diff options
author | Minteck <contact@minteck.org> | 2023-01-22 09:54:08 +0100 |
---|---|---|
committer | Minteck <contact@minteck.org> | 2023-01-22 09:54:08 +0100 |
commit | 0fb31ef23c57749eec78cb3eb38d825e2ca037b5 (patch) | |
tree | 6313809292072645edcf5bf76c067a3b623e7507 /login | |
download | nots-0fb31ef23c57749eec78cb3eb38d825e2ca037b5.tar.gz nots-0fb31ef23c57749eec78cb3eb38d825e2ca037b5.tar.bz2 nots-0fb31ef23c57749eec78cb3eb38d825e2ca037b5.zip |
Initial commit
Diffstat (limited to 'login')
-rwxr-xr-x | login/auth.php | 58 | ||||
-rwxr-xr-x | login/index.php | 64 |
2 files changed, 122 insertions, 0 deletions
diff --git a/login/auth.php b/login/auth.php new file mode 100755 index 0000000..304cb93 --- /dev/null +++ b/login/auth.php @@ -0,0 +1,58 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/key.php"; global $key; + +if (!isset($_POST["username"]) || trim($_POST["username"]) === "" || + !isset($_POST["password"]) || trim($_POST["password"]) === "" +) { + header("Location: /login/?error=Données de connexion incorrectes"); + die(); +} + +$data = [ + "url" => $key["valid"]["url"], + "username" => $_POST["username"], + "password" => $_POST["password"] +]; + +if ($key["valid"]["all"]) { + if (!isset($_POST["server"]) || trim($_POST["server"]) === "" || !filter_var($_POST["server"], FILTER_VALIDATE_URL)) { + header("Location: /login/?error=Données de connexion incorrectes"); + die(); + } + + $data["url"] = $_POST["server"]; +} + +$request = file_get_contents("http://127.0.0.1:21727/auth/login", false, stream_context_create([ + "http" => [ + "method" => "POST", + "header" => "Content-Type: application/json", + "content" => json_encode($data) + ] +])); + +if ($request === false) { + header("Location: /login/?error=Identifiants incorrects, vous ne devez pas entrer vos identifiants d'ENT. %RM%"); +} else { + $token = json_decode($request, true)["token"]; + + $space = json_decode(file_get_contents("http://127.0.0.1:21727/graphql", false, stream_context_create([ + "http" => [ + "method" => "POST", + "header" => "Content-Type: application/json\r\n" . + "Token: " . $token, + "content" => json_encode([ + "query" => "{params{title}}" + ]) + ] + ])), true)["data"]["params"]["title"]; + + if ($space !== "Espace Élèves") { + header("Location: /login/?error=Seul l'espace élève est supporté pour le moment"); + die(); + } + + setcookie("nots_session", $token, 0, "/", "", false, true); + header("Location: /"); +}
\ No newline at end of file diff --git a/login/index.php b/login/index.php new file mode 100755 index 0000000..c4bfc3f --- /dev/null +++ b/login/index.php @@ -0,0 +1,64 @@ +<?php $title = "Connexion"; require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/header.php"; global $key; ?> + +<div class="container"> + <br> + <h1>Connexion</h1> + + <?php if (isset($_GET['error'])): ?> + <div class="alert alert-danger"> + <b>Erreur :</b> <?= str_replace("%RM%", "<a href='/credentials'>En savoir plus.</a>", strip_tags($_GET["error"])) ?> + </div> + <?php endif; ?> + + <form action="/login/auth.php" method="post"> + <div class="mb-3 mt-3"> + <label for="server" class="form-label">Serveur :</label> + <input <?= !$key["valid"]["all"] ? "disabled" : "" ?> type="text" id="server" class="form-control" placeholder="Serveur" name="server" value="<?= !$key["valid"]["all"] ? $key["valid"]["url"] : "" ?>"> + </div> + <div class="mb-3 mt-3"> + <label for="username" class="form-label">Nom d'utilisateur :</label> + <input type="text" class="form-control" id="username" placeholder="Nom d'utilisateur" name="username"> + </div> + <div class="mb-3"> + <label for="password" class="form-label">Mot de passe :</label> + <input type="password" class="form-control" id="password" placeholder="Mot de passe" name="password"> + </div> + <div class="form-check mb-3"> + <label class="form-check-label"> + <input class="form-check-input" type="checkbox" name="save"> Enregistrer mes identifiants + </label> + </div> + <button type="submit" class="btn btn-primary" onclick="saveCredentials();">Connexion</button> + </form> +</div> + +<script> + function saveCredentials() { + if (document.getElementsByName("save")[0].checked) { + localStorage.setItem("credentials", JSON.stringify({ + username: document.getElementById("username").value, + password: document.getElementById("password").value, + server: document.getElementById("server").value + })); + } else { + localStorage.removeItem("credentials"); + } + } + + function loadCredentials() { + if (localStorage.getItem("credentials") !== null) { + let credentials = JSON.parse(localStorage.getItem("credentials")); + + document.getElementsByName("save")[0].checked = true; + document.getElementById("username").value = credentials.username; + document.getElementById("password").value = credentials.password; + if (!document.getElementById("server").disabled) document.getElementById("server").value = credentials.server; + } + } + + window.onload = () => { + loadCredentials(); + } +</script> + +<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/footer.php"; ?>
\ No newline at end of file |