new system prototype

This commit is contained in:
2026-04-15 10:19:42 +02:00
parent e805f225bc
commit 034b108c7e
80 changed files with 12212 additions and 890 deletions

131
login.php
View File

@ -1,91 +1,76 @@
<?php
// /var/www/html/login.php
require_once __DIR__ . '/common.php';
require_once __DIR__ . '/db_init.php';
header('Content-Type: application/json; charset=UTF-8');
// Default-Logins (Startzustand)
$USERS_DEFAULT = [
'user01' => 'pw1',
'user02' => 'pw2',
'Tmp_Daniel' => 'dummy4',
'Tmp_Johanna' => 'dummy1',
'Tmp_Anke' => 'dummy2',
'Tmp_Liliana' => 'dummy3',
'Amy_tmp' => 'dummy4',
'Brigitte_tmp' => 'dummy5',
'Extra1_tmp' => 'dummy6',
'Extra2_tmp' => 'dummy7',
'Danny' => 'pw1',
'User1' => 'pw1',
'User2' => 'pw2',
'User3' => 'pw3',
'User4' => 'pw4',
'User5' => 'pw5',
'User6' => 'pw6',
'User7' => 'pw7',
'User8' => 'pw8',
'User9' => 'pw9',
'User10' => 'pw10',
'User11' => 'pw11'
];
$STORE_FILE = __DIR__ . '/users.json'; // persistenter Speicher für gehashte Passwörter
function load_store($path) {
if (!file_exists($path)) return [];
$txt = file_get_contents($path);
$arr = json_decode($txt, true);
return is_array($arr) ? $arr : [];
}
function save_store($path, $data) {
file_put_contents($path, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
}
$raw = file_get_contents("php://input");
$raw = file_get_contents("php://input");
$data = json_decode($raw, true) ?: [];
$username = trim($data['username'] ?? '');
$password = (string)($data['password'] ?? '');
if ($username === '' || $password === '') {
http_response_code(400);
echo json_encode(["success" => false, "message" => "Username/Passwort fehlt"]);
echo json_encode(["success" => false, "message" => "Username/password missing"]);
exit;
}
// 1) Prüfe, ob Nutzer bereits ein *eigenes*, gehashtes Passwort hat
$store = load_store($STORE_FILE); // Struktur: ["user01" => ["hash" => "...", "changedAt" => 1234567890]]
if (array_key_exists($username, $store)) {
$hash = (string)($store[$username]['hash'] ?? '');
if ($hash !== '' && password_verify($password, $hash)) {
// ok -> normaler Login
$token = bin2hex(random_bytes(32));
token_add($token, 30 * 24 * 60 * 60);
echo json_encode(["success" => true, "token" => $token, "user" => $username]);
try {
[$pdo, $tmpDb, $lockFp] = qdb_open(false);
$stmt = $pdo->prepare(
"SELECT userID, passwordHash, role, entityID, mustChangePassword
FROM users WHERE username = :u"
);
$stmt->execute([':u' => $username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$pdo = null;
qdb_discard($tmpDb, $lockFp);
if (!$user) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Invalid credentials"]);
exit;
}
// hat schon Hash, aber PW falsch
http_response_code(401);
echo json_encode(["success" => false, "message" => "Ungültige Zugangsdaten"]);
exit;
}
// 2) Nutzer hat *noch* keinen Hash -> nur Default-Zugang erlaubt
if (!array_key_exists($username, $USERS_DEFAULT)) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Ungültige Zugangsdaten"]);
exit;
}
if (!password_verify($password, $user['passwordHash'])) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Invalid credentials"]);
exit;
}
if ($USERS_DEFAULT[$username] !== $password) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Ungültige Zugangsdaten"]);
exit;
}
if ((int)$user['mustChangePassword'] === 1) {
$tempToken = bin2hex(random_bytes(32));
token_add($tempToken, 10 * 60, [
'role' => $user['role'],
'entityID' => $user['entityID'],
'userID' => $user['userID'],
'temp' => true,
]);
echo json_encode([
"success" => true,
"user" => $username,
"role" => $user['role'],
"must_change_password" => true,
"temp_token" => $tempToken,
"message" => "Please change your password."
]);
exit;
}
// 3) Default-Passwort korrekt -> Passwortwechsel erzwingen
echo json_encode([
"success" => true,
"user" => $username,
"must_change_password" => true,
"message" => "Bitte Passwort ändern."
]);
$token = bin2hex(random_bytes(32));
token_add($token, 30 * 24 * 60 * 60, [
'role' => $user['role'],
'entityID' => $user['entityID'],
'userID' => $user['userID'],
]);
echo json_encode([
"success" => true,
"token" => $token,
"user" => $username,
"role" => $user['role'],
]);
} catch (Throwable $e) {
http_response_code(500);
echo json_encode(["success" => false, "message" => "Server error"]);
}