/html/include/functions/User.php

https://github.com/Xedecimal/Pass-Store · PHP · 216 lines · 107 code · 23 blank · 86 comment · 8 complexity · 6e669eb2bd55aa43280a8d0b918f7386 MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Functions and object for the "User"
    5. 

  5.  */
    6. 

  6. 

  7. /**
    8. 

  8.  * Generate a "hash" for the username and a password
    9. 

  9.  *
    10. 

  10.  * @param string $Username The username to generate the hash with
    11. 

  11.  * @param string $Password The password to generate the hash with
    12. 

  12.  *
    13. 

  13.  * @return string The resulting hash
    14. 

  14.  */
    15. 

  15. function user_hash($Username, $Password) {
    16. 

  16. 	return crypt(user_key($Username, $Password), '$6$rounds=50000$' . substr(hash('sha512', uniqid()), 0, 16));
    17. 

  17. }
    18. 

  18. 

  19. /**
    20. 

  20.  * Generate a user "key"
    21. 

  21.  *
    22. 

  22.  * @param string $Username The username to generate the key with
    23. 

  23.  * @param string $Password The password to generate the key with
    24. 

  24.  *
    25. 

  25.  * @return string The resulting key
    26. 

  26.  */
    27. 

  27. function user_key($Username, $Password) {
    28. 

  28. 	return hash('sha512', $Username . $Password);
    29. 

  29. }
    30. 

  30. 

  31. /**
    32. 

  32.  * Compared a username and password with a hashed password to see if they match
    33. 

  33.  *
    34. 

  34.  * @param string $Username       The username to generate the key with
    35. 

  35.  * @param string $Password       The password to generate the key with
    36. 

  36.  * @param string $HashedPassword The hashed password to compare against
    37. 

  37.  *
    38. 

  38.  * @return bool Whether they matched or not
    39. 

  39.  */
    40. 

  40. function user_compare($Username, $Password, $HashedPassword) {
    41. 

  41. 	return (crypt(user_key($Username, $Password), $HashedPassword) == $HashedPassword);
    42. 

  42. }
    43. 

  43. 

  44. /**
    45. 

  45.  * Check whether a user with this username exists
    46. 

  46.  *
    47. 

  47.  * @param string $User Username to check
    48. 

  48.  *
    49. 

  49.  * @return bool Whether the user exists or not
    50. 

  50.  */
    51. 

  51. function user_exists($User) {
    52. 

  52. 	$stmt = $GLOBALS['pdo']->prepare('
    53. 

  53. 		SELECT count(*)
    54. 

  54. 		FROM `users`
    55. 

  55. 		WHERE `username` = :username');
    56. 

  56. 	$stmt->bindValue(':username', s($User));
    57. 

  57. 	$stmt->execute();
    58. 

  58. 

  59. 	return ($stmt->fetchColumn() > 0);
    60. 

  60. }
    61. 

  61. 

  62. /**
    63. 

  63.  * Create a user with the specified username and password
    64. 

  64.  *
    65. 

  65.  * @param string $Username The password to generate the key with
    66. 

  66.  * @param string $Password The username to generate the key with
    67. 

  67.  *
    68. 

  68.  * @return string The ID of the new user
    69. 

  69.  */
    70. 

  70. function user_create($Username, $Password) {
    71. 

  71. 	if (user_exists($Username)) {
    72. 

  72. 		return false;
    73. 

  73. 	}
    74. 

  74. 

  75. 	$stmt = $GLOBALS['pdo']->prepare('
    76. 

  76. 		INSERT INTO `users`
    77. 

  77. 		(
    78. 

  78. 			`username`
    79. 

  79. 			, `password`
    80. 

  80. 		) VALUES (
    81. 

  81. 			:username
    82. 

  82. 			, :password
    83. 

  83. 		)');
    84. 

  84. 	$stmt->bindValue(':username', s($Username));
    85. 

  85. 	$stmt->bindValue(':password', user_hash($Username, $Password));
    86. 

  86. 	$stmt->execute();
    87. 

  87. 	$uid = $GLOBALS['pdo']->lastInsertId();
    88. 

  88. 	$stmt->closeCursor();
    89. 

  89. 

  90. 	// Create a group for the new user
    91. 

  91. 	lib('Group');
    92. 

  92. 	$gid = group_create(s($Username), 'user');
    93. 

  93. 	group_add($gid, $uid);
    94. 

  94. 

  95. 	return $uid;
    96. 

  96. }
    97. 

  97. 

  98. /**
    99. 

  99.  * Authenticate a user with the given Username and Password
    100. 

  100.  *
    101. 

  101.  * @param string $Username The username
    102. 

  102.  * @param string $Password The password
    103. 

  103.  *
    104. 

  104.  * @return bool Whether the authentication suceeded or not
    105. 

  105.  */
    106. 

  106. function user_authenticate($Username, $Password) {
    107. 

  107. 	$stmt = $GLOBALS['pdo']->prepare('
    108. 

  108. 		SELECT `password`
    109. 

  109. 		FROM `users`
    110. 

  110. 		WHERE `username` = :username
    111. 

  111. 	');
    112. 

  112. 	$stmt->bindValue(':username', $Username);
    113. 

  113. 	$stmt->execute();
    114. 

  114. 

  115. 	if ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
    116. 

  116. 		if (user_compare($Username, $Password, $row['password'])) {
    117. 

  117. 			$user = new User($Username, user_key($Username, $Password));
    118. 

  118. 

  119. 			$_SESSION['user'] = &$user;
    120. 

  120. 			session_regenerate_id();
    121. 

  121. 			return true;
    122. 

  122. 		}
    123. 

  123. 	}
    124. 

  124. 	return false;
    125. 

  125. }
    126. 

  126. 

  127. /**
    128. 

  128.  * Log out the user that's currently logged in
    129. 

  129.  *
    130. 

  130.  * @return void
    131. 

  131.  */
    132. 

  132. function user_logout() {
    133. 

  133. 	unset($_SESSION['user']);
    134. 

  134. 	session_regenerate_id();
    135. 

  135. }
    136. 

  136. 

  137. /**
    138. 

  138.  * The User class
    139. 

  139.  */
    140. 

  140. class User {
    141. 

  141. 	public $id;
    142. 

  142. 	public $username;
    143. 

  143. 	public $group;
    144. 

  144. 

  145. 	private $decryptionKey;
    146. 

  146. 

  147. 	/**
    148. 

  148. 	 * Construct the user class
    149. 

  149. 	 *
    150. 

  150. 	 * @param string $Username The username
    151. 

  151. 	 * @param string $key      The decrpytion key
    152. 

  152. 	 */
    153. 

  153. 	function __construct($Username, $key) {
    154. 

  154. 		if (!user_exists($Username)) {
    155. 

  155. 			return false;
    156. 

  156. 		}
    157. 

  157. 		$this->username = $Username;
    158. 

  158. 		$this->rehash();
    159. 

  159. 

  160. 		$_SESSION['user'] = &$this;
    161. 

  161. 

  162. 		$this->decryptionKey = $key;
    163. 

  163. 	}
    164. 

  164. 

  165. 	/**
    166. 

  166. 	 * Update the users object with new information from the database
    167. 

  167. 	 *
    168. 

  168. 	 * @return void
    169. 

  169. 	 */
    170. 

  170. 	function rehash() {
    171. 

  171. 		$stmt = $GLOBALS['pdo']->prepare('
    172. 

  172. 			SELECT `id`, `username`
    173. 

  173. 			FROM `users`
    174. 

  174. 			WHERE
    175. 

  175. 				`username` = :username
    176. 

  176. 		');
    177. 

  177. 		$stmt->bindParam(':username', $this->username);
    178. 

  178. 		$stmt->setFetchMode(PDO::FETCH_INTO, $this);
    179. 

  179. 		$stmt->execute();
    180. 

  180. 		$stmt->fetch();
    181. 

  181. 	}
    182. 

  182. 

  183. 	/**
    184. 

  184. 	 * Decrypt the given encryped data
    185. 

  185. 	 *
    186. 

  186. 	 * @param binary $Encrypted The encrypted data
    187. 

  187. 	 *
    188. 

  188. 	 * @return string Decrypted string
    189. 

  189. 	 */
    190. 

  190. 	function decrypt($Encrypted) {
    191. 

  191. 		// Check that the private key we're using for decryption exists
    192. 

  192. 		if ((is_readable(PATH . '/keys/' . $this->username . '.pem')) && (!empty($this->decryptionKey))) {
    193. 

  193. 			$PrivKey = openssl_get_privatekey(file_get_contents(PATH . '/keys/' . $this->username . '.pem'), $this->decryptionKey);
    194. 

  194. 			openssl_private_decrypt($Encrypted, $Decrypted, $PrivKey);
    195. 

  195. 			return $Decrypted;
    196. 

  196. 		}
    197. 

  197. 		return false;
    198. 

  198. 	}
    199. 

  199. 

  200. 	/**
    201. 

  201. 	 * Encrypt the given text with this users keys
    202. 

  202. 	 *
    203. 

  203. 	 * @param string $PlainText The text to encrypt
    204. 

  204. 	 *
    205. 

  205. 	 * @return binary The encrypted data
    206. 

  206. 	 */
    207. 

  207. 	function encrypt($PlainText) {
    208. 

  208. 		if (is_readable(PATH . 'keys/' . $this->username . '.pub')) {
    209. 

  209. 			openssl_public_encrypt($PlainText, $Encrypted, file_get_contents(PATH . '/keys/' . $this->username . '.pub'));
    210. 

  210. 			return $Encrypted;
    211. 

  211. 		}
    212. 

  212. 		return false;
    213. 

  213. 	}
    214. 

  214. }
    215. 

  215. 

  216. ?>
    217.