bludit/bl-kernel/login.class.php

<?php defined('BLUDIT') or die('Bludit CMS.');

class Login {

	private $dbUsers;

	function __construct($dbUsers)
	{
		$this->dbUsers = $dbUsers;
	}

	public function username()
	{
		return Session::get('username');
	}

	public function role()
	{
		return Session::get('role');
	}

	public function setLogin($username, $role)
	{
		Session::set('username',	$username);
		Session::set('role', 		$role);
		Session::set('fingerPrint',	$this->fingerPrint());
		Session::set('sessionTime',	time());

		Log::set(__METHOD__.LOG_SEP.'Set fingerPrint: '.$this->fingerPrint());
	}

	public function isLogged()
	{
		if(Session::get('fingerPrint')===$this->fingerPrint())
		{
			$username = Session::get('username');

			if(!empty($username)) {
				return true;
			}
			else {
				Log::set(__METHOD__.LOG_SEP.'Session username empty: '.$username);
			}
		}
		else
		{
			Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. Session fingerPrint: '.Session::get('fingerPrint').' !== Current fingerPrint: '.$this->fingerPrint());
		}

		return false;
	}

	public function verifyUser($username, $password)
	{
		$username = Sanitize::html($username);
		$password = Sanitize::html($password);

		$username = trim($username);
		$password = trim($password);

		if(empty($username) || empty($password)) {
			Log::set(__METHOD__.LOG_SEP.'Username or password empty. Username: '.$username.' - Password: '.$password);
			return false;
		}

		$user = $this->dbUsers->getDb($username);
		if($user==false) {
			Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username);
			return false;
		}

		$passwordHash = sha1($password.$user['salt']);

		if($passwordHash === $user['password'])
		{
			$this->setLogin($username, $user['role']);

			Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username);

			return true;
		}
		else {
			Log::set(__METHOD__.LOG_SEP.'Password incorrect.');
		}

		return false;
	}

	public function verifyUserByToken($username, $token)
	{
		$username = Sanitize::html($username);
		$token = Sanitize::html($token);

		$username = trim($username);
		$token = trim($token);

		if(empty($username) || empty($token)) {
			Log::set(__METHOD__.LOG_SEP.'Username or Token-email empty. Username: '.$username.' - Token-email: '.$token);
			return false;
		}

		$user = $this->dbUsers->getDb($username);
		if($user==false) {
			Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username);
			return false;
		}

		$currentTime = Date::current(DB_DATE_FORMAT);
		if($user['tokenEmailTTL']<$currentTime) {
			Log::set(__METHOD__.LOG_SEP.'Token-email expired: '.$username);
			return false;
		}

		if($token === $user['tokenEmail'])
		{
			// Set the user loggued.
			$this->setLogin($username, $user['role']);

			// Invalidate the current token.
			$this->dbUsers->generateTokenEmail($username);

			Log::set(__METHOD__.LOG_SEP.'User logged succeeded by Token-email - Username: '.$username);

			return true;
		}
		else {
			Log::set(__METHOD__.LOG_SEP.'Token-email incorrect.');
		}

		return false;
	}

	public function fingerPrint($random=false)
	{
		// User agent
		$agent = getenv('HTTP_USER_AGENT');
		if(empty($agent)) {
			$agent = 'Bludit/1.0 (Mr Nibbler Protocol)';
		}

		// User IP
		if(getenv('HTTP_X_FORWARDED_FOR'))
			$ip = getenv('HTTP_X_FORWARDED_FOR');
		elseif(getenv('HTTP_CLIENT_IP'))
			$ip = getenv('HTTP_CLIENT_IP');
		else
			$ip = getenv('REMOTE_ADDR');

		if($random) {
			return sha1(mt_rand().$agent.$ip);
		}

		// DEBUG: Ver CLIENT IP, hay veces que retorna la ip ::1 y otras 127.0.0.1
		return sha1($agent);
	}

	public function logout()
	{
		return Session::destroy();
	}

}
New features 2015-03-27 02:00:01 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`
mac 2015-03-08 18:02:59 +01:00
			`class Login {`

New features 2015-03-27 02:00:01 +01:00			`private $dbUsers;`
mac 2015-03-08 18:02:59 +01:00
New features 2015-03-27 02:00:01 +01:00			`function __construct($dbUsers)`
mac 2015-03-08 18:02:59 +01:00			`{`
New features 2015-03-27 02:00:01 +01:00			`$this->dbUsers = $dbUsers;`
mac 2015-03-08 18:02:59 +01:00			`}`

New features 2015-05-05 03:00:01 +02:00			`public function username()`
			`{`
			`return Session::get('username');`
			`}`

			`public function role()`
			`{`
			`return Session::get('role');`
			`}`

			`public function setLogin($username, $role)`
mac 2015-03-08 18:02:59 +01:00			`{`
Bug fixes 2015-06-27 03:47:12 +02:00			`Session::set('username', $username);`
			`Session::set('role', $role);`
Bug fixes 2015-08-08 02:39:10 +02:00			`Session::set('fingerPrint', $this->fingerPrint());`
			`Session::set('sessionTime', time());`
Bug fixes 2015-06-27 03:47:12 +02:00
			`Log::set(__METHOD__.LOG_SEP.'Set fingerPrint: '.$this->fingerPrint());`
mac 2015-03-08 18:02:59 +01:00			`}`

New features 2015-03-27 02:00:01 +01:00			`public function isLogged()`
mac 2015-03-08 18:02:59 +01:00			`{`
New features 2015-03-27 02:00:01 +01:00			`if(Session::get('fingerPrint')===$this->fingerPrint())`
mac 2015-03-08 18:02:59 +01:00			`{`
New features 2015-05-05 03:00:01 +02:00			`$username = Session::get('username');`
New features 2015-05-06 03:00:02 +02:00
New features 2015-05-07 03:00:01 +02:00			`if(!empty($username)) {`
New features 2015-03-27 02:00:01 +01:00			`return true;`
mac 2015-03-08 18:02:59 +01:00			`}`
Bug fixes 2015-06-27 03:47:12 +02:00			`else {`
			`Log::set(__METHOD__.LOG_SEP.'Session username empty: '.$username);`
			`}`
			`}`
			`else`
			`{`
			`Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. Session fingerPrint: '.Session::get('fingerPrint').' !== Current fingerPrint: '.$this->fingerPrint());`
mac 2015-03-08 18:02:59 +01:00			`}`

			`return false;`
			`}`

New features 2015-03-27 02:00:01 +01:00			`public function verifyUser($username, $password)`
mac 2015-03-08 18:02:59 +01:00			`{`
Bug fixes 2015-08-08 02:39:10 +02:00			`$username = Sanitize::html($username);`
			`$password = Sanitize::html($password);`

New features 2015-05-05 03:00:01 +02:00			`$username = trim($username);`
			`$password = trim($password);`

New features 2015-05-06 03:00:02 +02:00			`if(empty($username) \|\| empty($password)) {`
Login access code via email 2015-10-20 05:14:28 +02:00			`Log::set(__METHOD__.LOG_SEP.'Username or password empty. Username: '.$username.' - Password: '.$password);`
mac 2015-03-08 18:02:59 +01:00			`return false;`
New features 2015-05-06 03:00:02 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
Plugin configuration 2015-07-15 01:57:18 +02:00			`$user = $this->dbUsers->getDb($username);`
New features 2015-05-06 03:00:02 +02:00			`if($user==false) {`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username);`
mac 2015-03-08 18:02:59 +01:00			`return false;`
New features 2015-05-06 03:00:02 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
New features 2015-03-27 02:00:01 +01:00			`$passwordHash = sha1($password.$user['salt']);`
New features 2015-05-05 03:00:01 +02:00
New features 2015-03-27 02:00:01 +01:00			`if($passwordHash === $user['password'])`
mac 2015-03-08 18:02:59 +01:00			`{`
New features 2015-05-05 03:00:01 +02:00			`$this->setLogin($username, $user['role']);`
mac 2015-03-08 18:02:59 +01:00
Login access code via email 2015-10-20 05:14:28 +02:00			`Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username: '.$username);`

New features 2015-03-27 02:00:01 +01:00			`return true;`
mac 2015-03-08 18:02:59 +01:00			`}`
Bug fixes 2015-06-27 03:47:12 +02:00			`else {`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`Log::set(__METHOD__.LOG_SEP.'Password incorrect.');`
Bug fixes 2015-06-27 03:47:12 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
New features 2015-03-27 02:00:01 +01:00			`return false;`
mac 2015-03-08 18:02:59 +01:00			`}`

Login access code via email 2015-10-20 05:14:28 +02:00			`public function verifyUserByToken($username, $token)`
			`{`
			`$username = Sanitize::html($username);`
			`$token = Sanitize::html($token);`

			`$username = trim($username);`
			`$token = trim($token);`

			`if(empty($username) \|\| empty($token)) {`
			`Log::set(__METHOD__.LOG_SEP.'Username or Token-email empty. Username: '.$username.' - Token-email: '.$token);`
			`return false;`
			`}`

			`$user = $this->dbUsers->getDb($username);`
			`if($user==false) {`
			`Log::set(__METHOD__.LOG_SEP.'Username does not exist: '.$username);`
			`return false;`
			`}`

			`$currentTime = Date::current(DB_DATE_FORMAT);`
			`if($user['tokenEmailTTL']<$currentTime) {`
			`Log::set(__METHOD__.LOG_SEP.'Token-email expired: '.$username);`
			`return false;`
			`}`

			`if($token === $user['tokenEmail'])`
			`{`
			`// Set the user loggued.`
			`$this->setLogin($username, $user['role']);`

			`// Invalidate the current token.`
			`$this->dbUsers->generateTokenEmail($username);`

			`Log::set(__METHOD__.LOG_SEP.'User logged succeeded by Token-email - Username: '.$username);`

			`return true;`
			`}`
			`else {`
			`Log::set(__METHOD__.LOG_SEP.'Token-email incorrect.');`
			`}`

			`return false;`
			`}`

New features 2015-05-05 03:00:01 +02:00			`public function fingerPrint($random=false)`
mac 2015-03-08 18:02:59 +01:00			`{`
			`// User agent`
			`$agent = getenv('HTTP_USER_AGENT');`
New features 2015-05-06 03:00:02 +02:00			`if(empty($agent)) {`
New features 2015-03-27 02:00:01 +01:00			`$agent = 'Bludit/1.0 (Mr Nibbler Protocol)';`
New features 2015-05-06 03:00:02 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
			`// User IP`
			`if(getenv('HTTP_X_FORWARDED_FOR'))`
			`$ip = getenv('HTTP_X_FORWARDED_FOR');`
			`elseif(getenv('HTTP_CLIENT_IP'))`
			`$ip = getenv('HTTP_CLIENT_IP');`
			`else`
			`$ip = getenv('REMOTE_ADDR');`

New features 2015-05-06 03:00:02 +02:00			`if($random) {`
New features 2015-03-27 02:00:01 +01:00			`return sha1(mt_rand().$agent.$ip);`
New features 2015-05-06 03:00:02 +02:00			`}`
New features 2015-03-27 02:00:01 +01:00
New features 2015-05-05 03:00:01 +02:00			`// DEBUG: Ver CLIENT IP, hay veces que retorna la ip ::1 y otras 127.0.0.1`
			`return sha1($agent);`
mac 2015-03-08 18:02:59 +01:00			`}`

New features 2015-05-15 00:07:45 +02:00			`public function logout()`
			`{`
			`return Session::destroy();`
			`}`

Opengraph, Admin panel responsive, Improves on Security tokens 2015-11-28 15:47:03 +01:00			`}`