Subversion Repositories phpLibraryV2

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 rodolico 1
<?php
2
 
3
   /*
4
    * Filename: auth.class.php
5
    * 
6
    * Description:
7
    *    Authorization class for web application.
8
    *    Requires database table with following minimal structure
9
    *       id           int unsigned not null auto_increment
10
    *       name         varchar(64)
11
    *       passwd       varchar(256)
12
    *       access       text
13
    *    defaults are table _user, with columns name, passwd and access
14
    *    name and pass are matched against database entries, then name
15
    *    and access are stored in instantiation of class
16
    * 
17
    *    passwd should be able to handle 256 chars as hashes become
18
    *    longer.
19
    *
20
    * 
21
    * $Rev:: 8            $: Revision in Repository
22
    * $Author:: rodolico  $: Last Author
23
    * $Date:: 2017-07-28 0$: Last Commit
24
    * 
25
    * 
26
    * History:
27
    * 20170728 - RWR - 1.0
28
    *    Initial build
29
    */
30
 
31
   require_once( 'DBQuery.class.php' );
6 rodolico 32
 
33
   global $DEBUG;
1 rodolico 34
 
35
   class Auth {
36
 
37
      // all data stored in $parameters. We will initialize $parameters
38
      // with some default data
39
      protected $parameters = array(
40
                               'table name' => '_user', // table storing auth info
4 rodolico 41
                               'column username' => 'username', // field to match username to
1 rodolico 42
                               'column password' => 'passwd', // field to match password to
43
                               'column access' => 'access',    // field which contains access information
6 rodolico 44
                               'column id' => '_user_id', // unique user id in table
4 rodolico 45
                            );
1 rodolico 46
 
4 rodolico 47
 
1 rodolico 48
      // constructor simply loads parameters into array from 
49
      public function __construct( $parameters = array() ) {
50
         // first, gather all info from the parameters array
51
         foreach ( $parameters as $key  => $value )
52
            $this->parameters[$key] = $value;
6 rodolico 53
         $this->logIt( 1, 'Constructed Auth' );
1 rodolico 54
      } // construct
6 rodolico 55
 
1 rodolico 56
 
6 rodolico 57
      protected function logIt ( $level, $message, $file = null, $class = null, $function = null, $line = null ) {
58
         global $DEBUG;
59
         if ( isset( $DEBUG ) ) {
60
            $DEBUG->writeLog( $level, $message, $file, $class, $function, $line );
61
         }
62
      } // logIt
63
 
64
 
65
      public function save() {
66
         return $this->parameters;
67
      } // save
68
 
69
      public function load( $parameters ) {
70
         $this->parameters = $parameters;
71
      } // load
72
 
1 rodolico 73
      public function __get( $parameter ) {
74
         return $this->parameters[$parameter];
75
      } // function get
76
 
77
      public function __set ($parameter, $value ) {
4 rodolico 78
         $oldValue = $this->parameters[$parameter];
1 rodolico 79
         $this->parameters[$parameter] = $value;
80
         return $oldValue;
81
      } // function set
82
 
83
 
84
      /* 
85
      * authorizes access to a resource
86
      * just a shell at this time.
87
      */
88
      public function authorize ( $resource = '' )  {
89
         if ( isset( $this->parameters['username'] ) ) {
90
            /* 
91
            * code here to actually determine if user is authorized
92
            * for this page
93
            */
94
            return true;
95
         } elseif ( isset( $this->parameters['login page'] ) ) {
96
            // redirect to login page
4 rodolico 97
            $loginPage = $this->parameters['login page'];
98
            header( "Location: $loginPage" );
1 rodolico 99
            exit();
100
         } else {
101
            print $this->createLoginPage();
102
            exit();
103
         }
104
      } // function authorize
105
 
106
 
107
      /*
108
      * Checks if the username and password are valid.
109
      * username can either be taken from parameters or from $this->parameters
110
      * on success, sets username, password, user_id and access from
111
      * database (I know username should not change, but I want the db val
112
      */
113
      function verifyLogin( $password, $username = null ) {
114
         if ( isset( $username ) ) 
115
            $this->parameters['username'] = $username;
116
         if ( isset( $this->parameters['username'] ) && isset( $password ) ) {
4 rodolico 117
            $sql = "select " . 
118
                     $this->parameters['column id'] . " 'id'," .
119
                     $this->parameters['column username'] . " 'username'," .
120
                     $this->parameters['column password'] . " 'password'," .
121
                     $this->parameters['column access'] . " 'access' " .
122
                  " from " .
123
                     $this->parameters['table name'] .
124
                  " where " .
125
                     $this->parameters['column username'] . " = " . 
126
                        DBQuery::makeSafeSQLConstant( $this->parameters['username'] );
6 rodolico 127
            $this->logIt( 3, "Query = $sql", null, __CLASS__, __FUNCTION__, __LINE__ );
1 rodolico 128
            $results = new DBQuery( $sql );
129
            if ( $results->getOneRow() ) {
130
               // a special case is when the password stored in the database is null
131
               // in which case we give full access. This allows us to do a manual reset
132
               // if passwords are lost.
6 rodolico 133
               $data = $results->__get( 'returnData' );
8 rodolico 134
               $this->logIt( 4, "\nResults = \n" . print_r( $results, true) , null, __CLASS__, __FUNCTION__, __LINE__ );
135
               $this->logIt( 3, "\nData = \n" . print_r( $data, true) , null, __CLASS__, __FUNCTION__, __LINE__ );
6 rodolico 136
               if ( $data->password == '' || $data->password == null || password_verify( $password, $data->password ) ) {
8 rodolico 137
                  $this->parameters['username'] = $data['username'];
138
                  $this->parameters['user_id'] = $data['id'];
139
                  $this->parameters['access'] = $data['access'];
140
                  $this->logIt( 2, "Access Granted = \n" . print_r( array( 'username' => $data['username'], 'user_id' => $data['id'], 'access' => $data['access'] ), true) , null, __CLASS__, __FUNCTION__, __LINE__ );
141
                  return array( 'username' => $data['username'], 'user_id' => $data['id'], 'access' => $data['access'] );
1 rodolico 142
               } // if password verifies
143
            } // if the query executed
144
         } // if we have a username and a password
145
         return false;
146
      } // function verifyLogin
147
 
148
 
149
      /* update password hash from parameter passed in, saving it in database */
150
      function setPassword ( $password ) {
151
         $hash = password_hash( $password, PASSWORD_DEFAULT );
152
         $sql = "update $this->parameters[table name] 
153
               set $this->parameters[column password] = '$hash' 
154
               where $this->parameters[column id] = $this->parameters[user id]";
155
         return new DBQuery( $sql, true );
156
      } // setPassword
157
 
158
 
159
      public function createLoginPage () {
160
       return '<?php
161
            session_start();
162
            if (isset( $_POST["submit"])) {
163
            include_once( "Auth.class.php" );
164
            $_SESSION["authorization information"] = new Auth();
165
            ?>
166
            <html><body>
167
            <h3 align="center">Enter your username and password below</h3>
168
                     <FORM action="login.html" method="POST" enctype="multipart/form-data">
169
                       <table border="1" cellpadding="2" align="center">
170
                       <tbody>
171
                         <tr>
172
                           <td>User Name</td>
173
                           <td><input type="text" name="login" size="20"></td>
174
                         </tr>
175
                         <tr>
176
                           <td>Password</td>
177
                           <td><input type="password" name="pass" size="20"></td>
178
                         </tr>
179
                         <tr><TD colspan="2" align="center"><INPUT type="submit" name="Login" value="Log In"></TD></tr>
180
                       </tbody>
181
                     </table>
182
                     </FORM></body></html>';
183
      } // function createLoginPag
184
 
185
 
186
   } // class Auth
187
 
188
?>