From 790524e3dee3ddcf5a8250adc8b38853d0014c9f Mon Sep 17 00:00:00 2001
From: Horus3
Date: Tue, 23 Sep 2014 20:16:17 +0200
Subject: rebuild with bootstrap

---
 bootstrap/class/mysql.php | 141 ++++++++++++++++++++++++++++++++++++++++++
 bootstrap/class/user.php  | 153 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 294 insertions(+)
 create mode 100644 bootstrap/class/mysql.php
 create mode 100644 bootstrap/class/user.php

(limited to 'bootstrap/class')

diff --git a/bootstrap/class/mysql.php b/bootstrap/class/mysql.php
new file mode 100644
index 0000000..0140994
--- /dev/null
+++ b/bootstrap/class/mysql.php
@@ -0,0 +1,141 @@
+<?php
+
+class db {
+	
+	protected $db;
+
+	public function __construct(){
+		$this->open();
+	}
+
+	public function open(){
+		try {
+			$this->db = new mysqli(DBHOST, DBUSER, DBPASSWORD, DBNAME);	
+		} catch (Exception $e){
+			failure("<p>".$e->getMessage()."</p>", '500 Server Failure', false, '<h1>Failed to open database connection.</h1>');
+		}
+
+		if ( $this->db->connect_errno() ){
+			failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
+		}
+
+		if ( ! $this->db->ping() ){
+			failure("<p>Can't reach MySQL server. Server says: " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>");
+		}
+
+		if ( ! $this->db->set_charset(DBCHARSET) ){
+			failure("<p>Can't set " . DBCHARSET . " as the charset on your MySQL server.</p>" , '500 Server Failure', false, "<h1>Setting Charset failed!</h1>");
+		}
+
+	}
+
+	public function close(){
+		$this->db->close();	
+	}
+
+	public function check(){
+		if ( ! $this->db->ping() ){
+			return false;
+		}
+
+		return true;
+	}
+
+	# does a single MySQL query with output (SELECT, INSERT, UPDATE... )
+	public function doQuery($string){
+		if ( ! $this->check() )
+			return false;
+
+		return $this->db->query($sql);
+	}
+
+	# does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... )
+	public function execMultipleQueries($sql){
+		if ( ! $this->check() )
+			return false;	
+
+		$result = $this->db->multi_query($sql);
+		if ( ! $result )
+			return false;
+
+		do {
+			if( ! $this->db->more_results() )	
+				break;
+			if ( ! $this->db->next_result() ){
+				if ( $this->db->error != "" ){
+					$res->free();
+					return false;
+				}
+			}
+		} while (true);
+
+		return true;
+	}
+
+	# code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154
+	# syntax like sprintf()
+	public function prepare( $query, $args ) {
+		if ( is_null( $query ) )
+			return;
+		
+		// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
+		if ( strpos( $query, '%' ) === false ) {
+			return false;
+		}
+		
+		$args = func_get_args();
+		array_shift( $args );
+
+		// If args were passed as an array (as in vsprintf), move them up
+		if ( isset( $args[0] ) && is_array($args[0]) )
+			$args = $args[0];
+
+		$query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
+		$query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
+		$query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
+		$query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
+
+		array_walk( $args, array( $this, '_escape_by_ref' ) );
+
+		return @vsprintf( $query, $args );
+	}
+
+	private function _escape_by_ref( &$string ){
+		if ( ! is_float( $string ) )
+			$string = $this->_real_escape( $string );
+	}
+
+	private function _real_escape( $string ){
+		return $this->db->real_escape_string($string);
+	}
+	# WordPress End
+
+	public function createTables(){
+		$user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'user 
+			( id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(id), 
+			name VARCHAR(70), UNIQUE(name), 
+			password VARCHAR(70), UNIQUE(password), 
+			email VARCHAR(70), UNIQUE(email), 
+			register INTEGER, 
+		ENGINE=InnoDB;';
+
+		$banned_user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'banned_user
+			( banned_id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(banned_id),
+			login_attempts INTEGER,
+			ip TEXT,
+			session_id TEXT,
+			time INTEGER,
+			user INTEGER
+			)
+		ENGINE=InnoDB;';
+
+		if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $banned_user_table . ' END;') )
+			failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>");
+	}
+	
+	public function __destruct(){
+		$this->close();
+	}
+}
diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php
new file mode 100644
index 0000000..321ca57
--- /dev/null
+++ b/bootstrap/class/user.php
@@ -0,0 +1,153 @@
+<?php
+
+class jg {
+
+	public $username;
+	public $login 	= false;
+
+	private $pepper;
+	private $query 	= false;
+	
+	public function __construct($name = null){
+		if ( is_null($name) )
+			return;
+
+		$this->username = $name;
+
+		if ( isset($_SESSION["loggedin"]) )
+			$this->login = $_SESSION["loggedin"];
+		
+		$this->_setPepper();
+
+		$this->_setQuery();
+	}
+
+	# get's everything from the database
+	private function _setQuery(){
+		global $vfsdb;
+
+		$sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
+		$db_db = $vfsdb->doQuery($sql);
+		if ( is_bool($db_db) )
+			$this->query = false;
+		else
+			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
+	}
+
+	private function _setPepper(){
+		if ( PEPPER_IS_FILE )
+			$this->pepper = file_get_contents(PEPPER);
+		else
+			$this->pepper = PEPPER;
+	}
+
+	public function getUser(){
+		return $this->query['name'];
+	}
+
+	public function getUserId(){
+		return $this->query['id'];
+	}
+
+	public function getPassword(){
+		return $this->query['password'];
+	}
+
+	public function getEmail(){
+		return $this->query['email'];	
+	}
+
+	public function getRegister(){
+		return $this->query['register'];
+	}
+
+	# check if valid user
+	public function isValidUser(){
+		if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
+			return false;
+
+		return true;
+	}
+
+	# check if current user is authenticated
+	public function isLoggedIn(){
+		return $this->login;	
+	}
+
+	public function login($password){
+		
+		# get hashed password from the database
+		$hashed_password = $this->getPassword();
+
+		# do the password check with php function
+		if ( ! password_verify($password . PEPPER, $hashed_password) )
+			return false;
+
+		# set login to true
+		$this->login = true;
+
+		# start a session if needed
+		if ( session_status() != PHP_SESSION_ACTIVE ) {
+			session_name(VFS_SESSION);
+			session_start();
+		}
+
+		# set session variable to true
+		$_SESSION["loggedin"] = true;
+
+		# assign userid to the session variable
+		$_SESSION["userid"] = $this->getUserId();
+
+		return true;
+	}
+
+	public function logout(){
+
+		# no session active, so return false
+		if ( session_status() != PHP_SESSION_ACTIVE )	
+			return false;
+
+		# set login to false
+		$this->login = false;
+
+		# destroy session
+		if( ! session_destroy() )
+			return false;
+
+		return true;
+	}
+
+	public function register($name, $password, $email){
+		global $vfsdb;
+
+		$password = $password . PEPPER;
+		$hash	  = password_hash($password, PASSWORD_DEFAULT);
+
+		$sql = $vfsdb->prepare("
+			INSERT INTO " . DBPREFIX . "user VALUES (
+				NULL,
+				name = %s,
+				password = %s,
+				email = %s,
+				register = %d
+			);", $name, $hash, $email, time() );
+
+		if ( ! $vfsdb->doQuery($sql) )
+			return false;
+
+		# the user is successfull registered, thus already logged in
+		$this->username = $name;
+
+		# redefine the class attributes
+		$this->_setPepper();
+		$this->_setQuery();
+
+		$this->login($password);
+
+		return true;
+	}
+
+	public function __destruct(){
+		return true;
+	}
+}
-- 
cgit v1.2.3