1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
<?php
class jg {
public $username;
public $login = false;
private $pepper;
private $query = false;
public function __construct($name = null){
if ( is_null($name) )
return;
$this->username = $name;
if ( isset($_SESSION["loggedin"]) )
$this->login = $_SESSION["loggedin"];
$this->_setPepper();
$this->_setQuery();
}
# get's everything from the database
private function _setQuery(){
global $vfsdb;
$sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
$db_db = $vfsdb->doQuery($sql);
if ( is_bool($db_db) )
$this->query = false;
else
$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
}
private function _setPepper(){
if ( PEPPER_IS_FILE )
$this->pepper = file_get_contents(PEPPER);
else
$this->pepper = PEPPER;
}
public function getUser(){
return $this->query['name'];
}
public function getUserId(){
return $this->query['id'];
}
public function getPassword(){
return $this->query['password'];
}
public function getEmail(){
return $this->query['email'];
}
public function getRegister(){
return $this->query['register'];
}
# check if valid user
public function isValidUser(){
if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
return false;
return true;
}
# check if current user is authenticated
public function isLoggedIn(){
return $this->login;
}
public function login($user, $password){
if ( is_null($this->username) )
$this->__construct($user);
# get hashed password from the database
$hashed_password = $this->getPassword();
# do the password check with php function
if ( ! password_verify($password . PEPPER, $hashed_password) )
return false;
# set login to true
$this->login = true;
# start a session if needed
if ( session_status() != PHP_SESSION_ACTIVE ) {
session_name(VFS_SESSION);
session_start();
}
# set session variable to true
$_SESSION["loggedin"] = true;
# assign userid to the session variable
$_SESSION["userid"] = $this->getUserId();
return true;
}
public function logout(){
# no session active, so return false
if ( session_status() != PHP_SESSION_ACTIVE )
return false;
# set login to false
$this->login = false;
# destroy session
if( ! session_destroy() )
return false;
return true;
}
public function register($name, $password, $email){
global $vfsdb;
$password = $password . PEPPER;
$hash = password_hash($password, PASSWORD_DEFAULT);
$sql = $vfsdb->prepare("
INSERT INTO " . DBPREFIX . "user VALUES (
NULL,
name = %s,
password = %s,
email = %s,
register = %d
);", $name, $hash, $email, time() );
if ( ! $vfsdb->doQuery($sql) )
return false;
# the user is successfull registered, thus already logged in
$this->username = $name;
# redefine the class attributes
$this->_setPepper();
$this->_setQuery();
$this->login($password);
return true;
}
public function __destruct(){
return true;
}
}
|
