/php/Login.php
PHP | 146 lines | 109 code | 36 blank | 1 comment | 20 complexity | b75e826405346b69dafe0129deb31976 MD5 | raw file
- <?php
-
- require_once 'Database.php';
-
- class NotLoggedIn extends Exception { }
-
- class Login {
- private static $logged = null;
- public static $name;
- public static $email;
- public static $status;
- public static $id;
-
-
- public static function register($user, $email, $pass1, $pass2) {
- // Check that everything is okay
- if (strlen($user) > 30)
- return 'Username is too long!';
- if (strlen($user) < 1)
- return 'Username is too short!';
- if (!self::valid_name($user))
- return 'Username contains invalid characters!';
- if (DB::user_exists($user))
- return 'Username is already in use!';
- if (filter_var($email, FILTER_VALIDATE_EMAIL) !== $email)
- return 'Invalid email!';
- if (strlen($pass1) < 6)
- return 'Password is too short! It should be at least 6 characters.';
- if ($pass1 !== $pass2)
- return 'Passwords didn\'t match!';
-
-
- $salt = self::create_salt();
- $hash = self::create_hash($pass1, $salt);
-
- $succ = DB::add_user($user, $email, $hash);
-
- if (!$succ)
- return 'Something went horribly wrong! Try again or contact admin.';
-
- return true;
- }
-
- public static function log_in($user, $pass, $persistent) {
- if (!self::valid_name($user))
- return 'Invalid username!';
-
- $info = DB::get_user_info($user);
-
- if (!$info)
- return 'Invalid username!';
-
- if (!self::right_pass($pass, $info['hash']))
- return 'Wrong password!';
-
- self::create_cookie($info, $persistent);
- self::$logged = true;
-
- self::set_login_info($info);
-
- return true;
- }
-
- public static function is_logged_in() {
- if (self::$logged === true) return true;
- if (self::$logged === false) return false;
-
- if (!isset($_COOKIE['li_name'])) return false;
- if (!isset($_COOKIE['li_foo'])) return false;
- if (!isset($_COOKIE['li_bar'])) return false;
-
- $info = DB::get_user_info($_COOKIE['li_name']);
-
- if (!$info)
- return false;
-
- if ($info['name'] !== $_COOKIE['li_name'])
- return false;
-
- $hash = self::create_cookie_hash($info, $_COOKIE['li_bar']);
- if ($hash !== $_COOKIE['li_foo'])
- return false;
-
- self::set_login_info($info);
- return true;
- }
-
- public static function log_out() {
- setcookie('li_name', '', time() - 3600, '/');
- setcookie('li_foo', '', time() - 3600, '/');
- setcookie('li_bar', '', time() - 3600, '/');
- self::$logged = false;
- }
-
- public static function protect() {
- if (!Login::is_logged_in()) {
- echo 'Not logged in.';
- throw new NotLoggedIn();
- }
- }
-
- private static function set_login_info($info) {
- self::$name = $info['name'];
- self::$email = $info['email'];
- self::$id = $info['id'];
- self::$status = $info['status'];
- self::$logged = true;
- }
-
- private static function create_cookie($info, $persistent) {
- $exp = ($persistent ? 2000000000 : 0);
- $salt = self::create_cookie_salt();
- $hash = self::create_cookie_hash($info, $salt);
-
- setcookie('li_name', $info['name'], $exp, '/');
- setcookie('li_foo', $hash, $exp, '/');
- setcookie('li_bar', $salt, $exp, '/');
- }
-
-
- private static function create_cookie_hash($info, $salt) {
- $data = $info['name'] . $info['id'] . $info['hash'] . $info['status'] .
- $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . $salt;
- return hash('sha256', $data);
- }
-
- private static function create_cookie_salt() {
- return hash('sha1', self::create_salt());
- }
-
- private static function valid_name($name) {
- return (preg_match('/^[a-zA-Z0-9_-]+$/', $name) === 1);
- }
-
- private static function create_salt() {
- return substr(str_replace('+', '.', base64_encode(sha1(uniqid(microtime(true)), true))), 0, 22);
- }
-
- private static function create_hash($pass, $salt) {
- return crypt($pass, '$2a$10$' . $salt);
- }
-
- private static function right_pass($pass, $hash) {
- return (crypt($pass, $hash) === $hash);
- }
- }