webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#3 docu security

Browse Source
This commit is contained in:
Ulf Gebhardt 2016-06-12 21:12:39 +02:00
parent 8ab04dc999
commit e946cbd1c1
12 changed files with 336 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
security/RIGHTS.php
View File

@ -1,24 +1,39 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SECURITY
*/
namespace SYSTEM\SECURITY;
/**
* Rights Class provided by System to define system rights.
* Extend this class for your own.
*/
class RIGHTS {
//Never use anything with 0 in php
/** int Never use anything with 0 in php */
const SYS_DONOTUSE = 0;
//System Administrator Interface
/** int System Administrator Interface */
const SYS_SAI = 1;
//Security Module
const SYS_SAI_SECURITY = 5; //access
const SYS_SAI_SECURITY_RIGHTS_EDIT = 6; //edit rights
//Database Text Module
/** int Security Module access */
const SYS_SAI_SECURITY = 5;
/** int Security Module edit rights */
const SYS_SAI_SECURITY_RIGHTS_EDIT = 6; //
/** int Database Text Module */
const SYS_SAI_LOCALE = 10;
//Image Module
/** int Image Module */
const SYS_SAI_FILES = 15;
//Api Module
/** int Api Module */
const SYS_SAI_API = 20;
//const SYS_SAI_API_EDIT = 21;
/** int Cron jobs */
const SYS_SAI_CRON = 25;
//Reserve first 1000 ids.
/** int Reserve first 1000 ids. Start from here. */
const RESERVED_SYS_0_999 = 999;
}

41
security/User.php
View File

@ -1,21 +1,58 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SECURITY
*/
namespace SYSTEM\SECURITY;
/**
* User Class provided by System to manage website user session values
*/
class User {
/** int user id*/
public $id = NULL;
/** string username*/
public $username = NULL;
/** string email*/
public $email = NULL;
/** int user creation date*/
public $creationDate = NULL;
/** int users last login*/
public $lastLoginDate = NULL;
/** string users last login IP*/
public $lastLoginIP = NULL;
/** int users amunt of wrong passwords*/
public $passwordWrongCount = NULL;
/** array users rights*/
public $rights = NULL;
/** string users language*/
public $locale = NULL;
/** string websiteurl*/
public $base_url = NULL;
/** bool users email confirm status*/
public $email_confirmed = NULL;
/**
* Create a new User Session Store.
*
* @param int $id User id
* @param string $username Username
* @param string $email Users Email
* @param int $creationDate user creation date
* @param int $lastLoginDate users last login
* @param string $lastLoginIP users last login IP
* @param int $passwordWrongCount users amunt of wrong passwords
* @param array $rights users rights
* @param string $locale Users Language
* @param string $base_url websiteurl
* @param bool $email_confirmed users email confirm status
*/
public function __construct($id, $username, $email, $creationDate, $lastLoginDate, $lastLoginIP, $passwordWrongCount, $rights, $locale, $base_url, $email_confirmed){
$this->id = $id;
$this->username = $username;

14
security/qq/SYS_SECURITY_AVAILABLE.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to check for usernames availibility
*/
class SYS_SECURITY_AVAILABLE extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_AVAILABLE_EMAIL.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to check for username || email combination availibility
*/
class SYS_SECURITY_AVAILABLE_EMAIL extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

13
security/qq/SYS_SECURITY_CHECK.php
View File

@ -1,6 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to check for users rights
*/
class SYS_SECURITY_CHECK extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_CREATE.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to create a new user
*/
class SYS_SECURITY_CREATE extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_LOGIN_USER_EMAIL_SHA1.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to check for emails creadentials (login)
*/
class SYS_SECURITY_LOGIN_USER_EMAIL_SHA1 extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_LOGIN_USER_SHA1.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to check for usernames credentials (login)
*/
class SYS_SECURITY_LOGIN_USER_SHA1 extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_UPDATE_LASTACTIVE.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to update users last active timestamp
*/
class SYS_SECURITY_UPDATE_LASTACTIVE extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

14
security/qq/SYS_SECURITY_UPDATE_PW.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to change a user password
*/
class SYS_SECURITY_UPDATE_PW extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pqsql(){return

14
security/qq/SYS_SECURITY_USER_INFO.php
View File

@ -1,5 +1,19 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SQL
*/
namespace SYSTEM\SQL;
/**
* QQ to get a usernames infos
*/
class SYS_SECURITY_USER_INFO extends \SYSTEM\DB\QP {
public static function get_class(){return \get_class();}
public static function pgsql(){return

158
security/security.php
View File

@ -1,6 +1,30 @@
<?php
/**
* System - PHP Framework
*
* PHP Version 5.6
*
* @copyright 2016 Ulf Gebhardt (http://www.webcraft-media.de)
* @license http://www.opensource.org/licenses/mit-license.php MIT
* @link https://github.com/webcraftmedia/system
* @package SYSTEM\SECURITY
*/
namespace SYSTEM\SECURITY;
class security {
/**
* security Class provided by System to manage website user and its attributes
*/
class security {
/**
* Create a new User. Permanently saved to the Database
*
* @param string $username Username of the new User
* @param string $password_sha1 Hashed Password of the new User
* @param string $email Email of the new User
* @param string $locale Language of the new User
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns json with status true or Error or Array with userinfo.
*/
public static function create($username, $password_sha1, $email, $locale = 'enUS',$json_result = false){
self::startSession();
if(!self::available($username)){
@ -11,7 +35,16 @@ class security {
throw new \SYSTEM\LOG\ERROR("Error during Registration process.");}
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : $row;
}
/**
* Login a User.
*
* @param string $username Username of the User
* @param string $password_sha1 Hashed Password of the User
* @param string $locale Language of the User on login.
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns json with status true or Error or Array with userinfo.
*/
public static function login($username, $password_sha1, $locale=NULL,$json_result = false){
self::startSession();
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] = NULL;
@ -28,9 +61,7 @@ class security {
$row[\SYSTEM\SQL\system_user::FIELD_EMAIL],
$row[\SYSTEM\SQL\system_user::FIELD_JOINDATE],
time(),
getenv('REMOTE_ADDR'),
0,
NULL,
getenv('REMOTE_ADDR'),0,NULL,
$row[\SYSTEM\SQL\system_user::FIELD_LOCALE],
\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL),
$row[\SYSTEM\SQL\system_user::FIELD_EMAIL_CONFIRMED]);
@ -40,7 +71,14 @@ class security {
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : $row;
}
// Determine if username exists
/**
* Determine if username is already in use.
*
* @param string $username Username to be checked
* @param string $email EMail to be checked
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns json with status true or Error or Array with userinfo.
*/
public static function available($username,$email=null,$json_result=false){
if($email){
$res = \SYSTEM\SQL\SYS_SECURITY_AVAILABLE_EMAIL::Q1(array($username,$email));
@ -59,7 +97,13 @@ class security {
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;
}
//checks for a right for a logged in user
/**
* Checks for a right for a logged in user
*
* @param int $rightid Right ID to be checked
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns json with status true or false or true or false.
*/
public static function check($rightid,$json_result=false){
//Not logged in? Go away.
//If you think you need rights for your guests ur doing smth wrong ;-)
@ -72,6 +116,14 @@ class security {
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;
}
/**
* Change users Password
*
* @param string $username Username whos subject to the passwordchange
* @param string $old_password_sha1 Users old hashed Password
* @param string $new_password_sha1 Users new hashed Password
* @return json Returns json with status true or false
*/
public static function change_password($username,$old_password_sha1,$new_password_sha1){
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $old_password_sha1));
if(!$row){
@ -79,6 +131,23 @@ class security {
$result = \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id']));
return $result ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
/**
* Change users Email.
* This will facilitate the @see \SYSTEM\TOKEN\token utility to generate
* a token and send it to the users email using php mailinc function.
*
* This function can only be invoked if the user is logged in and uses the
* function on himself or \SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT
* is present for the invoking user.
*
* This function will fail if the Email of the user is unconfirmed. You can
* only change the email of a confirmed account.
*
* @param string $username Username whos subject to the emailchange
* @param string $new_email New Email for the given Username
* @return bool Returns true or false
*/
public static function change_email($username, $new_email) {
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
@ -102,6 +171,17 @@ class security {
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
/**
* Reset users Password.
* This will facilitate the @see \SYSTEM\TOKEN\token utility to generate
* a token and send it to the users email using php mailinc function.
* A new password is generated on invoke and sent with the email.
* After confirming the token the new password given in the email is valid.
*
* @param string $username Username whos subject to the password reset
* @return bool Returns true or false
*/
public static function reset_password($username) {
//find all userdata
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
@ -123,6 +203,19 @@ class security {
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
/**
* Request an Confirm-Email for given Username.
* This will facilitate the @see \SYSTEM\TOKEN\token utility to generate
* a token and send it to the users email using php mailinc function.
*
* This function can only be invoked if the user is logged in and uses the
* function on himself or \SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT
* is present for the invoking user.
*
* @param string $username Username whos subject to the email confirm request
* @return bool Returns true or false
*/
public static function confirm_email($username) {
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
@ -145,39 +238,82 @@ class security {
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
}
/**
* Confirm a token sent using @see \SYSTEM\TOKEN\token utility
* (email confirm, email change, password reset)
*
* @param string $token Token given in eg an email.
* @param bool $json_result Return data as JSON or Array
* @return bool Returns json with status true or false or a bool
*/
public static function confirm($token,$json_result = false) {
return \SYSTEM\TOKEN\token::confirm($token) ?
($json_result ? \SYSTEM\LOG\JsonResult::ok() : true) :
($json_result ? \SYSTEM\LOG\JsonResult::fail() : false);}
/**
* Get Userinfo stored in the current Session.
*
* @return User Returns User object or NULL
*/
public static function getUser(){
if(!self::isLoggedIn(false)){
return NULL;}
return $_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)];
}
//Session
/**
* End the current Session and logout the User
*
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns Json status true or true
*/
public static function logout($json_result = false){
self::startSession();
session_destroy();
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;}
/**
* Save a key=>value into the current session(not preserved)
*
* @param string $key key for the given value
* @param mixed $value Value for the given Key to be saved
* @return null Returns null.
*/
public static function save($key,$value){
self::startSession();
$_SESSION['values'][$key] = $value;}
/**
* Save the value of a key from the current session(not preserved)
*
* @param string $key key to be queried
* @return mixed Returns Value or null.
*/
public static function load($key){
self::startSession();
if(!isset($_SESSION['values'][$key])){
return NULL;}
return $_SESSION['values'][$key];}
/**
* Check if the current session is a logged in user
*
* @param bool $json_result Return data as JSON or Array
* @return mixed Returns json with status true or false or a bool.
*/
public static function isLoggedIn($json_result = false){
self::startSession();
return (isset($_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)]) &&
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] instanceof User) ?
($json_result ? \SYSTEM\LOG\JsonResult::ok() : true) : ($json_result ? \SYSTEM\LOG\JsonResult::fail() : false);}
/**
* State the Session for the current request
*
* @return null Returns null.
*/
protected static function startSession(){
if(!isset($_SESSION) && !headers_sent()){
\session_start();}