mythoughts/inc/auth.php

<?php

class Auth extends PhpObject
{
	const ALGO = PASSWORD_DEFAULT;
	const COST = 12;
	const TOKEN_SEP = '|';
	const USER_COOKIE_PASS = 'checksum';
	const DEFAULT_ERROR = 'Unknown error';
	
	/**
	 * Database Connection
	 * @var Db
	 */
	private $oDb;
	private $iUserId;
	private $sApiKey;
	
	public function __construct($oDb, $sApiKey='', $bAutoLogin=true)
	{
		parent::__construct(__CLASS__, Settings::DEBUG);
		$this->oDb = $oDb;
		$this->setUserId(0);
		$this->sApiKey = $sApiKey;
		if($bAutoLogin) $this->autoLogIn();
	}
	
	private function setUserId($iUserId)
	{
		$this->iUserId = $iUserId;
	}
	
	public function getUserId()
	{
		return $this->iUserId;
	}
	
	public function isLoggedIn()
	{
		return ($this->getUserId() > 0);
	}
	
	public function logMeIn($sToken)
	{
		$sDesc = '';
		$asUser = $this->getUserFromToken($sToken);
		if($asUser['success'])
		{
			if(self::CheckPassword($asUser['http_pass'], $asUser['pass']))
			{
				$this->setUserId($asUser[Db::getId(MyThoughts::USER_TABLE)]);
				$this->resetAuthCookie($this->getUserId());
			}
			else $sDesc = 'wrong password';
		}
		else $sDesc = $asUser['desc'];
		
		return array('success'=>$this->isLoggedIn(), 'desc'=>$sDesc);
	}
	
	public function register($sToken, $sNickName, $bLogMeIn=false)
	{
		$bSuccess = false;
		$sDesc = self::DEFAULT_ERROR;
		$asUser = $this->getUserFromToken($sToken);
		
		if(array_key_exists('unknown_user', $asUser))
		{
			$iUserId = $this->addUser($asUser['username'], $sNickName, $asUser['pass'], $bLogMeIn);
			if($iUserId > 0) $bSuccess = true;
			else $sDesc = 'Error: Could not add user';
		}
		else $sDesc = 'Someone is already using this nickname, sorry!';
			
		$asResult = array('success'=>$bSuccess, 'desc'=>$sDesc);
		return $asResult;
	}
	
	private function getUserFromToken($sToken)
	{
		$asResult = array();
		$bSuccess = false;
		$sDesc = self::DEFAULT_ERROR;
		
		if($sToken!='')
		{
			$asResult['username'] = addslashes(strstr($sToken, self::TOKEN_SEP, true));
			$asResult['http_pass'] = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
			if($asResult['username']!='' && $asResult['http_pass']!='')
			{
				$asUser = $this->oDb->selectRow(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$asResult['username']));
				if(!empty($asUser))
				{
					$asResult = $asUser;
					$bSuccess = true;
				}
				else
				{
					$asResult['unknown_user'] = true;
					$sDesc = 'unknown nickname';
				}
			}
			else $sDesc = 'corrupted token, please login again';
		}
		else $sDesc = 'no credentials has been received by the server';
		
		$asResult['success'] = $bSuccess;
		$asResult['desc'] = $sDesc;
		return $asResult;
	}
	
	public function autoLogIn()
	{
		if(isset($_COOKIE[self::USER_COOKIE_PASS]))
		{
			$sCookie = $_COOKIE[self::USER_COOKIE_PASS];
			$iUserId = addslashes(strstr($sCookie, self::TOKEN_SEP, true));
			$sCookie = substr(strstr($sCookie, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
			
			$asEmpl = $this->oDb->selectRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$iUserId));
			if(!empty($asEmpl))
			{
				if($sCookie==$asEmpl['cookie'])
				{
					$this->setUserId($asEmpl[Db::getId(MyThoughts::USER_TABLE)]);
		
					//Reset pass once a day
					if(mb_substr($asEmpl['led'], 0, 10) != date('Y-m-d')) $this->resetAuthCookie($this->getUserId());
				}
				else $this->addError('token corrompu pour le user '.$asEmpl[Db::getId(MyThoughts::USER_TABLE)]);
			}
			else $this->addError('Utilisateur '.$iUserId.' inconnu');
		}
	}
	
	public function addUser($sUserName, $sNickName, $sPass, $bLogMeIn=false)
	{
		$sPass = self::HashPassword($sPass);
		$bExist = $this->oDb->pingValue(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$sUserName));
		if($bExist) return -1;
		else
		{
			$iUserId = $this->oDb->insertRow(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$sUserName, 'nickname'=>$sNickName, 'pass'=>$sPass));
			if($iUserId>0 && $bLogMeIn)
			{
				$this->logMeIn($sUserName.self::TOKEN_SEP.$sPass);
			}
		}
		return $iUserId;
	}
	
	//TODO integrate with logMeIn()
	public function checkApiKey($sApiKey)
	{
		return ($this->sApiKey!='' && $sApiKey==$this->sApiKey);
	}
	
	private function resetPass($iUserId=0)
	{
		$sUserIdCol = Db::getId(MyThoughts::USER_TABLE);
		$sUserTextCol = Db::getText(MyThoughts::USER_TABLE);
		
		$asInfo = array('select'=>array($sUserIdCol, $sUserTextCol), 'from'=>MyThoughts::USER_TABLE);
		if($iUserId>0) $asInfo['constraint'] = array($sUserIdCol=>$iUserId);
		
		$asUsers = $this->oDb->selectRows($asInfo);
		foreach($asUsers as $asUser)
		{
			$sToken = self::HashPassword(self::getLoginToken($asUser[$sUserTextCol]));
			$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken));
		}
	}
	
	private static function getLoginToken($sPass)
	{
		//Add Server Name
		$sServerName = array_key_exists('SERVER_NAME', $_SERVER)?$_SERVER['SERVER_NAME']:$_SERVER['PWD'];
		$sAppPath = $_SERVER['REQUEST_SCHEME'].'://'.str_replace(array('http://', 'https://'), '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
		$_GET['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
		return md5($sPass.$_GET['serv_name']);
	}
	
	private function resetAuthCookie($iUserId)
	{
		$sNewPass = self::getAuthCookie($iUserId);
		$iTimeLimit = time()+60*60*24*30;
		//mysqli_query($con, "UPDATE EMPLOYEE SET COOKIE = '".addslashes($sNewPass)."' WHERE ID = ".$iUserId);
		$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass));
		setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
	}
	
	private static function getAuthCookie()
	{
		return self::HashPassword
		(
			$_SERVER['HTTP_USER_AGENT'].
			$_SERVER['REMOTE_ADDR'].
			$_SERVER['REQUEST_TIME'].
			mb_strstr(microtime(), ' ', true).
			$_SERVER['SERVER_SIGNATURE'].
			$_SERVER['SERVER_ADMIN']
		);
	}
	
	private static function HashPassword($sPass)
	{
		return password_hash($sPass, self::ALGO, array('cost'=>self::COST));
	}

	private static function CheckPassword($sPass, $sHash)
	{
		return password_verify($sPass, $sHash);
	}
}

?>