diff --git a/globals/Dependencies/Users/User.php b/globals/Dependencies/Users/User.php index eb9a85b..f5aeb0f 100644 --- a/globals/Dependencies/Users/User.php +++ b/globals/Dependencies/Users/User.php @@ -7,6 +7,8 @@ namespace Alphaland\Users { + + use Alphaland\Common\HashingUtiltity; use Alphaland\Moderation\UserModerationManager; use Alphaland\Users\Activation; use Alphaland\Web\WebContextManager; @@ -30,6 +32,18 @@ namespace Alphaland\Users } } + public function GenerateSessionToken(int $len) + { + $hash = ""; + do { + $hash = HashingUtiltity::GenerateByteHash($len); + $tokencheck = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM sessions WHERE token = :t"); + $tokencheck->bindParam(":t", $hash, PDO::PARAM_STR); + $tokencheck->execute(); + } while ($tokencheck->fetchColumn() != 0); + return $hash; + } + public function IsOwner() { if ($this->rank == 3) { return true; @@ -51,13 +65,35 @@ namespace Alphaland\Users return false; } + public function CreateSession(int $userid) + { + $token = $this->GenerateSessionToken(128); //generate the auth token + $ip = WebContextManager::GetCurrentIPAddress(); + $user_agent = $_SERVER['HTTP_USER_AGENT']; + + $session = $GLOBALS['pdo']->prepare("INSERT INTO sessions(token, uid, ip, whenCreated, user_agent) VALUES(:t,:u,:i,UNIX_TIMESTAMP(),:ua)"); + $session->bindParam(":t", $token, PDO::PARAM_STR); + $session->bindParam(":u", $userid, PDO::PARAM_INT); + $session->bindParam(":i", $ip, PDO::PARAM_STR); + $session->bindParam(":ua", $user_agent, PDO::PARAM_STR); + if($session->execute()) { + setcookie("token", $token, time() + (86400 * 30), "/", ".alphaland.cc"); //30 day expiration on token for (hopefully) all alphaland paths + $this->ValidateSession($token); + return true; + } else { + return false; + } + } + public function UpdateLastSeen() { if (!UserModerationManager::IsBanned($this->id)) { $updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id"); $updateLastSeen->bindParam(":id", $this->id, PDO::PARAM_INT); $updateLastSeen->execute(); + return true; } + return false; } public function UpdateDailyTime(int $dailyTime) @@ -119,6 +155,30 @@ namespace Alphaland\Users return false; } + public function ValidatePassword($userid, string $password) + { + $userpassword = $GLOBALS['pdo']->prepare("SELECT pwd FROM users WHERE id = :i"); + $userpassword->bindParam(":i", $userid, PDO::PARAM_INT); + $userpassword->execute(); + if($userpassword->rowCount() > 0) { + if(password_verify($password, $userpassword->fetch(PDO::FETCH_OBJ)->pwd)) { + return true; //correct + } + } + return false; + } + + public function LogoutAllSessions(int $userid) + { + $sessions = $GLOBALS['pdo']->prepare("DELETE FROM sessions WHERE uid = :uid"); + $sessions->bindParam(":uid", $userid, PDO::PARAM_INT); + $sessions->execute(); + if ($sessions->rowCount() > 0) { + return true; + } + return false; + } + public function Logout() { if($this->logged_in) { diff --git a/globals/functions.php b/globals/functions.php index 440b27a..60b35fd 100644 --- a/globals/functions.php +++ b/globals/functions.php @@ -107,25 +107,6 @@ function genSignupKeyHash($len) return $hash; } -function genSessionHash($len) -{ - $hash = ""; - $alloc = true; - while ($alloc) { - $hash = genHash($len); - - $tokencheck = $GLOBALS['pdo']->prepare("SELECT * FROM sessions WHERE token = :t"); - $tokencheck->bindParam(":t", $hash, PDO::PARAM_STR); - $tokencheck->execute(); - if ($tokencheck->rowCount() > 0) { - continue; - } else { - $alloc = false; - } - } - return $hash; -} - function genAssetHash($len) { $hash = ""; @@ -4401,55 +4382,6 @@ function getID($username) { return false; //user not found } -function passwordCorrect($userID, $password) { - $check = $GLOBALS['pdo']->prepare("SELECT pwd FROM users WHERE id = :i"); - $check->bindParam(":i", $userID, PDO::PARAM_INT); - $check->execute(); - if($check->rowCount() > 0) { - $passwordb = $check->fetch(PDO::FETCH_OBJ); - if(password_verify($password, $passwordb->pwd)) { - return true; //correct - } - return false; //incorrect password - } - return false; // user not found -} - -function createSession($userID) { - $token = genSessionHash(128); //generate the auth token - $ip = getIP(); - $user_agent = $_SERVER['HTTP_USER_AGENT']; - - $session = $GLOBALS['pdo']->prepare("INSERT INTO sessions(token, uid, ip, whenCreated, user_agent) - VALUES(:t,:u,:i,UNIX_TIMESTAMP(),:ua)"); - $session->bindParam(":t", $token, PDO::PARAM_STR); - $session->bindParam(":u", $userID, PDO::PARAM_INT); - $session->bindParam(":i", $ip, PDO::PARAM_STR); - $session->bindParam(":ua", $user_agent, PDO::PARAM_STR); - if($session->execute()) { - setcookie("token", $token, time() + (86400 * 30), "/", ".alphaland.cc"); //30 day expiration on token for (hopefully) all alphaland paths - $GLOBALS['user']->ValidateSession($token); - return true; - } else { - return false; - } -} - -function updateLastSeen($userID) { - $updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id"); - $updateLastSeen->bindParam(":id", $userID, PDO::PARAM_INT); - if ($updateLastSeen->execute()) { - return true; - } - return false; -} - -function logoutAllSessions($userID) { - $sessions = $GLOBALS['pdo']->prepare("UPDATE sessions SET valid = 0 WHERE uid = :uid"); - $sessions->bindParam(":uid", $userID, PDO::PARAM_INT); - $sessions->execute(); -} - function isValidPasswordResetToken($token) { $passreset = $GLOBALS['pdo']->prepare("SELECT * FROM password_reset_keys WHERE token = :token"); diff --git a/html/login/index.php b/html/login/index.php index eb23f51..834fe05 100644 --- a/html/login/index.php +++ b/html/login/index.php @@ -16,9 +16,9 @@ if(isset($_POST['lg'])) if(usernameExists($username)) { $userID = getID($username); - if(passwordCorrect($userID, $password)) + if ($GLOBALS['user']->ValidatePassword($userID, $password)) { - createSession($userID); + $GLOBALS['user']->CreateSession($userID); if (isset($_GET['referral'])) { diff --git a/html/register.php b/html/register.php index d701ce0..0b2f78e 100644 --- a/html/register.php +++ b/html/register.php @@ -136,7 +136,7 @@ else Activation::SetupUserActivation($userID); //create new session - createSession($userID); + $GLOBALS['user']->CreateSession($userID); //send verification email sendVerificationEmail("info@alphaland.cc", $email); diff --git a/html/settings/changeemail.php b/html/settings/changeemail.php index 4896444..b035682 100644 --- a/html/settings/changeemail.php +++ b/html/settings/changeemail.php @@ -13,7 +13,7 @@ if(isset($_POST['Submit'])) else { $password = cleanInput($_POST['password']); - if(passwordCorrect($user->id, $password)) + if ($GLOBALS['user']->ValidatePassword($user->id, $password)) { $changeemail = changeEmail($_POST['email']); diff --git a/html/settings/changepassword.php b/html/settings/changepassword.php index 2e1022e..3b2e2be 100644 --- a/html/settings/changepassword.php +++ b/html/settings/changepassword.php @@ -4,7 +4,7 @@ $alert = ''; if(isset($_POST['Submit'])) { $currentpassword = cleanInput($_POST['curpassword']); - if(passwordCorrect($user->id, $currentpassword)) + if ($GLOBALS['user']->ValidatePassword($user->id, $currentpassword) ) { if ($_POST['npassword'] == $_POST['cnpassword']) { diff --git a/html/settings/resetpassword.php b/html/settings/resetpassword.php index d57b730..79a6ad7 100644 --- a/html/settings/resetpassword.php +++ b/html/settings/resetpassword.php @@ -30,7 +30,7 @@ if(isset($_GET['token'])) { if (changePasswordUid($userid, $newpassword)) { - logoutAllSessions($userid); + $GLOBALS['user']->LogoutAllSessions($userid); $alert = ""; } else diff --git a/html_api/sitepresence/ping.php b/html_api/sitepresence/ping.php index 8d71706..9e842eb 100644 --- a/html_api/sitepresence/ping.php +++ b/html_api/sitepresence/ping.php @@ -10,7 +10,7 @@ header("access-control-allow-credentials: true"); header('Content-Type: application/json'); $success = false; -if (updateLastSeen($GLOBALS['user']->id)) { +if ($GLOBALS['user']->UpdateLastSeen()) { $success = true; } die(json_encode(["success" => $success])); \ No newline at end of file