Proper login

2022-09-12 15:11:23 +07:00 · 2022-09-12 15:11:23 +07:00 · 39dc99cbd6
commit 39dc99cbd6
parent ab0e2818c0
8 changed files with 113 additions and 45 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 vars
+mailhash
 process.log
 uploadpage/streams/*
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+# Separated by TABs: user/mail/bcrypt-hash
+# Get hash:  php -r "echo password_hash('$password', PASSWORD_BCRYPT);"
+username	e@ma.il	$2y$10$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--- a/21
+++ b/21
@ -20,10 +20,16 @@ Log(){ # 1:message 2:returncode(empty: no exit) I:file
 }

 Mail(){ # 1:kind(0:done, 1:wrong type, 2:encoding error) 2:logline I:repopath,email,name,type,start,finish
-	source "$repopath/vars"  # I:umail,user,password,smtp,port
+	source "$repopath/vars"  # I:user,password,smtp,port
 	local sbj msg from="Stream Upload server"
-	# If proper email set, use it, otherwise it's the authusername: look up email
-	[[ $email = *@* ]] && to=$email || to=${umail[$email]}
+	declare -A mails
+	mapfile -t <"$repopath/mailhash"
+	for line in "${MAPFILE[@]}"
+	do [[ ${line:0:1} = '#' ]] && continue
+		l=${line%$'\t'*} mails[${l%$'\t'*}]=${l#*$'\t'}
+	done
+	# If proper email set, strip ':', otherwise it's the user: look up email
+	[[ $email ]] && to=${email:1} || to=${mails[$email]}
 	[[ $port ]] || port=587
 	sbj[0]="Stream Upload encoding done for ${name##*@}"
 	sbj[1]="Stream Upload file wrong type: $type"
@ -32,12 +38,12 @@ Mail(){ # 1:kind(0:done, 1:wrong type, 2:encoding error) 2:logline I:repopath,em
 	msg[1]="Heya,\n\nThe file '$name' from $start is of type '$type' and could not be used.\n\nStream Upload server\n"
 	msg[2]="Heya,\n\nThe file '$name' started encoding on $start but ran into an error on $finish.\n\nStream Upload server\n"
 	if [[ $to && $user && $password && $smtp && $port ]]
-	then
+	then # All ingredients for a mail present
 		mailer -m "$(echo -e "${msg[$1]}")" -t "$to" -s "${sbj[$1]}" -u "$user" -p "$password" -S "$smtp" -P "$port" -f "$from" &&
 			Log "== Mail with subject '${sbj[$1]}' sent to $to" ||
 			Log "== Mail with subject '${sbj[$1]}' failed to send"
 		Log "Start encoding on $start, finished on $finish"
-	else
+	else # Can't send
 		Log "== Mail with subject '${sbj[$1]}' could not be sent"
 		(($1==2)) && Log "Start encoding on $start, error on $finish"
 	fi
@ -46,12 +52,9 @@ Mail(){ # 1:kind(0:done, 1:wrong type, 2:encoding error) 2:logline I:repopath,em

 # Rename upload and check type
 file=${upload%.upload} video=$file.mp4 name=${file##*/} key=${name%%.*}
-rest=${name#*.} date=${rest:0:15} _=${rest:15} email=${_%@*}
+rest=${name#*.} date=${rest:0:15} _=${rest:16} username=${_%%:*} _=${_%@*} email=${_#${username}}
 mv "$upload" "$file"

-# Strip the '_' if email set
-[[ $email ]] && email=${email:1}
-
 type=$(file -bL --mime-type "$file")
 [[ ! ${type:0:5} = video ]] && Mail 1 "File $name is of type $type"

--- a/uploadpage/check.php
+++ b/uploadpage/check.php
@ -0,0 +1,9 @@
+<?php // INCLUDE: Redirect to login.php if not authorized
+session_start();
+if(isset($_POST['logoff'])){ // Logout attempt: logout
+	unset($_SESSION['user']);
+}
+if(!isset($_SESSION['user'])){ // Not logged in: login
+	header('Location: login.php');
+}
+?>
--- a/uploadpage/index.php
+++ b/uploadpage/index.php
@ -1,32 +1,28 @@
-<!DOCTYPE html>
+<?php // Schedule page
+require "check.php";
+$user=$_SESSION['user'];
+print('<!DOCTYPE html>
 <meta charset="utf-8">
-<title>Stream Upload</title>
+<title>Stream Upload scheduling</title>
 <link rel="icon" href="favicon.png">
 <link rel="stylesheet" href="page.css">
 <script>
 function respond(){
-	const feedback = document.getElementById('response');
-	feedback.innerHTML = '<b>File is uploading</b>';
+	const feedback = document.getElementById("response");
+	feedback.innerHTML = "<b>File is uploading</b>";
 }
 </script>
 <div class="container">
 	<div class="incontainer">
 		<table>
-<?php
-$headers=getallheaders();
-$authuser=$headers['X-User'];
-if($authuser!==''){
-	print('
-			<form action="'.(isset($_SERVER['HTTPS']) ? 'https' : 'http').'://nouser:wrongpw@'.$_SERVER['HTTP_HOST'].'" method="post">
 				<tr><td></td><td align="center"><h1>Stream Upload</h1></td></tr>
 				<tr>
 					<td class="left">User:</td>
-					<td class="right"><b>'.$authuser.'</b></td>
-					<td><input class="shiftleft" type="submit" value="Logoff"></td></tr>
-			</form>');
-}
-			print('<form action="'.(isset($_SERVER['HTTPS']) ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].'/upload.php" method="post" enctype="multipart/form-data" onsubmit="respond()">');
-?>
+					<td class="right"><b>'.$user.'</b></td>
+					<form action="check.php" method="post">
+						<td><input class="shiftleft" type="submit" name="logoff" value="Logoff"></td>
+					</form></tr>
+			<form action="upload.php" method="post" enctype="multipart/form-data" onsubmit="respond()">
 				<tr>
 					<td>Target:</td>
 					<td>
@ -49,10 +45,11 @@ if($authuser!==''){
 					<td class="left">Notify email:</td>
 					<td class="right"><input type="email" name="email" title="Not required"></td></tr>
 				<tr><td><br></td></tr>
-				<tr><td></td><td><input type="submit" value="Schedule Stream" name="submit"></td></tr>
+				<tr><td></td><td><input type="submit" value="Schedule Stream" name="schedule"></td></tr>
 				<tr><td><br></td></tr>
 				<tr><td align=center colspan="2" id="response"></td></tr>
 			</form>
 		</table>
 	</div>
-</div>
+</div>');
+?>
--- a/uploadpage/login.php
+++ b/uploadpage/login.php
@ -0,0 +1,49 @@
+<?php // Login page
+session_start();
+$user=$_POST['user'];
+if(!empty($user)){ // Login attempt
+	// Read hash and check password
+	$mh=file(__DIR__.'/../mailhash',FILE_IGNORE_NEW_LINES & FILE_SKIP_EMPTY_LINES);
+	foreach($mh as $line){
+		if(substr($line, 0, 1)!='#'){
+			$field=explode("\t", trim($line, "\n"));
+			$hashes[$field[0]]=$field[2];
+			if($field[0]==$user){
+				if(password_verify($_POST['password'], $field[2])){ // Password correct: login
+					$_SESSION['user']=$user;
+					header('Location: index.php');
+					exit;
+				}
+			}
+		}
+	}
+}
+
+// New login attempt
+print('<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Stream Upload login</title>
+<link rel="icon" href="favicon.png">
+<link rel="stylesheet" href="page.css">
+<div class="container">
+	<div class="incontainer">
+		<table>
+			<tr><td></td><td align="center"><h1>Stream Upload</h1></td></tr>');
+if(isset($_POST['login'])){
+	print('
+			<tr><td></td><td><b>Invalid User or Password</b></td></tr>');
+}
+print('
+			<form action="login.php" method="post">
+				<tr>
+					<td>User:</td>
+					<td><input type="text" name="user" required title="string of 0-9, a-z, A-Z" pattern="[a-zA-Z0-9]+"></td></tr>
+				<tr>
+					<td class="left">Password:</td>
+					<td class="right"><input type="password" name="password" required></td></tr>
+				<tr><td></td><td><input type="submit" name="login" value="Login"></td></tr>
+			</form>
+		</table>
+	</div>
+</div>');
+?>
--- a/uploadpage/page.css
+++ b/uploadpage/page.css
@ -37,7 +37,7 @@ body {
 	max-width:450px;
 }
 p {
-  flex-wrap: nowrap;
+	flex-wrap:nowrap;
 }
 table {
 	width:100%;
--- a/uploadpage/upload.php
+++ b/uploadpage/upload.php
@ -1,28 +1,36 @@
-<?php
-error_reporting(E_ALL);
-$headers=getallheaders();
-$authuser=$headers['X-User'];
-if($_SERVER['REQUEST_METHOD']!=='POST'){
-	header('Location: /');
+<?php // Encode page
+session_start();
+require "check.php";
+if(!isset($_POST['schedule'])){ // If not post: start again
+	header('Location: index.php');
 }

 function Back($msg){
 	print('<p>'.$msg.'</p>
-<form action="'.(isset($_SERVER['HTTPS']) ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].'" method="post">
+<form action="index.php" method="post">
 <input type="submit" value="Upload another file" name="submit">
 </form></div>');
 	exit;
 }

-header('Content-type: text/html; charset=utf-8');
+// Get mails
+$mh=file(__DIR__.'/../mailhash',FILE_IGNORE_NEW_LINES & FILE_SKIP_EMPTY_LINES);
+foreach($mh as $line){
+	if(substr($line, 0, 1)!='#'){
+		$field=explode("\t", $line);
+		$mails[$field[0]]=$field[1];
+	}
+}
 $upload=htmlspecialchars(basename($_FILES['file']['name']));
 $key=$_POST['streamkey'];
 $datetime=$_POST['datetime'];
 $email=$_POST['email'];
+$user=$_SESSION['user'];
 if($email){
-	$email='_'.$email;
-} else {
-	$email='_'.$authuser;
+	$to=$email;
+	$email=':'.$email;
+}else{
+	$to=$mails[$user];
 }
 $date=substr($datetime, 0, 10);
 $hour=substr($datetime, 11, 2);
@ -30,16 +38,16 @@ $min=substr($datetime, 14, 2);
 $time=$hour.$min;
 $target=$_POST['target'];
 $dir='streams/';
-$name=$key.'.'.$date.'_'.$time.$email.'@'.$target;
+$name=$key.'.'.$date.'_'.$time.'_'.$user.$email.'@'.$target;
 $file=$dir.$name.'.upload';
 print('<!DOCTYPE html>
 <meta charset="utf-8">
-<title>Encoding</title>
+<title>Stream Upload encoding</title>
 <link rel="icon" href="favicon.png">
 <link rel="stylesheet" href="page.css">
 <div class="container">
 <h1>Encoding</h1>
-'.($authuser==='' ? '' : '<p>For: <b>'.$authuser.'</b></p>').'
+<p>For: <b>'.$user.'</b></p>
 <p>File: <b>'.$upload.'</b></p>');
 if(preg_match('/20[0-9][0-9]-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-6][0-9]/', $datetime)===false){
 	Back('Date/time somehow incorrect: '.$datetime);
@ -60,8 +68,6 @@ if(!move_uploaded_file($_FILES['file']['tmp_name'], $file)){
 }

 print('<p>File is now being encoded to <b>'.$name.'.mp4</b></p>');
-if($email){
-	print('<p>When done, an email will be sent to <b>'.substr($email,1).'</b></p>');
-}
+print('<p>When done, an email will be sent to <b>'.$to.'</b></p>');
 Back('Scheduling for <b>'.$date.'</b> at <b>'.$hour.':'.$min.'</b>h on <b>'.$target.'</b>');
 ?>