2015-03-27 02:00:01 +01:00
< ? php defined ( 'BLUDIT' ) or die ( 'Bludit CMS.' );
2015-03-08 18:02:59 +01:00
class Login {
2015-03-27 02:00:01 +01:00
private $dbUsers ;
2015-03-08 18:02:59 +01:00
2015-03-27 02:00:01 +01:00
function __construct ( $dbUsers )
2015-03-08 18:02:59 +01:00
{
2015-03-27 02:00:01 +01:00
$this -> dbUsers = $dbUsers ;
2015-03-08 18:02:59 +01:00
}
2017-11-07 00:18:16 +01:00
// Returns the username of the user logged
2015-05-05 03:00:01 +02:00
public function username ()
{
return Session :: get ( 'username' );
}
2017-11-07 00:18:16 +01:00
// Returns the role of the user logged
2015-05-05 03:00:01 +02:00
public function role ()
{
return Session :: get ( 'role' );
}
2017-07-16 00:42:37 +02:00
// Returns TRUE if the user is logged, FALSE otherwise
2015-03-27 02:00:01 +01:00
public function isLogged ()
2015-03-08 18:02:59 +01:00
{
2017-07-16 00:42:37 +02:00
if ( Session :: get ( 'fingerPrint' ) === $this -> fingerPrint ()) {
2015-05-05 03:00:01 +02:00
$username = Session :: get ( 'username' );
2017-07-16 00:42:37 +02:00
if ( ! empty ( $username )) {
2015-03-27 02:00:01 +01:00
return true ;
2017-11-07 00:18:16 +01:00
} else {
Log :: set ( __METHOD__ . LOG_SEP . 'Session username empty, destroying the session.' );
2017-07-16 00:42:37 +02:00
Session :: destroy ();
return false ;
2015-06-27 03:47:12 +02:00
}
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'FingerPrint are differents. Current fingerPrint: ' . Session :: get ( 'fingerPrint' ) . ' !== Current fingerPrint: ' . $this -> fingerPrint ());
2015-03-08 18:02:59 +01:00
return false ;
}
2017-07-16 00:42:37 +02:00
// Set the session for the user logged
public function setLogin ( $username , $role )
{
Session :: set ( 'username' , $username );
Session :: set ( 'role' , $role );
Session :: set ( 'fingerPrint' , $this -> fingerPrint ());
Session :: set ( 'sessionTime' , time ());
Log :: set ( __METHOD__ . LOG_SEP . 'User logged, fingerprint: ' . $this -> fingerPrint ());
}
2017-11-07 00:18:16 +01:00
public function setRememberMe ( $username )
{
$username = Sanitize :: html ( $username );
// Set the token on the users database
$token = $this -> dbUsers -> generateRememberToken ();
$this -> dbUsers -> setRememberToken ( $username , $token );
// Set the token on the cookies
Cookie :: set ( REMEMBER_COOKIE_USERNAME , $username , REMEMBER_COOKIE_EXPIRE_IN_DAYS );
Cookie :: set ( REMEMBER_COOKIE_TOKEN , $token , REMEMBER_COOKIE_EXPIRE_IN_DAYS );
2017-11-08 00:00:48 +01:00
Log :: set ( __METHOD__ . LOG_SEP . 'Cookies seted for Remember Me.' );
}
public function invalidateRememberMe ()
{
// Invalidate all tokens on the user databases
$this -> dbUsers -> invalidateAllRememberTokens ();
// Destroy the cookies
Cookie :: set ( REMEMBER_COOKIE_USERNAME , '' , - 1 );
Cookie :: set ( REMEMBER_COOKIE_TOKEN , '' , - 1 );
unset ( $_COOKIE [ REMEMBER_COOKIE_USERNAME ]);
unset ( $_COOKIE [ REMEMBER_COOKIE_TOKEN ]);
2017-11-07 00:18:16 +01:00
}
2017-07-16 00:42:37 +02:00
// Check if the username and the password are valid
// Returns TRUE if valid and set the session
// Returns FALSE for invalid username or password
2015-03-27 02:00:01 +01:00
public function verifyUser ( $username , $password )
2015-03-08 18:02:59 +01:00
{
2015-08-08 02:39:10 +02:00
$username = Sanitize :: html ( $username );
$password = Sanitize :: html ( $password );
2015-05-05 03:00:01 +02:00
$username = trim ( $username );
$password = trim ( $password );
2017-07-16 00:42:37 +02:00
if ( empty ( $username ) || empty ( $password )) {
2017-10-07 21:49:41 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username or password empty. Username: ' . $username );
return false ;
}
if ( Text :: length ( $password ) < PASSWORD_LENGTH ) {
Log :: set ( __METHOD__ . LOG_SEP . 'Password lenght less than required.' );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
$user = $this -> dbUsers -> getDB ( $username );
2017-11-07 00:18:16 +01:00
if ( $user == false ) {
2015-08-18 04:02:19 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username does not exist: ' . $username );
2015-03-08 18:02:59 +01:00
return false ;
2015-05-06 03:00:02 +02:00
}
2015-03-08 18:02:59 +01:00
2017-07-16 00:42:37 +02:00
$passwordHash = $this -> dbUsers -> generatePasswordHash ( $password , $user [ 'salt' ]);
if ( $passwordHash === $user [ 'password' ]) {
2015-05-05 03:00:01 +02:00
$this -> setLogin ( $username , $user [ 'role' ]);
2015-10-20 05:14:28 +02:00
Log :: set ( __METHOD__ . LOG_SEP . 'User logged succeeded by username and password - Username: ' . $username );
2015-03-27 02:00:01 +01:00
return true ;
2015-03-08 18:02:59 +01:00
}
2017-11-07 00:18:16 +01:00
Log :: set ( __METHOD__ . LOG_SEP . 'Password incorrect.' );
2015-03-27 02:00:01 +01:00
return false ;
2015-03-08 18:02:59 +01:00
}
2017-11-08 00:00:48 +01:00
// Check if the user has the cookies and the correct token
public function verifyUserByRemember ()
2015-10-20 05:14:28 +02:00
{
2017-11-08 00:00:48 +01:00
if ( ! Cookie :: isset ( REMEMBER_COOKIE_USERNAME ) || ! Cookie :: isset ( REMEMBER_COOKIE_TOKEN )) {
return false ;
}
$username = Cookie :: get ( REMEMBER_COOKIE_USERNAME );
$token = Cookie :: get ( REMEMBER_COOKIE_TOKEN );
2017-11-07 00:18:16 +01:00
$username = Sanitize :: html ( $username );
$token = Sanitize :: html ( $token );
2015-10-20 05:14:28 +02:00
2017-11-07 00:18:16 +01:00
$username = trim ( $username );
$token = trim ( $token );
2015-10-20 05:14:28 +02:00
2017-11-07 00:18:16 +01:00
if ( empty ( $username ) || empty ( $token )) {
2017-11-08 00:00:48 +01:00
$this -> invalidateRememberMe ();
2017-11-07 00:18:16 +01:00
Log :: set ( __METHOD__ . LOG_SEP . 'Username or Token empty. Username: ' . $username . ' - Token: ' . $token );
2015-10-20 05:14:28 +02:00
return false ;
}
2017-11-08 00:00:48 +01:00
if ( $username !== $this -> dbUsers -> getByRememberToken ( $token )) {
$this -> invalidateRememberMe ();
Log :: set ( __METHOD__ . LOG_SEP . 'The user has different token or the token doesn\'t exist.' );
2015-10-20 05:14:28 +02:00
return false ;
}
2017-11-07 00:18:16 +01:00
// Validate user and login
$user = $this -> dbUsers -> getDb ( $username );
$this -> setLogin ( $username , $user [ 'role' ]);
2017-11-08 00:00:48 +01:00
Log :: set ( __METHOD__ . LOG_SEP . 'User authenticated via Remember Me.' );
2017-11-07 00:18:16 +01:00
return true ;
2015-10-20 05:14:28 +02:00
}
2017-07-16 00:42:37 +02:00
public function fingerPrint ()
2015-03-08 18:02:59 +01:00
{
$agent = getenv ( 'HTTP_USER_AGENT' );
2017-07-16 00:42:37 +02:00
if ( empty ( $agent )) {
$agent = 'Bludit/2.0 (Mr Nibbler Protocol)' ;
2015-05-06 03:00:02 +02:00
}
2015-05-05 03:00:01 +02:00
return sha1 ( $agent );
2015-03-08 18:02:59 +01:00
}
2015-05-15 00:07:45 +02:00
public function logout ()
{
2017-11-08 00:00:48 +01:00
$this -> invalidateRememberMe ();
Session :: destroy ();
return true ;
2015-05-15 00:07:45 +02:00
}
2017-10-07 21:49:41 +02:00
}