mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-10 09:59:08 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Login Validation

Browse Source 
- Ported validation rules to CI4 formatting.
- Added Custom Validation Ruleset.
- Formatting and refactoring
This commit is contained in:
objecttothis
2023-02-02 17:54:29 +04:00
committed by Steve Ireland
parent 925691e78e
commit 3442d818eb
4 changed files with 136 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Config/Validation.php
View File

@@ -2,13 +2,12 @@
namespace Config;
use App\Config\Validation\OSPOSRules;
use CodeIgniter\Config\BaseConfig;
use CodeIgniter\Validation\StrictRules\CreditCardRules;
use CodeIgniter\Validation\StrictRules\FileRules;
use CodeIgniter\Validation\StrictRules\FormatRules;
use CodeIgniter\Validation\StrictRules\Rules;
use App\Libraries\MY_Validation;
class Validation extends BaseConfig
{
@@ -26,7 +25,8 @@ class Validation extends BaseConfig
Rules::class,
FormatRules::class,
FileRules::class,
CreditCardRules::class
CreditCardRules::class,
OSPOSRules::class
];
/**

118
app/Config/Validation/OSPOSRules.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
namespace App\Config\Validation;
use App\Models\Employee;
use CodeIgniter\HTTP\IncomingRequest;
use Config\Services;
/**
* @property employee employee
* @property IncomingRequest request
*/
class OSPOSRules
{
public function login_check(string $username, string $fields , array $data, ?string &$error = null): bool
{
$this->employee = model('Employee');
$this->request = Services::request();
//Installation Check
if(!$this->installation_check())
{
$error = lang('Login.invalid_installation');
return false;
}
//Username and Password Check
$password = $data['password'];
if(!$this->employee->login($username, $password))
{
$error = lang('Login.invalid_username_and_password');
return false;
}
//GCaptcha Check
if(config('OSPOS')->settings['gcaptcha_enable'])
{
$g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
if(!$this->gcaptcha_check($g_recaptcha_response))
{
$error = lang('Login.invalid_gcaptcha');
return false;
}
}
return true;
}
/**
* Checks to see if GCaptcha verification was successful.
*
* @param $response
* @return bool true on successful GCaptcha verification or false if GCaptcha failed.
*/
private function gcaptcha_check($response): bool
{
if(!empty($response))
{
$check = [
'secret' => config('OSPOS')->settings['gcaptcha_secret_key'],
'response' => $response,
'remoteip' => $this->request->getIPAddress()
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
$status = json_decode($result, TRUE);
if(!empty($status['success']))
{
return true;
}
}
return false;
}
/**
* Checks to make sure dependency PHP extensions are installed
*
* @return bool
*/
private function installation_check(): bool
{
$installed_extensions = implode(', ', get_loaded_extensions());
$required_extensions = ['bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl'];
$pattern = '/';
foreach($required_extensions as $extension)
{
$pattern .= '(?=.*\b' . preg_quote($extension, '/') . '\b)';
}
$pattern .= '/i';
$is_installed = preg_match($pattern, $installed_extensions);
if(!$is_installed)
{
log_message('error', '[ERROR] Check your php.ini.');
log_message('error',"PHP installed extensions: $installed_extensions");
log_message('error','PHP required extensions: ' . implode(', ', $required_extensions));
}
return $is_installed;
}
}

108
app/Controllers/Login.php
View File

@@ -4,8 +4,6 @@ namespace App\Controllers;
use App\Libraries\MY_Migration;
use App\Models\Employee;
use CodeIgniter\HTTP\RedirectResponse;
use Config\Migrations;
use Config\Services;
/**
@@ -18,115 +16,33 @@ class Login extends BaseController
public function index()
{
$this->employee = model('Employee');
if(!$this->employee->is_logged_in())
{
$migration = new MY_Migration(config('Migrations'));
$data = [
'validation' => Services::validation(),
'has_errors' => false,
'is_latest' => $migration->is_latest(),
'latest_version' => $migration->get_last_migration()
];
if($this->request->getMethod() != 'post')
if(strtolower($this->request->getMethod()) !== 'post')
{
echo view('login', $data);
return view('login', $data);
}
//TODO: Validation isn't working. #3595
// if(!$this->validate(['username' => 'required|login_check']))
// {
// echo view('login', ['validation' => $this->validator->getErrors()]);
// }
}
$rules = ['username' => 'required|login_check[data]'];
$messages = ['username' => lang('Login.invalid_username_and_password')];
//return redirect()->to('home');
}
public function login_check(string $username): bool
{
if(!$this->installation_check())
{
$this->validator->setMessage('login_check', lang('login_invalid_installation')); //TODO: This is going to need some work https://codeigniter.com/user_guide/libraries/validation.html?highlight=validation#setting-custom-error-messages
return FALSE;
}
$password = $this->request->getPost('password');
if(!$this->employee->login($username, $password))
{
$this->validator->setMessage('login_check', $this->lang->line('login_invalid_username_and_password'));
return FALSE;
}
if(config('OSPOS')->settings['gcaptcha_enable'])
{
$g_recaptcha_response = $this->request->getPost('g-recaptcha-response');
if(!$this->gcaptcha_check($g_recaptcha_response))
if(!$this->validate($rules, $messages))
{
$this->validator->setMessage('login_check', lang('login_invalid_gcaptcha'));
$validation = Services::validation();
$data['has_errors'] = !empty($validation->getErrors());
return FALSE;
return view('login', $data);
}
}
return TRUE;
}
private function gcaptcha_check($response): bool
{
if(!empty($response))
{
$check = array(
'secret' => config('OSPOS')->settings['gcaptcha_secret_key'],
'response' => $response,
'remoteip' => $this->request->getIPAddress()
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($check));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
$status = json_decode($result, TRUE);
if(!empty($status['success']))
{
return TRUE;
}
}
return FALSE;
}
private function installation_check()
{
// get PHP extensions and check that the required ones are installed
$extensions = implode(', ', get_loaded_extensions());
$keys = array('bcmath', 'intl', 'gd', 'openssl', 'mbstring', 'curl');
$pattern = '/';
foreach($keys as $key)
{
$pattern .= '(?=.*\b' . preg_quote($key, '/') . '\b)';
}
$pattern .= '/i';
$result = preg_match($pattern, $extensions);
if(!$result)
{
error_log('Check your php.ini');
error_log('PHP installed extensions: ' . $extensions);
error_log('PHP required extensions: ' . implode(', ', $keys));
}
return $result;
echo "validated";
return redirect()->to('home');
}
}

7
app/Views/login.php
View File

@@ -1,10 +1,9 @@
<?php
/**
* @var object $validation
* @var bool $has_errors
* @var bool $is_latest
* @var string $latest_version
*/
helper('form');
?>
<!doctype html>
@@ -43,9 +42,9 @@ helper('form');
<section class="box-login d-flex flex-column justify-content-center align-items-center p-md-4">
<?php echo form_open('login') ?>
<h3 class="text-center m-0"><?php echo lang('Login.welcome', ['install_name' => lang('Common.software_short')]) ?></h3>
<?php if (!empty($validation->getErrors())): ?>
<?php if ($has_errors): ?>
<div class="alert alert-danger mt-3">
<?php echo $validation->listErrors() ?>
<?php echo validation_list_errors(); ?>
</div>
<?php endif; ?>