Skip to content

Arturo Montejo Ráez / wbt-web-app

Go to a project
Commit 1ca89481 by Arturo Montejo Ráez
Options

demo app for GC

parent bba9f007
Inline Side-by-side
Showing with 309 additions and 10 deletions
application/config/autoload.php
...@@ -58,7 +58,7 @@ $autoload['packages'] = array(); ...@@ -58,7 +58,7 @@ $autoload['packages'] = array();
| |
| $autoload['libraries'] = array('user_agent' => 'ua'); | $autoload['libraries'] = array('user_agent' => 'ua');
*/ */
$autoload['libraries'] = array(); $autoload['libraries'] = array('database', 'session', 'form_validation');
/* /*
| ------------------------------------------------------------------- | -------------------------------------------------------------------
...@@ -89,7 +89,7 @@ $autoload['drivers'] = array(); ...@@ -89,7 +89,7 @@ $autoload['drivers'] = array();
| |
| $autoload['helper'] = array('url', 'file'); | $autoload['helper'] = array('url', 'file');
*/ */
$autoload['helper'] = array(); $autoload['helper'] = array('url', 'security', 'form');
/* /*
| ------------------------------------------------------------------- | -------------------------------------------------------------------
...@@ -132,4 +132,4 @@ $autoload['language'] = array(); ...@@ -132,4 +132,4 @@ $autoload['language'] = array();
| |
| $autoload['model'] = array('first_model' => 'first'); | $autoload['model'] = array('first_model' => 'first');
*/ */
$autoload['model'] = array(); $autoload['model'] = array('UserModel');
application/config/config.php
...@@ -100,7 +100,7 @@ $config['charset'] = 'UTF-8'; ...@@ -100,7 +100,7 @@ $config['charset'] = 'UTF-8';
| setting this variable to TRUE (boolean). See the user guide for details. | setting this variable to TRUE (boolean). See the user guide for details.
| |
*/ */
$config['enable_hooks'] = FALSE; $config['enable_hooks'] = TRUE;
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
...@@ -324,7 +324,7 @@ $config['cache_query_string'] = FALSE; ...@@ -324,7 +324,7 @@ $config['cache_query_string'] = FALSE;
| https://codeigniter.com/user_guide/libraries/encryption.html | https://codeigniter.com/user_guide/libraries/encryption.html
| |
*/ */
$config['encryption_key'] = ''; $config['encryption_key'] = 'GLn08ulSFJM3dTx4Q17o7hdFjlSEeX9I';
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
......
application/config/database.php
...@@ -75,10 +75,10 @@ $query_builder = TRUE; ...@@ -75,10 +75,10 @@ $query_builder = TRUE;
$db['default'] = array( $db['default'] = array(
'dsn' => '', 'dsn' => '',
'hostname' => 'localhost', 'hostname' => '35.195.0.110',
'username' => '', 'username' => 'appdbuser',
'password' => '', 'password' => 'ch0MPSKaNaCl9',
'database' => '', 'database' => 'appdb',
'dbdriver' => 'mysqli', 'dbdriver' => 'mysqli',
'dbprefix' => '', 'dbprefix' => '',
'pconnect' => FALSE, 'pconnect' => FALSE,
......
application/config/hooks.php
...@@ -11,3 +11,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); ...@@ -11,3 +11,9 @@ defined('BASEPATH') OR exit('No direct script access allowed');
| https://codeigniter.com/user_guide/general/hooks.html | https://codeigniter.com/user_guide/general/hooks.html
| |
*/ */
$hook['post_controller_constructor'][] = array(
'class' => 'Authorization',
'function' => 'check',
'filename' => 'Authorization.php',
'filepath' => 'hooks'
);
application/config/routes.php
...@@ -49,6 +49,6 @@ defined('BASEPATH') OR exit('No direct script access allowed'); ...@@ -49,6 +49,6 @@ defined('BASEPATH') OR exit('No direct script access allowed');
| Examples: my-controller/index -> my_controller/index | Examples: my-controller/index -> my_controller/index
| my-controller/my-method -> my_controller/my_method | my-controller/my-method -> my_controller/my_method
*/ */
$route['default_controller'] = 'welcome'; $route['default_controller'] = 'auth';
$route['404_override'] = ''; $route['404_override'] = '';
$route['translate_uri_dashes'] = FALSE; $route['translate_uri_dashes'] = FALSE;
application/controllers/Auth.php 0 → 100644
<?php
class Auth extends CI_Controller {
function __construct () {
parent::__construct();
}
public function index() {
redirect(base_url('index.php/auth/login'));
}
public function login () {
// No POST data
if (!$this->input->post()) {
$this->load->view('templates/main', array(
'title' => 'Login to the application',
'content' => $this->load->view('auth/login', null, TRUE)
));
return;
}
// POST data received
$this->form_validation->set_rules('email', 'email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'password', 'trim|required|xss_clean|callback_authenticate');
if ($this->form_validation->run() == FALSE) {
// Validation failed
$this->load->view('templates/main', array(
'title' => 'Login to the application',
'content' => $this->load->view('auth/login', null, TRUE)
));
return;
}
// Validation succeeded, go to user/list
redirect('user/list_users');
}
public function authenticate ($password) {
$email = $this->input->post('email');
$user = $this->UserModel->authenticate($email, $password);
if ($user) {
// Set session data
$this->session->set_userdata('logged_in', array(
'fullname' => $user->fullname,
'email' => $user->email,
'id' => $user->id,
'group' => $user->group
));
return TRUE;
}
// Invalid credentials
$this->form_validation->set_message('authenticate', 'Invalid email or password');
return FALSE;
}
public function logout() {
unset($_SESSION['logged_in']);
redirect('auth/login');
}
}
\ No newline at end of file
application/controllers/Pages.php 0 → 100644
<?php
class Pages extends CI_Controller {
public function view($page = 'index') {
if (!file_exists('application/views/pages/' . $page . '.php')) {
show_404();
}
$data['title'] = ucfirst($page);
$this->load->view('templates/main', array(
'title' => 'Unauthorized access',
'content' => $this->load->view('pages/' . $page, null, TRUE)
));
}
}
\ No newline at end of file
application/controllers/User.php 0 → 100644
<?php
class User extends CI_Controller {
function __construct () {
parent::__construct();
}
public function list_users () {
$data['users'] = $this->UserModel->getAll();
$this->load->view('templates/main', array(
'title' => 'List of users',
'fullname' => $this->session->logged_in['fullname'],
'content' => $this->load->view('user/list', $data, TRUE)
));
return;
}
}
\ No newline at end of file
application/hooks/Authorization.php 0 → 100644
<?php
class Authorization {
public function check ($params) {
// Load Access Control List
require_once('acl.php');
// Obtain controller and action
$ci = &get_instance();
$controller = $ci->router->fetch_class();
$action = $ci->router->fetch_method();
// Validate if that action is public (no session needed)
if (!empty($allowAll[$controller][$action])) {
return TRUE;
}
// Get session information
if (isset($_COOKIE) && isset($_COOKIE['ci_session'])) {
$ci_session = $ci->session->userdata;
if (!empty($ci_session['logged_in'])) {
$session = $ci_session['logged_in'];
}
}
// There is no valid session information, so redirect to login page
if (!isset($session) || !isset($session['group'])) {
redirect(base_url('index.php/auth/login'));
return;
}
// Check that user is able to access action
if (empty($allowOnly[$session['group']][$controller][$action])
||
$allowOnly[$session['group']][$controller][$action] == FALSE) {
redirect(base_url('index.php/pages/view/unauthorized'));
return;
}
// If it's ok (access granted) just return TRUE so the workflow of
// CodeIgniter can continue
return TRUE;
}
}
\ No newline at end of file
application/hooks/acl.php 0 → 100644
<?php
//
// Access control list for the application
//
$allowAll = array(); // actions available to all (even non registered users)
$allowOnly = array(); // actions only available to certain groups of users
// Public actions
$allowAll['auth']['login'] = TRUE;
$allowAll['pages']['view'] = TRUE;
// Controlled access
$allowOnly['user']['auth']['logout'] = TRUE;
$allowOnly['admin']['auth']['logout'] = TRUE;
$allowOnly['user']['user']['list_users'] = TRUE;
$allowOnly['admin']['user']['list_users'] = TRUE;
application/models/UserModel.php 0 → 100644
<?php
class UserModel extends CI_Model {
var $id;
var $email;
var $fullname;
var $group;
function __construct () {
parent :: __construct();
}
public function getAll () {
return $this->db->get('user')->result();
}
function authenticate($email, $password) {
$this->db->select('id, fullname, email, group');
$this->db->from('user');
$this->db->where('email', $email);
$this->db->where('password', hash('sha256', $password));
$this->db->limit(1);
$query = $this->db->get();
if ($query->num_rows() == 1) {
$rows = $query->result();
$this->id = $rows[0]->id;
$this->email = $rows[0]->email;
$this->fullname = $rows[0]->fullname;
$this->group = $rows[0]->group;
return $this;
}
return FALSE;
}
}
\ No newline at end of file
application/views/auth/login.php 0 → 100644
<?= validation_errors(); ?>
<?= form_open('auth/login'); ?>
<label for="mail">Email</label><br/>
<input type="text" size="20" id="email" name="email"/>
<br/>
<label for="password">Password</label><br/>
<input type="password" size="20" id="password" name="password"/>
<br/>
<input type="submit" value="Login"/>
<?= form_close(); ?>
\ No newline at end of file
application/views/pages/unauthorized.php 0 → 100644
<div class="alert alert-warning" role="alert">
You are not allowed to access this page.
</div>
\ No newline at end of file
application/views/templates/main.php 0 → 100644
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title><?= $title ?></title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<style>
.bd-placeholder-img {
font-size: 1.125rem;
text-anchor: middle;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
@media (min-width: 768px) {
.bd-placeholder-img-lg {
font-size: 3.5rem;
}
}
</style>
</head>
<body>
<div class="d-flex flex-column flex-md-row align-items-center p-3 px-md-4 mb-3 bg-white border-bottom shadow-sm">
<h5 class="my-0 mr-md-auto font-weight-normal">My App</h5>
<nav class="my-2 my-md-0 mr-md-3">
<a class="p-2 text-dark" href="#">Features</a>
<a class="p-2 text-dark" href="#">Enterprise</a>
<a class="p-2 text-dark" href="#">Support</a>
<a class="p-2 text-dark" href="#"></a>
</nav>
<?php
if (empty($this->session->userdata['logged_in']))
{
?>
<a class="btn btn-primary" href="<?= base_url('index.php/auth/login') ?>">Login</a>
<?php
} else {
?>
<a class="btn btn-secondary" href="<?= base_url('index.php/auth/logout') ?>">Logout</a>
<?php
}
?>
</div>
<div class="pricing-header px-3 py-3 pt-md-5 pb-md-4 mx-auto text-center">
<h1 class="display-4"><?= $title ?></h1>
<?= $content ?>
</div>
<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
</body>
</html>
application/views/user/list.php 0 → 100644
<?php
if (sizeof($users) > 0) {
echo "<table class='table'><tr><th>ID</th><th>Full name</th><th>Email</th></tr>";
foreach ($users as $user) {
echo "<tr>";
echo "<td>" . $user->id . "</td>";
echo "<td>" . $user->fullname . "</td>";
echo "<td>" . $user->email . "</td>";
echo "</tr>";
}
echo "</table>";
} else
echo "<p>No users</p>";
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment