128 lines
3.3 KiB
PHP
128 lines
3.3 KiB
PHP
<?php
|
|
|
|
// Database connection details
|
|
$host = 'sasaprod.pattinson.org'; // Replace with your database host (usually 'localhost')
|
|
$username = 'ppruser'; // Replace with your database username
|
|
$password = 'iJ8kN*5[g6P3jaqN'; // Replace with your database password
|
|
$database = 'pprdevdb'; // Replace with your database name
|
|
|
|
function getUserIP() {
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
return $_SERVER['HTTP_CLIENT_IP'];
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
} else {
|
|
return $_SERVER['REMOTE_ADDR'];
|
|
}
|
|
}
|
|
|
|
function connectDb() {
|
|
|
|
// Create connection
|
|
$conn = new mysqli( $GLOBALS['host'], $GLOBALS['username'], $GLOBALS['password'], $GLOBALS['database']);
|
|
|
|
// Check connection
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
return $conn;
|
|
|
|
}
|
|
|
|
function logJournal($conn, $id, $message) {
|
|
|
|
$stmt = $conn->prepare("INSERT INTO journal (ppr_id, entry, user, ip) VALUES (?, ?, ?, ?)");
|
|
$stmt->bind_param("isss", $id, $message, $_SERVER['PHP_AUTH_USER'], getUserIP());
|
|
$stmt->execute();
|
|
$stmt->close();
|
|
|
|
}
|
|
|
|
function require_db_auth() {
|
|
|
|
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
|
|
send_auth_headers();
|
|
}
|
|
|
|
$user = $_SERVER['PHP_AUTH_USER'];
|
|
$pass = $_SERVER['PHP_AUTH_PW'];
|
|
|
|
$conn = connectDb();
|
|
|
|
$stmt = $conn->prepare("SELECT password FROM users WHERE username = ?");
|
|
$stmt->bind_param("s", $user);
|
|
$stmt->execute();
|
|
$stmt->store_result();
|
|
$stmt->bind_result($stored_hash);
|
|
$stmt->fetch();
|
|
|
|
// Verify the password
|
|
if ($stmt->num_rows == 0 || !password_verify($pass, $stored_hash)) {
|
|
send_auth_headers();
|
|
}
|
|
|
|
// Close the connection
|
|
$stmt->close();
|
|
$conn->close();
|
|
|
|
}
|
|
|
|
function send_auth_headers() {
|
|
header('WWW-Authenticate: Basic realm="Restricted Area"');
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
die("Authentication required.");
|
|
}
|
|
|
|
function require_auth() {
|
|
$AUTH_USER = 'admin';
|
|
$AUTH_PASS = 'admin';
|
|
header('Cache-Control: no-cache, must-revalidate, max-age=0');
|
|
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
|
|
$is_not_authenticated = (
|
|
!$has_supplied_credentials ||
|
|
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER ||
|
|
$_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
|
|
);
|
|
if ($is_not_authenticated) {
|
|
header('HTTP/1.1 401 Authorization Required');
|
|
header('WWW-Authenticate: Basic realm="PPR"');
|
|
echo 'Text to send if user hits Cancel button';
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function generateSecureToken($email, $entryId) {
|
|
$secretKey = "your-very-secret-key"; // Use an environment variable for this
|
|
$timestamp = time();
|
|
$data = "$email|$entryId|$timestamp";
|
|
$hash = hash_hmac('sha256', $data, $secretKey);
|
|
return base64_encode("$data|$hash");
|
|
}
|
|
|
|
|
|
function validateSecureToken($token) {
|
|
$secretKey = "your-very-secret-key";
|
|
$decoded = base64_decode($token);
|
|
|
|
if (!$decoded) return false;
|
|
|
|
list($email, $entryId, $timestamp, $hash) = explode('|', $decoded);
|
|
|
|
// Check expiration (e.g., valid for 1 hour)
|
|
if (time() - $timestamp > 3600) {
|
|
return false;
|
|
}
|
|
|
|
// Verify hash
|
|
$data = "$email|$entryId|$timestamp";
|
|
$validHash = hash_hmac('sha256', $data, $secretKey);
|
|
|
|
if (!hash_equals($validHash, $hash)) {
|
|
return false;
|
|
}
|
|
|
|
return ['email' => $email, 'entryId' => $entryId];
|
|
}
|
|
|