-
Notifications
You must be signed in to change notification settings - Fork 790
/
Auth.php
228 lines (209 loc) · 5.97 KB
/
Auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
<?php
/**
* class Registration
* handles the user registration
*
* @author Panique <[email protected]>
* @version 1.0
*/
class Auth
{
/**
* Database connection
* @var MySQLi
*/
private $conn;
/**
* Collection of error messages
* @var array
*/
private $errors = array();
/**
* Collection of regular expressions to validate user data
* @var array
*/
public static final $regexp = array(
'user_name' => '^[a-zA-Z0-9]{2,64}$',
'user_password' => '^.{6,}$'
);
/********************************************************
* Possible Error using Constants to enable localization
********************************************************/
const DATA_MISSING = 1; //data is missing
const DATA_INVALID = 2; //data is invalid
const DATA_MISMATCH = 3; //string mismatch between 2 string
const REGISTRATION_FAILED = 1; //registration failed (db error)
const USER_EXISTS = 1; //user submitted already exists in database
const USER_UNKNOWN = 2; //user unknown (user name OR password Error)
/**
* Used to generated a unique token for each user
* @var string
*/
private $secretKey = 'This is my hidden secret key'; //you should change this phrase
/**
* The Constructor initialize the db connection
*/
public function __construct()
{
$this->conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($this->conn->connect_errno || ! $this->conn->set_charset(DB_CHARSET)) {
die("Sorry, no database connection.");
}
}
/**
* Return the regular expressions (can be use to match PHP and HTML5 regular expression)
* @param string $name an specified regular expression
* @return mixed
*/
public function getRegexp($name = null)
{
if (is_null($name)) {
return self::$regexp;
}
if (isset(self::$regexp[$name])) {
return self::$regexp[$name];
}
return null;
}
/**
* Return the errors
* @param string $name an specified error
* @return mixed
*/
public function getErrors($name = null)
{
if (is_null($name)) {
return $this->errors;
}
if (isset($this->errors[$name])) {
return $this->errors[$name];
}
return null;
}
/**
* check to see if the email is valid
* @param string $str the email to test
* @return mixed return the status to work with filter_* function
*/
public static function isValidEmail($str = null)
{
if (is_null($str)) {
return null;
}
$str = filter_var($str, FILTER_VALIDATE_EMAIL);
if (! $str || 64 > strlen($str)) {
return false;
}
return $str;
}
/**
* check to see if the password is valid
* @param string $str the password to test
* @return mixed the status to work with filter_* function
*/
public static function isValidPassword($str = null)
{
if (is_null($str)) {
return null;
}
$str = filter_var(
$str,
FILTER_VALIDATE_REGEXP,
array(
'options' => array(
'regexp' => '/'.self::$regexp['user_password'].'/'
)
)
);
if (! $str) {
return false;
}
return $str;
}
/**
* check to see if the username is valid
* @param string $str the username to test
* @return mixed the status to work with filter_* function
*/
public static function isValidUserName($str = null)
{
if (is_null($str)) {
return null;
}
$str = filter_var(
$str,
FILTER_VALIDATE_REGEXP,
array(
'options' => array(
'regexp' => '/'.self::$regexp['user_name'].'/'
)
)
);
if (! $str) {
return false;
}
return $str;
}
/**
* return the user data
* @param str $login the user name
*
* @return array the user info
*/
private function getUserByName($login)
{
$login = $this->conn->real_escape_string($login);
$res = $this->conn->query("SELECT * FROM users WHERE user_name = '$login'");
if ($res->num_rows != 1) {
return array();
}
return $res->fetch_assoc();
}
/**
* is a user already with the given login OR email exists in the database
* @param str $login the user name
* @param str $email the user email
*
* @return boolean
*/
private function isUserExists($login, $email)
{
$login = $this->conn->real_escape_string($login);
$email = $this->conn->real_escape_string($email);
$res = $this->conn->query(
"SELECT COUNT(user_id) AS nb FROM users WHERE user_name = '$login' OR user_email = '$email'"
);
$nb = $res->fetch_assoc();
return (bool) $nb['nb'];
}
/**
* generate a unique token
* @param string $login a string to generate the token with
* @return string the generated token
*/
private function generateToken($login)
{
$userAgent = (isset($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : '';
$timestamp = time();
$secret = sha1($login.'|'.$this->secretKey.'|'.$userAgent.'|'.$timestamp);
return $login.'|'.$timestamp.'|'.$secret;
}
/**
* validate a token against itself and against time
* which makes session timeout possible
* @param string $str the token to be validated
* @return boolean
*/
private function isValidateToken($str)
{
list($login, $timestamp, $secret) = explode('|', $str);
$userAgent = (isset($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : '';
if (
sha1($login.'|'.$this->secretKey.'|'.$userAgent.'|'.$timestamp) != $secret ||
strtotime('NOW - 30 MINUTES') > $timestamp
) {
return false;
}
return true;
}
}