Simple Auth
From Nephtali Documentation
Here's a very simple Auth example showing how to password protect a direct all PHP files within a directory using Nephtali.
nregister.php
The code below is placed in nregister.php (run for every PHP page request.) It checks all requests to files within the 'youradmin' directory to make sure they have the appropriate session token, and if not, redirects the user to the login page.
// protects http://yourwebsite.com/youradmin/
if (n\url\current_path($paths = array('/youradmin'))) {
if (!isset($_SESSION)) session_start();
if (!isset($_SESSION['is_logged_in']))
n\url\redirect('/login.php');
}
Login page example
This simple login page checks the login credentials against a set of values set in nconfig.php.
[DISCLAIMER] THIS CODE IS MERELY PROVIDED AS A SIMPLE EXAMPLE, AND DOES NOT CHECK AS TO WHETHER THE CONNECTION IS ENCRYPTED. USE AT YOUR OWN RISK.
Here's the markup found in login.php:
<h2>Nephtali login</h2>
<!--pipe:login-->
<!--view:invalid-->
<p>Your login was invalid</p>
<!--view:invalid-->
<!--view:feedback-->
<h2>Some of the data was invalid:</h2>
<ul class="standard_list">
<!--data-->
<li>{message}</li>
<!--data-->
</ul>
<!--view:feedback-->
<!--view:error-->
<p>There was an error processing your login. Please try again.</p>
<!--view:error-->
<!--pipe:login-->
<form action="login.php" method="post">
<ul>
<li>
<label for="user_name">User name</label>
<input type="text" id="user_name" name="user_name" maxlength="40" />
</li>
<li>
<label for="pw">Password</label>
<input type="password" id="pw" name="pw" maxlength="40" />
</li>
<li>
<input type="submit" value="Login" />
</li>
</ul>
</form>
And, here's the PHP found in the Nephtali file nsite/login.php:
/**
* Code generated with Nedit, Nephtali's online code generator
* http://nephtaliproject.com/nedit/index.php
*/
/**
* Ports validate incoming Get, Post, Cookie, and File variables.
* You can view more information on ports and their settings at the Nephtali wiki:
* http://docs.nephtaliproject.com/wiki/Ports:_The_Gatekeepers
*/
n\port\register(
$name = 'user_name',
$value = $_POST['user_name'],
$opts = array(
'max_length' => 40,
'filter' => n\constant\FILTER_TEXT
)
);
n\port\register(
$name = 'pw',
$value = $_POST['pw'],
$opts = array(
'max_length' => 300,
'formatter' => function($val)
{
// hash and return base 64'd to restrict charset
return base64_encode(hash_hmac('sha256', $val, $key = n\config\get('encryption_salt'), true));
},
'filter' => n\constant\FILTER_TEXT
)
);
/**
* Vals are used to simplify the code.
* If a pipe has multiple required ports, a val has been used to avoid redundancy.
* This way, if you ever change the list of required ports, you only have to alter one line.
* If you've added an action pipe, each individual action's ports are stored as a val.
*/
n\val($name = 'attempt_login', $value = array('user_name','pw'));
/**
* Pipes display dynamic content within the page.
* They control which view is displayed and handle databinding within the selected view.
* You can view more information on pipes and their settings at the Nephtali wiki:
* http://docs.nephtaliproject.com/wiki/Pipes:_Dynamic_Displays
*/
n\pipe\register_action(
$name = 'login',
$actions = array(
n\port\signature(n\val('attempt_login')) => function($markup)
{
if (count($rows = n\port\validate(n\val('attempt_login'))))
{
return n\view\render($view = 'feedback', $markup, $rows);
}
//exit("u:".n\port\get('user_name')." cu:".n\config\get('user_name')."\np:".n\port\get('pw')." cp:".n\config\get('pw'));
if (n\port\get('user_name') == n\config\get('user_name') && n\port\get('pw') == n\config\get('pw'))
{
$_SESSION['is_logged_in'] = true;
// avoid session hijacking
session_regenerate_id();
n\url\redirect('/youradmin/index.php');
}
return n\view\render($view = 'invalid', $markup);
}
)
);
