basic auth

2024-11-26 11:38:28 -05:00 · 2024-11-26 11:38:28 -05:00 · 73dafb8999
commit 73dafb8999
parent 0bd8a0cfc0
8 changed files with 274 additions and 0 deletions
--- a/docs/css/main.css
+++ b/docs/css/main.css
@ -0,0 +1,67 @@
+:root {
+    --black: rgb(16, 16, 16);
+    --gray: rgb(38, 38, 38);
+    --white: rgb(240, 240, 240);
+    --primary-dark: rgb(230, 78, 78);
+    --primary-light: rgb(255, 200, 200);
+    --elem-width: min(800px, 90vw);
+    --elem-height: 300px;
+    --border-radius: 15px;
+    --font: system-ui, sans-serif;
+    color: var(--white);
+    background: var(--black);
+    font-family: var(--font) !important;
+}
+
+
+.form {
+    width: calc(var(--elem-width) - 1rem);
+    grid-template-columns: .51fr 1fr;
+    display: grid
+}
+
+.form-key {
+    margin-right: 10px
+}
+
+.form-button,
+.form-input,
+.form {
+    border: solid var(--gray) 3px;
+    background: var(--black);
+    border-radius: var(--border-radius);
+    color: var(--white);
+    padding: .5rem;
+    margin-bottom: .5rem;
+    text-decoration: none
+}
+
+.form-button,
+.form-heading,
+.form-message {
+    grid-column: span 2;
+}
+
+@media (max-width: 800px) {
+    .form {
+        grid-template-columns: 1fr;
+    }
+    .form-button, .form-heading, .form-message {
+        grid-column: span 1;
+    }
+}
+
+.form-button {
+    font-weight: 700;
+    display: inline-block;
+    background: var(--primary-dark);
+    border-color: var(--primary-light)
+}
+
+body {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    overflow-x: hidden;
+    margin-top: 0
+}
--- a/docs/index.php
+++ b/docs/index.php
@ -0,0 +1,10 @@
+<?php
+    require("../libs/page.php");
+    page_header();
+?>
+
+<p>Very barren.</p>
+
+<?php
+    page_footer();
+?>
--- a/docs/login.php
+++ b/docs/login.php
@ -0,0 +1,64 @@
+<?php
+    require("../libs/page.php");
+    
+    function post_handler() {
+        global $db;
+        
+        // there is 100% a better way to do this but i need to test
+        if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST)) {
+            return '';   
+        }
+        
+        $user = $_POST['user'];
+        $pass = $_POST['pass'];
+
+        $stmt = $db->prepare("SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)");
+        $stmt->execute([$user]);
+        
+        $result = $stmt->fetch(PDO::FETCH_ASSOC);
+        
+        if (!$result) return 'Username does not exist.';
+        
+        $verified = password_verify($pass,$result['password']);
+        
+        if (!$verified) return 'Password is wrong.';
+        
+        $token = bin2hex(random_bytes(32));
+        
+        $stmt = $db->prepare("INSERT INTO token (username, token) VALUES (?, ?)");
+        $stmt->execute([$user,$token]);
+    
+        setcookie("token", $token, time()+3600*24);
+    
+        header("Location: /");
+        die();
+    }
+
+    page_header();
+        
+    $form_message = post_handler();
+    
+    // TODO: form builder. this is lazy for testing purposes
+?>
+
+<form class='form' enctype="multipart/form-data" method="POST">
+    <h1 class="form-heading">
+        Join
+    </h1>
+    <span class='form-message'>
+        <?php echo $form_message ?>
+    </span>
+    <span class='form-key'>
+        Username
+    </span>
+    <input class='form-input' type="text" name="user" value="">
+    <span class='form-key'>
+        Password
+    </span>
+    <input class='form-input' type="password" name="pass" value="">
+    <input class='form-button' type="Submit" name="Submit">
+</form>
+
+<?php
+    page_footer();
+?>
--- a/docs/register.php
+++ b/docs/register.php
@ -0,0 +1,77 @@
+<?php
+    require("../libs/page.php");
+    
+    function post_handler() {
+        global $db;
+        
+        // there is 100% a better way to do this but i need to test
+        if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST) || !array_key_exists('pass2',$_POST)) {
+            return '';   
+        }
+        
+        $user = $_POST['user'];
+        $pass = $_POST['pass'];
+        $pass2 = $_POST['pass2'];
+        
+        preg_match("/[^A-Za-z0-9\-\_]/",$user,$matches);
+        
+        if ($pass != $pass2) {
+            return 'Passwords are not the same.';
+        }
+         
+        if (isset($matches) && count($matches) > 0) {
+            return 'Username contains invalid characters.';
+        }
+        
+        if (strlen($user) < 1 || strlen($user) > 32) {
+            return 'Username is too long or short.';
+        }
+        
+        $stmt = $db->prepare("SELECT username FROM auth WHERE UPPER(username) LIKE UPPER(?)");
+        $stmt->execute([$user]);
+        
+        $result = $stmt->fetch(PDO::FETCH_ASSOC);
+        
+        if ($result) return 'Username is taken.';
+        
+        $hashed = password_hash($pass, PASSWORD_DEFAULT);
+        
+        $stmt = $db->prepare("INSERT INTO auth (username, password) VALUES (?, ?)");
+        $stmt->execute([$user,$hashed]);
+    
+        header("Location: /");
+        die();
+    }
+
+    page_header();
+        
+    $form_message = post_handler();
+    
+    // TODO: form builder. this is lazy for testing purposes
+?>
+
+<form class='form' enctype="multipart/form-data" method="POST">
+    <h1 class="form-heading">
+        Join
+    </h1>
+    <span class='form-message'>
+        <?php echo $form_message ?>
+    </span>
+    <span class='form-key'>
+        Username
+    </span>
+    <input class='form-input' type="text" name="user" value="">
+    <span class='form-key'>
+        Password
+    </span>
+    <input class='form-input' type="password" name="pass" value="">
+    <span class='form-key'>
+        Password (again)
+    </span>
+    <input class='form-input' type="password" name="pass2" value="">
+    <input class='form-button' type="Submit" name="Submit">
+</form>
+
+<?php
+    page_footer();
+?>
--- a/libs/auth.php
+++ b/libs/auth.php
@ -0,0 +1,27 @@
+<?php
+    require("../libs/test_secret.php");
+    
+    function auth($token) {
+        if (is_null($token)) return '!guest';
+
+        global $db;
+
+        $stmt = $db->prepare("SELECT * FROM token WHERE token = ?");
+        $stmt->execute([$token]);
+        
+        $result = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (!$result) return '!guest';
+        
+        $username = $result['username'];
+        
+        $stmt = $db->prepare("SELECT * FROM auth WHERE username = ?");
+        $stmt->execute([$username]);
+        
+        $result = $stmt->fetch(PDO::FETCH_ASSOC);
+        if (!$result) return '!guest';
+        
+        return $username;
+    }
+    
+    $username = auth($_COOKIE['token']);
+?>
--- a/libs/page.php
+++ b/libs/page.php
@ -0,0 +1,16 @@
+<?php
+    require("../libs/auth.php");
+    function page_header() { ?>
+        <!DOCTYPE html>
+        <html>
+            <head>
+                <title>NewBiglyChat</title>
+                <link rel="stylesheet" href="/css/main.css">
+            </head>
+            <body>
+    <?php }
+    function page_footer() { ?>
+            </body>
+        </html>
+    <?php }
+?>
--- a/scripts/init.php
+++ b/scripts/init.php
@ -0,0 +1,11 @@
+<?php
+    require("../libs/test_secret.php");
+    
+    global $db;
+    
+    $sql = file_get_contents('../scripts/init.sql', true);
+    
+    $db->exec($sql);
+    
+    echo "Database was set up.";
+?>
--- a/scripts/init.sql
+++ b/scripts/init.sql
@ -0,0 +1,2 @@
+CREATE TABLE IF NOT EXISTS main.auth (username TEXT, password TEXT);
+CREATE TABLE IF NOT EXISTS main.token (username TEXT, token TEXT);