW50IjpbImxldCBtID0gcmVxdWlyZSgnbWl0aHJpbCcpXG5cbnZhciB1c2VyID0ge1xuICAgIGN1cnJlbnQ6IHt9LFxuICAgIGxvZ2luOiBmdW5jdGlvbigpIHtcbiAgICAgICAgcmV0dXJuIG0ucmVxdWVzdCh7XG4gICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgIHVybDogJy9sb2dpbicsXG4gICAgICAgICAgICBkYXRhOiB1c2VyLmN1cnJlbnQsXG4gICAgICAgICAgICB3aXRoQ3JlZGVudGlhbHM6IHRydWUsXG4gICAgICAgICAgICBoZWFkZXJzOiB7Y2xpZW50OiAnYXBpJ31cbiAgICAgICAgfSlcbiAgICAgICAgLnRoZW4oZnVuY3Rpb24ocmVzcG9uc2UpIHtcbiAgICAgICAgICAgIGlmIChyZXNwb25zZS5zdGF0dXMgPT0gdHJ1ZSkge1xuICAgICAgICAgICAgICAgIHdpbmRvdy5sb2NhdGlvbiA9IHJlc3BvbnNlLnJlZGlyZWN0X3RvXG4gICAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgICAgIGNvbnNvbGUubG9nKHJlc3BvbnNlLnN0YXR1cyk7XG4gICAgICAgICAgICB9XG4gICAgICAgIH0pXG4gICAgfSxcbiAgICBsb2dvdXQ6IGZ1bmN0aW9uKCkge1xuICAgICAgICByZXR1cm4gbS5yZXF1ZXN0KHtcbiAgICAgICAgICAgIG1ldGhvZDogJ0dFVCcsXG4gICAgICAgICAgICB1cmw6ICcvbG9nb3V0JyxcbiAgICAgICAgICAgIHdpdGhDcmVkZW50aWFsczogdHJ1ZSxcbiAgICAgICAgICAgIGhlYWRlcnM6IHtjbGllbnQ6ICdhcGknLCAneC1xdWVyeSc6IHdpbmRvdy5sb2NhdGlvbi5zZWFyY2h9XG4gICAgICAgIH0pXG4gICAgICAgIC50aGVuKGZ1bmN0aW9uKHJlc3BvbnNlKSB7XG4gICAgICAgICAgICBjb25zb2xlLmxvZyhyZXNwb25zZSk7XG4gICAgICAgICAgICBpZiAocmVzcG9uc2Uuc3RhdHVzKSB7XG4gICAgICAgICAgICAgICAgd2luZG93LmxvY2F0aW9uID0gcmVzcG9uc2UucmVkaXJlY3RfdG9cbiAgICAgICAgICAgIH1cbiAgICAgICAgfSlcbiAgICB9LFxuICAgIHJlZ2lzdGVyOiBmdW5jdGlvbigpIHtcbiAgICAgICAgcmV0dXJuIG0ucmVxdWVzdCh7XG4gICAgICAgICAgICBtZXRob2Q6ICdQT1NUJyxcbiAgICAgICAgICAgIHVybDogJy9wb3N0JyxcbiAgICAgICAgICAgIGRhdGE6IHVzZXIuY3VycmVudCxcbiAgICAgICAgICAgIHdpdGhDcmVkZW50aWFsczogdHJ1ZSxcbiAgICAgICAgICAgIGhlYWRlcnM6IHtjbGllbnQ6ICdhcGknLCAneC1xdWVyeSc6IHdpbmRvdy5sb2NhdGlvbi5zZWFyY2h9XG4gICAgICAgIH0pXG4gICAgICAgIC50aGVuKGZ1bmN0aW9uKHJlc3BvbnNlKSB7XG4gICAgICAgICAgICBpZiAocmVzcG9uc2Uuc3RhdHVzID09IHRydWUpIHtcbiAgICAgICAgICAgICAgICBtLnJvdXRlLnNldChyZXNwb25zZS5yb3V0ZV90bylcbiAgICAgICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgICAgICAgY29uc29sZS5sb2cocmVzcG9uc2UpO1xuICAgICAgICAgICAgfVxuICAgICAgICB9KVxuICAgIH1cbn1cblxubW9kdWxlLmV4cG9ydHMgPSB1c2VyXG5cblxuXG4vLy8vLy8vLy8vLy8vLy8vLy9cbi8vIFdFQlBBQ0sgRk9PVEVSXG4vLyAuL2Fzc2V0cy9qcy9tb2RlbHMvdXNlci5qc1xuLy8gbW9kdWxlIGlkID0gNFxuLy8gbW9kdWxlIGNodW5rcyA9IDAgMSJdLCJtYXBwaW5ncyI6IkFBQUE7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTsiLCJzb3VyY2VSb290IjoiIn0=\n//# sourceURL=webpack-internal:///4\n");
/***/ }),
/* 5 */

4
public/js/landing.js
View File

File diff suppressed because one or more lines are too long