188 lines
10 KiB
PHP
188 lines
10 KiB
PHP
<?php
|
|
namespace SYSTEM\SECURITY;
|
|
class security {
|
|
public static function create($username, $password_sha1, $email, $locale = 'enUS',$json_result = false){
|
|
self::startSession();
|
|
if(!self::available($username)){
|
|
throw new \SYSTEM\LOG\ERROR("Username unavailable");}
|
|
$result = \SYSTEM\SQL\SYS_SECURITY_CREATE::QI(array( $username , $password_sha1, $email, $locale));
|
|
$row = true;
|
|
if(!$result || !($row = self::login($username, $password_sha1, $locale))){
|
|
throw new \SYSTEM\LOG\ERROR("Error during Registration process.");}
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : $row;
|
|
}
|
|
|
|
public static function login($username, $password_sha1, $locale=NULL,$json_result = false){
|
|
self::startSession();
|
|
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] = NULL;
|
|
|
|
//Database check
|
|
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_EMAIL_SHA1::Q1(array($username, $username, $password_sha1));
|
|
if(!$row){
|
|
throw new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");}
|
|
|
|
// set session variables
|
|
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] =
|
|
new User( $row[\SYSTEM\SQL\system_user::FIELD_ID],
|
|
$row[\SYSTEM\SQL\system_user::FIELD_USERNAME],
|
|
$row[\SYSTEM\SQL\system_user::FIELD_EMAIL],
|
|
$row[\SYSTEM\SQL\system_user::FIELD_JOINDATE],
|
|
time(),
|
|
getenv('REMOTE_ADDR'),
|
|
0,
|
|
NULL,
|
|
$row[\SYSTEM\SQL\system_user::FIELD_LOCALE],
|
|
\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL));
|
|
if(isset($locale)){
|
|
\SYSTEM\locale::set($locale);}
|
|
\SYSTEM\SQL\SYS_SECURITY_UPDATE_LASTACTIVE::QI(array($row[\SYSTEM\SQL\system_user::FIELD_ID]));
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : $row;
|
|
}
|
|
|
|
// Determine if username exists
|
|
public static function available($username,$email=null,$json_result=false){
|
|
if($email){
|
|
$res = \SYSTEM\SQL\SYS_SECURITY_AVAILABLE_EMAIL::Q1(array($username,$email));
|
|
} else {
|
|
$res = \SYSTEM\SQL\SYS_SECURITY_AVAILABLE::Q1(array($username));}
|
|
if(!$res){
|
|
if($json_result){
|
|
throw new \SYSTEM\LOG\ERRROR("Cannot determine the availability of username!");
|
|
} else{ return false;}
|
|
}
|
|
if($res['count'] != 0){
|
|
if($json_result){
|
|
throw new \SYSTEM\LOG\ERRROR("Username or Email is not avilable.");
|
|
} else{ return false;}
|
|
}
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;
|
|
}
|
|
|
|
//checks for a right for a logged in user
|
|
public static function check($rightid,$json_result=false){
|
|
//Not logged in? Go away.
|
|
//If you think you need rights for your guests ur doing smth wrong ;-)
|
|
$user = null;
|
|
if(!($user = self::getUser())){
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::fail() : false;}
|
|
$res = \SYSTEM\SQL\SYS_SECURITY_CHECK::Q1(array($user->id, $rightid));
|
|
if(!$res || $res['count'] == 0){
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::fail() : false;}
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;
|
|
}
|
|
|
|
public static function change_password($username,$old_password_sha1,$new_password_sha1){
|
|
$row = \SYSTEM\SQL\SYS_SECURITY_LOGIN_USER_SHA1::Q1(array($username, $old_password_sha1));
|
|
if(!$row){
|
|
throw new \SYSTEM\LOG\ERROR("No such User Password combination.");}
|
|
$result = \SYSTEM\SQL\SYS_SECURITY_UPDATE_PW::QI(array($new_password_sha1, $row['id']));
|
|
return $result ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
|
}
|
|
public static function change_email($username, $new_email) {
|
|
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
|
|
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
|
|
//find all userdata
|
|
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
|
|
if(!$vars || $vars['email_confirmed'] !== 1){
|
|
throw new \SYSTEM\LOG\ERROR("Username not found or Email unconfirmed.");}
|
|
|
|
//generate pw & token
|
|
$vars['email'] = $new_email;
|
|
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_change_email',array('user' => $vars['id'],'email' => $vars['email']));
|
|
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
|
|
$vars['newline'] = "\r\n";
|
|
|
|
//mail
|
|
$to = $vars['email'];
|
|
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email_subject'), $vars);
|
|
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_change_email'), $vars);
|
|
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_change_email_from')."\r\n" .
|
|
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_change_email_replyto');
|
|
|
|
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
|
}
|
|
public static function reset_password($username) {
|
|
//find all userdata
|
|
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
|
|
if(!$vars){
|
|
throw new \SYSTEM\LOG\ERROR("Username not found.");}
|
|
|
|
//generate pw & token
|
|
$vars['pw'] = substr(sha1(time().rand(0, 4000)), 1,10);
|
|
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_reset_password',array('user' => $vars['id'],'pw_sha1' => sha1($vars['pw'])));
|
|
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
|
|
$vars['newline'] = "\r\n";
|
|
|
|
//mail
|
|
$to = $vars['email'];
|
|
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password_subject'), $vars);
|
|
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_reset_password'), $vars);
|
|
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_reset_password_from')."\r\n" .
|
|
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_reset_password_replyto');
|
|
|
|
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
|
}
|
|
public static function confirm_email($username) {
|
|
if(!self::isLoggedIn() || (self::getUser()->username !== $username && self::check(\SYSTEM\SECURITY\RIGHTS::SYS_SAI_SECURITY_RIGHTS_EDIT))){
|
|
throw new \SYSTEM\LOG\ERROR("You need to be logged in to trigger this function on your account.");}
|
|
//find all userdata
|
|
$vars = \SYSTEM\SQL\SYS_SECURITY_USER_INFO::Q1(array($username));
|
|
if(!$vars || $vars['email_confirmed'] == 1){
|
|
throw new \SYSTEM\LOG\ERROR("Username not found or already confirmed.");}
|
|
|
|
//generate token
|
|
$vars['token'] = \SYSTEM\TOKEN\token::request('\SYSTEM\TOKEN\token_confirm_email',array('user' => $vars['id']));
|
|
$vars['base_url'] = \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL);
|
|
$vars['newline'] = "\r\n";
|
|
|
|
//mail
|
|
$to = $vars['email'];
|
|
$subject= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email_subject'), $vars);
|
|
$message= \SYSTEM\PAGE\replace::replace(\SYSTEM\PAGE\text::get('mail_confirm_email'), $vars);
|
|
$header = 'From: '. \SYSTEM\PAGE\text::get('mail_confirm_email_from')."\r\n" .
|
|
'Reply-To: '.\SYSTEM\PAGE\text::get('mail_confirm_email_replyto');
|
|
|
|
return \mail($to, $subject, $message, $header) ? \SYSTEM\LOG\JsonResult::ok() : \SYSTEM\LOG\JsonResult::fail();
|
|
}
|
|
public static function confirm($token,$json_result = false) {
|
|
return \SYSTEM\TOKEN\token::confirm($token) ?
|
|
($json_result ? \SYSTEM\LOG\JsonResult::ok() : true) :
|
|
($json_result ? \SYSTEM\LOG\JsonResult::fail() : false);}
|
|
|
|
public static function getUser(){
|
|
if(!self::isLoggedIn(false)){
|
|
return NULL;}
|
|
return $_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)];
|
|
}
|
|
|
|
//Session
|
|
public static function logout($json_result = false){
|
|
self::startSession();
|
|
session_destroy();
|
|
return $json_result ? \SYSTEM\LOG\JsonResult::ok() : true;}
|
|
|
|
public static function save($key,$value){
|
|
self::startSession();
|
|
$_SESSION['values'][$key] = $value;}
|
|
|
|
public static function load($key){
|
|
self::startSession();
|
|
if(!isset($_SESSION['values'][$key])){
|
|
return NULL;}
|
|
return $_SESSION['values'][$key];}
|
|
|
|
public static function isLoggedIn($json_result = false){
|
|
self::startSession();
|
|
return (isset($_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)]) &&
|
|
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] instanceof User) ?
|
|
($json_result ? \SYSTEM\LOG\JsonResult::ok() : true) : ($json_result ? \SYSTEM\LOG\JsonResult::fail() : false);}
|
|
|
|
protected static function startSession(){
|
|
if(!isset($_SESSION) && !headers_sent()){
|
|
\session_start();}
|
|
//respect locale from db if not set(right place here?)
|
|
if( isset($_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)]) &&
|
|
$_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)] instanceof User){
|
|
$_SESSION['values'][\SYSTEM\locale::SESSION_KEY] = $_SESSION[\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL)]->locale;}
|
|
}
|
|
} |