diff options
| author | Horus3 | 2014-09-19 19:07:37 +0200 |
|---|---|---|
| committer | Horus3 | 2014-09-19 19:07:37 +0200 |
| commit | 2e3b69609088e37f5a716cfc8ad752f5ff0e7a90 (patch) | |
| tree | a3ab754789f5647e2b5205f9c37d4a26b71c8240 | |
| parent | 7a5041413611d93ea170080d24dcc39a4d44bd35 (diff) | |
| download | vfs-2e3b69609088e37f5a716cfc8ad752f5ff0e7a90.tar.gz | |
class vfsuser
| -rw-r--r-- | public_html/class/mysql.php | 2 | ||||
| -rw-r--r-- | public_html/class/vfsuser.php | 120 | ||||
| -rw-r--r-- | public_html/vfs_bootstrap.php | 5 | ||||
| -rw-r--r-- | public_html/vfs_config.php | 17 |
4 files changed, 138 insertions, 6 deletions
diff --git a/public_html/class/mysql.php b/public_html/class/mysql.php index d0c6949..0fb46bb 100644 --- a/public_html/class/mysql.php +++ b/public_html/class/mysql.php @@ -2,7 +2,7 @@ class vfsdb { - public $db; + protected $db; public function __construct(){ $this->open(); diff --git a/public_html/class/vfsuser.php b/public_html/class/vfsuser.php new file mode 100644 index 0000000..931c53c --- /dev/null +++ b/public_html/class/vfsuser.php @@ -0,0 +1,120 @@ +<?php + +class vfsuser { + + public $username; + public $login = false; + + private $pepper; + private $query = false; + + public function __construct($name){ + $this->username = $name; + + if ( isset($_SESSION["loggedin"]) ) + $this->login = $_SESSION["loggedin"]; + + if ( PEPPER_IS_FILE ) + $this->pepper=file_get_contents(PEPPER); + else + $this->pepper=PEPPER; + + $this->_setQuery(); + } + + # get's everything from the database + private function _setQuery(){ + global $vfsdb; + + $db_db = $vfsdb->doQuery("SELECT * FROM " . DBPREFIX . "user WHERE name='" . $this->username . "';"); + if ( is_bool($db_db) ) + $this->query=false; + else + $this->query=$db_db->fetch_array(MYSQLI_ASSOC); + } + + public function getUser(){ + return $this->query['name']; + } + + public function getUserId(){ + return $this->query['id']; + } + + public function getPassword(){ + return $this->query['password']; + } + + public function getInvites(){ + return $this->query['invites']; + } + + public function getEmail(){ + return $this->query['email']; + } + + public function getKey(){ + return $this->query['invitekey']; + } + + public function getStatus(){ + return $this->query['status']; + } + + public function getRegister(){ + return $this->query['register']; + } + + public function getInviter(){ + return $this->query['inviter']; + } + + # check if current user is authenticated + public function isLoggedIn(){ + return $this->login; + } + + public function login($password, $second_password){ + + # check if both passwords the same + if ( $password != $second_password) + return false; + + # get hashed password from the database + $hashed_password = $this->getPassword(); + + # do the password check with php function + if ( ! password_verify($password . PEPPER, $hashed_password) ) + return false; + + # set login to true + $this->login = true; + + # start a session if needed + if ( session_status() != PHP_SESSION_ACTIVE ) + session_name(VFS_SESSION); + session_start(); + } + + # set session variable to true + $_SESSION["loggedin"] = true; + + return true; + } + + public function logout(){ + + # no session active, so return false + if ( session_status() != PHP_SESSION_ACTIVE ) + return false; + + # set login to false + $this->login = false; + + # destroy session + if( ! session_destroy() ) + return false; + + return true; + } +} diff --git a/public_html/vfs_bootstrap.php b/public_html/vfs_bootstrap.php index 13dab22..26be764 100644 --- a/public_html/vfs_bootstrap.php +++ b/public_html/vfs_bootstrap.php @@ -25,6 +25,11 @@ if ( ! defined(HOST) ) if ( ! defined(DOMAIN) ) define('DOMAIN', SCHEME . HOST); +# define session name +if ( ! defined(VFS_SESSION) ) + define('VFS_SESSION', 'VFSSID'); + +# define include path for vfs-class files if ( ! defined(VFS_CLASS) ) define('VFS_CLASS', 'class/'); diff --git a/public_html/vfs_config.php b/public_html/vfs_config.php index a24fdd1..b1f4e4b 100644 --- a/public_html/vfs_config.php +++ b/public_html/vfs_config.php @@ -1,6 +1,6 @@ <?php -# mysql access +### mysql access define('DBHOST', 'localhost'); define('DBUSER', 'vfs-user'); define('DBNAME', 'vfs'); @@ -8,16 +8,23 @@ define('DBPASSWORD', 'secretpassword'); define('DBCHARSET', 'utf8'); define('DBPREFIX', 'vfs_'); -# absolute path +### define your pepper for password security +define('PEPPER_IS_FILE', false); +define('PEPPER', 'somelongstringhere'); + +# define('PEPPER_IS_FILE', true); +# define('PEPPER', dirname(__FILE__) . '/../pepper.txt'); + +### absolute path # define('ABSPATH', dirname(__FILE__) . '/'); -# file directory +### file directory # define('FILEPATH', ABSPATH . '../files'); -# scheme, set to https if possible, otherwise plain http +### scheme, set to https if possible, otherwise plain http # define('SCHEME', 'http://'); # define('SCHEME', 'https://'); -# hostname +### hostname # define('HOST', 'files.iamfabulous.de'); # define('DOMAIN', 'https://files.iamfabulous.de'); |