API tools faq
paste
Advertisement
Guest User

AuthMe.class.php

a guest
Mar 22nd, 2019
259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.32 KB | None | 0 0
raw download clone embed print report
  1.  
  2. <?php
  3. /*
  4. * Copyright (C) 2015-2016 Leonardosc
  5. *
  6. * This program is free software; you can redistribute it and/or modify
  7. * it under the terms of the GNU General Public License as published by
  8. * the Free Software Foundation; either version 2 of the License, or
  9. * (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License along
  17. * with this program; if not, write to the Free Software Foundation, Inc.,
  18. * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  19. *
  20. * 21/01/2015
  21. */
  22. class AuthMe {
  23. /* TIPOS DE HASH DO AUTHME */
  24. const MD5 = "md5";
  25. const SHA256 = "sha256";
  26. const SHA1 = "sha1";
  27. const WHIRLPOOL = "whirlpool";
  28. const MD5VB = "md5vb";
  29. const PLAINTEXT = "plaintext";
  30. /* CONEXÃO DO BANCO DE DADOS. */
  31. private $conection;
  32. /* NOME DA TASBELA DO AUTHME */
  33. private $authme_table;
  34. /* HASH USADA */
  35. private $algorithm;
  36. /*
  37. PARAMETROS
  38. $db_host = Ip do seu banco de dados mysql;
  39. $db_user = Nome de usuario do seu banco de dados mysql.
  40. $db_pass = Senha do seu banco de dados mysql;
  41. $db_name = Nome do database do mysql;
  42. $authme_table = Nome da tabela do authme;
  43. $algo = Tipo de hash que seu authme está utilizando;
  44. */
  45. public function __construct($db_host, $db_user, $db_pass, $db_name, $authme_table, $algo) {
  46. $this->authme_table = $authme_table;
  47. $this->algorithm = $algo;
  48. @$this->conection = mysqli_connect($db_host, $db_user, $db_pass) or die(mysqli_connect_error());
  49. @mysqli_select_db($this->conection, $db_name) or die(mysqli_error($this->conection));
  50. }
  51. /* METODO DESTRUTOR, O CONTRARIO DO CONSTRUTOR '-' */
  52. public function __destruct() {
  53. if (is_object($this->conection)) {
  54. $this->conection->close();
  55. unset($this->algorithm);
  56. unset($this->authme_table);
  57. }
  58. }
  59. /*
  60. METODO USADO PARA AUTENTICAR UM USUARIO, RETORNA true CASO OS
  61. DADOS ESTEJAM CORRETOS, CASO CONTRARIO RETORNA false.
  62. PARAMETROS
  63. $user = Nome de usuario.
  64. $pass = Senha do usuario.
  65. */
  66. public function authenticate($user, $pass) {
  67. $user = addslashes($user);
  68. $query = mysqli_query($this->conection, "SELECT password FROM {$this->authme_table} WHERE username='{$user}'");
  69. if (mysqli_num_rows($query) == 1) {
  70. $ret = mysqli_fetch_array($query);
  71. $hash_pass = $ret[0];
  72. return self::compare($pass, $hash_pass);
  73. } else {
  74. return false;
  75. }
  76. }
  77. /*
  78. METODO USADO PARA REGISTRAR UM USUARIO
  79. PARAMETROS
  80. $user = Nome de usuario.
  81. $pass = Senha do usuario.
  82. $ip = Ip do usuario.
  83. */
  84. public function register($user, $pass, $email = "your@email.com", $ip = "0.0.0.0") {
  85. $user = addslashes($user);
  86. $pass = addslashes(self::AMHash($pass));
  87. if (self::isUsernameRegistered($user)) {
  88. return false;
  89. }
  90. return mysqli_query($this->conection, "INSERT INTO {$this->authme_table} (`username`, `password`, `ip`, `lastlogin`, `x`, `y`, `z`, `email`) VALUES ('{$user}','{$pass}','{$ip}','0','0','0','0', '{$email}')");
  91. }
  92. /*
  93. METODO USADO PARA ALTERAR A SENHA DE UM USUARIO
  94. PARAMETROS
  95. $user = Nome de usuario.
  96. $newpass = Nova senha do usuario.
  97. */
  98. public function changePassword($username, $newpass) {
  99. if (!self::isUsernameRegistered($username)) {
  100. return false;
  101. }
  102. $username = addslashes($username);
  103. $newpass = addslashes(self::AMHash($newpass));
  104. return mysqli_query($this->conection, "UPDATE {$this->authme_table} SET password='$newpass' WHERE username='$username'");
  105. }
  106. /*
  107. METODO USADO PARA VERIFICAR SE UM DETERMINADO IP ESTA REGISTRADO.
  108. PARAMETROS
  109. $ip = Ip que deseja verificar.
  110. */
  111. public function isIpRegistered($ip) {
  112. $ip = addslashes($ip);
  113. $query = mysqli_query($this->conection, "SELECT ip FROM {$this->authme_table} WHERE ip='{$ip}'");
  114. return mysqli_num_rows($query) >= 1;
  115. }
  116. /*
  117. METODO USADO PARA VERIFICAR SE UM DETERMINADO EMAIL ESTA REGISTRADO.
  118. PARAMETROS
  119. $email = E-mail que deseja verificar.
  120. */
  121. public function isEmailRegistered($email) {
  122. $ip = addslashes($ip);
  123. $query = mysqli_query($this->conection, "SELECT email FROM {$this->authme_table} WHERE email='{$email}'");
  124. return mysqli_num_rows($query) >= 1;
  125. }
  126. /*
  127. METODO USADO PARA VERIFICAR SE UM DETERMINADO NOME DE USUARIO ESTA REGISTRADO.
  128. PARAMETROS
  129. $user = Nome de usuario que deseja verificar.
  130. */
  131. public function isUsernameRegistered($user) {
  132. $user = addslashes($user);
  133. $query = mysqli_query($this->conection, "SELECT username FROM {$this->authme_table} WHERE username='{$user}'");
  134. return mysqli_num_rows($query) >= 1;
  135. }
  136. /* METODOS PRIVADOS, USO SOMENTE DA CLASSE. */
  137. private function compare($pass, $hash_pass) {
  138. switch ($this->algorithm) {
  139. case self::SHA256:
  140. $shainfo = explode("$", $hash_pass);
  141. $pass = hash("sha256", $pass) . $shainfo[2];
  142. return strcasecmp($shainfo[3], hash('sha256', $pass)) == 0;
  143. case self::SHA1:
  144. return strcasecmp($hash_pass, hash('sha1', $pass)) == 0;
  145. case self::MD5:
  146. return strcasecmp($hash_pass, hash('md5', $pass)) == 0;
  147. case self::WHIRLPOOL:
  148. return strcasecmp($hash_pass, hash('whirlpool', $pass)) == 0;
  149. case self::MD5VB:
  150. $shainfo = explode("$", $hash_pass);
  151. $pass = hash("md5", $pass) . $shainfo[2];
  152. return strcasecmp($shainfo[3], hash('md5', $pass)) == 0;
  153. case self::PLAINTEXT:
  154. return $hash_pass == $pass;
  155. default:
  156. return false;
  157. }
  158. }
  159. private function AMHash($pass) {
  160. switch ($this->algorithm) {
  161. case self::SHA256:
  162. $salt = self::createSalt();
  163. return "\$SHA\$" . $salt . "\$" . hash("sha256", hash('sha256', $pass) . $salt);
  164. case self::SHA1:
  165. return hash("sha1", $pass);
  166. case self::MD5:
  167. return hash("md5", $pass);
  168. case self::WHIRLPOOL:
  169. return hash("whirlpool", $pass);
  170. case self::MD5VB:
  171. $salt = self::createSalt();
  172. return "\$MD5vb\$" . $salt . "\$" . hash("md5", hash('md5', $pass) . $salt);
  173. case self::PLAINTEXT:
  174. return $pass;
  175. default:
  176. return null;
  177. }
  178. }
  179. private function createSalt() {
  180. $salt = "";
  181. for ($i = 0; $i < 20; $i++) {
  182. $salt .= rand(0, 9);
  183. }
  184. return substr(hash("sha1", $salt), 0, 16);
  185. }
  186. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!