Merge branch 'refactoring' of clement/BIM into master

auth.php

@@ -1,38 +0,0 @@
-<?php
-
-session_start();
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-    header('Location: signin.php');
-    exit();
-}
-
-if (!isset($_POST['id'], $_POST['password'])) {
-    header('Location: signin.php');
-    exit();
-}
-
-$id = htmlspecialchars($_POST['id']);
-
-$ini = parse_ini_file('includes/config.ini');
-
-try {
-    $ldapconn = ldap_connect($ini['hostname'], $ini['port']);
-    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
-} catch (Exception $e) {
-    die ('ERROR: ' . $e->getMessage());
-}
-
-if ($ldapconn) {
-    $ldapbind = @ldap_bind($ldapconn, "uid=" . ldap_escape($id) . ',' . $ini["basedn"], $_POST['password']);
-    if ($ldapbind) {
-        $_SESSION['user'] = $id;
-        header('Location: home.php');
-        exit();
-    } else {
-       $_SESSION['message'] = "Wrong username or password";
-       header('Location: signin.php');
-       exit();
-    }
-}    

changepasswd.php

@@ -1,60 +0,0 @@
-<?php
-
-session_start();
-
-function passwd_error($message) {
-    $_SESSION['message'] = $message;
-    header('Location: formpasswd.php');
-    exit();
-}
-
-if (!isset($_SESSION['user'])) {
-    header('Location: signin.php');
-    exit();
-}
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-    header('Location: signin.php');
-    exit();
-}
-
-if (!isset($_POST['password_current'], $_POST['password'], $_POST['password_conf'])) {
-    header('Location: signin.php');
-    exit();
-}
-
-$passwd = $_POST['password'];
-$passwd_conf = $_POST['password_conf'];
-$current_password = $_POST["password_current"];
-
-if ($passwd != $passwd_conf) {
-    passwd_error("Passwords do not match");
-}
-
-if (strlen($passwd) < 8) {
-    passwd_error("Password too short (min 8 chars)");
-}
-
-$ini = parse_ini_file('includes/config.ini');
-
-try {
-    $ldapconn = ldap_connect($ini['hostname'], $ini['port']);
-    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
-} catch (Exception $e) {
-    die ('ERROR: ' . $e->getMessage());
-}
-
-$dn = "uid=" . ldap_escape($_SESSION['user']) . ',' . $ini["basedn"];
-$ldap_bind = @ldap_bind($ldapconn, $dn, $current_password);
-
-if ($ldap_bind) {
-    if (ldap_exop_passwd($ldapconn, $dn, "",$passwd)) {
-        header('Location: home.php');
-        exit();
-    } else {
-        passwd_error("A problem occured, contact admins");
-    }
-} else {
-    passwd_error("Wrong current password");
-}

composer.json

@@ -1,5 +1,6 @@
 {
     "require": {
-        "twig/twig": "^3.6"
+        "twig/twig": "^3.6",
+        "nikic/fast-route": "^1.3"
     }
 }

composer.lock

@@ -4,8 +4,58 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "563135cbdb55fe74547a1d3ea629b5fe",
+    "content-hash": "1feba9f5d4cf33133daf138f79521373",
     "packages": [
+        {
+            "name": "nikic/fast-route",
+            "version": "v1.3.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/nikic/FastRoute.git",
+                "reference": "181d480e08d9476e61381e04a71b34dc0432e812"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/nikic/FastRoute/zipball/181d480e08d9476e61381e04a71b34dc0432e812",
+                "reference": "181d480e08d9476e61381e04a71b34dc0432e812",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.8.35|~5.7"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/functions.php"
+                ],
+                "psr-4": {
+                    "FastRoute\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Nikita Popov",
+                    "email": "nikic@php.net"
+                }
+            ],
+            "description": "Fast request router for PHP",
+            "keywords": [
+                "router",
+                "routing"
+            ],
+            "support": {
+                "issues": "https://github.com/nikic/FastRoute/issues",
+                "source": "https://github.com/nikic/FastRoute/tree/master"
+            },
+            "time": "2018-02-13T20:26:39+00:00"
+        },
         {
             "name": "symfony/polyfill-ctype",
             "version": "v1.27.0",

formpasswd.php

@@ -1,24 +0,0 @@
-<?php
-
-session_start();
-
-if (!isset($_SESSION['user'])) {
-    header('Location: signin.php');
-    exit();
-}
-
-include 'vendor/autoload.php';
-
-try {
-    $loader = new Twig\Loader\FilesystemLoader('templates');
-    $twig = new Twig\Environment($loader);
-    $twig->addGlobal('session', $_SESSION);
-
-    $template = $twig->load('formpasswd.html.twig');
-
-    echo $template->render();
-
-    unset($_SESSION['message']);
-} catch (Exception $e) {
-    die ('ERROR: ' . $e->getMessage());
-}

home.php

@@ -1,23 +0,0 @@
-<?php
-
-session_start();
-
-if (!isset($_SESSION['user'])) {
-    header('Location: signin.php');
-    exit();
-}
-
-include 'vendor/autoload.php';
-
-try {
-    $loader = new Twig\Loader\FilesystemLoader('templates');
-    $twig = new Twig\Environment($loader);
-    $twig->addGlobal('session', $_SESSION);
-
-    $template = $twig->load('home.html.twig');
-
-    echo $template->render();
-} catch (Exception $e) {
-    die ('ERROR: ' . $e->getMessage());
-}
-

public/index.php

@@ -0,0 +1,51 @@
+<?php
+require_once '../vendor/autoload.php';
+
+require_once __DIR__ . '/../src/controllers/user.php';
+
+function get_view($view_name) {
+    try {
+        $loader = new Twig\Loader\FilesystemLoader('../templates');
+        $twig = new Twig\Environment($loader);
+        $twig->addGlobal('session', $_SESSION);
+    
+        return $twig->load($view_name . '.html.twig');
+
+    } catch (Exception $e) {
+        die ('ERROR: ' . $e->getMessage());
+    }
+}
+
+$dispatcher = FastRoute\simpleDispatcher(function(FastRoute\RouteCollector $r) {
+    $r->addRoute('GET', '/', 'signin');
+    $r->addRoute('POST', '/auth', 'auth');
+    $r->addRoute('GET', '/home', 'home');
+    $r->addRoute('GET', '/changepassword', 'form_password');
+    $r->addRoute('POST', '/changepassword', 'change_password');
+    $r->addRoute('GET', '/signout', 'signout');
+});
+
+// Fetch method and URI from somewhere
+$httpMethod = $_SERVER['REQUEST_METHOD'];
+$uri = $_SERVER['REQUEST_URI'];
+
+// Strip query string (?foo=bar) and decode URI
+if (false !== $pos = strpos($uri, '?')) {
+    $uri = substr($uri, 0, $pos);
+}
+$uri = rawurldecode($uri);
+
+$routeInfo = $dispatcher->dispatch($httpMethod, $uri);
+switch ($routeInfo[0]) {
+    case FastRoute\Dispatcher::NOT_FOUND:
+        // ... 404 Not Found
+        break;
+    case FastRoute\Dispatcher::METHOD_NOT_ALLOWED:
+        $allowedMethods = $routeInfo[1];
+        // ... 405 Method Not Allowed
+        break;
+    case FastRoute\Dispatcher::FOUND:
+        $handler = $routeInfo[1];
+        $handler();
+        break;
+}

signin.php

@@ -1,24 +0,0 @@
-<?php
-
-session_start();
-
-if (isset($_SESSION['user'])) {
-    header('Location: home.php');
-    exit();
-}
-
-include 'vendor/autoload.php';
-
-try {
-    $loader = new Twig\Loader\FilesystemLoader('templates');
-    $twig = new Twig\Environment($loader);
-    $twig->addGlobal('session', $_SESSION);
-
-    $template = $twig->load('signin.html.twig');
-
-    echo $template->render();
-
-    unset($_SESSION['message']);
-} catch (Exception $e) {
-    die ('ERROR: ' . $e->getMessage());
-}

signout.php

@@ -1,4 +0,0 @@
-<?php
-    session_start();
-    session_destroy();
-    header('Location: signin.php');

src/controllers/user.php

@@ -0,0 +1,120 @@
+<?php
+require_once '../src/models/user.php';
+
+function signin() {
+    session_start();
+    if (isset($_SESSION['user'])) {
+        header('Location: home');
+        exit();
+    }
+
+    $template = get_view("signin");
+
+    echo $template->render();
+    unset($_SESSION['message']);
+}
+
+function home() {
+    session_start();
+
+    if (!isset($_SESSION['user'])) {
+        header('Location: /');
+        exit();
+    }
+
+    $template = get_view("home");
+
+    echo $template->render();
+}
+
+function signout() {
+    session_start();
+    session_destroy();
+    header('Location: /');
+}
+
+function passwd_error($message) {
+    $_SESSION['message'] = $message;
+    header('Location: changepassword');
+    exit();
+}
+
+function form_password() {
+    session_start();
+
+    if (!isset($_SESSION['user'])) {
+        header('Location: signin.php');
+        exit();
+    }
+
+    $template = get_view("formpasswd");
+
+    echo $template->render();
+    unset($_SESSION['message']);
+}
+
+function change_password() {
+    session_start();
+    
+    if (!isset($_SESSION['user'])) {
+        header('Location: /');
+        exit();
+    }
+    
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        header('Location: /');
+        exit();
+    }
+    
+    if (!isset($_POST['password_current'], $_POST['password'], $_POST['password_conf'])) {
+        header('Location: /');
+        exit();
+    }
+    
+    $passwd = $_POST['password'];
+    $passwd_conf = $_POST['password_conf'];
+    $current_password = $_POST["password_current"];
+    
+    if ($passwd != $passwd_conf) {
+        passwd_error("Passwords do not match");
+    }
+    
+    if (strlen($passwd) < 8) {
+        passwd_error("Password too short (min 8 chars)");
+    }
+
+    $res = UserModel\change_password($current_password, $passwd);
+
+    if (!$res[0]) {
+        passwd_error($res[1]);
+    }
+
+    header('Location: home');
+    exit();
+}
+
+function auth() {
+    session_start();
+
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        header('Location: /');
+        exit();
+    }
+
+    if (!isset($_POST['id'], $_POST['password'])) {
+        header('Location: /');
+        exit();
+    }
+
+    $id = htmlspecialchars($_POST['id']);
+
+    if (!UserModel\auth($id, $_POST['password'])) {
+        $_SESSION['message'] = "Wrong username or password";
+        header('Location: /');
+        exit();
+    }
+
+    $_SESSION['user'] = $id;
+    header('Location: home');
+    exit();
+}

src/models/user.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace UserModel;
+
+function auth($id, $passwd) {
+    $ini = parse_ini_file('../includes/config.ini');
+    try {
+        $ldapconn = ldap_connect($ini['hostname'], $ini['port']);
+        ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+    } catch (Exception $e) {
+        die ('ERROR: ' . $e->getMessage());
+    }
+    
+    if ($ldapconn) {
+        $ldapbind = @ldap_bind($ldapconn, "uid=" . ldap_escape($id) . ',' . $ini["basedn"], $passwd);
+        if ($ldapbind) {
+            return true;
+        } else {
+            return false;
+        }
+    }   
+}
+
+function change_password($current_password, $new_passwd) {
+    $ini = parse_ini_file('../includes/config.ini');
+    try {
+        $ldapconn = ldap_connect($ini['hostname'], $ini['port']);
+        ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+    } catch (Exception $e) {
+        die ('ERROR: ' . $e->getMessage());
+    }
+    
+    $dn = "uid=" . ldap_escape($_SESSION['user']) . ',' . $ini["basedn"];
+    $ldap_bind = @ldap_bind($ldapconn, $dn, $current_password);
+    
+    if (!$ldap_bind) {
+        return array(false, "Wrong current password");
+    }
+    if (!ldap_exop_passwd($ldapconn, $dn, "",$new_passwd)) {
+        return array(false, "A problem occured, contact admins");
+    }
+
+    return array(true);
+}

templates/formpasswd.html.twig

@@ -7,7 +7,7 @@
     <body class="layout-default">
        <div class="section">
             <div class="columns is-centered">
-                <form method="post" accept-charset="UTF-8" action="../changepasswd.php" class="box">
+                <form method="post" accept-charset="UTF-8" action="changepassword" class="box">
                     <div class="field">
                         <label for="password_current" class="label">Current password</label>
                         <div class="control">

templates/home.html.twig

@@ -6,8 +6,8 @@
     <body>
         <h1>Hello {{session.user}}</h1>
         <ul>
-            <li><a href="formpasswd.php">Change password</a></li>
-            <li><a href="signout.php">Sign out</a></li>
+            <li><a href="changepassword">Change password</a></li>
+            <li><a href="signout">Sign out</a></li>
         </ul>
     </body>
 </html>

templates/signin.html.twig

@@ -7,7 +7,7 @@
     <body class="layout-default">
         <div class="section">
             <div class="columns is-centered">
-                <form method="post" accept-charset="UTF-8" action="../auth.php" class="box">
+                <form method="post" accept-charset="UTF-8" action="auth" class="box">
                     <div class="field">
                         <label for="id" class="label">Username</label>
                         <div class="control">