2015-03-27 02:00:01 +01:00
< ? php defined ( 'BLUDIT' ) or die ( 'Bludit CMS.' );
2015-03-08 18:02:59 +01:00
class Login {
2015-03-27 02:00:01 +01:00
private $dbUsers ;
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
function __construct ( $dbUsers )
2015-03-08 18:02:59 +01:00
{
2015-03-27 02:00:01 +01:00
$this -> dbUsers = $dbUsers ;
2015-03-08 18:02:59 +01:00
}
2015-05-05 03:00:01 +02:00
public function username ()
{
return Session :: get ( 'username' );
}
public function role ()
{
return Session :: get ( 'role' );
}
2017-07-16 00:42:37 +02:00
// Returns TRUE if the user is logged, FALSE otherwise
2015-03-27 02:00:01 +01:00
public function isLogged ()
2015-03-08 18:02:59 +01:00
{
2017-07-16 00:42:37 +02:00
if ( Session :: get ( 'fingerPrint' ) === $this -> fingerPrint ()) {
2015-05-05 03:00:01 +02:00
$username = Session :: get ( 'username' );
2017-07-16 00:42:37 +02:00
if ( ! empty ( $username )) {
2015-03-27 02:00:01 +01:00
return true ;
2015-03-08 18:02:59 +01:00
}
2015-06-27 03:47:12 +02:00
else {
2017-07-16 00:42:37 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Session username empty, destroy the session.' );
Session :: destroy ();
return false ;
2015-06-27 03:47:12 +02:00
}
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'FingerPrint are differents. Current fingerPrint: ' . Session :: get ( 'fingerPrint' ) . ' !== Current fingerPrint: ' . $this -> fingerPrint ());
2015-03-08 18:02:59 +01:00
return false ;
}
2017-07-16 00:42:37 +02:00
// Set the session for the user logged
public function setLogin ( $username , $role )
{
Session :: set ( 'username' , $username );
Session :: set ( 'role' , $role );
Session :: set ( 'fingerPrint' , $this -> fingerPrint ());
Session :: set ( 'sessionTime' , time ());
Log :: set ( __METHOD__ . LOG_SEP . 'User logged, fingerprint: ' . $this -> fingerPrint ());
}
// Check if the username and the password are valid
// Returns TRUE if valid and set the session
// Returns FALSE for invalid username or password
2015-03-27 02:00:01 +01:00
public function verifyUser ( $username , $password )
2015-03-08 18:02:59 +01:00
{
2015-08-08 02:39:10 +02:00
$username = Sanitize :: html ( $username );
$password = Sanitize :: html ( $password );
2015-05-05 03:00:01 +02:00
$username = trim ( $username );
$password = trim ( $password );
2017-07-16 00:42:37 +02:00
if ( empty ( $username ) || empty ( $password )) {
2015-10-20 05:14:28 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username or password empty. Username: ' . $username . ' - Password: ' . $password );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
$user = $this -> dbUsers -> getDB ( $username );
2015-05-06 03:00:02 +02:00
if ( $user == false ) {
2015-08-18 04:02:19 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username does not exist: ' . $username );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
$passwordHash = $this -> dbUsers -> generatePasswordHash ( $password , $user [ 'salt' ]);
if ( $passwordHash === $user [ 'password' ]) {
2015-05-05 03:00:01 +02:00
$this -> setLogin ( $username , $user [ 'role' ]);
2015-10-20 05:14:28 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'User logged succeeded by username and password - Username: ' . $username );
2015-03-27 02:00:01 +01:00
return true ;
2015-03-08 18:02:59 +01:00
}
2015-06-27 03:47:12 +02:00
else {
2015-08-18 04:02:19 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Password incorrect.' );
2015-06-27 03:47:12 +02:00
}
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
return false ;
2015-03-08 18:02:59 +01:00
}
2015-10-20 05:14:28 +02:00
public function verifyUserByToken ( $username , $token )
{
$username = Sanitize :: html ( $username );
$token = Sanitize :: html ( $token );
$username = trim ( $username );
$token = trim ( $token );
if ( empty ( $username ) || empty ( $token )) {
Log :: set ( __METHOD__ . LOG_SEP . 'Username or Token-email empty. Username: ' . $username . ' - Token-email: ' . $token );
return false ;
}
$user = $this -> dbUsers -> getDb ( $username );
if ( $user == false ) {
Log :: set ( __METHOD__ . LOG_SEP . 'Username does not exist: ' . $username );
return false ;
}
$currentTime = Date :: current ( DB_DATE_FORMAT );
if ( $user [ 'tokenEmailTTL' ] < $currentTime ) {
Log :: set ( __METHOD__ . LOG_SEP . 'Token-email expired: ' . $username );
return false ;
}
if ( $token === $user [ 'tokenEmail' ])
{
// Set the user loggued.
$this -> setLogin ( $username , $user [ 'role' ]);
// Invalidate the current token.
2017-07-06 23:27:22 +02:00
$this -> dbUsers -> setTokenEmail ( $username );
2015-10-20 05:14:28 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'User logged succeeded by Token-email - Username: ' . $username );
return true ;
}
else {
Log :: set ( __METHOD__ . LOG_SEP . 'Token-email incorrect.' );
}
return false ;
}
2017-07-16 00:42:37 +02:00
public function fingerPrint ()
2015-03-08 18:02:59 +01:00
{
// User agent
$agent = getenv ( 'HTTP_USER_AGENT' );
2017-07-16 00:42:37 +02:00
if ( empty ( $agent )) {
$agent = 'Bludit/2.0 (Mr Nibbler Protocol)' ;
2015-05-06 03:00:02 +02:00
}
2015-03-27 02:00:01 +01:00
2015-05-05 03:00:01 +02:00
return sha1 ( $agent );
2015-03-08 18:02:59 +01:00
}
2015-05-15 00:07:45 +02:00
public function logout ()
{
return Session :: destroy ();
}
2015-11-28 15:47:03 +01:00
}