class.bertasecurity.php

/engine/_classes/class.bertasecurity.php

https://github.com/raphaelbastide/berta
PHP | 230 lines | 137 code | 70 blank | 23 comment | 26 complexity | ef619e7c373f11631334729e17c9fd8a MD5 | raw file

<?php

/*
 ==================================================================================================================================
	
	CLASS BertaSecurity
	
	Manages security and ip-tracking operations:
		 (*) Log-in and log-out 				
		 (*) Session-based authentification 	
		 (*) Protected areas					
	
 ==================================================================================================================================
*/

class BertaSecurity {
	
	const BERTASECURITY_ERROR_SESSION_VARIABLE = 1;		// session variable corrupt
	const BERTASECURITY_ERROR_SESSION_EXPIRED = 2;			// session expired
	const BERTASECURITY_ERROR_SESSION_IP_CONFLICT = 3;		// ip address has changed
	const BERTASECURITY_ERROR_LOGIN_VARIABLE = 4;			// login variables corrupt or empty
	const BERTASECURITY_ERROR_LOGIN_INCORRECT = 5;			// login user and password incorrect
	
	public $authExpiresSeconds;	// session idle time
	public $authUseAuthentification = false;
	
	public $authentificated = false; // if 
	public $userLoggedIn = false;
	
	public $user;				// array of all user information available in the database (id, ident, nick, email, etc.)
	
	public $accessIP;				// array containing ip address by bytes
	public $accessIPStr = '';
	
	public $errAuth = 0;	// the reason (id), why autentification failed;
	public $errLogin = 0;	// the reason (id), why login failed;
	
	public function BertaSecurity($authEnvironment = 'site', $authExpiresSeconds = 21600) {
		$this->authExpiresSeconds = $authExpiresSeconds;
		$this->authUseAuthentification = true;
		
		$this->authentificated = $this->authUseAuthentification ? $this->authentificate() : true;
		
		
		// todo - change relying on userLoggedIn to a new environment variable
		if($authEnvironment == 'site') {
			$this->userLoggedIn = false;
		}
	}
	
	
	public function getAccessIP() {
		$this->accessIPStr = $_SERVER["REMOTE_ADDR"];
		if(preg_match("/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/", $this->accessIPStr, $ipRegs)) {
			$this->accessIP = array((int) $ipRegs[1],
									(int) $ipRegs[2],
									(int) $ipRegs[3],
									(int) $ipRegs[4]);
			return $this->accessIP;
		} else
			return false;
	}
	
	
	
	
	// ------------------------------------------------------------------------------------------------------------------------------
	// --    Login and authentification    ------------------------------------------------------------------------------------------
	// ------------------------------------------------------------------------------------------------------------------------------
	
	
	public function authentificate() {
		//echo Berta::$options['SITE_ABS_ROOT'];
		session_name(BertaUtils::canonizeString('berta_' . Berta::$options['version'] . '_' . Berta::$options['SITE_ABS_ROOT'], '_', ''));
		session_start();
		$curTime = time();
		
		//var_dump($_SESSION);
		
		//echo $curTime - $_SESSION['_berta__user']['last_access'];
		
		if(isset($_SESSION['_berta__user']) && is_array($_SESSION['_berta__user'])) {
			if(($curTime - $_SESSION['_berta__user']['last_access'] <= $this->authExpiresSeconds)) {
				if($_SESSION['_berta__user']['last_ip'] == $_SERVER['REMOTE_ADDR']) {
					
					$_SESSION['_berta__user']['last_access'] = $curTime;
					$this->user = $_SESSION['_berta__user'];
					$this->userLoggedIn = true;
					
					if(!empty($_REQUEST['_security_reload_user']))
						$this->updateUserSettings($this->user);
						
					return $this->userLoggedIn = true;
					
				} else {
					$this->destroy(self::BERTASECURITY_ERROR_SESSION_IP_CONFLICT); // ip conflict
					return $this->userLoggedIn = false;
				}
			} else {
				$this->destroy(self::BERTASECURITY_ERROR_SESSION_EXPIRED);
				return $this->userLoggedIn = false;
			}
		
		} elseif(isset($_SESSION['_berta__user']) && !is_array($_SESSION['_berta__user'])) {
			$this->destroy(self::BERTASECURITY_ERROR_SESSION_VARIABLE);
			return $this->userLoggedIn = false;
		
		} else {
			return $this->userLoggedIn = false;
		}
	}
	
	
	
	public function goToLoginPage($loginPageRelativeURL) {
		$qS = $this->errAuth ? "?autherror=" . $this->errAuth : "";
		if(headers_sent()) {
			echo '<script language="javascript" type="text/javascript">window.location="' . $loginPageRelativeURL . $qS . '";</script>';
			echo '<p>Please wait... (or <a href="' . $loginPageRelativeURL . $qS . '">click here</a> if nothing happens)</p>';
		} else
			header('Location: ' . $loginPageRelativeURL . $qS);
		
		exit;
	}
	
	
	public function login($name, $pass, $realName, $realPass) {
		if($name && $pass) {
			if($name == $realName && $pass == $realPass) {
				$this->destroy();
				session_start();
				$this->updateUserSettings(array('name' => $realName));
				
				return $this->userLoggedIn = true;
				
			} else {
				$this->errLogin = self::BERTASECURITY_ERROR_LOGIN_INCORRECT;	// wrong creditentials
				return false;
			}
	
		} else {
			$this->errLogin = self::BERTASECURITY_ERROR_LOGIN_VARIABLE;	// no identification supplied
			return false;
		}
		
	}
	
	
	public function destroy($authErrNo = false) {
		if(isset($_SESSION['_berta__user'])) unset($_SESSION['_berta__user']);
		@session_destroy();
		$this->user = array();
		//echo $authErrNo;
		
		return true;
	}
	
	
	public function updateUserSettings($user = false) {
		
		if(isset($user["last_access_sec"])) $this->user["prev_access"] = $user["last_access_sec"];
		if(isset($user["last_ip"])) $this->user["prev_ip"] = $user["last_ip"];
		$this->user = array_merge($user, array(
						  "user_name" => $user["name"] ? $user["name"] : $user['nickname'],
						  "login_time" => time(),
						  "last_access" => time(),
						  "last_ip" => $_SERVER['REMOTE_ADDR']));
		
		$_SESSION['_berta__user'] = $this->user;
	}
	
	
	
	
	
	
	
	
	// ------------------------------------------------------------------------------------------------------------------------------
	// --    Misc    ----------------------------------------------------------------------------------------------------------------
	// ------------------------------------------------------------------------------------------------------------------------------
	
	
	public function getError($errType, $errId) {
		switch($errType) {
			case "auth":
				switch($errId) {
					case self::BERTASECURITY_ERROR_SESSION_VARIABLE: return "Please check whether your browser supports cookies!";
					case self::BERTASECURITY_ERROR_SESSION_EXPIRED: return "The max idle time is " . round($this->authExpiresSeconds / 60) . " minutes.";
					case self::BERTASECURITY_ERROR_SESSION_IP_CONFLICT: return "Your IP address has changed... any idea why?";
					default: return "Unknown error (id: $errId).";
				}
			case "login":
				switch($errId) {
					case self::BERTASECURITY_ERROR_LOGIN_VARIABLE: return "Pardon?";
					case self::BERTASECURITY_ERROR_LOGIN_INCORRECT:
						$arr = array("Pardon?");
						return $arr[array_rand($arr)];
					case 8: return "You have been deactivated.";
					default: return "Unknown error ($errId)";
				}
		}
	}
	
	
	
	
	
	
	



	
	function dispNocacheHeaders() {
		if(!headers_sent()) {
			header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
			header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
			header("Cache-Control: no-store, no-cache, must-revalidate"); 
			header("Cache-Control: post-check=0, pre-check=0", false); 
			header("Pragma: no-cache"); 
			return true;
		}
		return false;
	}
	
	
}

?>