bludit/bl-kernel/login.class.php

174 lines
4.5 KiB
PHP
Raw Normal View History

2015-03-27 02:00:01 +01:00
<?php defined('BLUDIT') or die('Bludit CMS.');
2015-03-08 18:02:59 +01:00
class Login {
2018-08-03 18:59:23 +02:00
private $users;
2015-03-08 18:02:59 +01:00
function __construct()
2015-03-08 18:02:59 +01:00
{
2018-08-03 18:59:23 +02:00
if (isset($GLOBALS['users'])) {
$this->users = $GLOBALS['users'];
} else {
2018-08-03 18:59:23 +02:00
$this->users = new users();
}
// Start the Session
if (!Session::started()) {
Session::start();
}
2015-03-08 18:02:59 +01:00
}
2017-11-07 00:18:16 +01:00
// Returns the username of the user logged
2015-05-05 03:00:01 +02:00
public function username()
{
return Session::get('username');
}
2017-11-07 00:18:16 +01:00
// Returns the role of the user logged
2015-05-05 03:00:01 +02:00
public function role()
{
return Session::get('role');
}
2017-07-16 00:42:37 +02:00
// Returns TRUE if the user is logged, FALSE otherwise
2015-03-27 02:00:01 +01:00
public function isLogged()
2015-03-08 18:02:59 +01:00
{
2017-07-16 00:42:37 +02:00
if (Session::get('fingerPrint')===$this->fingerPrint()) {
2015-05-05 03:00:01 +02:00
$username = Session::get('username');
2017-07-16 00:42:37 +02:00
if (!empty($username)) {
2015-03-27 02:00:01 +01:00
return true;
2017-11-07 00:18:16 +01:00
} else {
Log::set(__METHOD__.LOG_SEP.'Session username empty, destroying the session.');
2017-07-16 00:42:37 +02:00
Session::destroy();
return false;
2015-06-27 03:47:12 +02:00
}
}
2015-03-08 18:02:59 +01:00
2018-07-28 18:33:37 +02:00
Log::set(__METHOD__.LOG_SEP.'FingerPrint are differents. ['.Session::get('fingerPrint').'] != ['.$this->fingerPrint().']');
2015-03-08 18:02:59 +01:00
return false;
}
2017-07-16 00:42:37 +02:00
// Set the session for the user logged
public function setLogin($username, $role)
{
Session::set('username', $username);
Session::set('role', $role);
Session::set('fingerPrint', $this->fingerPrint());
Session::set('sessionTime', time());
2018-07-28 18:33:37 +02:00
Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint ['.$this->fingerPrint().']');
2017-07-16 00:42:37 +02:00
}
2017-11-07 00:18:16 +01:00
public function setRememberMe($username)
{
$username = Sanitize::html($username);
// Set the token on the users database
2018-08-03 18:59:23 +02:00
$token = $this->users->generateRememberToken();
$this->users->setRememberToken($username, $token);
2017-11-07 00:18:16 +01:00
// Set the token on the cookies
Cookie::set(REMEMBER_COOKIE_USERNAME, $username, REMEMBER_COOKIE_EXPIRE_IN_DAYS);
Cookie::set(REMEMBER_COOKIE_TOKEN, $token, REMEMBER_COOKIE_EXPIRE_IN_DAYS);
2017-11-08 00:00:48 +01:00
Log::set(__METHOD__.LOG_SEP.'Cookies seted for Remember Me.');
}
public function invalidateRememberMe()
{
// Invalidate all tokens on the user databases
2018-08-03 18:59:23 +02:00
$this->users->invalidateAllRememberTokens();
2017-11-08 00:00:48 +01:00
// Destroy the cookies
Cookie::set(REMEMBER_COOKIE_USERNAME, '', -1);
Cookie::set(REMEMBER_COOKIE_TOKEN, '', -1);
unset($_COOKIE[REMEMBER_COOKIE_USERNAME]);
unset($_COOKIE[REMEMBER_COOKIE_TOKEN]);
2017-11-07 00:18:16 +01:00
}
2017-07-16 00:42:37 +02:00
// Check if the username and the password are valid
// Returns TRUE if valid and set the session
// Returns FALSE for invalid username or password
2015-03-27 02:00:01 +01:00
public function verifyUser($username, $password)
2015-03-08 18:02:59 +01:00
{
2015-08-08 02:39:10 +02:00
$username = Sanitize::html($username);
2015-05-05 03:00:01 +02:00
$username = trim($username);
2017-07-16 00:42:37 +02:00
if (empty($username) || empty($password)) {
2017-10-07 21:49:41 +02:00
Log::set(__METHOD__.LOG_SEP.'Username or password empty. Username: '.$username);
return false;
}
if (Text::length($password)<PASSWORD_LENGTH) {
Log::set(__METHOD__.LOG_SEP.'Password lenght less than required.');
2015-03-08 18:02:59 +01:00
return false;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2018-07-25 23:42:00 +02:00
try {
$user = new User($username);
} catch (Exception $e) {
2015-03-08 18:02:59 +01:00
return false;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2018-08-03 18:59:23 +02:00
$passwordHash = $this->users->generatePasswordHash($password, $user->salt());
2018-07-25 23:42:00 +02:00
if ($passwordHash===$user->password()) {
$this->setLogin($username, $user->role());
2018-07-28 18:33:37 +02:00
Log::set(__METHOD__.LOG_SEP.'User logged succeeded by username and password - Username ['.$username.']');
2015-03-27 02:00:01 +01:00
return true;
2015-03-08 18:02:59 +01:00
}
2017-11-07 00:18:16 +01:00
Log::set(__METHOD__.LOG_SEP.'Password incorrect.');
2015-03-27 02:00:01 +01:00
return false;
2015-03-08 18:02:59 +01:00
}
2017-11-08 00:00:48 +01:00
// Check if the user has the cookies and the correct token
public function verifyUserByRemember()
2015-10-20 05:14:28 +02:00
{
2017-12-15 23:58:29 +01:00
if (Cookie::isEmpty(REMEMBER_COOKIE_USERNAME) || Cookie::isEmpty(REMEMBER_COOKIE_TOKEN)) {
2017-11-08 00:00:48 +01:00
return false;
}
$username = Cookie::get(REMEMBER_COOKIE_USERNAME);
$token = Cookie::get(REMEMBER_COOKIE_TOKEN);
2017-11-07 00:18:16 +01:00
$username = Sanitize::html($username);
$token = Sanitize::html($token);
2015-10-20 05:14:28 +02:00
2017-11-07 00:18:16 +01:00
$username = trim($username);
$token = trim($token);
2015-10-20 05:14:28 +02:00
2017-11-07 00:18:16 +01:00
if (empty($username) || empty($token)) {
2017-11-08 00:00:48 +01:00
$this->invalidateRememberMe();
2017-11-07 00:18:16 +01:00
Log::set(__METHOD__.LOG_SEP.'Username or Token empty. Username: '.$username.' - Token: '.$token);
2015-10-20 05:14:28 +02:00
return false;
}
2018-08-03 18:59:23 +02:00
if ($username !== $this->users->getByRememberToken($token)) {
2017-11-08 00:00:48 +01:00
$this->invalidateRememberMe();
Log::set(__METHOD__.LOG_SEP.'The user has different token or the token doesn\'t exist.');
2015-10-20 05:14:28 +02:00
return false;
}
2017-11-07 00:18:16 +01:00
// Validate user and login
2018-08-03 18:59:23 +02:00
$user = $this->users->getDb($username);
2017-11-07 00:18:16 +01:00
$this->setLogin($username, $user['role']);
2017-11-08 00:00:48 +01:00
Log::set(__METHOD__.LOG_SEP.'User authenticated via Remember Me.');
2017-11-07 00:18:16 +01:00
return true;
2015-10-20 05:14:28 +02:00
}
2017-07-16 00:42:37 +02:00
public function fingerPrint()
2015-03-08 18:02:59 +01:00
{
$agent = getenv('HTTP_USER_AGENT');
2017-07-16 00:42:37 +02:00
if (empty($agent)) {
$agent = 'Bludit/2.0 (Mr Nibbler Protocol)';
2015-05-06 03:00:02 +02:00
}
2015-05-05 03:00:01 +02:00
return sha1($agent);
2015-03-08 18:02:59 +01:00
}
2015-05-15 00:07:45 +02:00
public function logout()
{
2017-11-08 00:00:48 +01:00
$this->invalidateRememberMe();
Session::destroy();
return true;
2015-05-15 00:07:45 +02:00
}
2017-10-07 21:49:41 +02:00
}