franzz/catc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backend implementation

Browse Source
This commit is contained in:
Franzz
2019-09-01 17:33:58 +02:00
parent 95346671a2
commit ae70e47ebc
5 changed files with 463 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
inc/auth.php Normal file
View File

@@ -0,0 +1,217 @@
<?php
class Auth extends PhpObject
{
const ALGO = PASSWORD_DEFAULT;
const COST = 12;
const TOKEN_SEP = '|';
const USER_COOKIE_PASS = 'checksum';
const DEFAULT_ERROR = 'Unknown error';
const USER_TABLE = 'users';
/**
* Database Connection
* @var Db
*/
private $oDb;
private $iUserId;
private $sApiKey;
public function __construct($oDb, $sApiKey='', $bAutoLogin=true)
{
parent::__construct(__CLASS__, Settings::DEBUG);
$this->oDb = $oDb;
$this->setUserId(0);
$this->sApiKey = $sApiKey;
if($bAutoLogin) $this->autoLogIn();
}
private function setUserId($iUserId)
{
$this->iUserId = $iUserId;
}
public function getUserId()
{
return $this->iUserId;
}
public function isLoggedIn()
{
return ($this->getUserId() > 0);
}
public function logMeIn($sToken)
{
$sDesc = '';
$asUser = $this->getUserFromToken($sToken);
if($asUser['success'])
{
if(self::checkPassword($asUser['http_pass'], $asUser['pass']))
{
$this->setUserId($asUser[Db::getId(self::USER_TABLE)]);
$this->resetAuthCookie($this->getUserId());
}
else $sDesc = 'wrong password';
}
else $sDesc = $asUser['desc'];
return array('success'=>$this->isLoggedIn(), 'desc'=>$sDesc);
}
public function register($sToken, $sNickName, $bLogMeIn=false)
{
$bSuccess = false;
$sDesc = self::DEFAULT_ERROR;
$asUser = $this->getUserFromToken($sToken);
if(array_key_exists('unknown_user', $asUser))
{
$iUserId = $this->addUser($asUser['username'], $sNickName, $asUser['http_pass'], $bLogMeIn);
if($iUserId > 0) $bSuccess = true;
else $sDesc = 'Error: Could not add user';
}
else $sDesc = 'Someone is already using this nickname, sorry!';
$asResult = array('success'=>$bSuccess, 'desc'=>$sDesc);
return $asResult;
}
private function getUserFromToken($sToken)
{
$asResult = array();
$bSuccess = false;
$sDesc = self::DEFAULT_ERROR;
if($sToken!='')
{
$asResult['username'] = addslashes(strstr($sToken, self::TOKEN_SEP, true));
$asResult['http_pass'] = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
if($asResult['username']!='' && $asResult['http_pass']!='')
{
$asUser = $this->oDb->selectRow(self::USER_TABLE, array(Db::getText(self::USER_TABLE)=>$asResult['username']));
if(!empty($asUser))
{
$asResult += $asUser;
$bSuccess = true;
}
else
{
$asResult['unknown_user'] = true;
$sDesc = 'unknown nickname';
}
}
else $sDesc = 'corrupted token, please login again';
}
else $sDesc = 'no credentials has been received by the server';
$asResult['success'] = $bSuccess;
$asResult['desc'] = $sDesc;
return $asResult;
}
public function autoLogIn()
{
if(isset($_COOKIE[self::USER_COOKIE_PASS]))
{
$sCookie = $_COOKIE[self::USER_COOKIE_PASS];
$iUserId = addslashes(strstr($sCookie, self::TOKEN_SEP, true));
$sCookie = substr(strstr($sCookie, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
$asEmpl = $this->oDb->selectRow(self::USER_TABLE, array(Db::getId(self::USER_TABLE)=>$iUserId));
if(!empty($asEmpl))
{
if($sCookie==$asEmpl['cookie'])
{
$this->setUserId($asEmpl[Db::getId(self::USER_TABLE)]);
//Reset pass once a day
if(mb_substr($asEmpl['led'], 0, 10) != date('Y-m-d')) $this->resetAuthCookie($this->getUserId());
}
else $this->addError('token corrompu pour le user '.$asEmpl[Db::getId(self::USER_TABLE)]);
}
else $this->addError('Utilisateur '.$iUserId.' inconnu');
}
}
public function addUser($sUserHash, $sNickName, $sLoginToken, $bLogMeIn=false)
{
$sPass = self::hashPassword($sLoginToken);
$bExist = $this->oDb->pingValue(self::USER_TABLE, array(Db::getText(self::USER_TABLE)=>$sUserHash));
if($bExist) return -1;
else
{
$iUserId = $this->oDb->insertRow(self::USER_TABLE, array(Db::getText(self::USER_TABLE)=>$sUserHash, 'nickname'=>$sNickName, 'pass'=>$sPass));
if($iUserId>0 && $bLogMeIn)
{
$this->logMeIn($sUserHash.self::TOKEN_SEP.$sPass);
}
}
return $iUserId;
}
//TODO integrate with logMeIn()
public function checkApiKey($sApiKey)
{
return ($this->sApiKey!='' && $sApiKey==$this->sApiKey);
}
private function resetPass($iUserId=0)
{
$sUserIdCol = Db::getId(self::USER_TABLE);
$sUserTextCol = Db::getText(self::USER_TABLE);
$asInfo = array('select'=>array($sUserIdCol, $sUserTextCol), 'from'=>self::USER_TABLE);
if($iUserId>0) $asInfo['constraint'] = array($sUserIdCol=>$iUserId);
$asUsers = $this->oDb->selectRows($asInfo);
foreach($asUsers as $asUser)
{
$sToken = self::hashPassword(self::getLoginToken($asUser[$sUserTextCol]));
$this->oDb->updateRow(self::USER_TABLE, array(Db::getId(self::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken));
}
}
public static function getLoginToken($sPass)
{
//Add Server Name
$sServerName = array_key_exists('SERVER_NAME', $_SERVER)?$_SERVER['SERVER_NAME']:$_SERVER['PWD'];
$sAppPath = $_SERVER['REQUEST_SCHEME'].'://'.str_replace(array('http://', 'https://'), '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
$_GET['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
return md5($sPass.$_GET['serv_name']);
}
private function resetAuthCookie($iUserId)
{
$sNewPass = self::getAuthCookie($iUserId);
$iTimeLimit = time() + 60 * 60 * 24 * 30;
$this->oDb->updateRow(self::USER_TABLE, array(Db::getId(self::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass));
setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
}
private static function getAuthCookie()
{
return self::hashPassword
(
$_SERVER['HTTP_USER_AGENT'].
$_SERVER['REMOTE_ADDR'].
$_SERVER['REQUEST_TIME'].
mb_strstr(microtime(), ' ', true).
$_SERVER['SERVER_SIGNATURE'].
$_SERVER['SERVER_ADMIN']
);
}
private static function hashPassword($sPass)
{
return password_hash($sPass, self::ALGO, array('cost'=>self::COST));
}
private static function checkPassword($sPass, $sHash)
{
return password_verify($sPass, $sHash);
}
}
?>