-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPicoLock.php
139 lines (128 loc) · 4.25 KB
/
PicoLock.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
/**
* Provides a Password request screen in front of all Pico CMS pages
*
* @author Maik Wiege
* @license http://opensource.org/licenses/MIT The MIT License
* @version 0.1
*/
class PicoLock extends AbstractPicoPlugin
{
/**
* API version used by this plugin
*
* @var int
*/
const API_VERSION = 3;
/**
* path to this plugin directory
*
* @see PicoLock::onConfigLoaded()
*/
private $plugin_path;
/**
* PicoLock password
*/
private $password;
/**
* Triggered after Pico has read its configuration
* Here we load the password from the config
*
* @param array &$config array of config variables
* @see Pico::getBaseUrl()
* @see Pico::isUrlRewritingEnabled()
*
* @see Pico::getConfig()
*/
public function onConfigLoaded(array &$config)
{
// path to the plugin, used for rendering templates
$this->plugin_path = dirname(__FILE__);
// check configuration for password
if (isset($config['PicoLock']['password']) && !empty($config['PicoLock']['password'])) {
$this->password = $config['PicoLock']['password'];
}
// load text ressources
if (isset($config['PicoLock']['enterPasswordMessage']) && !empty($config['PicoLock']['enterPasswordMessage'])) {
$this->enterPasswordMessage = $config['PicoLock']['enterPasswordMessage'];
} else {
$this->enterPasswordMessage = 'Please enter the password:';
}
if (isset($config['PicoLock']['wrongPasswordMessage']) && !empty($config['PicoLock']['wrongPasswordMessage'])) {
$this->wrongPasswordMessage = $config['PicoLock']['wrongPasswordMessage'];
} else {
$this->wrongPasswordMessage = 'Wrong password. Please try again.';
}
// check for session
if (!isset($_SESSION)) {
session_start();
}
}
/**
* Triggered before Pico renders the page
* Here we check if the password has been provided in this session
* and if not, how the password screen to the user
*
* @param string &$templateName file name of the template
* @param array &$twigVariables template variables
* @throws \Twig\Error\LoaderError
* @throws \Twig\Error\RuntimeError
* @throws \Twig\Error\SyntaxError
* @see DummyPlugin::onPageRendered()
* @uses $_POST['password']
*/
public function onPageRendering(&$templateName, array &$twigVariables)
{
// check if no password exists
if (!$this->password) {
// render the login view
$this->showLoginScreen("No password set!");
// don't continue to render template
exit;
}
// if no current session exists,
if (!isset($_SESSION['picoLock_logged_in']) || !$_SESSION['picoLock_logged_in']) {
// check that user is POSTing a password
if (isset($_POST['password'])) {
// does the password match the hashed password?
if (hash('sha512', $_POST['password']) == $this->password) {
// login success
$_SESSION['picoLock_logged_in'] = true;
// reload the page (otherwise we get annoying "resubmit form?" message from browser on page refreshs
header('Location: ' . $this->pico->getPageUrl($this->pico->getRequestUrl()));
} else {
// login failure
$this->showLoginScreen($this->wrongPasswordMessage);
// don't continue to render template
exit;
}
} else {
$this->showLoginScreen($this->enterPasswordMessage);
// don't continue to render template
exit;
}
}
// valid session exists, render the requested page.
}
private function showLoginScreen($msg){
$loader = new Twig_Loader_Filesystem($this->plugin_path);
$this->getPico()->getTwig()->setLoader($loader);
$twigVariables['login_message'] = $msg;
$loader = new Twig_Loader_Filesystem($this->plugin_path);
$this->getPico()->getTwig()->setLoader($loader);
// render the login view
echo $this->getPico()->getTwig()->render('views/login.twig', $twigVariables);
}
/**
* Exit from admin session
*/
private function doLogout()
{
// destroy the current session
session_destroy();
// redirect to the login page...
header('Location: ' . $this->pico->getPageUrl());
// don't continue to render template
exit;
}
}