mirror/Wallos
1
0
Fork 0
mirror of https://github.com/ellite/Wallos.git synced 2025-12-23 23:18:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0d53e4423996595e5c82404af92e077c00eae47
Wallos/login.php
Miguel Ribeiro c0d53e4423 feat: add oauth/oidc support (#873)
2025-07-21 22:53:35 +02:00

424 lines
17 KiB
PHP
Raw Blame History

<?php
require_once 'includes/connect.php';
require_once 'includes/checkuser.php';
require_once 'includes/i18n/languages.php';
require_once 'includes/i18n/getlang.php';
require_once 'includes/i18n/' . $lang . '.php';
require_once 'includes/version.php';
if ($userCount == 0) {
header("Location: registration.php");
exit();
}
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
$db->close();
header("Location: .");
exit();
}
$demoMode = getenv('DEMO_MODE');
$cookieExpire = time() + (30 * 24 * 60 * 60);
// Check if login is disabled
$adminQuery = "SELECT login_disabled FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
if ($adminRow['login_disabled'] == 1) {
$query = "SELECT id, username, main_currency, language FROM user WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row === false) {
// Something is wrong with admin user. Reenable login
$updateQuery = "UPDATE admin SET login_disabled = 0";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->execute();
$db->close();
header("Location: login.php");
} else {
$userId = $row['id'];
$main_currency = $row['main_currency'];
$username = $row['username'];
$language = $row['language'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
setcookie('language', $language, [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
if (!isset($_COOKIE['sortOrder'])) {
setcookie('sortOrder', 'next_payment', [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
}
$query = "SELECT color_theme FROM settings";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
$cookieValue = $username . "|" . "abc123ABC" . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
$db->close();
header("Location: .");
}
}
if (isset($_SESSION['totp_user_id'])) {
unset($_SESSION['totp_user_id']);
}
if (isset($_SESSION['token'])) {
unset($_SESSION['token']);
}
$theme = "light";
$updateThemeSettings = false;
if (isset($_COOKIE['theme'])) {
$theme = $_COOKIE['theme'];
} else {
$updateThemeSettings = true;
}
$colorTheme = "blue";
if (isset($_COOKIE['colorTheme'])) {
$colorTheme = $_COOKIE['colorTheme'];
}
// Check if OIDC is Enabled
$oidcEnabled = false;
$oidcQuery = "SELECT oidc_oauth_enabled FROM admin";
$oidcResult = $db->query($oidcQuery);
$oidcRow = $oidcResult->fetchArray(SQLITE3_ASSOC);
if ($oidcRow) {
$oidcEnabled = $oidcRow['oidc_oauth_enabled'] == 1;
if ($oidcEnabled) {
// Fetch OIDC settings
$oidcSettingsQuery = "SELECT * FROM oauth_settings WHERE id = 1";
$oidcSettingsResult = $db->query($oidcSettingsQuery);
$oidcSettings = $oidcSettingsResult->fetchArray(SQLITE3_ASSOC);
if (!$oidcSettings) {
$oidcEnabled = false;
} else {
$oidc_name = $oidcSettings['name'] ?? '';
// Generate a CSRF-protecting state string
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$state = bin2hex(random_bytes(16));
$_SESSION['oidc_state'] = $state;
// Build the OIDC authorization URL
$params = http_build_query([
'response_type' => 'code',
'client_id' => $oidcSettings['client_id'],
'redirect_uri' => $oidcSettings['redirect_url'],
'scope' => $oidcSettings['scopes'],
'state' => $state,
]);
$oidc_auth_url = rtrim($oidcSettings['authorization_url'], '?') . '?' . $params;
}
}
}
$loginFailed = false;
$hasSuccessMessage = (isset($_GET['validated']) && $_GET['validated'] == "true") || (isset($_GET['registered']) && $_GET['registered'] == true) ? true : false;
$userEmailWaitingVerification = false;
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$rememberMe = isset($_POST['remember']) ? true : false;
$query = "SELECT id, password, main_currency, language FROM user WHERE username = :username";
$stmt = $db->prepare($query);
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row) {
$hashedPasswordFromDb = $row['password'];
$userId = $row['id'];
$main_currency = $row['main_currency'];
$language = $row['language'];
if (password_verify($password, $hashedPasswordFromDb)) {
// Check if the user is in the email_verification table
$query = "SELECT 1 FROM email_verification WHERE user_id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$verificationMissing = $result->fetchArray(SQLITE3_ASSOC);
// Check if the user has 2fa enabled
$query = "SELECT totp_enabled FROM user WHERE id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$totpEnabled = $result->fetchArray(SQLITE3_ASSOC);
if ($verificationMissing) {
$userEmailWaitingVerification = true;
$loginFailed = true;
} else {
if ($rememberMe) {
$token = bin2hex(random_bytes(32));
$addLoginTokens = "INSERT INTO login_tokens (user_id, token) VALUES (:userId, :token)";
$addLoginTokensStmt = $db->prepare($addLoginTokens);
$addLoginTokensStmt->bindParam(':userId', $userId, SQLITE3_INTEGER);
$addLoginTokensStmt->bindParam(':token', $token, SQLITE3_TEXT);
$addLoginTokensStmt->execute();
$_SESSION['token'] = $token;
$cookieValue = $username . "|" . $token . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
}
// Send to totp page if 2fa is enabled
if ($totpEnabled['totp_enabled'] == 1) {
$_SESSION['totp_user_id'] = $userId;
$db->close();
header("Location: totp.php");
exit();
}
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
setcookie('language', $language, [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
if (!isset($_COOKIE['sortOrder'])) {
setcookie('sortOrder', 'next_payment', [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
}
$query = "SELECT color_theme FROM settings WHERE user_id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], [
'expires' => $cookieExpire,
'samesite' => 'Strict'
]);
$db->close();
header("Location: .");
exit();
}
} else {
$loginFailed = true;
}
} else {
$loginFailed = true;
}
}
//Check if registration is open
$registrations = false;
$adminQuery = "SELECT registrations_open, max_users, server_url, smtp_address FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
$registrationsOpen = $adminRow['registrations_open'];
$maxUsers = $adminRow['max_users'];
if ($registrationsOpen == 1 && $maxUsers == 0) {
$registrations = true;
} else if ($registrationsOpen == 1 && $maxUsers > 0) {
$userCountQuery = "SELECT COUNT(id) as userCount FROM user";
$userCountResult = $db->query($userCountQuery);
$userCountRow = $userCountResult->fetchArray(SQLITE3_ASSOC);
$userCount = $userCountRow['userCount'];
if ($userCount < $maxUsers) {
$registrations = true;
}
}
$resetPasswordEnabled = false;
if ($adminRow['smtp_address'] != "" && $adminRow['server_url'] != "") {
$resetPasswordEnabled = true;
}
if(isset($_GET['error']) && $_GET['error'] == "oidc_user_not_found") {
$loginFailed = true;
}
?>
<!DOCTYPE html>
<html dir="<?= $languages[$lang]['dir'] ?>">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta name="theme-color" content="<?= $theme == "light" ? "#FFFFFF" : "#222222" ?>" id="theme-color" />
<meta name="apple-mobile-web-app-title" content="Wallos">
<title>Wallos - Subscription Tracker</title>
<link rel="icon" type="image/png" href="images/icon/favicon.ico" sizes="16x16">
<link rel="apple-touch-icon" href="images/icon/apple-touch-icon.png">
<link rel="apple-touch-icon" sizes="152x152" href="images/icon/apple-touch-icon-152.png">
<link rel="apple-touch-icon" sizes="180x180" href="images/icon/apple-touch-icon-180.png">
<link rel="manifest" href="manifest.json">
<link rel="stylesheet" href="styles/theme.css?<?= $version ?>">
<link rel="stylesheet" href="styles/login.css?<?= $version ?>">
<link rel="stylesheet" href="styles/themes/red.css?<?= $version ?>" id="red-theme" <?= $colorTheme != "red" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/themes/green.css?<?= $version ?>" id="green-theme" <?= $colorTheme != "green" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/themes/yellow.css?<?= $version ?>" id="yellow-theme" <?= $colorTheme != "yellow" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/themes/purple.css?<?= $version ?>" id="purple-theme" <?= $colorTheme != "purple" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/font-awesome.min.css">
<link rel="stylesheet" href="styles/barlow.css">
<link rel="stylesheet" href="styles/login-dark-theme.css?<?= $version ?>" id="dark-theme" <?= $theme == "light" ? "disabled" : "" ?>>
<script type="text/javascript">
window.update_theme_settings = "<?= $updateThemeSettings ?>";
window.color_theme = "<?= $colorTheme ?>";
</script>
<script type="text/javascript" src="scripts/login.js?<?= $version ?>"></script>
</head>
<body class="<?= $languages[$lang]['dir'] ?>">
<div class="content">
<section class="container">
<header>
<div class="logo-image" title="Wallos - Subscription Tracker">
<?php include "images/siteicons/svg/logo.php"; ?>
</div>
<p>
<?= translate('please_login', $i18n) ?>
</p>
</header>
<form action="login.php" method="post">
<div class="form-group">
<label for="username"><?= translate('username', $i18n) ?>:</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password"><?= translate('password', $i18n) ?>:</label>
<input type="password" id="password" name="password" required>
</div>
<?php
if (!$demoMode) {
?>
<div class="form-group-inline">
<input type="checkbox" id="remember" name="remember">
<label for="remember"><?= translate('stay_logged_in', $i18n) ?></label>
</div>
<?php
}
?>
<div class="form-group">
<input type="submit" value="<?= translate('login', $i18n) ?>">
<?php
if ($oidcEnabled) {
?>
<span class="or-separator"><?= translate('or', $i18n) ?></span>
<a class="button secondary-button" href="<?= htmlspecialchars($oidc_auth_url) ?>">
<?= translate('login_with', $i18n) ?> <?= htmlspecialchars($oidc_name) ?>
</a>
<?php
}
?>
</div>
<?php
if ($loginFailed) {
?>
<ul class="error-box">
<?php
if ($userEmailWaitingVerification) {
?>
<li><i
class="fa-solid fa-triangle-exclamation"></i><?= translate('user_email_waiting_verification', $i18n) ?>
</li>
<?php
} else {
?>
<li><i class="fa-solid fa-triangle-exclamation"></i><?= translate('login_failed', $i18n) ?></li>
<?php
}
?>
</ul>
<?php
}
if ($hasSuccessMessage) {
?>
<ul class="success-box">
<?php
if (isset($_GET['validated']) && $_GET['validated'] == "true") {
?>
<li><i class="fa-solid fa-check"></i><?= translate('email_verified', $i18n) ?></li>
<?php
} else if (isset($_GET['registered']) && $_GET['registered']) {
?>
<li><i class="fa-solid fa-check"></i><?= translate('registration_successful', $i18n) ?></li>
<?php
if (isset($_GET['requireValidation']) && $_GET['requireValidation'] == true) {
?>
<li><?= translate('user_email_waiting_verification', $i18n) ?></li>
<?php
}
}
?>
</ul>
<?php
}
if ($resetPasswordEnabled) {
?>
<div class="login-form-link">
<a href="passwordreset.php"><?= translate('forgot_password', $i18n) ?></a>
</div>
<?php
}
?>
<?php
if ($registrations) {
?>
<div class="separator">
<input type="button" class="secondary-button" onclick="openRegitrationPage()"
value="<?= translate('register', $i18n) ?>"></input>
</div>
<?php
}
?>
</form>
</section>
</div>
<script type="text/javascript">
function openRegitrationPage() {
window.location.href = "registration.php";
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink