gtoriadotnet
/
fobe-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

User impl update

This commit is contained in:
Astrologies 2021-12-21 15:01:23 -05:00
parent 36c02e73d2
commit 0404e56ad6
8 changed files with 67 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
globals/Dependencies/Users/User.php
View File

@ -7,6 +7,8 @@
namespace Alphaland\Users namespace Alphaland\Users
{ {
use Alphaland\Common\HashingUtiltity;
use Alphaland\Moderation\UserModerationManager; use Alphaland\Moderation\UserModerationManager;
use Alphaland\Users\Activation; use Alphaland\Users\Activation;
use Alphaland\Web\WebContextManager; use Alphaland\Web\WebContextManager;
@ -30,6 +32,18 @@ namespace Alphaland\Users
} }
} }
public function GenerateSessionToken(int $len)
{
$hash = "";
do {
$hash = HashingUtiltity::GenerateByteHash($len);
$tokencheck = $GLOBALS['pdo']->prepare("SELECT COUNT(*) FROM sessions WHERE token = :t");
$tokencheck->bindParam(":t", $hash, PDO::PARAM_STR);
$tokencheck->execute();
} while ($tokencheck->fetchColumn() != 0);
return $hash;
}
public function IsOwner() { public function IsOwner() {
if ($this->rank == 3) { if ($this->rank == 3) {
return true; return true;
@ -51,13 +65,35 @@ namespace Alphaland\Users
return false; return false;
} }
public function CreateSession(int $userid)
{
$token = $this->GenerateSessionToken(128); //generate the auth token
$ip = WebContextManager::GetCurrentIPAddress();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$session = $GLOBALS['pdo']->prepare("INSERT INTO sessions(token, uid, ip, whenCreated, user_agent) VALUES(:t,:u,:i,UNIX_TIMESTAMP(),:ua)");
$session->bindParam(":t", $token, PDO::PARAM_STR);
$session->bindParam(":u", $userid, PDO::PARAM_INT);
$session->bindParam(":i", $ip, PDO::PARAM_STR);
$session->bindParam(":ua", $user_agent, PDO::PARAM_STR);
if($session->execute()) {
setcookie("token", $token, time() + (86400 * 30), "/", ".alphaland.cc"); //30 day expiration on token for (hopefully) all alphaland paths
$this->ValidateSession($token);
return true;
} else {
return false;
}
}
public function UpdateLastSeen() public function UpdateLastSeen()
{ {
if (!UserModerationManager::IsBanned($this->id)) { if (!UserModerationManager::IsBanned($this->id)) {
$updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id"); $updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id");
$updateLastSeen->bindParam(":id", $this->id, PDO::PARAM_INT); $updateLastSeen->bindParam(":id", $this->id, PDO::PARAM_INT);
$updateLastSeen->execute(); $updateLastSeen->execute();
return true;
} }
return false;
} }
public function UpdateDailyTime(int $dailyTime) public function UpdateDailyTime(int $dailyTime)
@ -119,6 +155,30 @@ namespace Alphaland\Users
return false; return false;
} }
public function ValidatePassword($userid, string $password)
{
$userpassword = $GLOBALS['pdo']->prepare("SELECT pwd FROM users WHERE id = :i");
$userpassword->bindParam(":i", $userid, PDO::PARAM_INT);
$userpassword->execute();
if($userpassword->rowCount() > 0) {
if(password_verify($password, $userpassword->fetch(PDO::FETCH_OBJ)->pwd)) {
return true; //correct
}
}
return false;
}
public function LogoutAllSessions(int $userid)
{
$sessions = $GLOBALS['pdo']->prepare("DELETE FROM sessions WHERE uid = :uid");
$sessions->bindParam(":uid", $userid, PDO::PARAM_INT);
$sessions->execute();
if ($sessions->rowCount() > 0) {
return true;
}
return false;
}
public function Logout() public function Logout()
{ {
if($this->logged_in) { if($this->logged_in) {

68
globals/functions.php
View File

@ -107,25 +107,6 @@ function genSignupKeyHash($len)
return $hash; return $hash;
} }
function genSessionHash($len)
{
$hash = "";
$alloc = true;
while ($alloc) {
$hash = genHash($len);
$tokencheck = $GLOBALS['pdo']->prepare("SELECT * FROM sessions WHERE token = :t");
$tokencheck->bindParam(":t", $hash, PDO::PARAM_STR);
$tokencheck->execute();
if ($tokencheck->rowCount() > 0) {
continue;
} else {
$alloc = false;
}
}
return $hash;
}
function genAssetHash($len) function genAssetHash($len)
{ {
$hash = ""; $hash = "";
@ -4401,55 +4382,6 @@ function getID($username) {
return false; //user not found return false; //user not found
} }
function passwordCorrect($userID, $password) {
$check = $GLOBALS['pdo']->prepare("SELECT pwd FROM users WHERE id = :i");
$check->bindParam(":i", $userID, PDO::PARAM_INT);
$check->execute();
if($check->rowCount() > 0) {
$passwordb = $check->fetch(PDO::FETCH_OBJ);
if(password_verify($password, $passwordb->pwd)) {
return true; //correct
}
return false; //incorrect password
}
return false; // user not found
}
function createSession($userID) {
$token = genSessionHash(128); //generate the auth token
$ip = getIP();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$session = $GLOBALS['pdo']->prepare("INSERT INTO sessions(token, uid, ip, whenCreated, user_agent)
VALUES(:t,:u,:i,UNIX_TIMESTAMP(),:ua)");
$session->bindParam(":t", $token, PDO::PARAM_STR);
$session->bindParam(":u", $userID, PDO::PARAM_INT);
$session->bindParam(":i", $ip, PDO::PARAM_STR);
$session->bindParam(":ua", $user_agent, PDO::PARAM_STR);
if($session->execute()) {
setcookie("token", $token, time() + (86400 * 30), "/", ".alphaland.cc"); //30 day expiration on token for (hopefully) all alphaland paths
$GLOBALS['user']->ValidateSession($token);
return true;
} else {
return false;
}
}
function updateLastSeen($userID) {
$updateLastSeen = $GLOBALS['pdo']->prepare("UPDATE users SET lastseen = UNIX_TIMESTAMP() WHERE id = :id");
$updateLastSeen->bindParam(":id", $userID, PDO::PARAM_INT);
if ($updateLastSeen->execute()) {
return true;
}
return false;
}
function logoutAllSessions($userID) {
$sessions = $GLOBALS['pdo']->prepare("UPDATE sessions SET valid = 0 WHERE uid = :uid");
$sessions->bindParam(":uid", $userID, PDO::PARAM_INT);
$sessions->execute();
}
function isValidPasswordResetToken($token) function isValidPasswordResetToken($token)
{ {
$passreset = $GLOBALS['pdo']->prepare("SELECT * FROM password_reset_keys WHERE token = :token"); $passreset = $GLOBALS['pdo']->prepare("SELECT * FROM password_reset_keys WHERE token = :token");

4
html/login/index.php
View File

@ -16,9 +16,9 @@ if(isset($_POST['lg']))
if(usernameExists($username)) if(usernameExists($username))
{ {
$userID = getID($username); $userID = getID($username);
if(passwordCorrect($userID, $password)) if ($GLOBALS['user']->ValidatePassword($userID, $password))
{ {
createSession($userID); $GLOBALS['user']->CreateSession($userID);
if (isset($_GET['referral'])) if (isset($_GET['referral']))
{ {

2
html/register.php
View File

@ -136,7 +136,7 @@ else
Activation::SetupUserActivation($userID); Activation::SetupUserActivation($userID);
//create new session //create new session
createSession($userID); $GLOBALS['user']->CreateSession($userID);
//send verification email //send verification email
sendVerificationEmail("info@alphaland.cc", $email); sendVerificationEmail("info@alphaland.cc", $email);

2
html/settings/changeemail.php
View File

@ -13,7 +13,7 @@ if(isset($_POST['Submit']))
else else
{ {
$password = cleanInput($_POST['password']); $password = cleanInput($_POST['password']);
if(passwordCorrect($user->id, $password)) if ($GLOBALS['user']->ValidatePassword($user->id, $password))
{ {
$changeemail = changeEmail($_POST['email']); $changeemail = changeEmail($_POST['email']);

2
html/settings/changepassword.php
View File

@ -4,7 +4,7 @@ $alert = '';
if(isset($_POST['Submit'])) if(isset($_POST['Submit']))
{ {
$currentpassword = cleanInput($_POST['curpassword']); $currentpassword = cleanInput($_POST['curpassword']);
if(passwordCorrect($user->id, $currentpassword)) if ($GLOBALS['user']->ValidatePassword($user->id, $currentpassword) )
{ {
if ($_POST['npassword'] == $_POST['cnpassword']) if ($_POST['npassword'] == $_POST['cnpassword'])
{ {

2
html/settings/resetpassword.php
View File

@ -30,7 +30,7 @@ if(isset($_GET['token']))
{ {
if (changePasswordUid($userid, $newpassword)) if (changePasswordUid($userid, $newpassword))
{ {
logoutAllSessions($userid); $GLOBALS['user']->LogoutAllSessions($userid);
$alert = "<div class='alert alert-success' role='alert'>Password updated</div>"; $alert = "<div class='alert alert-success' role='alert'>Password updated</div>";
} }
else else

2
html_api/sitepresence/ping.php
View File

@ -10,7 +10,7 @@ header("access-control-allow-credentials: true");
header('Content-Type: application/json'); header('Content-Type: application/json');
$success = false; $success = false;
if (updateLastSeen($GLOBALS['user']->id)) { if ($GLOBALS['user']->UpdateLastSeen()) {
$success = true; $success = true;
} }
die(json_encode(["success" => $success])); die(json_encode(["success" => $success]));