API tools faq
paste
Guest User

Untitled

a guest
Oct 19th, 2018
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.10 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once 'config.php';
  3.  
  4. Interface UserInterface{
  5.  
  6. public function createUser(array $args);
  7. public function loginUser(array $args);
  8. public function logoutUser();
  9.  
  10. }
  11.  
  12.  
  13. class User Implements UserInterface{
  14.  
  15. private $db;
  16.  
  17. private $stmt;
  18.  
  19. private $email;
  20.  
  21. private $username;
  22.  
  23. private $password;
  24.  
  25. private $id;
  26.  
  27. private $sessioncode;
  28.  
  29. private $args;
  30.  
  31.  
  32. /*
  33. * @param $db must be a PDO instance
  34. *
  35. */
  36. public function __construct(PDO $db){
  37. $this->db = $db;
  38. }
  39.  
  40. /*
  41. * @param $args must be a key/value array
  42. *
  43. */
  44. public function createUser(array $args){
  45.  
  46. if($this->checkEmail($args['email'])){
  47. #header("HTTP/1.1 400 Email already exsist");
  48. #http_response_code(400);
  49. echo 'Email address already exsist.';
  50. }
  51. elseif($this->checkUsername($args['username'])){
  52. #header("HTTP/1.1 400 Username already exsist");
  53. #http_response_code(400);
  54. echo 'Username already exsist.';
  55. }
  56. else {
  57. $this->password = password_hash($args['password'], PASSWORD_BCRYPT);
  58. $stmt = $this->db->prepare('INSERT INTO _users (email, username, password) VALUES (?, ?, ? )');
  59. if($stmt->execute(array($args['email'],$args['username'],$this->password))){
  60. echo 'Account successful created';
  61. }
  62. }
  63. }
  64.  
  65. /*
  66. * @param $args must be a key/value array
  67. *
  68. */
  69. public function loginUser(array $args){
  70.  
  71. $stmt = $this->db->prepare('SELECT id,username,password FROM _users WHERE username = ?');
  72. $stmt->execute(array($args['username']));
  73. $result = $stmt->fetch(PDO::FETCH_OBJ);
  74. if(count($result) > 0 && password_verify($args['password'], $result->password)){
  75. UserSessionHelper::setSession($result->username, $result->id);
  76. #header('HTTP/1.1 200');
  77. echo 'Logged in';
  78. }
  79. else {
  80. echo 'Wrong username or password';
  81. #header('HTTP/1.1 400');
  82. }
  83. }
  84.  
  85. /*
  86. * This method wehn called will logout an user
  87. *
  88. */
  89. public function logoutUser(){
  90. UserSessionHelper::unsetSession();
  91. header('HTTP/1.1 200');
  92. #header('Location: ');
  93. #echo 'Logged out';
  94. }
  95.  
  96. /*
  97. * @param $email is a key part of the $args array;
  98. * This method will check if a given email is already registered.
  99. */
  100. private function checkEmail($email){
  101.  
  102. $stmt = $this->db->prepare('SELECT email FROM _users WHERE email = ?');
  103. $stmt->execute(array($email));
  104. $result = $stmt->fetch(PDO::FETCH_OBJ);
  105. if(count($result) > 0){
  106. return true;
  107. }
  108. }
  109.  
  110. /*
  111. * @param $username is a key part of the $args array;
  112. * This method will check if a given username is already registered.
  113. */
  114. private function checkUsername($username){
  115.  
  116. $stmt = $this->db->prepare('SELECT username FROM _users WHERE username = ?');
  117. $stmt->execute(array($username));
  118. $result = $stmt->fetch(PDO::FETCH_OBJ);
  119. if(count($result) > 0){
  120. return true;
  121. }
  122. }
  123.  
  124. }
  125.  
  126. interface UserSessionHelperInterface{
  127.  
  128. public static function unsetSession();
  129. public static function setSession(string $username, int $user_id);
  130. public static function validateSessionID(string $session_id, string $session_hash);
  131.  
  132. }
  133.  
  134. class UserSessionHelper implements UserSessionHelperInterface{
  135.  
  136. private $session_hash;
  137. private $username;
  138. private $user_id;
  139.  
  140. /*
  141. * @params $username must be a string, $user_id must be an integer.
  142. * This method will register the $_SESSION variables when an user login.
  143. */
  144. public static function setSession(string $username,int $user_id){
  145.  
  146. $_SESSION['session_'] = self::sessionHash();
  147. $_SESSION['id_'] = $user_id;
  148. $_SESSION['username_'] = $username;
  149. return true;
  150. }
  151.  
  152. /*
  153. * @param
  154. * This method will remove all $_SESSION data wehn an user logout.
  155. */
  156. public static function unsetSession(){
  157.  
  158. session_destroy();
  159. session_unset();
  160. }
  161.  
  162. /*
  163. * @params $session_id must be a valid string, $session_hash must be a valid string.
  164. * This method will check for valid session credentials when an user is logged in.
  165. */
  166. public static function validateSessionID(string $session_id,string $session_hash){
  167.  
  168. $computed_session_hash = hash('sha384', $session_id);
  169.  
  170. if(!preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $session_id) > 0){
  171. #return header('HTTP/1.1 403');
  172. }
  173. elseif(!hash_equals($computed_session_hash, $session_hash)){
  174. #return header('HTTP/1.1 403');
  175. }
  176. else{
  177. return true;
  178. }
  179. }
  180.  
  181. /*
  182. * This method is responsable to hash the regenerated session id, then return it
  183. *
  184. */
  185. private function sessionHash(){
  186.  
  187. session_regenerate_id();
  188. $session_hash = hash('sha384', session_id());
  189. return $session_hash;
  190. }
  191.  
  192. }
  193.  
  194.  
  195. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!