Skip to content
This repository has been archived by the owner on Sep 22, 2018. It is now read-only.

Commit

Permalink
Fixed #21
Browse files Browse the repository at this point in the history
  • Loading branch information
kimbtech committed Dec 26, 2017
1 parent e1d9ac1 commit f9a9e69
Show file tree
Hide file tree
Showing 2 changed files with 102 additions and 7 deletions.
13 changes: 10 additions & 3 deletions system/load/devjs/fun_maker.js
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ function maker(noteid, notename, sharecont, savecallback) {
// wird?
// (zB: wenn Server nicht antwortet, aber noch eine Nachricht im localStorage)
var noteOverrideDanger = false;
//Leere Notiz geladen?
var onLoadEmpty = false;
function get_notedata() {

//Daten ohne Server aus localStorage oder Vorgabe nehmen
Expand Down Expand Up @@ -107,6 +109,8 @@ function maker(noteid, notename, sharecont, savecallback) {
$("div.noteview div.loading").addClass("disable");
//Abfrage okay?
if (data.status === 'okay') {
onLoadEmpty = data.data.empty;

//neue Notiz (dann Server noch leer)
if (!data.data.empty) {

Expand Down Expand Up @@ -364,8 +368,11 @@ function maker(noteid, notename, sharecont, savecallback) {
$("span.notesaved").addClass("disable");
}
}
// einmal zu Beginn --- erstmal nichtmehr
// save();
// einmal zu Beginn, wenn Nachricht leer war
if( onLoadEmpty ){
save();
onLoadEmpty = false;
}
//bei jeder Änderung
cm_editor.on("change", save);

Expand All @@ -378,7 +385,7 @@ function maker(noteid, notename, sharecont, savecallback) {
//Speicherung per AJAX durchführen
function ajaxsave(callback) {
//überhaupt Änderungen?
if( noteconthash == sjcl.codec.hex.fromBits( sjcl.hash.sha256.hash( cm_editor.getValue() ) ) ){
if( noteconthash == sjcl.codec.hex.fromBits( sjcl.hash.sha256.hash( cm_editor.getValue() ) ) && !onLoadEmpty ){
//Callback vorhnaden?
if (typeof callback === "function") {
callback(true);
Expand Down
96 changes: 92 additions & 4 deletions system/php/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,100 @@
defined("Notestool") or die('No clean Request');
if( !RESTMODE ) die('Only for REST Mode');

//Userdaten laden
$userlist = new JSONReader( 'userlist' );

//Username zu UserID
// Username und Authcode
//Mittels Name und Authcode ID holen
if( check_params( POST, array( 'username' => 'strAZaz09', 'authcode' => 'strAZaz09' ) ) ){
//Reinigen
$authcode = preg_replace( '/[^a-z0-9]/', '', $_POST['authcode'] );
$username = preg_replace( '/[^a-z]/', '', $_POST['username'] );

//Username und Passwort zu Authcode
// Username und Passwort
//User suchen
$id = $userlist->searchValue( [], $username, 'username' );
//gefunden?
if( $id !== false ){
//Authcodes des Users lesen
$authcodes = $userlist->getValue( [$id, 'authcodes'] );
// Array ( "Code" => "time() [last used]" )

//Leeres Array in JSON?
//Leerer Authcode?
//Authcode lang genug?
if( $authcodes !== array() && !empty( $authcode ) && strlen( $authcode ) > 20 ){
//Code vorhanden
if( in_array( $authcode, array_keys( $authcodes ) ) ){
//Daten ausgeben
add_output( array(
"id" => $userlist->getValue( [$id, 'userid'] ),
"admin" => $userlist->getValue( [$id, 'admin'] )
) );
//Last used ändern
$userlist->setValue( [$id, 'authcodes', $authcode], time() );
}
else{
add_error( 'No valid Authcode!' );
}
}
else{
add_error( 'No valid Authcode!' );
}
}
}
//Mittels Username und Passwort einen Authcode anfordern
elseif( check_params( POST, array( 'username' => 'strAZaz09', 'password' => 'strAZaz09', '*authcode' => 'empty' ) ) ){

//Reinigen
// => ist hier schon ein Hash
$password = preg_replace( '/[^a-z0-9]/', '', $_POST['password'] );
// => Konvention nur kleine Buchstaben!
$username = preg_replace( '/[^a-z]/', '', $_POST['username'] );

//User suchen
$id = $userlist->searchValue( [], $username, 'username' );
//gefunden?
if( $id !== false ){
//alles über User lesen
$userdata = $userlist->getValue( [$id] );

//Eingebenes Passwort wie in JSON hashen
// sha256( sha256( "passwort" ) "+" salt );
// sha256( "passwort" ) schon per JS
$saltedpw = hash( 'sha256', $password . '+' . $userdata['salt'] );

//Passwort korrekt?
if( $saltedpw == $userdata['password'] ){
//Authcode erstellen

//Alles Codes des User lesen
$codes = $userlist->getValue( [$id,'authcodes'] );

do{
//neuen Code erstellen
$newCode = makepassw( 75, 2 );
//und noch leer?
} while( isset( $codes[$newCode] ) );

//Code anfuegen
$userlist->setValue( [$id, 'authcodes', $newCode], 0 );

//Code ausgeben
add_output( array(
"name" => $userdata['username'],
"id" => $userdata['userid'],
"admin" => $userdata['admin'],
"authcode" => $newCode
) );
}
else{
add_error( 'Password incorrect' );
}
}
else{
add_error( 'User not found' );
}
}
else{
add_error( 'Incorrect Request' );
}
?>

0 comments on commit f9a9e69

Please sign in to comment.