From 82f911cf18c615d23d7a6934c36879e75f2cf46e Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Tue, 26 Nov 2024 11:45:12 -0500
Subject: new style, add redirect support

---
 src/web/helpers/html.php  | 21 +++++++++++++++++++
 src/web/index.php         |  1 +
 src/web/router.php        | 52 ++++++++++++++++++++++++++++++++---------------
 src/web/views/error.php   | 10 +++++++++
 src/web/views/footer.php  |  5 +++++
 src/web/views/header.php  |  8 +++-----
 src/web/views/login.php   | 39 ++++++++++++++++++++++-------------
 src/web/views/message.php |  2 +-
 8 files changed, 102 insertions(+), 36 deletions(-)
 create mode 100644 src/web/helpers/html.php
 create mode 100644 src/web/views/error.php

(limited to 'src/web')

diff --git a/src/web/helpers/html.php b/src/web/helpers/html.php
new file mode 100644
index 0000000..dc38e3a
--- /dev/null
+++ b/src/web/helpers/html.php
@@ -0,0 +1,21 @@
+<?php /* Copyright (c) 2024 Freya Murphy */
+
+function is_base64(string $data): bool {
+	return base64_encode(base64_decode($data, true)) === $data;
+}
+
+function maybe_base64_encode(string $data): string {
+	if (is_base64($data)) {
+		return $data;
+	} else {
+		return base64_encode($data);
+	}
+}
+
+function esc(string $data): string {
+	$data = trim(preg_replace('/\s\s+/', ' ', $data));
+	$data = str_replace('&', '&amp;', $data);
+	$data = str_replace('<', '&lt;', $data);
+	$data = str_replace('>', '&gt;', $data);
+	return $data;
+}
diff --git a/src/web/index.php b/src/web/index.php
index d4271c9..c4417ea 100644
--- a/src/web/index.php
+++ b/src/web/index.php
@@ -6,6 +6,7 @@ $webroot = dirname(__FILE__);
 $publicroot = realpath(dirname(__FILE__) . '/../public');
 
 // load stuff
+require($webroot . '/helpers/html.php');
 require($webroot . '/helpers/schema.php');
 require($webroot . '/helpers/ldap.php');
 require($webroot . '/helpers/auth.php');
diff --git a/src/web/router.php b/src/web/router.php
index ce30f8b..536e228 100644
--- a/src/web/router.php
+++ b/src/web/router.php
@@ -17,12 +17,13 @@ class Router {
 	/**
 	 * Displays a page to the user
 	 * @param string $file
-     * @param array<string,mixed> $data
-     */
-    private function send_page(
+	 * @param array<string,mixed> $data
+	 */
+	private function send_page(
 		string $file,
 		array $data = array()
 	): void {
+		$data['bg'] = random_int(1, 70);
 		extract($data);
 		$webroot = $GLOBALS['webroot'];
 		require($webroot . '/views/header.php');
@@ -35,7 +36,7 @@ class Router {
 	 * @param string $title
 	 * @param string $msg
 	 * @param int $code
-     */
+	 */
 	private function send_message(
 		string $title,
 		string $msg
@@ -50,15 +51,16 @@ class Router {
 	 * Gets the HTTP request information
 	 */
 	private function get_req(): array {
-		$path = $_SERVER['REQUEST_URI'];
+		$uri = $_SERVER['REQUEST_URI'];
+		$path = parse_url($uri)['path'];
 		$method = $_SERVER['REQUEST_METHOD'];
 		return [$method, $path];
 	}
 
-    /**
-     * @param array<string> $fields
-     */
-    private function get_post_info(
+	/**
+	 * @param array<string> $fields
+	 */
+	private function get_post_info(
 		string ...$fields
 	): ?array {
 		$values = array();
@@ -88,10 +90,18 @@ class Router {
 			return;
 		}
 
+		$redirect = $this->get_post_info('redirect') ?? '';
+		if (is_array($redirect)) {
+			$redirect = $redirect['redirect'];
+			$redirect = base64_decode($redirect);
+		}
+
 		$user = $this->ldap->search($info['username']);
 		if ($user == NULL || !count($user)) {
 			http_response_code(400);
-			$this->send_message('Error', 'User does not exist');
+			$this->send_page('error', array(
+				'title' => 'Error',
+				'redirect' => $redirect));
 			return;
 		}
 
@@ -108,9 +118,18 @@ class Router {
 
 		$session = $this->auth->create_session($user);
 
-		http_response_code(200);
-		$session->write_headers();
-		$this->send_message('Success', 'Authenticated. You can now go back to your content');
+		if ($redirect == '') {
+			http_response_code(200);
+			$session->write_headers();
+			$this->send_message('Success', 'Authenticated. You can now go back to your content');
+		} else {
+			if (!str_starts_with($redirect, 'http')) {
+				$redirect = 'http://' . $redirect;
+			}
+			http_response_code(303);
+			$session->write_headers();
+			header("Location: $redirect");
+		}
 	}
 
 	private function handle_logout(): void {
@@ -131,7 +150,7 @@ class Router {
 			'You have been logged out successfully.');
 	}
 
-    private function handle_auth(): void {
+	private function handle_auth(): void {
 		$session = $this->auth->get_session();
 		if ($session == NULL) {
 			// redirect them to login
@@ -145,14 +164,15 @@ class Router {
 			http_response_code(200);
 			$session->write_headers();
 			$this->send_message('Authenticated',
-				'You are already logged in.<br><br><a href="logout">Log Out</a>');
+				'<a class="btn" href="logout">Log Out</a>');
 		}
 	}
 
 	private function page_login(): void {
 		http_response_code(200);
 		$this->send_page('login', array(
-			'title' => 'Login'
+			'title' => 'Login',
+			'redirect' => $_GET['redirect'] ?? ''
 		));
 	}
 
diff --git a/src/web/views/error.php b/src/web/views/error.php
new file mode 100644
index 0000000..2860336
--- /dev/null
+++ b/src/web/views/error.php
@@ -0,0 +1,10 @@
+<?php /* Copyright (c) 2024 Freya Murphy */ ?>
+<form method="post" autocomplete="off">
+<span>Authentication failed</span>
+<br>
+<br>
+<a
+	class="btn"
+	href="/login?redirect=<?=maybe_base64_encode(esc($redirect))?>">
+	Go Back
+</a>
diff --git a/src/web/views/footer.php b/src/web/views/footer.php
index eb7ee28..bac99a3 100644
--- a/src/web/views/footer.php
+++ b/src/web/views/footer.php
@@ -1,4 +1,9 @@
 <?php /* Copyright (c) 2024 Freya Murphy */ ?>
+			</div>
+		</div>
+		<div class="banner col">
+			<img src="/public/bg/<?=sprintf("%04d", $bg)?>.jpg">
+		</div>
 		</main>
 	</body>
 </html>
diff --git a/src/web/views/header.php b/src/web/views/header.php
index befa190..3a608c3 100644
--- a/src/web/views/header.php
+++ b/src/web/views/header.php
@@ -4,13 +4,11 @@
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
-		<link href="//fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&amp;subset=latin" rel="stylesheet">
 		<link rel="stylesheet" href="/public/main.css">
 		<title><?=$title?></title>
 	</head>
 	<body>
-		<main id="main" role="main">
-			<div class="heading">
-				<span><?=$title?></span>
-			</div>
+		<main id="main" role="main" class="row">
+		<div class="content-box col">
 			<div class="content">
+				<h1><?=$title?></h1>
diff --git a/src/web/views/login.php b/src/web/views/login.php
index 98d69af..ca38066 100644
--- a/src/web/views/login.php
+++ b/src/web/views/login.php
@@ -1,22 +1,33 @@
 <?php /* Copyright (c) 2024 Freya Murphy */ ?>
-<form method="post">
-<label for="username">Username</label>
-<input
-	type="text"
-	id="username"
-	name="username"
-	autofocus="true"
->
-<label fot="password">Password</label>
-<input
-	type="password"
-	id="password"
-	name="password"
->
+<form method="post" autocomplete="off">
+<div>
+	<input
+		type="text"
+		id="username"
+		name="username"
+		autofocus="true"
+		autocomplete="off"
+		placeholder=" ">
+	<label for="username">Username</label>
+</div>
+<div>
+	<input
+		type="password"
+		id="password"
+		name="password"
+		autocomplete="off"
+		placeholder=" ">
+	<label fot="password">Password</label>
+</div>
 <input
 	type="submit"
 	role="button"
 	id="submit"
 	value="Sign In"
+	class="btn"
 >
+<input
+	type="hidden"
+	name="redirect"
+	value="<?=maybe_base64_encode(esc($redirect))?>">
 <form>
diff --git a/src/web/views/message.php b/src/web/views/message.php
index a071409..a8c074a 100644
--- a/src/web/views/message.php
+++ b/src/web/views/message.php
@@ -1 +1 @@
-<center><?=$msg?></center>
+<div class="inner"><?=$msg?></div>
-- 
cgit v1.2.3-freya