From a491c4b921be6cbfd9a7e58402c7afd1a28937da Mon Sep 17 00:00:00 2001
From: Sean Joseph <joseph62@egr.msu.edu>
Date: Sun, 29 Oct 2017 20:21:55 -0400
Subject: [PATCH] Added the secure logins for site. removed htaccess in favor
 of a custom authentication. Most pages are linking to the secure login screen
 now. I added a minutes page to keep the meeting minutes. Successful logins.

---
 lib/LoginController.php | 59 +++++++++++++++++++++++++++++++++++++++++
 lib/View.php            |  1 +
 lib/logins.inc.php      | 13 +++++++++
 lib/prelude.inc.php     | 11 ++++++++
 lib/protected.inc.php   | 15 +++++++++++
 post/login.php          | 20 ++++++++++++++
 secure/.htaccess        | 12 ---------
 secure/index.php        | 27 +++++++++++++++++++
 secure/minutes.php      | 14 ++++++++++
 9 files changed, 160 insertions(+), 12 deletions(-)
 create mode 100644 lib/LoginController.php
 create mode 100644 lib/logins.inc.php
 create mode 100644 lib/prelude.inc.php
 create mode 100644 lib/protected.inc.php
 create mode 100644 post/login.php
 delete mode 100644 secure/.htaccess
 create mode 100644 secure/index.php
 create mode 100644 secure/minutes.php

diff --git a/lib/LoginController.php b/lib/LoginController.php
new file mode 100644
index 0000000..541f543
--- /dev/null
+++ b/lib/LoginController.php
@@ -0,0 +1,59 @@
+<?php
+
+/**
+ * Created by PhpStorm.
+ * User: sean
+ * Date: 10/29/17
+ * Time: 6:59 PM
+ */
+class LoginController
+{
+    public function __construct($get, $post, $logins)
+    {
+
+        $this->get = $get;
+        $this->post = $post;
+        $this->logins = $logins;
+
+        if(isset($post['username'])){
+            $username = $post['username'];
+            if(array_key_exists($username,$logins)){
+                if(isset($post['password'])) {
+                    $hash = hash("sha256", $post['password']);
+                    if ($hash == $logins[$username]) {
+                        $this->success = true;
+                        $this->redirect = "secure/minutes.php";
+                    }
+                    else{
+                        $this->redirect = "secure/index.php";
+                    }
+                }
+                else{
+                    $this->redirect = "secure/index.php";
+                }
+
+            }
+            else{
+                $this->redirect = "secure/index.php";
+            }
+        }
+        else{
+            $this->redirect = "secure/index.php";
+        }
+
+    }
+
+    public function getRedirect(){
+        return $this->redirect;
+    }
+
+    public function validLogin(){
+        return $this->success;
+    }
+
+    private $get; //Get data
+    private $post; //Post data
+    private $logins; //Login data
+    private $success = false; // successful login flag
+    private $redirect; //Redirect location
+}
\ No newline at end of file
diff --git a/lib/View.php b/lib/View.php
index b85439e..62eee0e 100644
--- a/lib/View.php
+++ b/lib/View.php
@@ -14,6 +14,7 @@ class View
         $this->addNav("Progress", "./");
         $this->addNav("Meet The Team", "./about.php");
         $this->addNav("Course Site", "https://cse.msu.edu/~cse435/");
+        $this->addNav("Secure", "./secure");
     }
 
     public function head(){
diff --git a/lib/logins.inc.php b/lib/logins.inc.php
new file mode 100644
index 0000000..583f171
--- /dev/null
+++ b/lib/logins.inc.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: sean
+ * Date: 10/29/17
+ * Time: 7:22 PM
+ */
+
+//Login credentials for the protected pages
+$logins = array(
+    "team6" => "1b598bb7f24d7d258a6bd2264177fb88896744e43214f86daa9f4738e5e8b5be",
+    "cse435" => "0f0484da86e5949eb820290270ab76e5fc63f1c4c06b0bb412cd3c551623069f",
+);
\ No newline at end of file
diff --git a/lib/prelude.inc.php b/lib/prelude.inc.php
new file mode 100644
index 0000000..b1d9ce8
--- /dev/null
+++ b/lib/prelude.inc.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: sean
+ * Date: 10/29/17
+ * Time: 6:56 PM
+ */
+
+session_start();
+define("LOGIN","login");//login session constant
+define("ROOT", "/~joseph62/cse435/");
diff --git a/lib/protected.inc.php b/lib/protected.inc.php
new file mode 100644
index 0000000..4c40a0a
--- /dev/null
+++ b/lib/protected.inc.php
@@ -0,0 +1,15 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: sean
+ * Date: 10/29/17
+ * Time: 6:49 PM
+ */
+require_once "prelude.inc.php";
+
+if(!$open){
+    if(!isset($_SESSION[LOGIN])){
+        header("Location: ../secure/index.php");
+    }
+}
+
diff --git a/post/login.php b/post/login.php
new file mode 100644
index 0000000..12b1c8d
--- /dev/null
+++ b/post/login.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: sean
+ * Date: 10/29/17
+ * Time: 6:59 PM
+ */
+require_once "../lib/prelude.inc.php";
+require_once "../lib/logins.inc.php";
+require_once "../lib/LoginController.php";
+
+$controller = new LoginController($_GET,$_POST,$logins);
+
+if($controller->validLogin()){
+
+    $_SESSION[LOGIN] = "We really out here.";
+}
+
+header("Location: " . ROOT . $controller->getRedirect());
+
diff --git a/secure/.htaccess b/secure/.htaccess
deleted file mode 100644
index 59bc014..0000000
--- a/secure/.htaccess
+++ /dev/null
@@ -1,12 +0,0 @@
-AuthType Basic
-AuthBasicProvider ldap
-AuthName "Roaming Access"
-AuthLDAPURL ldap://ds.cse.msu.edu:389/ou=People,dc=cse,dc=msu,dc=edu?uid?sub
-AuthLDAPGroupAttribute memberUid
-AuthLDAPGroupAttributeIsDN off
-Require user cse435
-Require user joseph62
-Require user alphastep
-Require user arentlog
-Require user coppers4
-Require user murra203
diff --git a/secure/index.php b/secure/index.php
new file mode 100644
index 0000000..6bd6bf5
--- /dev/null
+++ b/secure/index.php
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<?php
+require_once "../lib/prelude.inc.php";
+?>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>Secure Pages Login</title>
+</head>
+<body>
+<h1>Secure Pages Login</h1>
+<form action="../post/login.php" method="post">
+    <fieldset>
+        <legend>Login</legend>
+        <p>
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" placeholder="Username">
+        </p>
+        <p>
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="password" placeholder="Password">
+        </p>
+        <input type="submit" name="Submit" value="Submit">
+    </fieldset>
+</form>
+</body>
+</html>
diff --git a/secure/minutes.php b/secure/minutes.php
new file mode 100644
index 0000000..a09249b
--- /dev/null
+++ b/secure/minutes.php
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<?php
+require_once "../lib/prelude.inc.php";
+require_once "../lib/protected.inc.php";
+?>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>Meeting Minutes</title>
+</head>
+<body>
+<h1>Meeting Minutes</h1>
+</body>
+</html>