Subversion Repositories phpLibraryV2

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 rodolico 1
<?php
2
 
3
   /*
4
    * Filename: auth.class.php
5
    * 
6
    * Description:
7
    *    Authorization class for web application.
8
    *    Requires database table with following minimal structure
9
    *       id           int unsigned not null auto_increment
10
    *       name         varchar(64)
11
    *       passwd       varchar(256)
12
    *       access       text
13
    *    defaults are table _user, with columns name, passwd and access
14
    *    name and pass are matched against database entries, then name
15
    *    and access are stored in instantiation of class
16
    * 
17
    *    passwd should be able to handle 256 chars as hashes become
18
    *    longer.
19
    *
20
    * 
21
    * $Rev:: 1            $: Revision in Repository
22
    * $Author:: rodolico  $: Last Author
23
    * $Date:: 2017-07-28 0$: Last Commit
24
    * 
25
    * 
26
    * History:
27
    * 20170728 - RWR - 1.0
28
    *    Initial build
29
    */
30
 
31
   require_once( 'DBQuery.class.php' );
32
 
33
   class Auth {
34
 
35
      // all data stored in $parameters. We will initialize $parameters
36
      // with some default data
37
      protected $parameters = array(
38
                               'table name' => '_user', // table storing auth info
39
                               'column username' => 'name', // field to match username to
40
                               'column password' => 'passwd', // field to match password to
41
                               'column access' => 'access',    // field which contains access information
42
                               'column id' => '_user_id' // unique user id in table
43
                            ); 
44
 
45
      // constructor simply loads parameters into array from 
46
      public function __construct( $parameters = array() ) {
47
         // first, gather all info from the parameters array
48
         foreach ( $parameters as $key  => $value )
49
            $this->parameters[$key] = $value;
50
      } // construct
51
 
52
      public function __get( $parameter ) {
53
         return $this->parameters[$parameter];
54
      } // function get
55
 
56
      public function __set ($parameter, $value ) {
57
         $oldValuee = get( $parameter );
58
         $this->parameters[$parameter] = $value;
59
         return $oldValue;
60
      } // function set
61
 
62
 
63
      /* 
64
      * authorizes access to a resource
65
      * just a shell at this time.
66
      */
67
      public function authorize ( $resource = '' )  {
68
         if ( isset( $this->parameters['username'] ) ) {
69
            /* 
70
            * code here to actually determine if user is authorized
71
            * for this page
72
            */
73
            return true;
74
         } elseif ( isset( $this->parameters['login page'] ) ) {
75
            // redirect to login page
76
            header( "Location: $this->parameters[login page]" );
77
            exit();
78
         } else {
79
            print $this->createLoginPage();
80
            exit();
81
         }
82
      } // function authorize
83
 
84
 
85
      /*
86
      * Checks if the username and password are valid.
87
      * username can either be taken from parameters or from $this->parameters
88
      * on success, sets username, password, user_id and access from
89
      * database (I know username should not change, but I want the db val
90
      */
91
      function verifyLogin( $password, $username = null ) {
92
         if ( isset( $username ) ) 
93
            $this->parameters['username'] = $username;
94
         if ( isset( $this->parameters['username'] ) && isset( $password ) ) {
95
            $sql = "select 
96
                     $this->parameters[column id] 'id',
97
                     $this->parameters[column username] 'username',
98
                     $this->parameters[column password] 'password',
99
                     $this->parameters[column access] 'access'
100
                  from 
101
                     $this->parameters[table name] 
102
                  where 
103
                     $this->parameters[column username] = " . 
104
                        makeSafeSQL( $this->parameters['username'] );
105
            $results = new DBQuery( $sql );
106
            if ( $results->getOneRow() ) {
107
               // a special case is when the password stored in the database is null
108
               // in which case we give full access. This allows us to do a manual reset
109
               // if passwords are lost.
110
               if ( $results->password == 'null' || password_verify( $password, $results->password ) ) {
111
                  $this->parameters['username'] = $results->username;
112
                  $this->parameters['user id'] = $results->id;
113
                  $this->parameters['access'] = $results->access;
114
                  return true;
115
               } // if password verifies
116
            } // if the query executed
117
         } // if we have a username and a password
118
         return false;
119
      } // function verifyLogin
120
 
121
 
122
      /* update password hash from parameter passed in, saving it in database */
123
      function setPassword ( $password ) {
124
         $hash = password_hash( $password, PASSWORD_DEFAULT );
125
         $sql = "update $this->parameters[table name] 
126
               set $this->parameters[column password] = '$hash' 
127
               where $this->parameters[column id] = $this->parameters[user id]";
128
         return new DBQuery( $sql, true );
129
      } // setPassword
130
 
131
 
132
      public function createLoginPage () {
133
       return '<?php
134
            session_start();
135
            if (isset( $_POST["submit"])) {
136
            include_once( "Auth.class.php" );
137
            $_SESSION["authorization information"] = new Auth();
138
            ?>
139
            <html><body>
140
            <h3 align="center">Enter your username and password below</h3>
141
                     <FORM action="login.html" method="POST" enctype="multipart/form-data">
142
                       <table border="1" cellpadding="2" align="center">
143
                       <tbody>
144
                         <tr>
145
                           <td>User Name</td>
146
                           <td><input type="text" name="login" size="20"></td>
147
                         </tr>
148
                         <tr>
149
                           <td>Password</td>
150
                           <td><input type="password" name="pass" size="20"></td>
151
                         </tr>
152
                         <tr><TD colspan="2" align="center"><INPUT type="submit" name="Login" value="Log In"></TD></tr>
153
                       </tbody>
154
                     </table>
155
                     </FORM></body></html>';
156
      } // function createLoginPag
157
 
158
 
159
   } // class Auth
160
 
161
?>