bludit/bl-kernel/login.class.php

<?php defined('BLUDIT') or die('Bludit CMS.');

class Login {

	protected $users;

	function __construct()
	{
		if (isset($GLOBALS['users'])) {
			$this->users = $GLOBALS['users'];
		} else {
			$this->users = new Users();
		}

		// Start the Session
		if (!Session::started()) {
			Session::start();
		}
	}

	// Returns the username of the user logged
	public function username()
	{
		return Session::get('username');
	}

	// Returns the role of the user logged
	public function role()
	{
		return Session::get('role');
	}

	// Returns TRUE if the user is logged, FALSE otherwise
	public function isLogged()
	{
		if (Session::get('fingerPrint')===$this->fingerPrint()) {
			$username = Session::get('username');
			if (!empty($username)) {
				return true;
			} else {
				Log::set(__METHOD__.LOG_SEP.'Session username empty, destroying the session.');
				Session::destroy();
				return false;
			}
		}

		Log::set(__METHOD__.LOG_SEP.'FingerPrints are different. ['.Session::get('fingerPrint').'] != ['.$this->fingerPrint().']');
		return false;
	}

	// Set the session for the user logged
	public function setLogin($username, $role)
	{
		Session::set('username',	$username);
		Session::set('role', 		$role);
		Session::set('fingerPrint',	$this->fingerPrint());
		Session::set('sessionTime',	time());

		Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint ['.$this->fingerPrint().']');
	}

	public function setRememberMe($username)
	{
		$username = Sanitize::html($username);

		// Set the token on the users database
		$token = $this->users->generateRememberToken();
		$this->users->setRememberToken($username, $token);

		// Set the token on the cookies
		Cookie::set(REMEMBER_COOKIE_USERNAME, $username, REMEMBER_COOKIE_EXPIRE_IN_DAYS);
		Cookie::set(REMEMBER_COOKIE_TOKEN, $token, REMEMBER_COOKIE_EXPIRE_IN_DAYS);

		Log::set(__METHOD__.LOG_SEP.'Cookies set for Remember Me.');
	}

	public function invalidateRememberMe()
	{
		// Invalidate all tokens on the user databases
		$this->users->invalidateAllRememberTokens();

		// Destroy the cookies
		Cookie::set(REMEMBER_COOKIE_USERNAME, '', -1);
		Cookie::set(REMEMBER_COOKIE_TOKEN, '', -1);
		unset($_COOKIE[REMEMBER_COOKIE_USERNAME]);
		unset($_COOKIE[REMEMBER_COOKIE_TOKEN]);
	}

	// Check if the username and the password are valid
	// Returns TRUE if valid and set the session
	// Returns FALSE for invalid username or password
	public function verifyUser($username, $password)
	{
		$username = Sanitize::html($username);
		$username = trim($username);

		if (empty($username) || empty($password)) {
			Log::set(__METHOD__.LOG_SEP.'Username or password empty. Username: '.$username);
			return false;
		}

		if (Text::length($password)<PASSWORD_LENGTH) {
			Log::set(__METHOD__.LOG_SEP.'Password length is shorter than required.');
			return false;
		}

		try {
			$user = new User($username);
		} catch (Exception $e) {
			return false;
		}

		$passwordHash = $this->users->generatePasswordHash($password, $user->salt());
		if ($passwordHash===$user->password()) {
			$this->setLogin($username, $user->role());
			Log::set(__METHOD__.LOG_SEP.'Successful user login by username and password - Username ['.$username.']');
			return true;
		}

		Log::set(__METHOD__.LOG_SEP.'Password incorrect.');
		return false;
	}

	// Check if the user has the cookies and the correct token
	public function verifyUserByRemember()
	{
		if (Cookie::isEmpty(REMEMBER_COOKIE_USERNAME) || Cookie::isEmpty(REMEMBER_COOKIE_TOKEN)) {
			return false;
		}

		$username 	= Cookie::get(REMEMBER_COOKIE_USERNAME);
		$token 		= Cookie::get(REMEMBER_COOKIE_TOKEN);

		$username 	= Sanitize::html($username);
		$token 		= Sanitize::html($token);

		$username 	= trim($username);
		$token 		= trim($token);

		if (empty($username) || empty($token)) {
			$this->invalidateRememberMe();
			Log::set(__METHOD__.LOG_SEP.'Username or Token empty. Username: '.$username.' - Token: '.$token);
			return false;
		}

		if ($username !== $this->users->getByRememberToken($token)) {
			$this->invalidateRememberMe();
			Log::set(__METHOD__.LOG_SEP.'The user has different token or the token doesn\'t exist.');
			return false;
		}

		// Get user from database and login
		$user = $this->users->getUserDB($username);
		$this->setLogin($username, $user['role']);
		Log::set(__METHOD__.LOG_SEP.'User authenticated via Remember Me.');
		return true;
	}

	public function fingerPrint()
	{
		$agent = getenv('HTTP_USER_AGENT');
		if (empty($agent)) {
			$agent = 'Bludit/2.0 (Mr Nibbler Protocol)';
		}
		return sha1($agent);
	}

	public function logout()
	{
		$this->invalidateRememberMe();
		Session::destroy();
		return true;
	}
}
New features 2015-03-27 02:00:01 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`
mac 2015-03-08 18:02:59 +01:00
			`class Login {`

Migrate private variables to protected to allow to extend classes 2019-01-26 12:50:48 +01:00			`protected $users;`
mac 2015-03-08 18:02:59 +01:00
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`function __construct()`
mac 2015-03-08 18:02:59 +01:00			`{`
Changes on variables names 2018-08-03 18:59:23 +02:00			`if (isset($GLOBALS['users'])) {`
			`$this->users = $GLOBALS['users'];`
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`} else {`
Bug fix, the user lost the role when click on remember me 2018-12-08 11:49:55 +01:00			`$this->users = new Users();`
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`}`

			`// Start the Session`
			`if (!Session::started()) {`
			`Session::start();`
			`}`
mac 2015-03-08 18:02:59 +01:00			`}`

Remember me 2017-11-07 00:18:16 +01:00			`// Returns the username of the user logged`
New features 2015-05-05 03:00:01 +02:00			`public function username()`
			`{`
			`return Session::get('username');`
			`}`

Remember me 2017-11-07 00:18:16 +01:00			`// Returns the role of the user logged`
New features 2015-05-05 03:00:01 +02:00			`public function role()`
			`{`
			`return Session::get('role');`
			`}`

Login and Security improves 2017-07-16 00:42:37 +02:00			`// Returns TRUE if the user is logged, FALSE otherwise`
New features 2015-03-27 02:00:01 +01:00			`public function isLogged()`
mac 2015-03-08 18:02:59 +01:00			`{`
Login and Security improves 2017-07-16 00:42:37 +02:00			`if (Session::get('fingerPrint')===$this->fingerPrint()) {`
New features 2015-05-05 03:00:01 +02:00			`$username = Session::get('username');`
Login and Security improves 2017-07-16 00:42:37 +02:00			`if (!empty($username)) {`
New features 2015-03-27 02:00:01 +01:00			`return true;`
Remember me 2017-11-07 00:18:16 +01:00			`} else {`
			`Log::set(__METHOD__.LOG_SEP.'Session username empty, destroying the session.');`
Login and Security improves 2017-07-16 00:42:37 +02:00			`Session::destroy();`
			`return false;`
Bug fixes 2015-06-27 03:47:12 +02:00			`}`
			`}`
mac 2015-03-08 18:02:59 +01:00
fix typos 2020-06-04 08:59:07 +02:00			`Log::set(__METHOD__.LOG_SEP.'FingerPrints are different. ['.Session::get('fingerPrint').'] != ['.$this->fingerPrint().']');`
mac 2015-03-08 18:02:59 +01:00			`return false;`
			`}`

Login and Security improves 2017-07-16 00:42:37 +02:00			`// Set the session for the user logged`
			`public function setLogin($username, $role)`
			`{`
			`Session::set('username', $username);`
			`Session::set('role', $role);`
			`Session::set('fingerPrint', $this->fingerPrint());`
			`Session::set('sessionTime', time());`

Bug fixes 2018-07-28 18:33:37 +02:00			`Log::set(__METHOD__.LOG_SEP.'User logged, fingerprint ['.$this->fingerPrint().']');`
Login and Security improves 2017-07-16 00:42:37 +02:00			`}`

Remember me 2017-11-07 00:18:16 +01:00			`public function setRememberMe($username)`
			`{`
			`$username = Sanitize::html($username);`

			`// Set the token on the users database`
Changes on variables names 2018-08-03 18:59:23 +02:00			`$token = $this->users->generateRememberToken();`
			`$this->users->setRememberToken($username, $token);`
Remember me 2017-11-07 00:18:16 +01:00
			`// Set the token on the cookies`
			`Cookie::set(REMEMBER_COOKIE_USERNAME, $username, REMEMBER_COOKIE_EXPIRE_IN_DAYS);`
			`Cookie::set(REMEMBER_COOKIE_TOKEN, $token, REMEMBER_COOKIE_EXPIRE_IN_DAYS);`
Remember me improves 2017-11-08 00:00:48 +01:00
fix typos 2020-06-04 08:59:07 +02:00			`Log::set(__METHOD__.LOG_SEP.'Cookies set for Remember Me.');`
Remember me improves 2017-11-08 00:00:48 +01:00			`}`

			`public function invalidateRememberMe()`
			`{`
			`// Invalidate all tokens on the user databases`
Changes on variables names 2018-08-03 18:59:23 +02:00			`$this->users->invalidateAllRememberTokens();`
Remember me improves 2017-11-08 00:00:48 +01:00
			`// Destroy the cookies`
			`Cookie::set(REMEMBER_COOKIE_USERNAME, '', -1);`
			`Cookie::set(REMEMBER_COOKIE_TOKEN, '', -1);`
			`unset($_COOKIE[REMEMBER_COOKIE_USERNAME]);`
			`unset($_COOKIE[REMEMBER_COOKIE_TOKEN]);`
Remember me 2017-11-07 00:18:16 +01:00			`}`

Login and Security improves 2017-07-16 00:42:37 +02:00			`// Check if the username and the password are valid`
			`// Returns TRUE if valid and set the session`
			`// Returns FALSE for invalid username or password`
New features 2015-03-27 02:00:01 +01:00			`public function verifyUser($username, $password)`
mac 2015-03-08 18:02:59 +01:00			`{`
Bug fixes 2015-08-08 02:39:10 +02:00			`$username = Sanitize::html($username);`
New features 2015-05-05 03:00:01 +02:00			`$username = trim($username);`

Login and Security improves 2017-07-16 00:42:37 +02:00			`if (empty($username) \|\| empty($password)) {`
RSS fixes, Micro theme improves 2017-10-07 21:49:41 +02:00			`Log::set(__METHOD__.LOG_SEP.'Username or password empty. Username: '.$username);`
			`return false;`
			`}`

			`if (Text::length($password)<PASSWORD_LENGTH) {`
fix typos 2020-06-04 08:59:07 +02:00			`Log::set(__METHOD__.LOG_SEP.'Password length is shorter than required.');`
mac 2015-03-08 18:02:59 +01:00			`return false;`
New features 2015-05-06 03:00:02 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`try {`
			`$user = new User($username);`
			`} catch (Exception $e) {`
mac 2015-03-08 18:02:59 +01:00			`return false;`
New features 2015-05-06 03:00:02 +02:00			`}`
mac 2015-03-08 18:02:59 +01:00
Changes on variables names 2018-08-03 18:59:23 +02:00			`$passwordHash = $this->users->generatePasswordHash($password, $user->salt());`
User object, new reader role for users 2018-07-25 23:42:00 +02:00			`if ($passwordHash===$user->password()) {`
			`$this->setLogin($username, $user->role());`
fix typos 2020-06-04 08:59:07 +02:00			`Log::set(__METHOD__.LOG_SEP.'Successful user login by username and password - Username ['.$username.']');`
New features 2015-03-27 02:00:01 +01:00			`return true;`
mac 2015-03-08 18:02:59 +01:00			`}`

Remember me 2017-11-07 00:18:16 +01:00			`Log::set(__METHOD__.LOG_SEP.'Password incorrect.');`
New features 2015-03-27 02:00:01 +01:00			`return false;`
mac 2015-03-08 18:02:59 +01:00			`}`

Remember me improves 2017-11-08 00:00:48 +01:00			`// Check if the user has the cookies and the correct token`
			`public function verifyUserByRemember()`
Login access code via email 2015-10-20 05:14:28 +02:00			`{`
Compatibility with php 5.3 2017-12-15 23:58:29 +01:00			`if (Cookie::isEmpty(REMEMBER_COOKIE_USERNAME) \|\| Cookie::isEmpty(REMEMBER_COOKIE_TOKEN)) {`
Remember me improves 2017-11-08 00:00:48 +01:00			`return false;`
			`}`

			`$username = Cookie::get(REMEMBER_COOKIE_USERNAME);`
			`$token = Cookie::get(REMEMBER_COOKIE_TOKEN);`

Remember me 2017-11-07 00:18:16 +01:00			`$username = Sanitize::html($username);`
			`$token = Sanitize::html($token);`
Login access code via email 2015-10-20 05:14:28 +02:00
Remember me 2017-11-07 00:18:16 +01:00			`$username = trim($username);`
			`$token = trim($token);`
Login access code via email 2015-10-20 05:14:28 +02:00
Remember me 2017-11-07 00:18:16 +01:00			`if (empty($username) \|\| empty($token)) {`
Remember me improves 2017-11-08 00:00:48 +01:00			`$this->invalidateRememberMe();`
Remember me 2017-11-07 00:18:16 +01:00			`Log::set(__METHOD__.LOG_SEP.'Username or Token empty. Username: '.$username.' - Token: '.$token);`
Login access code via email 2015-10-20 05:14:28 +02:00			`return false;`
			`}`

Changes on variables names 2018-08-03 18:59:23 +02:00			`if ($username !== $this->users->getByRememberToken($token)) {`
Remember me improves 2017-11-08 00:00:48 +01:00			`$this->invalidateRememberMe();`
			`Log::set(__METHOD__.LOG_SEP.'The user has different token or the token doesn\'t exist.');`
Login access code via email 2015-10-20 05:14:28 +02:00			`return false;`
			`}`

Bug fix, the user lost the role when click on remember me 2018-12-08 11:49:55 +01:00			`// Get user from database and login`
			`$user = $this->users->getUserDB($username);`
Remember me 2017-11-07 00:18:16 +01:00			`$this->setLogin($username, $user['role']);`
Remember me improves 2017-11-08 00:00:48 +01:00			`Log::set(__METHOD__.LOG_SEP.'User authenticated via Remember Me.');`
Remember me 2017-11-07 00:18:16 +01:00			`return true;`
Login access code via email 2015-10-20 05:14:28 +02:00			`}`

Login and Security improves 2017-07-16 00:42:37 +02:00			`public function fingerPrint()`
mac 2015-03-08 18:02:59 +01:00			`{`
			`$agent = getenv('HTTP_USER_AGENT');`
Login and Security improves 2017-07-16 00:42:37 +02:00			`if (empty($agent)) {`
			`$agent = 'Bludit/2.0 (Mr Nibbler Protocol)';`
New features 2015-05-06 03:00:02 +02:00			`}`
New features 2015-05-05 03:00:01 +02:00			`return sha1($agent);`
mac 2015-03-08 18:02:59 +01:00			`}`

New features 2015-05-15 00:07:45 +02:00			`public function logout()`
			`{`
Remember me improves 2017-11-08 00:00:48 +01:00			`$this->invalidateRememberMe();`
			`Session::destroy();`
			`return true;`
New features 2015-05-15 00:07:45 +02:00			`}`
RSS fixes, Micro theme improves 2017-10-07 21:49:41 +02:00			`}`