2015-03-27 02:00:01 +01:00
< ? php defined ( 'BLUDIT' ) or die ( 'Bludit CMS.' );
2015-03-08 18:02:59 +01:00
class Login {
2015-03-27 02:00:01 +01:00
private $dbUsers ;
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
function __construct ( $dbUsers )
2015-03-08 18:02:59 +01:00
{
2015-03-27 02:00:01 +01:00
$this -> dbUsers = $dbUsers ;
2015-03-08 18:02:59 +01:00
}
2015-05-05 03:00:01 +02:00
public function username ()
{
return Session :: get ( 'username' );
}
public function role ()
{
return Session :: get ( 'role' );
}
public function setLogin ( $username , $role )
2015-03-08 18:02:59 +01:00
{
2015-06-27 03:47:12 +02:00
Session :: set ( 'username' , $username );
Session :: set ( 'role' , $role );
2015-03-27 02:00:01 +01:00
Session :: set ( 'fingerPrint' , $this -> fingerPrint ());
Session :: set ( 'sessionTime' , time ());
2015-06-27 03:47:12 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Set fingerPrint: ' . $this -> fingerPrint ());
2015-03-08 18:02:59 +01:00
}
2015-03-27 02:00:01 +01:00
public function isLogged ()
2015-03-08 18:02:59 +01:00
{
2015-03-27 02:00:01 +01:00
if ( Session :: get ( 'fingerPrint' ) === $this -> fingerPrint ())
2015-03-08 18:02:59 +01:00
{
2015-05-05 03:00:01 +02:00
$username = Session :: get ( 'username' );
2015-05-06 03:00:02 +02:00
2015-05-07 03:00:01 +02:00
if ( ! empty ( $username )) {
2015-03-27 02:00:01 +01:00
return true ;
2015-03-08 18:02:59 +01:00
}
2015-06-27 03:47:12 +02:00
else {
Log :: set ( __METHOD__ . LOG_SEP . 'Session username empty: ' . $username );
}
}
else
{
Log :: set ( __METHOD__ . LOG_SEP . 'FingerPrint are differents. Session fingerPrint: ' . Session :: get ( 'fingerPrint' ) . ' !== Current fingerPrint: ' . $this -> fingerPrint ());
2015-03-08 18:02:59 +01:00
}
return false ;
}
2015-03-27 02:00:01 +01:00
public function verifyUser ( $username , $password )
2015-03-08 18:02:59 +01:00
{
2015-05-05 03:00:01 +02:00
$username = trim ( $username );
$password = trim ( $password );
2015-05-06 03:00:02 +02:00
if ( empty ( $username ) || empty ( $password )) {
2015-06-27 03:47:12 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username or Password empty. Username: ' . $username . ' - Password: ' . $password );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
$user = $this -> dbUsers -> get ( $username );
2015-05-06 03:00:02 +02:00
if ( $user == false ) {
2015-06-27 03:47:12 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username not exist: ' . $username );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
$passwordHash = sha1 ( $password . $user [ 'salt' ]);
2015-05-05 03:00:01 +02:00
2015-03-27 02:00:01 +01:00
if ( $passwordHash === $user [ 'password' ])
2015-03-08 18:02:59 +01:00
{
2015-05-05 03:00:01 +02:00
$this -> setLogin ( $username , $user [ 'role' ]);
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
return true ;
2015-03-08 18:02:59 +01:00
}
2015-06-27 03:47:12 +02:00
else {
Log :: set ( __METHOD__ . LOG_SEP . 'Password are differents.' );
}
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
return false ;
2015-03-08 18:02:59 +01:00
}
2015-05-05 03:00:01 +02:00
public function fingerPrint ( $random = false )
2015-03-08 18:02:59 +01:00
{
// User agent
$agent = getenv ( 'HTTP_USER_AGENT' );
2015-05-06 03:00:02 +02:00
if ( empty ( $agent )) {
2015-03-27 02:00:01 +01:00
$agent = 'Bludit/1.0 (Mr Nibbler Protocol)' ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
// User IP
if ( getenv ( 'HTTP_X_FORWARDED_FOR' ))
$ip = getenv ( 'HTTP_X_FORWARDED_FOR' );
elseif ( getenv ( 'HTTP_CLIENT_IP' ))
$ip = getenv ( 'HTTP_CLIENT_IP' );
else
$ip = getenv ( 'REMOTE_ADDR' );
2015-05-06 03:00:02 +02:00
if ( $random ) {
2015-03-27 02:00:01 +01:00
return sha1 ( mt_rand () . $agent . $ip );
2015-05-06 03:00:02 +02:00
}
2015-03-27 02:00:01 +01:00
2015-05-05 03:00:01 +02:00
// DEBUG: Ver CLIENT IP, hay veces que retorna la ip ::1 y otras 127.0.0.1
return sha1 ( $agent );
2015-03-08 18:02:59 +01:00
}
2015-05-15 00:07:45 +02:00
public function logout ()
{
return Session :: destroy ();
}
2015-03-27 02:00:01 +01:00
}