From 2e3b69609088e37f5a716cfc8ad752f5ff0e7a90 Mon Sep 17 00:00:00 2001 From: Horus3 Date: Fri, 19 Sep 2014 19:07:37 +0200 Subject: class vfsuser --- public_html/class/mysql.php | 2 +- public_html/class/vfsuser.php | 120 ++++++++++++++++++++++++++++++++++++++++++ public_html/vfs_bootstrap.php | 5 ++ public_html/vfs_config.php | 17 ++++-- 4 files changed, 138 insertions(+), 6 deletions(-) create mode 100644 public_html/class/vfsuser.php (limited to 'public_html') diff --git a/public_html/class/mysql.php b/public_html/class/mysql.php index d0c6949..0fb46bb 100644 --- a/public_html/class/mysql.php +++ b/public_html/class/mysql.php @@ -2,7 +2,7 @@ class vfsdb { - public $db; + protected $db; public function __construct(){ $this->open(); diff --git a/public_html/class/vfsuser.php b/public_html/class/vfsuser.php new file mode 100644 index 0000000..931c53c --- /dev/null +++ b/public_html/class/vfsuser.php @@ -0,0 +1,120 @@ +username = $name; + + if ( isset($_SESSION["loggedin"]) ) + $this->login = $_SESSION["loggedin"]; + + if ( PEPPER_IS_FILE ) + $this->pepper=file_get_contents(PEPPER); + else + $this->pepper=PEPPER; + + $this->_setQuery(); + } + + # get's everything from the database + private function _setQuery(){ + global $vfsdb; + + $db_db = $vfsdb->doQuery("SELECT * FROM " . DBPREFIX . "user WHERE name='" . $this->username . "';"); + if ( is_bool($db_db) ) + $this->query=false; + else + $this->query=$db_db->fetch_array(MYSQLI_ASSOC); + } + + public function getUser(){ + return $this->query['name']; + } + + public function getUserId(){ + return $this->query['id']; + } + + public function getPassword(){ + return $this->query['password']; + } + + public function getInvites(){ + return $this->query['invites']; + } + + public function getEmail(){ + return $this->query['email']; + } + + public function getKey(){ + return $this->query['invitekey']; + } + + public function getStatus(){ + return $this->query['status']; + } + + public function getRegister(){ + return $this->query['register']; + } + + public function getInviter(){ + return $this->query['inviter']; + } + + # check if current user is authenticated + public function isLoggedIn(){ + return $this->login; + } + + public function login($password, $second_password){ + + # check if both passwords the same + if ( $password != $second_password) + return false; + + # get hashed password from the database + $hashed_password = $this->getPassword(); + + # do the password check with php function + if ( ! password_verify($password . PEPPER, $hashed_password) ) + return false; + + # set login to true + $this->login = true; + + # start a session if needed + if ( session_status() != PHP_SESSION_ACTIVE ) + session_name(VFS_SESSION); + session_start(); + } + + # set session variable to true + $_SESSION["loggedin"] = true; + + return true; + } + + public function logout(){ + + # no session active, so return false + if ( session_status() != PHP_SESSION_ACTIVE ) + return false; + + # set login to false + $this->login = false; + + # destroy session + if( ! session_destroy() ) + return false; + + return true; + } +} diff --git a/public_html/vfs_bootstrap.php b/public_html/vfs_bootstrap.php index 13dab22..26be764 100644 --- a/public_html/vfs_bootstrap.php +++ b/public_html/vfs_bootstrap.php @@ -25,6 +25,11 @@ if ( ! defined(HOST) ) if ( ! defined(DOMAIN) ) define('DOMAIN', SCHEME . HOST); +# define session name +if ( ! defined(VFS_SESSION) ) + define('VFS_SESSION', 'VFSSID'); + +# define include path for vfs-class files if ( ! defined(VFS_CLASS) ) define('VFS_CLASS', 'class/'); diff --git a/public_html/vfs_config.php b/public_html/vfs_config.php index a24fdd1..b1f4e4b 100644 --- a/public_html/vfs_config.php +++ b/public_html/vfs_config.php @@ -1,6 +1,6 @@