| 1 |
rodolico |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
/*
|
|
|
4 |
* Filename: auth.class.php
|
|
|
5 |
*
|
|
|
6 |
* Description:
|
|
|
7 |
* Authorization class for web application.
|
|
|
8 |
* Requires database table with following minimal structure
|
|
|
9 |
* id int unsigned not null auto_increment
|
|
|
10 |
* name varchar(64)
|
|
|
11 |
* passwd varchar(256)
|
|
|
12 |
* access text
|
|
|
13 |
* defaults are table _user, with columns name, passwd and access
|
|
|
14 |
* name and pass are matched against database entries, then name
|
|
|
15 |
* and access are stored in instantiation of class
|
|
|
16 |
*
|
|
|
17 |
* passwd should be able to handle 256 chars as hashes become
|
|
|
18 |
* longer.
|
|
|
19 |
*
|
|
|
20 |
*
|
|
|
21 |
* $Rev:: 10 $: Revision in Repository
|
|
|
22 |
* $Author:: rodolico $: Last Author
|
|
|
23 |
* $Date:: 2017-07-28 0$: Last Commit
|
|
|
24 |
*
|
|
|
25 |
*
|
|
|
26 |
* History:
|
|
|
27 |
* 20170728 - RWR - 1.0
|
|
|
28 |
* Initial build
|
|
|
29 |
*/
|
|
|
30 |
|
|
|
31 |
require_once( 'DBQuery.class.php' );
|
| 6 |
rodolico |
32 |
|
|
|
33 |
global $DEBUG;
|
| 1 |
rodolico |
34 |
|
|
|
35 |
class Auth {
|
|
|
36 |
|
|
|
37 |
// all data stored in $parameters. We will initialize $parameters
|
|
|
38 |
// with some default data
|
|
|
39 |
protected $parameters = array(
|
|
|
40 |
'table name' => '_user', // table storing auth info
|
| 4 |
rodolico |
41 |
'column username' => 'username', // field to match username to
|
| 1 |
rodolico |
42 |
'column password' => 'passwd', // field to match password to
|
|
|
43 |
'column access' => 'access', // field which contains access information
|
| 6 |
rodolico |
44 |
'column id' => '_user_id', // unique user id in table
|
| 4 |
rodolico |
45 |
);
|
| 1 |
rodolico |
46 |
|
| 4 |
rodolico |
47 |
|
| 1 |
rodolico |
48 |
// constructor simply loads parameters into array from
|
|
|
49 |
public function __construct( $parameters = array() ) {
|
|
|
50 |
// first, gather all info from the parameters array
|
|
|
51 |
foreach ( $parameters as $key => $value )
|
|
|
52 |
$this->parameters[$key] = $value;
|
| 6 |
rodolico |
53 |
$this->logIt( 1, 'Constructed Auth' );
|
| 1 |
rodolico |
54 |
} // construct
|
| 6 |
rodolico |
55 |
|
| 1 |
rodolico |
56 |
|
| 6 |
rodolico |
57 |
protected function logIt ( $level, $message, $file = null, $class = null, $function = null, $line = null ) {
|
|
|
58 |
global $DEBUG;
|
|
|
59 |
if ( isset( $DEBUG ) ) {
|
|
|
60 |
$DEBUG->writeLog( $level, $message, $file, $class, $function, $line );
|
|
|
61 |
}
|
|
|
62 |
} // logIt
|
|
|
63 |
|
|
|
64 |
|
|
|
65 |
public function save() {
|
|
|
66 |
return $this->parameters;
|
|
|
67 |
} // save
|
|
|
68 |
|
|
|
69 |
public function load( $parameters ) {
|
|
|
70 |
$this->parameters = $parameters;
|
|
|
71 |
} // load
|
|
|
72 |
|
| 1 |
rodolico |
73 |
public function __get( $parameter ) {
|
|
|
74 |
return $this->parameters[$parameter];
|
|
|
75 |
} // function get
|
|
|
76 |
|
|
|
77 |
public function __set ($parameter, $value ) {
|
| 4 |
rodolico |
78 |
$oldValue = $this->parameters[$parameter];
|
| 1 |
rodolico |
79 |
$this->parameters[$parameter] = $value;
|
|
|
80 |
return $oldValue;
|
|
|
81 |
} // function set
|
|
|
82 |
|
|
|
83 |
|
|
|
84 |
/*
|
|
|
85 |
* authorizes access to a resource
|
|
|
86 |
* just a shell at this time.
|
|
|
87 |
*/
|
|
|
88 |
public function authorize ( $resource = '' ) {
|
|
|
89 |
if ( isset( $this->parameters['username'] ) ) {
|
|
|
90 |
/*
|
|
|
91 |
* code here to actually determine if user is authorized
|
|
|
92 |
* for this page
|
|
|
93 |
*/
|
|
|
94 |
return true;
|
|
|
95 |
} elseif ( isset( $this->parameters['login page'] ) ) {
|
|
|
96 |
// redirect to login page
|
| 4 |
rodolico |
97 |
$loginPage = $this->parameters['login page'];
|
|
|
98 |
header( "Location: $loginPage" );
|
| 1 |
rodolico |
99 |
exit();
|
|
|
100 |
} else {
|
|
|
101 |
print $this->createLoginPage();
|
|
|
102 |
exit();
|
|
|
103 |
}
|
|
|
104 |
} // function authorize
|
|
|
105 |
|
|
|
106 |
|
|
|
107 |
/*
|
|
|
108 |
* Checks if the username and password are valid.
|
|
|
109 |
* username can either be taken from parameters or from $this->parameters
|
|
|
110 |
* on success, sets username, password, user_id and access from
|
|
|
111 |
* database (I know username should not change, but I want the db val
|
|
|
112 |
*/
|
|
|
113 |
function verifyLogin( $password, $username = null ) {
|
|
|
114 |
if ( isset( $username ) )
|
|
|
115 |
$this->parameters['username'] = $username;
|
|
|
116 |
if ( isset( $this->parameters['username'] ) && isset( $password ) ) {
|
| 4 |
rodolico |
117 |
$sql = "select " .
|
|
|
118 |
$this->parameters['column id'] . " 'id'," .
|
|
|
119 |
$this->parameters['column username'] . " 'username'," .
|
|
|
120 |
$this->parameters['column password'] . " 'password'," .
|
|
|
121 |
$this->parameters['column access'] . " 'access' " .
|
|
|
122 |
" from " .
|
|
|
123 |
$this->parameters['table name'] .
|
|
|
124 |
" where " .
|
|
|
125 |
$this->parameters['column username'] . " = " .
|
|
|
126 |
DBQuery::makeSafeSQLConstant( $this->parameters['username'] );
|
| 6 |
rodolico |
127 |
$this->logIt( 3, "Query = $sql", null, __CLASS__, __FUNCTION__, __LINE__ );
|
| 1 |
rodolico |
128 |
$results = new DBQuery( $sql );
|
|
|
129 |
if ( $results->getOneRow() ) {
|
|
|
130 |
// a special case is when the password stored in the database is null
|
|
|
131 |
// in which case we give full access. This allows us to do a manual reset
|
|
|
132 |
// if passwords are lost.
|
| 6 |
rodolico |
133 |
$data = $results->__get( 'returnData' );
|
| 8 |
rodolico |
134 |
$this->logIt( 4, "\nResults = \n" . print_r( $results, true) , null, __CLASS__, __FUNCTION__, __LINE__ );
|
|
|
135 |
$this->logIt( 3, "\nData = \n" . print_r( $data, true) , null, __CLASS__, __FUNCTION__, __LINE__ );
|
| 6 |
rodolico |
136 |
if ( $data->password == '' || $data->password == null || password_verify( $password, $data->password ) ) {
|
| 8 |
rodolico |
137 |
$this->parameters['username'] = $data['username'];
|
|
|
138 |
$this->parameters['user_id'] = $data['id'];
|
|
|
139 |
$this->parameters['access'] = $data['access'];
|
|
|
140 |
$this->logIt( 2, "Access Granted = \n" . print_r( array( 'username' => $data['username'], 'user_id' => $data['id'], 'access' => $data['access'] ), true) , null, __CLASS__, __FUNCTION__, __LINE__ );
|
|
|
141 |
return array( 'username' => $data['username'], 'user_id' => $data['id'], 'access' => $data['access'] );
|
| 1 |
rodolico |
142 |
} // if password verifies
|
|
|
143 |
} // if the query executed
|
|
|
144 |
} // if we have a username and a password
|
|
|
145 |
return false;
|
|
|
146 |
} // function verifyLogin
|
|
|
147 |
|
|
|
148 |
|
|
|
149 |
/* update password hash from parameter passed in, saving it in database */
|
|
|
150 |
function setPassword ( $password ) {
|
|
|
151 |
$hash = password_hash( $password, PASSWORD_DEFAULT );
|
|
|
152 |
$sql = "update $this->parameters[table name]
|
|
|
153 |
set $this->parameters[column password] = '$hash'
|
|
|
154 |
where $this->parameters[column id] = $this->parameters[user id]";
|
|
|
155 |
return new DBQuery( $sql, true );
|
|
|
156 |
} // setPassword
|
|
|
157 |
|
|
|
158 |
|
|
|
159 |
public function createLoginPage () {
|
|
|
160 |
return '<?php
|
|
|
161 |
session_start();
|
|
|
162 |
if (isset( $_POST["submit"])) {
|
|
|
163 |
include_once( "Auth.class.php" );
|
|
|
164 |
$_SESSION["authorization information"] = new Auth();
|
|
|
165 |
?>
|
|
|
166 |
<html><body>
|
|
|
167 |
<h3 align="center">Enter your username and password below</h3>
|
|
|
168 |
<FORM action="login.html" method="POST" enctype="multipart/form-data">
|
|
|
169 |
<table border="1" cellpadding="2" align="center">
|
|
|
170 |
<tbody>
|
|
|
171 |
<tr>
|
|
|
172 |
<td>User Name</td>
|
|
|
173 |
<td><input type="text" name="login" size="20"></td>
|
|
|
174 |
</tr>
|
|
|
175 |
<tr>
|
|
|
176 |
<td>Password</td>
|
|
|
177 |
<td><input type="password" name="pass" size="20"></td>
|
|
|
178 |
</tr>
|
|
|
179 |
<tr><TD colspan="2" align="center"><INPUT type="submit" name="Login" value="Log In"></TD></tr>
|
|
|
180 |
</tbody>
|
|
|
181 |
</table>
|
|
|
182 |
</FORM></body></html>';
|
|
|
183 |
} // function createLoginPag
|
|
|
184 |
|
|
|
185 |
|
|
|
186 |
} // class Auth
|
|
|
187 |
|
|
|
188 |
?>
|