Initial import

2026-01-18 00:53:18 +00:00
parent fb78291fb1
commit 940191502e
115 changed files with 15524 additions and 0 deletions
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -0,0 +1,174 @@
+<?php
+
+class Auth {
+
+	static function routes() {
+		Routes::add_web("GET", "/register", ["Auth", "register"]);
+		Routes::add_web("POST", "/register", ["Auth", "do_register"]);
+		Routes::add_web("GET", "/login", ["Auth", "login"]);
+		Routes::add_web("POST", "/login", ["Auth", "do_login"]);
+		Routes::add_web("GET", "/logout", ["Auth", "logout"]);
+		Routes::add_web("GET", "/account", ["Auth", "account"], ["Auth", "logged_in"]);
+		Routes::add_web("POST", "/account/chpass", ["Auth", "chpass"], ["Auth", "logged_in"]);
+		Routes::add_web("GET", "/account/{tab}", ["Auth", "account"], ["Auth", "logged_in"]);
+	}
+
+	static function chpass($_request) {
+		$session = Session::all_data();
+		$user = get_user();
+		$current = $_request->post("current");
+		$chash = hash("sha256", $current);
+		if ($chash != $user->password) {
+			flash("error", "Wrong password. Try again.");
+			return redirect("/account");
+		}
+
+		$p1 = $_request->post("pass1");
+		$p2 = $_request->post("pass2");
+
+		if ($p1 != $p2) {
+			flash("error", "Your new passwords don't match.");
+			return redirect("/account");
+		}
+
+		if (strlen($p1) < 6) {
+			flash("error", "Your new password is too short. Pick one that is 6 characters or more.");
+			return redirect("/account");
+		}
+	
+
+		$user->password = hash("sha256", $p1);
+		$user->save();
+		flash("success", "Your password has been changed.");
+		return redirect("/account");
+	}
+
+	static function account($tab = "account") {
+		$session = Session::all_data();
+		return blade("account", ["tab" => $tab, "session" => $session, "user" => get_user()]);
+	}
+
+	static function can_upload() {
+		$user = get_user();
+		if (!$user) return false;
+		return $user->can_upload == "Y";
+	}
+
+	static function can_moderate() {
+		$user = get_user();
+		if (!$user) return false;
+		return $user->can_moderate == "Y";
+	}
+
+	static function register() {
+		if (array_key_exists("HTTP_REFERER", $_SERVER)) {
+			Session::set("login_return", $_SERVER['HTTP_REFERER']);
+		} else {
+			Session::set("login_return", "/");
+		}
+		return blade("register");
+	}
+
+	static function do_register($_request) {
+		$username = $_request->post("username");
+		$email = $_request->post("email");
+		$password = $_request->post("password");
+		$confirm = $_request->post("confirm");
+
+		if ($username == "") {
+			flash("error", "You haven't provided a username.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		if ($email == "") {
+			flash("error", "You haven't provided an email address.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		if (strlen($password) < 6) {
+			flash("error", "You need to give a password of at least 6 characters.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		if ($password != $confirm) {
+			flash("error", "Your two passwords do not match.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+			flash("error", "Your email address doesn't appear to be valid.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+		
+		$exist = User::find([["username", "=", strtolower($username)]])->first();
+		if ($exist) {
+			flash("error", "That username has already been taken. Pick another.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		$exist = User::find([["email", "=", $email]])->first();
+		if ($exist) {
+			flash("error", "An account with that email address already exists.");
+			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
+		}
+
+		$u = new User;
+		$u->username = $username;
+		$u->email = $email;
+		$u->password = hash("sha256", $password);
+		$u->save();
+
+		Session::set("user", $u->id);
+		
+
+		flash("success", "Registration successful. You have also been automatically logged in.");
+		$ret = Session::get("login_return");
+		return redirect($ret);
+	
+	}
+
+	static function logged_in() {
+		$user = get_user();
+		return $user !== false;
+	}
+
+	static function do_login() {
+		$username = $_POST['username'];
+		$password = $_POST['password'];
+
+		if (!$username) return blade("login");
+		if (!$password) return blade("login");
+
+		$user = User::find([["username", "=", $username]])->first();
+		if (!$user) {
+			$user = User::find([["email", "=", $username]])->first();
+		}
+
+		$pwe = hash("sha256", $password);
+		if ($pwe == $user->password) {
+			Session::set("user", $user->id);
+			flash("success", "Log in successful");
+			$ret = Session::get("login_return");
+			return redirect($ret);
+		}
+		flash("error", "Invalid username or password.");
+		return blade("login");
+	}
+
+	public static function login() {
+		if (array_key_exists("HTTP_REFERER", $_SERVER)) {
+			Session::set("login_return", $_SERVER['HTTP_REFERER']);
+		} else {
+			Session::set("login_return", "/");
+		}
+		return blade("login");
+	}
+
+	public static function logout() {
+		Session::unset("user");
+		return redirect($_SERVER['HTTP_REFERER']);
+	}
+
+}
+
+