gregorio/lepisi-pengumuman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Mithril as main method

Browse Source
This commit is contained in:
Gregorio Chiko Putra
2017-10-25 12:08:41 +07:00
parent 6040809710
commit d1d5ee1b0c
157 changed files with 19593 additions and 716 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Core/Hash.php
View File

@@ -1,19 +1,20 @@
<?php
namespace Core;
use Defuse\Crypto\Key;
class Hash
{
public static function make($string, $salt = '')
{
// return hash('sha256', $string . $salt);
// return password_hash($string, PASSWORD_BCRYPT);
return crypt($string, $salt);
}
public static function salt()
{
// return mcrypt_create_iv($length);
return uniqid(mt_rand());
$salt = Key::createNewRandomKey();
$salt = $salt->saveToAsciiSafeString();
return $salt;
}
public static function unique()
@@ -23,8 +24,6 @@ class Hash
public static function compare($string, $salt, $hash)
{
// return (Hash::make($string, $salt) === $hash) ? true : false;
// return password_verify($string, $hash);
return hash_equals($hash, Hash::make($string, $salt));
}
}

84
Core/Router.php
View File

@@ -51,6 +51,50 @@ class Router
public function dispatch($url)
{
// Check token
if (isset($_SERVER['HTTP_X-Token'])) {
if (!$this->checkToken($_SERVER['HTTP_X-Token'])) {
// Logout
$controller = 'Home';
$controller = $this->getNamespace($controller);
$obj = new $controller();
$obj->logout();
Redirect::to('/mithril');
}
}
$query_string = $this->getQueryStringVariable($url);
if ($query_string) {
$sessid = explode('=', $query_string[0]);
$sessid = $sessid[1];
$userid = explode('=', $query_string[1]);
$userid = $userid[1];
// Check if user login
if (is_array(\App\Models\ClientSession::fetch([
'uid' => $userid,
'id' => $sessid
]))) {
$token = Token::generate($userid);
header("X-Token: $token");
}
} elseif ($query_string == false) {
// echo ['status' => true, 'message' => 'atas'];die();
// Get user ip
$ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];
$record = \App\Models\ClientSession::fetch(['ip_address' => $ip_address]);
if (is_array($record)) {
$obj = 'Home';
$obj = $this->getNamespace($obj);
$obj = new $obj();
$obj->logout($record['uid']);
header('Location: http://lepisi.dev/mithril');
// Redirect::to('/mithril');
die();
}
}
$url = $this->removeQueryStringVariable($url);
if ($this->match($url)) {
$controller = $this->params['controller'];
@@ -67,30 +111,29 @@ class Router
// Check if there's input to the current page
if (Input::exists('post')) {
$var = $_POST;
// Check the token
if (Token::check($var['_token'])) {
// Get the method
if (isset($var['_method'])) {
$action = $var['_method'];
}
} else {
// Token invalid
throw new \Exception("Token invalid", 498);
}
unset($var['_token']);
unset($var['_method']);
} elseif (Input::exists('get')) {
$get_var = $_GET;
// } elseif (Input::exists('get')) {
// $get_var = $_GET;
} elseif ($_SERVER['REQUEST_METHOD'] != '') {
$data = json_decode(file_get_contents('php://input'), true);
}
if (isset($var['_method'])) {
$action = $var['_method'];
unset($var['_method']);
}
if (array_key_exists('id', $this->params)) {
$var['id'] = $this->params['id'];
} elseif (array_key_exists('status', $this->params)) {
$get_var = preg_replace('/^[a-z]+=/', '', $get_var['status']);
}
if (isset($var)) {
return $object->$action($var);
} elseif (isset($get_var)) {
return $object->$action($get_var);
} elseif (isset($data)) {
return $object->$action($data);
} else {
return $object->$action();
}
@@ -104,7 +147,18 @@ class Router
private function removeQueryStringVariable($url)
{
$parts = explode('&', $url);
return $url = $parts[0];
$parts = explode('?', $parts[0]);
return $parts[0];
}
private function getQueryStringVariable($url)
{
$exploded = explode('?', $url);
if (isset($exploded[1])) {
$variables = explode('&', $exploded[1]);
return $variables;
}
return false;
}
protected function convertToStudlyCaps($string)

21
Core/RouterApi.php
View File

@@ -2,11 +2,23 @@
namespace Core;
use App\Controllers\Api;
use App\Controllers\Home;
class RouterApi extends Router
{
public function dispatchApi($url)
{
if (isset($_SERVER['HTTP_X_TOKEN']) && Token::validate($_SERVER['HTTP_X_TOKEN']) != true) {
// Logout
$obj = new Home();
$obj->logout();
header('Location: /mithril');
}
// $request = Token::generate(2);
// var_dump($request, Token::validate($request));
// return true;
$object = new Api();
if (isset($this->params['action'])) {
$action = $this->params['action'];
@@ -14,11 +26,10 @@ class RouterApi extends Router
} else {
$method = $_SERVER['REQUEST_METHOD'];
$model = $this->params['model'];
return (isset($this->params['id'])) ?
$object->$method($model, $this->params['id'])
:
$object->$method($model);
}
return (isset($this->params['id'])) ?
$object->$method($model, $this->params['id'])
:
$object->$method($model, "", (Input::exists('get')) ? $_GET : []);
}
}

108
Core/Token.php
View File

@@ -1,43 +1,95 @@
<?php
namespace Core;
use App\Models\ApiModel;
use App\Models\ClientSession;
use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key;
class Token
{
public static function generate()
public static function generate($id)
{
if(!Session::exists('tokens'))
{
Session::put('tokens', []);
}
// $user = ApiModel::fetch('users', [
// ['id', '=', $id]
// ]);
// $token = Hash::make($user['full_name'] . $user['salt'], $user['salt']);
$tokens = Session::get('tokens');
// Token exists for x seconds
$expires = 60;
// Talk to database
// Get salt
$user = ApiModel::fetch('users', [
['id', '=', $id]
]);
$salt = $user['salt'];
// Get hash string
$session = ClientSession::fetch(['uid' => $id]);
$hash_string = $session['id'].$session['ip_address'];
// Create array
$array_token = [
'uid' => $id,
'expires' => time() + $expires,
'token' => Hash::make($hash_string, $salt)
];
// Convert array to string and to base64
$token = serialize($array_token);
$token = base64_encode($token);
// Create a key
$key = Key::loadFromAsciiSafeString($salt);
// Encrypt token
$token = Crypto::encrypt($token, $key);
// Configure token (\$id.token)
// Convert id to base64
$id = base64_encode($id);
$token = '\$'.$id.'.'.$token;
if(count($tokens) >= 10)
{
array_shift($tokens);
}
$tokens[] = md5(uniqid());
Session::put('tokens', $tokens);
return end($tokens);
return $token;
}
public static function check($token)
public static function validate($token)
{
$tokenName = 'tokens';
$tokenNow = $token;
$request_token = self::fetch($token);
if(Session::exists($tokenName))
{
if(in_array($tokenNow, Session::get($tokenName)))
{
Session::delete($tokenName);
return true;
}
}
$exploded = explode('.', $token);
$id = self::getId($exploded[0]);
return false;
$user = ApiModel::fetch('users', [
['id', '=', $id]
]);
$salt = $user['salt'];
$session = ClientSession::fetch(['uid' => $id]);
$hash_string = $session['id'].$session['ip_address'];
$server_token = Hash::make($hash_string, $salt);
if ($request_token['expires'] >= time() && $request_token['token'] == $server_token) {
return true;
}
return false;
}
public static function fetch($token)
{
// Get id and token
$exploded = explode('.', $token);
$id = self::getId($exploded[0]);
$token = $exploded[1];
$user = ApiModel::fetch('users', [
['id', '=', $id]
]);
$key = $user['salt'];
$key = Key::loadFromAsciiSafeString($key);
$token = Crypto::decrypt($token, $key);
$token = base64_decode($token);
$token = unserialize($token);
return $token;
}
public static function getId($raw_id)
{
return base64_decode(substr_replace($raw_id, '', 0, 2));
}
}