franzz/objects
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
174b559464beac173442496bea95f36175f95140
objects/inc/auth.php
franzz 98086bfc21 auth class
2015-05-25 23:08:51 +02:00

157 lines
4.0 KiB
PHP
Raw Blame History

<?php
class Auth extends PhpObject
{
const ALGO = PASSWORD_DEFAULT;
const COST = 12;
const TOKEN_SEP = '|';
const USER_COOKIE_PASS = 'checksum';
const DEFAULT_PASS = 'planeum01';
/**
* Database Connection
* @var MySqlManager
*/
private $oMySql;
private $iUserId;
private $sApiKey;
public function __construct($oMySql, $sApiKey='')
{
$this->oMySql = $oMySql;
$this->setUserId(0);
$this->sApiKey = $sApiKey;
$this->autoLogIn();
}
private function setUserId($iUserId)
{
$this->iUserId = $iUserId;
}
public function getUserId()
{
return $this->iUserId;
}
public function isLoggedIn()
{
return ($this->getUserId() > 0);
}
public function logMeIn($sToken)
{
$sDesc = '';
if($sToken!='')
{
$sLoginToken = addslashes(strstr($sToken, self::TOKEN_SEP, true));
$sPassToken = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
if($sLoginToken!='' && $sPassToken!='')
{
$asEmpl = $this->oMySql->selectRow("EMPLOYEE", array('MD5(EMAIL)'=>$sLoginToken));
if(!empty($asEmpl))
{
if(self::CheckPassword($sPassToken, $asEmpl['PASS']))
{
$this->setUserId($asEmpl['ID']);
$this->resetAuthCookie($this->getUserId());
}
else $sDesc = 'mot de passe incorrect';
}
else $sDesc = 'email inconnu';
}
else $sDesc = 'token corrompu';
}
else $sDesc = 'Aucune information reçue par le serveur';
return CvTheque::getJsonResult($this->isLoggedIn(), $sDesc);
}
public function autoLogIn()
{
if(isset($_COOKIE[self::USER_COOKIE_PASS]))
{
$sCookie = $_COOKIE[self::USER_COOKIE_PASS];
$iUserId = addslashes(strstr($sCookie, self::TOKEN_SEP, true));
$sCookie = substr(strstr($sCookie, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
$asEmpl = $this->oMySql->selectRow("EMPLOYEE", array('ID'=>$iUserId));
if(!empty($asEmpl))
{
if($sCookie==$asEmpl['COOKIE'])
{
$this->setUserId($asEmpl['ID']);
//Reset pass once a day
if(mb_substr($asEmpl['LED'], 0, 10) != date('Y-m-d')) $this->resetAuthCookie($this->getUserId());
}
else $this->addError('token corrompu pour le user '.$asEmpl['ID']);
}
else $this->addError('Utilisateur '.$iUserId.' inconnu');
}
}
//TODO integrate with logMeIn()
public function checkApiKey($sApiKey)
{
return ($this->sApiKey!='' && $sApiKey==$this->sApiKey);
}
public function resetPass($iUserId=0)
{
if($iUserId>0) $asUsers = array($iUserId);
else $asUsers = $this->oMySql->selectRows(array('select'=>array('ID'), 'from'=>'EMPLOYEE'));
foreach($asUsers as $iUserId)
{
$sToken = $this->HashPassword(self::getLoginToken(self::DEFAULT_PASS));
$this->oMySql->updateRow('EMPLOYEE', array('ID'=>$iUserId), array('pass'=>$sToken));
}
}
private static function getLoginToken($sPass)
{
//Add Server Name
$sServerName = array_key_exists('SERVER_NAME', $_SERVER)?$_SERVER['SERVER_NAME']:$_SERVER['PWD'];
$sAppPath = 'http://'.str_replace('http://', '', $sServerName.dirname($_SERVER['SCRIPT_NAME']));
$_GET['serv_name'] = $sAppPath.(mb_substr($sAppPath, -1)!='/'?'/':'');
return md5($sPass.$_GET['serv_name']);
}
private function resetAuthCookie($iUserId)
{
$sNewPass = self::getAuthCookie($iUserId);
$iTimeLimit = time()+60*60*24*30;
//mysqli_query($con, "UPDATE EMPLOYEE SET COOKIE = '".addslashes($sNewPass)."' WHERE ID = ".$iUserId);
$this->oMySql->updateRow("EMPLOYEE", array("ID"=>$iUserId), array("COOKIE"=>$sNewPass));
setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
}
private static function getAuthCookie()
{
return self::HashPassword
(
$_SERVER['HTTP_USER_AGENT'].
$_SERVER['REMOTE_ADDR'].
$_SERVER['REQUEST_TIME'].
mb_strstr(microtime(), ' ', true).
$_SERVER['SERVER_SIGNATURE'].
$_SERVER['SERVER_ADMIN']
);
}
private static function HashPassword($sPass)
{
return password_hash($sPass, self::ALGO, array('cost'=>self::COST));
}
private static function CheckPassword($sPass, $sHash)
{
return password_verify($sPass, $sHash);
}
}
?>
Reference in New Issue View Git Blame Copy Permalink