Subversion Repositories phpLibraryV2

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 rodolico 1
<?php
2
 
3
   /*
4
    * Filename: auth.class.php
5
    * 
6
    * Description:
7
    *    Authorization class for web application.
8
    *    Requires database table with following minimal structure
9
    *       id           int unsigned not null auto_increment
10
    *       name         varchar(64)
11
    *       passwd       varchar(256)
12
    *       access       text
13
    *    defaults are table _user, with columns name, passwd and access
14
    *    name and pass are matched against database entries, then name
15
    *    and access are stored in instantiation of class
16
    * 
17
    *    passwd should be able to handle 256 chars as hashes become
18
    *    longer.
19
    *
20
    * 
21
    * $Rev:: 4            $: Revision in Repository
22
    * $Author:: rodolico  $: Last Author
23
    * $Date:: 2017-07-28 0$: Last Commit
24
    * 
25
    * 
26
    * History:
27
    * 20170728 - RWR - 1.0
28
    *    Initial build
29
    */
30
 
31
   require_once( 'DBQuery.class.php' );
4 rodolico 32
   include_once( 'Logging.class.php' );
1 rodolico 33
 
34
   class Auth {
35
 
36
      // all data stored in $parameters. We will initialize $parameters
37
      // with some default data
38
      protected $parameters = array(
39
                               'table name' => '_user', // table storing auth info
4 rodolico 40
                               'column username' => 'username', // field to match username to
1 rodolico 41
                               'column password' => 'passwd', // field to match password to
42
                               'column access' => 'access',    // field which contains access information
43
                               'column id' => '_user_id' // unique user id in table
4 rodolico 44
                            );
45
      public $log;
1 rodolico 46
 
4 rodolico 47
 
1 rodolico 48
      // constructor simply loads parameters into array from 
49
      public function __construct( $parameters = array() ) {
50
         // first, gather all info from the parameters array
51
         foreach ( $parameters as $key  => $value )
52
            $this->parameters[$key] = $value;
4 rodolico 53
         $this->log = new debugFile( '/tmp/camp2/Auth.log', 5 );
54
         $this->log->logLevel = 5;
55
         $this->log->writeLog( 1, 'Constructed Auth' );
1 rodolico 56
      } // construct
57
 
58
      public function __get( $parameter ) {
59
         return $this->parameters[$parameter];
60
      } // function get
61
 
62
      public function __set ($parameter, $value ) {
4 rodolico 63
         $oldValue = $this->parameters[$parameter];
1 rodolico 64
         $this->parameters[$parameter] = $value;
65
         return $oldValue;
66
      } // function set
67
 
68
 
69
      /* 
70
      * authorizes access to a resource
71
      * just a shell at this time.
72
      */
73
      public function authorize ( $resource = '' )  {
74
         if ( isset( $this->parameters['username'] ) ) {
75
            /* 
76
            * code here to actually determine if user is authorized
77
            * for this page
78
            */
79
            return true;
80
         } elseif ( isset( $this->parameters['login page'] ) ) {
81
            // redirect to login page
4 rodolico 82
            $loginPage = $this->parameters['login page'];
83
            header( "Location: $loginPage" );
1 rodolico 84
            exit();
85
         } else {
86
            print $this->createLoginPage();
87
            exit();
88
         }
89
      } // function authorize
90
 
91
 
92
      /*
93
      * Checks if the username and password are valid.
94
      * username can either be taken from parameters or from $this->parameters
95
      * on success, sets username, password, user_id and access from
96
      * database (I know username should not change, but I want the db val
97
      */
98
      function verifyLogin( $password, $username = null ) {
99
         if ( isset( $username ) ) 
100
            $this->parameters['username'] = $username;
101
         if ( isset( $this->parameters['username'] ) && isset( $password ) ) {
4 rodolico 102
            $sql = "select " . 
103
                     $this->parameters['column id'] . " 'id'," .
104
                     $this->parameters['column username'] . " 'username'," .
105
                     $this->parameters['column password'] . " 'password'," .
106
                     $this->parameters['column access'] . " 'access' " .
107
                  " from " .
108
                     $this->parameters['table name'] .
109
                  " where " .
110
                     $this->parameters['column username'] . " = " . 
111
                        DBQuery::makeSafeSQLConstant( $this->parameters['username'] );
112
            $this->log->writeLog( 3, "Query = $sql", null, __CLASS__, __FUNCTION__, __LINE__ );
1 rodolico 113
            $results = new DBQuery( $sql );
114
            if ( $results->getOneRow() ) {
115
               // a special case is when the password stored in the database is null
116
               // in which case we give full access. This allows us to do a manual reset
117
               // if passwords are lost.
4 rodolico 118
               $this->log->writeLog( 4, "Results = " . print_r( $results, true) , null, __CLASS__, __FUNCTION__, __LINE__ );
119
               if ( $results->password == '' || $results->password == null || password_verify( $password, $results->password ) ) {
1 rodolico 120
                  $this->parameters['username'] = $results->username;
4 rodolico 121
                  $this->parameters['user_id'] = $results->id;
1 rodolico 122
                  $this->parameters['access'] = $results->access;
123
                  return true;
124
               } // if password verifies
125
            } // if the query executed
126
         } // if we have a username and a password
127
         return false;
128
      } // function verifyLogin
129
 
130
 
131
      /* update password hash from parameter passed in, saving it in database */
132
      function setPassword ( $password ) {
133
         $hash = password_hash( $password, PASSWORD_DEFAULT );
134
         $sql = "update $this->parameters[table name] 
135
               set $this->parameters[column password] = '$hash' 
136
               where $this->parameters[column id] = $this->parameters[user id]";
137
         return new DBQuery( $sql, true );
138
      } // setPassword
139
 
140
 
141
      public function createLoginPage () {
142
       return '<?php
143
            session_start();
144
            if (isset( $_POST["submit"])) {
145
            include_once( "Auth.class.php" );
146
            $_SESSION["authorization information"] = new Auth();
147
            ?>
148
            <html><body>
149
            <h3 align="center">Enter your username and password below</h3>
150
                     <FORM action="login.html" method="POST" enctype="multipart/form-data">
151
                       <table border="1" cellpadding="2" align="center">
152
                       <tbody>
153
                         <tr>
154
                           <td>User Name</td>
155
                           <td><input type="text" name="login" size="20"></td>
156
                         </tr>
157
                         <tr>
158
                           <td>Password</td>
159
                           <td><input type="password" name="pass" size="20"></td>
160
                         </tr>
161
                         <tr><TD colspan="2" align="center"><INPUT type="submit" name="Login" value="Log In"></TD></tr>
162
                       </tbody>
163
                     </table>
164
                     </FORM></body></html>';
165
      } // function createLoginPag
166
 
167
 
168
   } // class Auth
169
 
170
?>