didats · May 2, 2016 12:42 · didats · May 2, 2016
diff --git a/added.css b/added.css
 .login-page header.header {
 	display:none !important;
 }

 .login {
 	width: 400px !important;
 	margin: 10% auto !important;
 }
diff --git a/base.php b/base.php
 $app->before(function ($request, $app) {
 	$request->getSession()->start();
 	
 	if (!preg_match("/login/", $request->getRequestUri())) {
 		if(!checkingAuth()) {
 			return $app->redirect($app['url_generator']->generate('login'));
 		}
 	}
 });

 $app->match('/login', function () use ($app) {
 	$htmlData = array();
 	if("POST" == $app['request']->getMethod()){
 		
 		foreach($_POST['form'] as $key => $value) {
 			$$key = strip_tags($value);
 		}
 		$password = passwordShield($password);
 		
 		// checking the database
 		$row = $app['db']->fetchAssoc("SELECT * FROM admins WHERE admin_username = ? AND admin_password = ?", array($username, $password));
 		
 		if(!$row) {
 			// do nothing
 			$htmlData['message'] = "Account not found";
 		}
 		else {
 			// do session
 			$app['session']->set('user', array('type' => $row['admin_type'], 'email' => $row['admin_email'], 'site_id' => $row['site_id'], 'username' => $username, 'password' => $password, 'last_login' => $row['last_login']));
 			
 			// execute update on last login
 			$app['db']->executeUpdate("UPDATE admins SET last_login = NOW() WHERE admin_username = ? AND admin_password = ?", array($username, $password));
 			
 			$site = $app['db']->fetchAssoc("SELECT * FROM sites WHERE site_id = ?", array($row['site_id']));
 			$app['session']->set('site', $site);
 			
 			return $app->redirect($app['url_generator']->generate('dashboard'));
 		}
 		
 	}
 	
    return $app['twig']->render('login.html.twig', $htmlData);
        
 })
 ->bind('login');

 $app->match("/logout", function() use($app) {
 	
 	$app['session']->clear();
 	return $app->redirect($app['url_generator']->generate('login'));
 	
 })->bind("logout");

 function passwordShield($str) {
 	return md5($str."1r2i3m4b5u6n7e8s9i0a1");
 }

 function checkingAuth() {
 	global $app;
 	
 	$user = $app['session']->get("user");
 	
 	if(!isset($user['site_id'])) {
 		return false;
 	}
 	
 	return true;
 }
diff --git a/login.twig.html b/login.twig.html
 {% extends 'ag_base/backend.html.twig' %}

 {% block body_params %}class="skin-black login-page"{% endblock %}

 {% block container %}

    <div class="wrapper row-offcanvas row-offcanvas-left">

        <!-- Right side column. Contains the navbar and content of the page -->
        <form method="post" action="">
        <section class="login center">
        	<div class="row">
        		<div class="box">
        			<div class="box-body">
        			
        				<div class="row">
 			        		<div class="col-xs-12">
 			        			<h1>Login</h1>
 			        		</div>
 			        	</div>
 			        	<br />
 			        	
 			        	 <div class="form-group">
 						    <label for="form_username">Username</label>
 						    <input type="text" id="form_username" name="form[username]" class="form-control">
 						</div>
 						<div class="form-group">
 						    <label for="form_password">Password</label>
 						    <input type="password" id="form_password" name="form[password]" class="form-control">
 						</div>
 						
        			</div>
        			
        			<div class="box-footer">
                        <button type="submit" class="btn btn-primary">Submit</button>
                    </div>
        			
        		</div>
        	</div>
        </section>
        </form>
        
    </div><!-- ./wrapper -->

 {% endblock %}
diff --git a/Nginx configuration file b/Nginx configuration file
 server {
        listen 80;
        server_name example.com;
        root /usr/share/nginx/example.com/web;
        index index.php index.html;

        location ~* ^/(assets|files|robots\.txt) { }

        location / {
                if (-f $request_filename) {
                        expires max;
                        break;
                }

                rewrite ^(.*) /index.php last;
        }

         location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

 }
	$app->before(function ($request, $app) {
	$request->getSession()->start();

	if (!preg_match("/login/", $request->getRequestUri())) {
	if(!checkingAuth()) {
	return $app->redirect($app['url_generator']->generate('login'));
	}
	}
	});

	$app->match('/login', function () use ($app) {
	$htmlData = array();
	if("POST" == $app['request']->getMethod()){

	foreach($_POST['form'] as $key => $value) {
	$$key = strip_tags($value);
	}
	$password = passwordShield($password);

	// checking the database
	$row = $app['db']->fetchAssoc("SELECT * FROM admins WHERE admin_username = ? AND admin_password = ?", array($username, $password));

	if(!$row) {
	// do nothing
	$htmlData['message'] = "Account not found";
	}
	else {
	// do session
	$app['session']->set('user', array('type' => $row['admin_type'], 'email' => $row['admin_email'], 'site_id' => $row['site_id'], 'username' => $username, 'password' => $password, 'last_login' => $row['last_login']));

	// execute update on last login
	$app['db']->executeUpdate("UPDATE admins SET last_login = NOW() WHERE admin_username = ? AND admin_password = ?", array($username, $password));

	$site = $app['db']->fetchAssoc("SELECT * FROM sites WHERE site_id = ?", array($row['site_id']));
	$app['session']->set('site', $site);

	return $app->redirect($app['url_generator']->generate('dashboard'));
	}

	}

	return $app['twig']->render('login.html.twig', $htmlData);

	})
	->bind('login');

	$app->match("/logout", function() use($app) {

	$app['session']->clear();
	return $app->redirect($app['url_generator']->generate('login'));

	})->bind("logout");

	function passwordShield($str) {
	return md5($str."1r2i3m4b5u6n7e8s9i0a1");
	}

	function checkingAuth() {
	global $app;

	$user = $app['session']->get("user");

	if(!isset($user['site_id'])) {
	return false;
	}

	return true;
	}
	{% extends 'ag_base/backend.html.twig' %}

	{% block body_params %}class="skin-black login-page"{% endblock %}

	{% block container %}

	<div class="wrapper row-offcanvas row-offcanvas-left">

	<!-- Right side column. Contains the navbar and content of the page -->
	<form method="post" action="">
	<section class="login center">
	<div class="row">
	<div class="box">
	<div class="box-body">

	<div class="row">
	<div class="col-xs-12">
	<h1>Login</h1>
	</div>
	</div>
	<br />

	<div class="form-group">
	<label for="form_username">Username</label>
	<input type="text" id="form_username" name="form[username]" class="form-control">
	</div>
	<div class="form-group">
	<label for="form_password">Password</label>
	<input type="password" id="form_password" name="form[password]" class="form-control">
	</div>

	</div>

	<div class="box-footer">
	<button type="submit" class="btn btn-primary">Submit</button>
	</div>

	</div>
	</div>
	</section>
	</form>

	</div><!-- ./wrapper -->

	{% endblock %}
	server {
	listen 80;
	server_name example.com;
	root /usr/share/nginx/example.com/web;
	index index.php index.html;

	location ~* ^/(assets\|files\|robots\.txt) { }

	location / {
	if (-f $request_filename) {
	expires max;
	break;
	}

	rewrite ^(.*) /index.php last;
	}

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass unix:/var/run/php5-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}

	}