LobbySIO/changeaccess.php

<?php
/*
 * Copyright (C) 2018 josh.north@point808.com
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
    ini_set('session.gc_maxlifetime', 24*60*60);                                // MIN SESSION
    ini_set('session.gc_probability', 1);                                       // GC RATES
    ini_set('session.gc_divisor', 100);                                         // TIMES
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '0');
    ini_set('session.cookie_lifetime', '0');
    ini_set('session.cookie_secure', '1');
    ini_set('session.cookie_httponly', '1');
    ini_set('session.cookie_samesite', 'Strict');
    session_save_path('.tmp');                                                  // TEMP
    spl_autoload_register();
    session_start();                                                            // START
    require_once __DIR__ . '/autoload.php';                                     // AUTOLOAD
    require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
    use App\LobbySIO\Config\Registry;
    use Defuse\Crypto\Crypto;
    $Users = new \App\LobbySIO\Database\Users();
    use App\LobbySIO\Misc\Csrf;                                        // ANTICSRF
    if (Registry::AUTHMETHOD == 'SAML') {
        //simplesaml
        require_once('../simplesamlphp/lib/_autoload.php');
        $auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP);
        //$auth->requireAuth();
        $auth->isAuthenticated();
        if (!$auth->isAuthenticated()) {
            $attributes = 'none';
        } else {
            $attributes = $auth->getAttributes();
            $saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0];
            $saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0");
            $saml_user_id = $saml_user_info["0"]["users_id"];
        }
        $session = \SimpleSAML\Session::getSessionFromRequest();
        $session->cleanup();
    }
    $StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions();                // DEFAULT CLASSES
    $SiteInfo = new \App\LobbySIO\Database\SiteInfo();
    if (isset($_SESSION['user_id'])) {                                          // LOGGED IN? GET USER OBJECT
        if (isset($saml_user_id)) {
            $sessuserid=$saml_user_id;
        } else {
            $sessuserid=$_SESSION['user_id'];
        }
        } elseif (!isset($_SESSION['user_id'])) {
        if (isset($saml_user_id)) {
            $sessuserid=$saml_user_id;
        } else {
            $sessuserid='2';
        }
    $session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
    if (isset($session_user)) {                                                 // GET UID OR SET TO KIOSK
        $uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS);               // SETUP LANGUAGE
    if(!isset($app_disp_lang)) {
        $app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS);                     // SETUP SITE
    foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
        $lookup_array[$arr['sites_id']]=1; }
        if(isset($lookup_array[$siteidcookie])) {
            $siteid = $siteidcookie; } else { $siteid = "1"; }
        if(!isset($siteid)) { $siteid="1"; }
    $Translate = new \App\LobbySIO\Language\Translate($app_disp_lang);          // SETUP TRANSLATOR
    $transLang =  $Translate->userLanguage();
    $app_current_pagename = $transLang['LOGIN'];                                // PAGE SETUP
    $app_current_pageicon = '<i class="fas fa-sign-in-alt"></i> ';
    require_once("inc/header.inc.php");
    if ($StaticFunctions->getUserSessionStatus() == true) {                         // CHECK STATUS
        header('Location: index.php');                                          // ELSE HOME
    } else {
      //header("X-Frame-Options: SAMEORIGIN");
      //header("X-Content-Type-Options: nosniff");
      //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
      if (!empty(filter_input(INPUT_GET, 'a', FILTER_SANITIZE_FULL_SPECIAL_CHARS))) {
        //echo '<pre>' . print_r($_POST, true) . '</pre>';
        echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
      }
    ?>


<!-- START CONTENT -->
<?php
// hash password for comparison
require_once("src/Misc/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
// compare if posted
if (!empty(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS))):
    $user = $Users->loginUser(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_FULL_SPECIAL_CHARS));
    if ($user && $user[0]["users_password"] == $hasher->CheckPassword(filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $user[0]["users_password"])):
        session_regenerate_id();
        $_SESSION['user_id']   = $user[0]["users_id"];
        $_SESSION['loggedIn']  = TRUE;
        $_SESSION['signature'] = md5($user[0]["users_id"] . $_SERVER['HTTP_USER_AGENT']);
        $_SESSION['firstname'] = $user[0]["users_firstname"];
        $_SESSION['lastname']  = $user[0]["users_lastname"];
        session_write_close();
        header("Location: index.php");
    endif;
endif;
?>

<!-- SITE CHANGER -->
  <div class="container-fluid">
    <div class="row row-cols-3 mb-2">
      <div class="col d-grid gap-2">
        <h2><i class="fas fa-globe"></i> <?php echo $transLang['STR_COMMON_SITE']; ?></h2>
      </div>
      <div class="col text-start">
        <div class="input-group">
          <span class="input-group-text form-control-sm"><?php echo $transLang['STR_COMMON_SITE']; ?></span>
          <input type="text" class="form-control form-control-sm bg-white" id="created" name="created" value="<?php echo $SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_name"]; ?>" readonly/>
          <span class="input-group-text form-control-sm"><?php echo $transLang['STR_COMMON_TIMEZONE']; ?></span>
          <input type="text" class="form-control form-control-sm bg-white" id="created" name="created" value="<?php echo $SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_timezone"]; ?>" readonly/>
          <span class="input-group-text form-control-sm"><?php echo $transLang['STR_COMMON_REGION']; ?></span>
          <input type="text" class="form-control form-control-sm bg-white" id="created" name="created" value="<?php echo $SiteInfo->getSite($siteid, $uid, "0", "0")[0]["sites_region"]; ?>" readonly/>
        </div>
      </div>
      <div class="col text-end">
        <button type="button" class="btn btn-success btn-lg" data-bs-toggle="modal" data-bs-target="#sitetimeModal"><i class="fas fa-random"></i> <?php echo $transLang['STR_COMMON_CHANGE']; ?></button>
        <a href="changeaccess.php" type="button" class="btn btn-primary btn-lg"><i class="fa fa-redo"></i></a>
      </div>
    </div>
  </div>
  <hr />
<!-- SITE CHANGER END -->

<!-- LOGIN SECTION -->
  <div class="container-fluid">
    <form method="post">
      <?php echo Csrf::getInputToken('home') ?>
      <div class="row row-cols-3 mb-2">
        <div class="col d-grid gap-2">
          <h2><i class="fas fa-sign-in-alt"></i> <?php echo $transLang['LOGIN']; ?></h2>
        </div>
        <div class="col text-start">
          <?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
          <div class="input-group">
            <span class="input-group-text form-control-sm"><?php echo $transLang['USER-USERNAME']; ?></span>
            <input type="text" class="form-control form-control-sm bg-white" id="username" name="username" placeholder="<?php echo $transLang['USER-USERNAME']; ?>" required autofocus />
            <span class="input-group-text form-control-sm"><?php echo $transLang['PASSWORD']; ?></span>
            <input type="password" class="form-control form-control-sm bg-white" id="password" name="password" placeholder="<?php echo $transLang['PASSWORD']; ?>" required autofocus />
          </div>
          <?php } elseif (Registry::AUTHMETHOD == 'SAML') { ?>
          <p><?php echo $transLang['LOGIN_SSO_DESCR']; ?></p>
          <?php } ?>
        </div>
        <div class="col text-end">
          <?php if (Registry::AUTHMETHOD == 'INTERNAL') { ?>
          <button type="submit" class="btn btn-success btn-lg" name="login"><i class="fas fa-sign-in-alt"></i> <?php echo $transLang['LOGIN']; ?></button>
          <?php } elseif (Registry::AUTHMETHOD == 'SAML') { ?>
          <a type="button" class="btn btn-success btn-lg" name="login" href="<?php echo str_replace("http%3A%2F%2F","https%3A%2F%2F",$auth->getLoginURL()); ?>"><i class="fas fa-sign-in-alt"></i> <?php echo $transLang['LOGIN']; ?></a>
          <?php } ?>
          <a href="changeaccess.php" type="button" class="btn btn-primary btn-lg"><i class="fa fa-redo"></i></a>
        </div>
      </div>
    </form>
  </div>
  <hr />
<!-- LOGIN SECTION END -->

<!-- END CONTENT -->

<?php } require_once("inc/footer.inc.php");