1 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/*
|
|
|
4 |
* Filename: auth.class.php
|
|
|
5 |
*
|
|
|
6 |
* Description:
|
|
|
7 |
* Authorization class for web application.
|
|
|
8 |
* Requires database table with following minimal structure
|
|
|
9 |
* id int unsigned not null auto_increment
|
|
|
10 |
* name varchar(64)
|
|
|
11 |
* passwd varchar(256)
|
|
|
12 |
* access text
|
|
|
13 |
* defaults are table _user, with columns name, passwd and access
|
|
|
14 |
* name and pass are matched against database entries, then name
|
|
|
15 |
* and access are stored in instantiation of class
|
|
|
16 |
*
|
|
|
17 |
* passwd should be able to handle 256 chars as hashes become
|
|
|
18 |
* longer.
|
|
|
19 |
*
|
|
|
20 |
*
|
|
|
21 |
* $Rev:: 1 $: Revision in Repository
|
|
|
22 |
* $Author:: rodolico $: Last Author
|
|
|
23 |
* $Date:: 2017-07-28 0$: Last Commit
|
|
|
24 |
*
|
|
|
25 |
*
|
|
|
26 |
* History:
|
|
|
27 |
* 20170728 - RWR - 1.0
|
|
|
28 |
* Initial build
|
|
|
29 |
*/
|
|
|
30 |
|
|
|
31 |
require_once( 'DBQuery.class.php' );
|
|
|
32 |
|
|
|
33 |
class Auth {
|
|
|
34 |
|
|
|
35 |
// all data stored in $parameters. We will initialize $parameters
|
|
|
36 |
// with some default data
|
|
|
37 |
protected $parameters = array(
|
|
|
38 |
'table name' => '_user', // table storing auth info
|
|
|
39 |
'column username' => 'name', // field to match username to
|
|
|
40 |
'column password' => 'passwd', // field to match password to
|
|
|
41 |
'column access' => 'access', // field which contains access information
|
|
|
42 |
'column id' => '_user_id' // unique user id in table
|
|
|
43 |
);
|
|
|
44 |
|
|
|
45 |
// constructor simply loads parameters into array from
|
|
|
46 |
public function __construct( $parameters = array() ) {
|
|
|
47 |
// first, gather all info from the parameters array
|
|
|
48 |
foreach ( $parameters as $key => $value )
|
|
|
49 |
$this->parameters[$key] = $value;
|
|
|
50 |
} // construct
|
|
|
51 |
|
|
|
52 |
public function __get( $parameter ) {
|
|
|
53 |
return $this->parameters[$parameter];
|
|
|
54 |
} // function get
|
|
|
55 |
|
|
|
56 |
public function __set ($parameter, $value ) {
|
|
|
57 |
$oldValuee = get( $parameter );
|
|
|
58 |
$this->parameters[$parameter] = $value;
|
|
|
59 |
return $oldValue;
|
|
|
60 |
} // function set
|
|
|
61 |
|
|
|
62 |
|
|
|
63 |
/*
|
|
|
64 |
* authorizes access to a resource
|
|
|
65 |
* just a shell at this time.
|
|
|
66 |
*/
|
|
|
67 |
public function authorize ( $resource = '' ) {
|
|
|
68 |
if ( isset( $this->parameters['username'] ) ) {
|
|
|
69 |
/*
|
|
|
70 |
* code here to actually determine if user is authorized
|
|
|
71 |
* for this page
|
|
|
72 |
*/
|
|
|
73 |
return true;
|
|
|
74 |
} elseif ( isset( $this->parameters['login page'] ) ) {
|
|
|
75 |
// redirect to login page
|
|
|
76 |
header( "Location: $this->parameters[login page]" );
|
|
|
77 |
exit();
|
|
|
78 |
} else {
|
|
|
79 |
print $this->createLoginPage();
|
|
|
80 |
exit();
|
|
|
81 |
}
|
|
|
82 |
} // function authorize
|
|
|
83 |
|
|
|
84 |
|
|
|
85 |
/*
|
|
|
86 |
* Checks if the username and password are valid.
|
|
|
87 |
* username can either be taken from parameters or from $this->parameters
|
|
|
88 |
* on success, sets username, password, user_id and access from
|
|
|
89 |
* database (I know username should not change, but I want the db val
|
|
|
90 |
*/
|
|
|
91 |
function verifyLogin( $password, $username = null ) {
|
|
|
92 |
if ( isset( $username ) )
|
|
|
93 |
$this->parameters['username'] = $username;
|
|
|
94 |
if ( isset( $this->parameters['username'] ) && isset( $password ) ) {
|
|
|
95 |
$sql = "select
|
|
|
96 |
$this->parameters[column id] 'id',
|
|
|
97 |
$this->parameters[column username] 'username',
|
|
|
98 |
$this->parameters[column password] 'password',
|
|
|
99 |
$this->parameters[column access] 'access'
|
|
|
100 |
from
|
|
|
101 |
$this->parameters[table name]
|
|
|
102 |
where
|
|
|
103 |
$this->parameters[column username] = " .
|
|
|
104 |
makeSafeSQL( $this->parameters['username'] );
|
|
|
105 |
$results = new DBQuery( $sql );
|
|
|
106 |
if ( $results->getOneRow() ) {
|
|
|
107 |
// a special case is when the password stored in the database is null
|
|
|
108 |
// in which case we give full access. This allows us to do a manual reset
|
|
|
109 |
// if passwords are lost.
|
|
|
110 |
if ( $results->password == 'null' || password_verify( $password, $results->password ) ) {
|
|
|
111 |
$this->parameters['username'] = $results->username;
|
|
|
112 |
$this->parameters['user id'] = $results->id;
|
|
|
113 |
$this->parameters['access'] = $results->access;
|
|
|
114 |
return true;
|
|
|
115 |
} // if password verifies
|
|
|
116 |
} // if the query executed
|
|
|
117 |
} // if we have a username and a password
|
|
|
118 |
return false;
|
|
|
119 |
} // function verifyLogin
|
|
|
120 |
|
|
|
121 |
|
|
|
122 |
/* update password hash from parameter passed in, saving it in database */
|
|
|
123 |
function setPassword ( $password ) {
|
|
|
124 |
$hash = password_hash( $password, PASSWORD_DEFAULT );
|
|
|
125 |
$sql = "update $this->parameters[table name]
|
|
|
126 |
set $this->parameters[column password] = '$hash'
|
|
|
127 |
where $this->parameters[column id] = $this->parameters[user id]";
|
|
|
128 |
return new DBQuery( $sql, true );
|
|
|
129 |
} // setPassword
|
|
|
130 |
|
|
|
131 |
|
|
|
132 |
public function createLoginPage () {
|
|
|
133 |
return '<?php
|
|
|
134 |
session_start();
|
|
|
135 |
if (isset( $_POST["submit"])) {
|
|
|
136 |
include_once( "Auth.class.php" );
|
|
|
137 |
$_SESSION["authorization information"] = new Auth();
|
|
|
138 |
?>
|
|
|
139 |
<html><body>
|
|
|
140 |
<h3 align="center">Enter your username and password below</h3>
|
|
|
141 |
<FORM action="login.html" method="POST" enctype="multipart/form-data">
|
|
|
142 |
<table border="1" cellpadding="2" align="center">
|
|
|
143 |
<tbody>
|
|
|
144 |
<tr>
|
|
|
145 |
<td>User Name</td>
|
|
|
146 |
<td><input type="text" name="login" size="20"></td>
|
|
|
147 |
</tr>
|
|
|
148 |
<tr>
|
|
|
149 |
<td>Password</td>
|
|
|
150 |
<td><input type="password" name="pass" size="20"></td>
|
|
|
151 |
</tr>
|
|
|
152 |
<tr><TD colspan="2" align="center"><INPUT type="submit" name="Login" value="Log In"></TD></tr>
|
|
|
153 |
</tbody>
|
|
|
154 |
</table>
|
|
|
155 |
</FORM></body></html>';
|
|
|
156 |
} // function createLoginPag
|
|
|
157 |
|
|
|
158 |
|
|
|
159 |
} // class Auth
|
|
|
160 |
|
|
|
161 |
?>
|