API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 15th, 2016
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.18 KB | None | 0 0
raw download clone embed print report
  1. namespace Auth;
  2. use ConnectDB;
  3.  
  4. class User
  5. {
  6. private $username;
  7. private $db;
  8. private $user_id;
  9.  
  10. private $db_host = "localhost";
  11. private $db_name = "cms";
  12. private $db_user = "root";
  13. private $db_pass = "";
  14.  
  15. private $is_authorized = false;
  16.  
  17. public function __construct($username = null, $password = null)
  18. {
  19. $this->username = $username;
  20. $this->connectDb($this->db_name, $this->db_user, $this->db_pass, $this->db_host);
  21. }
  22.  
  23. public function __destruct()
  24. {
  25. $this->db = null;
  26. }
  27.  
  28. /**
  29. * @return bool
  30. */
  31. public static function isAuthorized()
  32. {
  33. if (!empty($_SESSION["user_id"])) {
  34. return (bool) $_SESSION["user_id"];
  35. }
  36. return false;
  37. }
  38.  
  39. /**
  40. * @param $password
  41. * @param null $salt
  42. * @param int $iterations
  43. * @return array
  44. */
  45. public function passwordHash($password, $salt = null, $iterations = 10)
  46. {
  47. $salt || $salt = uniqid();
  48. $hash = md5(md5($password . md5(sha1($salt))));
  49.  
  50. for ($i = 0; $i < $iterations; ++$i) {
  51. $hash = md5(md5(sha1($hash)));
  52. }
  53.  
  54. return array('hash' => $hash, 'salt' => $salt);
  55. }
  56.  
  57. /**
  58. * @param $username
  59. * @return bool
  60. */
  61. public function getSalt($username) {
  62. $query = "select salt from users where username = :username limit 1";
  63. $sth = $this->db->prepare($query);
  64. $sth->execute(
  65. array(
  66. ":username" => $username
  67. )
  68. );
  69. $row = $sth->fetch();
  70. if (!$row) {
  71. return false;
  72. }
  73. return $row["salt"];
  74. }
  75.  
  76. /**
  77. * @param $username
  78. * @param $password
  79. * @param bool $remember
  80. * @return bool
  81. */
  82. public function authorize($username, $password, $remember=false)
  83. {
  84. $query = "select id, username from users where
  85. username = :username and password = :password limit 1";
  86. $sth = $this->db->prepare($query);
  87. $salt = $this->getSalt($username);
  88.  
  89. if (!$salt) {
  90. return false;
  91. }
  92.  
  93. $hashes = $this->passwordHash($password, $salt);
  94. $sth->execute(
  95. array(
  96. ":username" => $username,
  97. ":password" => $hashes['hash'],
  98. )
  99. );
  100. $this->user = $sth->fetch();
  101.  
  102. if (!$this->user) {
  103. $this->is_authorized = false;
  104. } else {
  105. $this->is_authorized = true;
  106. $this->user_id = $this->user['id'];
  107. $this->saveSession($remember);
  108. }
  109.  
  110. return $this->is_authorized;
  111. //return $hashes['hash'];
  112. }
  113.  
  114. /**
  115. *
  116. */
  117. public function logout()
  118. {
  119. if (!empty($_SESSION["user_id"])) {
  120. unset($_SESSION["user_id"]);
  121. }
  122. }
  123.  
  124. /**
  125. * @param bool $remember
  126. * @param bool $http_only
  127. * @param int $days
  128. */
  129. public function saveSession($remember = false, $http_only = true, $days = 7)
  130. {
  131. $_SESSION["user_id"] = $this->user_id;
  132.  
  133. if ($remember) {
  134. // Save session id in cookies
  135. $sid = session_id();
  136.  
  137. $expire = time() + $days * 24 * 3600;
  138. $domain = ""; // default domain
  139. $secure = false;
  140. $path = "/";
  141.  
  142. $cookie = setcookie("sid", $sid, $expire, $path, $domain, $secure, $http_only);
  143. }
  144. }
  145.  
  146. /**
  147. * @param $username
  148. * @param $password
  149. * @return mixed
  150. * @throws Exception
  151. */
  152. public function create($username, $password) {
  153. $user_exists = $this->getSalt($username);
  154.  
  155. if ($user_exists) {
  156. throw new Exception("User exists: " . $username, 1);
  157. }
  158.  
  159. $query = "insert into users (username, password, salt)
  160. values (:username, :password, :salt)";
  161. $hashes = $this->passwordHash($password);
  162. $sth = $this->db->prepare($query);
  163.  
  164. try {
  165. $this->db->beginTransaction();
  166. $result = $sth->execute(
  167. array(
  168. ':username' => $username,
  169. ':password' => $hashes['hash'],
  170. ':salt' => $hashes['salt'],
  171. )
  172. );
  173. $this->db->commit();
  174. } catch (PDOException $e) {
  175. $this->db->rollback();
  176. echo "Database error: " . $e->getMessage();
  177. die();
  178. }
  179.  
  180. if (!$result) {
  181. $info = $sth->errorInfo();
  182. printf("Database error %d %s", $info[1], $info[2]);
  183. die();
  184. }
  185.  
  186. return $result;
  187. }
  188.  
  189. /**
  190. * @param $db_name
  191. * @param $db_user
  192. * @param $db_pass
  193. * @param $db_host
  194. * @return $this
  195. */
  196. public function connectdb($db_name, $db_user, $db_pass, $db_host)
  197. {
  198. try {
  199. $this->db = new pdo("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass);
  200. } catch (pdoexception $e) {
  201. echo "database error: " . $e->getmessage();
  202. die();
  203. }
  204. $this->db->query('set names utf8');
  205.  
  206. return $this;
  207. }
  208. }
  209. class ChangePass extends User{
  210. private $username;
  211. private $db;
  212.  
  213. private $db_host = "localhost";
  214. private $db_name = "cms";
  215. private $db_user = "root";
  216. private $db_pass = "";
  217.  
  218. public function __construct($username = null, $password = null)
  219. {
  220. $this->username = $username;
  221. $this->connectDb($this->db_name, $this->db_user, $this->db_pass, $this->db_host);
  222. }
  223.  
  224. public function __destruct()
  225. {
  226. $this->db = null;
  227. }
  228.  
  229.  
  230.  
  231. private function updatePassInDb ($username, $newpass)
  232. {
  233.  
  234. $query = "UPDATE `users` SET `password` = :password, `salt` = :salt WHERE `username` = :username";
  235. $hashes = $this->passwordHash($newpass);
  236. $sth = $this->db->prepare($query);
  237. try {
  238. $this->db->beginTransaction();
  239. $result = $sth->execute(
  240. array(
  241. ':username' => $username,
  242. ':password' => $hashes['hash'],
  243. ':salt' => $hashes['salt'],
  244. )
  245. );
  246. $this->db->commit();
  247. } catch (PDOException $e) {
  248. $this->db->rollback();
  249. echo "Database error: " . $e->getMessage();
  250. die();
  251. }
  252.  
  253. if (!$result) {
  254. $info = $sth->errorInfo();
  255. printf("Database error %d %s", $info[1], $info[2]);
  256. die();
  257. }
  258.  
  259. return $result;
  260.  
  261. }
  262. public function changePassword ($current_login, $current_psw, $newpass)
  263. {
  264. $result_auth = $this->authorize($current_login, $current_psw);
  265. if($result_auth === true){
  266. $result = $this->updatePassInDb($current_login, $newpass);
  267. return $result;
  268. }else{
  269. return $result_auth;
  270. }
  271. //return $result_auth;
  272. }
  273. }
  274.  
  275. $obj_change_psw = new AuthChangePass();
  276. $result = $obj_change_psw->changePassword($current_login, $current_psw, $new_pass);
  277.  
  278. $obj_change_psw = new AuthChangePass();
  279. $result = $obj_change_psw->changePassword($current_login, $current_psw, $new_pass);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!