Add login page

docs/README.md

@@ -1,7 +1,8 @@
 # Free MongoDB GUI powered by PHP
 
 Visually administrate your MongoDB database. Create, read, update and delete your documents.<br>
-Autocompletion is available for collection fields and MongoDB keywords via `Ctrl` + `Space` keys.
+Autocompletion is available for collection fields and MongoDB keywords via `Ctrl` + `Space` keys.<br>
+You can also create and drop indexes.
 
 Screenshots
 -----------
@@ -13,16 +14,10 @@ Screenshots
 Installation
 ------------
 
-1. `git clone` current repository somewhere in the cloud or on your local machine.<br>
-**Warning: If you choose cloud option. Be sure to secure folder with a *.htpasswd*.**
+1. `git clone` current repository somewhere in the cloud or on your local machine.
 2. Be sure to have PHP >= 7 with [MongoDB extension](https://www.php.net/manual/en/mongodb.installation.php) enabled in this environment.
 3. Run `composer install` at project's root directory to install all PHP dependencies.
 
-Configuration
--------------
-
-Open *config.php* file located at project's root directory. Edit `MPG_MONGODB*` constants.
-
 Thanks
 ------
 

index.php

@@ -2,10 +2,9 @@
 
 use Limber\Application;
 use Capsule\Factory\ServerRequestFactory;
+use Limber\Exceptions\NotFoundHttpException;
 
-require __DIR__ . '/autoload.php';
-require __DIR__ . '/config.php';
-require __DIR__ . '/routes.php';
+session_start();
 
 /**
  * Application name.
@@ -19,7 +18,7 @@
  * 
  * @var string
  */
-define('MPG_APP_VERSION', '0.9.9');
+define('MPG_APP_VERSION', '1.0.0');
 
 /**
  * Development mode?
@@ -35,7 +34,37 @@
  */
 define('MPG_VIEWS_PATH', __DIR__ . '/views');
 
+$baseUrl = ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ) ? 'https' : 'http';
+$baseUrl .= '://' . $_SERVER['HTTP_HOST'];
+$serverPath = str_replace('\\', '/', dirname($_SERVER['REQUEST_URI']));
+$serverPath = ( $serverPath === '/' ) ? '' : $serverPath;
+$baseUrl .= $serverPath;
+
+/**
+ * Server path. XXX Without trailing slash.
+ * 
+ * @var string
+ */
+define('MPG_SERVER_PATH', $serverPath);
+
+/**
+ * Base URL. XXX Without trailing slash.
+ * 
+ * @var string
+ */
+define('MPG_BASE_URL', $baseUrl);
+
+require __DIR__ . '/autoload.php';
+require __DIR__ . '/routes.php';
+
 $application = new Application($router);
 $serverRequest = ServerRequestFactory::createFromGlobals();
-$response = $application->dispatch($serverRequest);
+
+// XXX This hack makes index to work in sub-folder case.
+try {
+    $response = $application->dispatch($serverRequest);
+} catch (NotFoundHttpException $e) {
+    header('Location: ' . $_SERVER['REQUEST_URI'] . '/index');
+}
+
 $application->send($response);

routes.php

@@ -1,82 +1,111 @@
 <?php
 
 use Limber\Router\Router;
+use Controllers\LoginController;
 use Controllers\DatabaseController;
 use Controllers\CollectionController;
+use Controllers\Controller;
 
 $router = new Router();
 
 $router->get('/', function() {
-	header('Location: /queryDatabase');
-	exit;
+
+	LoginController::ensureUserIsLogged();
+
+	Controller::redirectTo('/queryDatabase');
+
+});
+
+// XXX This hack makes index to work in sub-folder case.
+$router->get(MPG_SERVER_PATH . '/index', function() {
+
+	LoginController::ensureUserIsLogged();
+
+	Controller::redirectTo('/queryDatabase');
+
 });
 
 $router->get(
-	'/createDatabase',
+	MPG_SERVER_PATH . '/login',
+	LoginController::class . '@renderViewAction'
+);
+
+$router->post(
+	MPG_SERVER_PATH . '/login',
+	LoginController::class . '@renderViewAction'
+);
+
+$router->get(
+	MPG_SERVER_PATH . '/createDatabase',
 	DatabaseController::class . '@renderCreateViewAction'
 );
 
 $router->get(
-	'/queryDatabase',
+	MPG_SERVER_PATH . '/queryDatabase',
 	DatabaseController::class . '@renderQueryViewAction'
 );
 
 $router->post(
-	'/ajax/database/listCollections',
+	MPG_SERVER_PATH . '/ajaxDatabaseListCollections',
 	DatabaseController::class . '@listCollectionsAction'
 );
 
 $router->post(
-	'/ajax/database/createCollection',
+	MPG_SERVER_PATH . '/ajaxDatabaseCreateCollection',
 	DatabaseController::class . '@createCollectionAction'
 );
 
 $router->post(
-	'/ajax/collection/insertOne',
+	MPG_SERVER_PATH . '/ajaxCollectionInsertOne',
 	CollectionController::class . '@insertOneAction'
 );
 
 $router->post(
-	'/ajax/collection/count',
+	MPG_SERVER_PATH . '/ajaxCollectionCount',
 	CollectionController::class . '@countAction'
 );
 
 $router->post(
-	'/ajax/collection/deleteOne',
+	MPG_SERVER_PATH . '/ajaxCollectionDeleteOne',
 	CollectionController::class . '@deleteOneAction'
 );
 
 $router->post(
-	'/ajax/collection/find',
+	MPG_SERVER_PATH . '/ajaxCollectionFind',
 	CollectionController::class . '@findAction'
 );
 
 $router->post(
-	'/ajax/collection/updateOne',
+	MPG_SERVER_PATH . '/ajaxCollectionUpdateOne',
 	CollectionController::class . '@updateOneAction'
 );
 
 $router->post(
-	'/ajax/collection/enumFields',
+	MPG_SERVER_PATH . '/ajaxCollectionEnumFields',
 	CollectionController::class . '@enumFieldsAction'
 );
 
 $router->get(
-	'/manageIndexes',
+	MPG_SERVER_PATH . '/manageIndexes',
 	CollectionController::class . '@renderIndexesViewAction'
 );
 
 $router->post(
-	'/ajax/collection/createIndex',
+	MPG_SERVER_PATH . '/ajaxCollectionCreateIndex',
 	CollectionController::class . '@createIndexAction'
 );
 
 $router->post(
-	'/ajax/collection/listIndexes',
+	MPG_SERVER_PATH . '/ajaxCollectionListIndexes',
 	CollectionController::class . '@listIndexesAction'
 );
 
 $router->post(
-	'/ajax/collection/dropIndex',
+	MPG_SERVER_PATH . '/ajaxCollectionDropIndex',
 	CollectionController::class . '@dropIndexAction'
 );
+
+$router->get(
+	MPG_SERVER_PATH . '/logout',
+	LoginController::class . '@logoutAction'
+);

src/Controllers/CollectionController.php

@@ -11,6 +11,8 @@ class CollectionController extends Controller {
 
     public function renderIndexesViewAction() : Response {
 
+        LoginController::ensureUserIsLogged();
+
         return new Response(200, $this->renderView('collection.indexes', [
             'databaseNames' => DatabaseController::getDatabaseNames()
         ]));

src/Controllers/Controller.php

@@ -7,6 +7,17 @@
 
 class Controller {
 
+    /**
+     * Redirects to a route.
+     * 
+     * @param string $route
+     */
+    public static function redirectTo(string $route) {
+
+        header('Location: ' . MPG_BASE_URL . $route); exit;
+
+    }
+
     /**
      * If it exists: returns request body.
      * 

src/Controllers/DatabaseController.php

@@ -13,8 +13,8 @@ public static function getDatabaseNames() : array {
 
         $databaseNames = [];
 
-        if ( !empty(MPG_MONGODB_DATABASE) ) {
-            $databaseNames[] = MPG_MONGODB_DATABASE;
+        if ( isset($_SESSION['mpg']['mongodb_database']) ) {
+            $databaseNames[] = $_SESSION['mpg']['mongodb_database'];
         } else {
 
             try {
@@ -33,11 +33,15 @@ public static function getDatabaseNames() : array {
 
     public function renderCreateViewAction() : Response {
 
+        LoginController::ensureUserIsLogged();
+
         return new Response(200, $this->renderView('database.create'));
 
     }
 
     public function renderQueryViewAction() : Response {
+
+        LoginController::ensureUserIsLogged();
 
         return new Response(200, $this->renderView('database.query', [
             'databaseNames' => self::getDatabaseNames()

src/Controllers/LoginController.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace Controllers;
+
+use Capsule\Response;
+
+class LoginController extends Controller {
+
+    public static function ensureUserIsLogged() {
+
+        if ( !isset($_SESSION['mpg']['user_is_logged']) ) {
+
+            Controller::redirectTo('/login#');
+
+        }
+
+    }
+
+    public function processFormData() : array {
+
+        $errors = [];
+
+        $_SESSION['mpg'] = [];
+
+        if ( isset($_POST['user']) && !empty($_POST['user']) ) {
+            $_SESSION['mpg']['mongodb_user'] = $_POST['user'];
+        }
+
+        if ( isset($_POST['password']) && !empty($_POST['password']) ) {
+            $_SESSION['mpg']['mongodb_password'] = $_POST['password'];
+        }
+
+        if ( isset($_POST['host']) && !empty($_POST['host']) ) {
+            $_SESSION['mpg']['mongodb_host'] = $_POST['host'];
+        } else {
+            $errors[] = 'Host';
+        }
+
+        if ( isset($_POST['port']) && !empty($_POST['port']) ) {
+            $_SESSION['mpg']['mongodb_port'] = $_POST['port'];
+        } else {
+            $errors[] = 'Port';
+        }
+
+        if ( isset($_POST['database']) && !empty($_POST['database']) ) {
+            $_SESSION['mpg']['mongodb_database'] = $_POST['database'];
+        }
+
+        return $errors;
+
+    }
+
+    public function renderViewAction() : Response {
+
+        if ( isset($_POST['login']) ) {
+
+            $errors = $this->processFormData();
+
+            if ( count($errors) >= 1 ) {
+
+                return new Response(200, $this->renderView('login', [
+                    'errors' => $errors
+                ]));
+
+            } else {
+
+                $_SESSION['mpg']['user_is_logged'] = true;
+                Controller::redirectTo('/index');
+
+            }
+
+        } else {
+            return new Response(200, $this->renderView('login'));
+        }
+
+    }
+
+    public function logoutAction() {
+
+        $_SESSION['mpg'] = [];
+
+        Controller::redirectTo('/login');
+
+    }
+
+}