Scavenger
/
smn-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
Tree: 7396d617cb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7396d617cb'
${ noResults }
smn-server/Application/scf/Core/Authentication.php

Authentication.php 5.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. <?php

  2. 

  3. namespace SCF\Core;

  4. 

  5. 

  6. class Authentication

  7. {

  8. 

  9.     /**

  10.      * @var Database

  11.      */

  12.     private $_db;

  13. 

  14.     /**

  15.      * Login constructor.

  16.      * @param Database $db

  17.      */

  18.     public function __construct(Database $db)

  19.     {

  20.         $this->_db = $db;

  21.     }

  22. 

  23.     /**

  24.      * @return string

  25.      * @throws \Exception

  26.      */

  27.     private function createToken()

  28.     {

  29.         if (function_exists('random_bytes')) {

  30.             $bytes = random_bytes(16);

  31.             $str = bin2hex($bytes);

  32.         } else if (function_exists('openssl_random_pseudo_bytes')) {

  33.             $bytes = openssl_random_pseudo_bytes(16);

  34.             $str = bin2hex($bytes);

  35.         } else {

  36.             $str = hash('sha256', uniqid(BLOWFISH, true));

  37.         }

  38.         return $str;

  39. 

  40.     }

  41. 

  42.     /**

  43.      * @param string $username

  44.      * @param string $password

  45.      * @param $rememberMe

  46.      * @return bool

  47.      * @throws \Exception

  48.      */

  49.     public function loginAction($username = '', $password = '', $rememberMe)

  50.     {

  51.         $this->_db->query("SELECT `userId`, `username`, `password`, `email` FROM users WHERE username = :username OR email = :username LIMIT 0,1");

  52.         $this->_db->bind(':username', $username);

  53.         $temp = $this->_db->single();

  54. 

  55. 

  56.         if ($temp !== false && hash('sha256',$password) ==  $temp['password']) {

  57.             $_SESSION['scf_userId'] = $temp['userId'];

  58. 

  59. 

  60.             if (isset($rememberMe)) {

  61.                 $identifier = $this->createToken();

  62.                 $securityToken = $this->createToken();

  63.                 $time = date("Y-m-d H:i:s", time());

  64. 

  65.                 $this->_db->query("INSERT INTO users_tokens (userId, identifier, securitytoken, createDate) VALUES (:userId, :identifier, :securitytoken, :created)");

  66.                 $this->_db->bind(':userId', $temp['userId']);

  67.                 $this->_db->bind(':identifier', $identifier);

  68.                 $this->_db->bind(':securitytoken', sha1($securityToken));

  69.                 $this->_db->bind(':created', $time);

  70.                 $this->_db->execute();

  71.                 setcookie('scf_identifier', $identifier, time() + (3600 * 24 * 30));

  72.                 setcookie('scf_token', $securityToken, time() + (3600 * 24 * 30));

  73.             }

  74.             return true;

  75.         } else {

  76.             session_destroy();

  77.             return false;

  78.         }

  79.     }

  80. 

  81.     /**

  82.      * @return bool

  83.      */

  84.     public function isLogin()

  85.     {

  86.         $this->checkLogin();

  87. 

  88.         if (isset($_SESSION['scf_userId'])) {

  89.             return true;

  90.         } else {

  91.             return false;

  92.         }

  93.     }

  94. 

  95.     /**

  96.      * Check if LoginToken for user exists

  97.      */

  98.     public function checkLogin()

  99.     {

  100.         if (!isset($_SESSION['scf_userId']) && isset($_COOKIE['scf_identifier']) && isset($_COOKIE['scf_token'])) {

  101.             $identifier = $_COOKIE['scf_identifier'];

  102.             $securityToken = $_COOKIE['scf_token'];

  103. 

  104.             $this->_db->query("SELECT * FROM users_tokens WHERE identifier = :identifier");

  105.             $this->_db->bind(':identifier', $identifier);

  106.             $this->_db->execute();

  107. 

  108.             $temp = $this->_db->single();

  109. 

  110.             if (sha1($securityToken) !== $temp['securitytoken']) {

  111. 

  112.             } else {

  113.                 $newToken = $this->createToken();

  114.                 $this->_db->query("UPDATE users_tokens SET securitytoken = :token WHERE identifier = :identifier");

  115.                 $this->_db->bind(':token', $newToken);

  116.                 $this->_db->bind(':identifier', $identifier);

  117.                 setcookie('scf_identifier', $identifier, time() + (3600 * 24 * 30));

  118.                 setcookie('scf_token', $newToken, time() + (3600 * 24 * 30));

  119. 

  120.                 $_SESSION['scf_userId'] = $temp['userId'];

  121. 

  122.             }

  123.         }

  124.     }

  125. 

  126. 

  127.     public function logout()

  128.     {

  129.         if(isset($_COOKIE['scf_identifier'])) {

  130.             $this->_db->query("DELETE FROM users_tokens WHERE userId = {$_SESSION['scf_userId']}");

  131.         }

  132.         setcookie('scf_identifier', null , -1);

  133.         setcookie('scf_token', null , -1);

  134.         session_destroy();

  135.         return true;

  136.     }

  137. 

  138.     /**

  139.      * @param string $username

  140.      * @param string $password

  141.      * @param string $email

  142.      * @param string $gender

  143.      * @return string

  144.      * @throws \Exception

  145.      */

  146.     public function registerAccount($username = '', $password = '', $email = '', $gender = 'n')

  147.     {

  148.         $this->_db->query("SELECT username, email FROM users WHERE username = :reguser OR email = :regemail");

  149.         $this->_db->bind(':reguser', $username);

  150.         $this->_db->bind(':regemail', $email);

  151.         $this->_db->execute();

  152. 

  153.         if ($this->_db->rowCount() == 1) {

  154.             return 'register_error';

  155.         } else {

  156. 

  157.             $this->saveDataInDatabase($username, $password, $email, $gender);

  158. 

  159.             return 'register_success';

  160.         }

  161. 

  162.     }

  163. 

  164.     /**

  165.      * @param $username

  166.      * @param $password

  167.      * @param $email

  168.      * @param $gender

  169.      * @throws \Exception

  170.      */

  171.     private function saveDataInDatabase($username, $password, $email, $gender)

  172.     {

  173.         $this->_db->query("INSERT INTO users (username, passwort, avatar, gender, email, accountActive, activationHash) 

  174.                                              VALUES (:username, :password, 'm2', :gender, :email, '0', :activation)");

  175.         $this->_db->bind(':username', $username);

  176.         $this->_db->bind(':password', password_hash($password, PASSWORD_BCRYPT));

  177.         $this->_db->bind(':gender', $gender);

  178.         $this->_db->bind(':email', $email);

  179.         $this->_db->bind(':activation', $this->createToken());

  180.         $this->_db->execute();

  181.     }

  182. }