API tools faq
paste
Guest User

Untitled

a guest
Jun 15th, 2018
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.47 KB | None | 0 0
raw download clone embed print report
  1. <?php # User Authentication [axiixc]
  2.  
  3. /* Add ability to move to selected page by http_reffer when logging in */
  4.  
  5. class UserAuthentication {
  6.  
  7. public $conf=array(), $uconf=array(), $user=array(), $role, $type, $guest, $login, $verification;
  8. private $session, $action, $mode, $limit, $roles;
  9.  
  10. public function __construct() {
  11. $this->roles = import("User Roles");
  12. $this->limit = constant(Conf::read("User Authentication Session Limit"));
  13. $this->action = 'Not Run';
  14. $this->mode = 'Not Run';
  15. $this->verification = true;
  16. $this->login = false;
  17. }
  18.  
  19. public function awake() {
  20. Log::write('AWAKE');
  21. if(!is_null($_COOKIE['sess_id']) and !isset($_POST['UAU'])) {
  22. Log::write('sess_id is not null');
  23. $session_id = mysql_safe($_COOKIE['sess_id']);
  24. $session_result = MySQL::query("SELECT * FROM `[prefix]sessions` WHERE `id` = CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci", $session_id);
  25. $session = mysql_fetch_assoc($session_result);
  26. $user_result = MySQL::query("SELECT * FROM `[prefix]users` WHERE `username` = CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci", $session['user']);
  27. $user_data = mysql_fetch_assoc($user_result);
  28.  
  29. # Run checks [ can this be condensed ? ]
  30. $user = (mysql_num_rows($user_result) == 1) ? true : false ;
  31. $guest = ($session['guest'] == 1) ? true : false ;
  32. $expire = ($session['expire'] > time()) ? true : false ;
  33. if($guest) { # Cookie for GUEST
  34. $cookie = $this->validate_keys($session['key'], $_COOKIE['sess_id'], $_COOKIE['sess_verify'], null, null);
  35. $ban = (in_array($session['user'], import('Banned IPs'))) ? true : false ;
  36. } else { # Cookie for REGISTERED USER
  37. $cookie = $this->validate_keys($session['key'], $_COOKIE['sess_id'], $_COOKIE['sess_verify'], $user_data['usename'], $user_data['password']);
  38. $ban = ($user_data['type'] == UATypeBan) ? true : false ;
  39. }
  40.  
  41. Log::write('CREDS: '.$user_data['username'].$user_data['password']);
  42.  
  43. Log::write("USER: $user, GUEST: $guest, EXPIRE: $expire, COOKIE: $cookie, BAN: $ban");
  44.  
  45. if($user and !$guest and $expire and $cookie and !$ban) { # Registered User
  46. Log::write('Found to be Normal Reload');
  47. $this->action = 'Reload';
  48. $this->load_session($user_data, $session);
  49. } elseif(!$user and $guest and $expire and $cookie and !$ban) { # Guest
  50. Log::write('Found to be Guest Reload');
  51. $this->action = 'Reload Guest';
  52. $this->load_session('guest', $session);
  53. } elseif($ban) {
  54. Log::write('Found to be banned');
  55. $this->action = 'Deny';
  56. $this->verification = false;
  57. Registry::fetch('Interface')->error("Banned", "You have been banned from this site.");
  58. } else { # Destroy and create anew
  59. Log::write('Found to be Destroy');
  60. if(mysql_num_rows($session_result) > 0) MySQL::query("DELETE FROM `[prefix]sessions` WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = '%s' LIMIT 1", $sess_id);
  61. setcookie('sess_id', null, destroy);
  62. setcookie('sess_verify', null, destroy);
  63. $this->action = 'Destroy';
  64. $this->create_session();
  65. }
  66. } else {
  67. Log::write('sess_id is null');
  68. $this->action = 'No Cookie';
  69. $this->create_session();
  70. }
  71. }
  72.  
  73. public function test_login() {
  74. Log::write('Test Login');
  75. $this->action = 'Testing Login';
  76. $this->create_session();
  77. }
  78.  
  79. private function load_session($user, $session) {
  80. Log::write('load_session invoked');
  81. if($user == 'guest') {
  82. Log::write("LOAD SESSION: GUEST");
  83. $this->conf = unserialize($session['conf']);
  84. $this->uconf = array();
  85. $this->user = import('Guest User');
  86. $this->role = 'guest';
  87. $this->type = UATypeGuest;
  88. $this->session = $session['id'];
  89. $this->guest = true;
  90. $this->action = 'Guest Reload';
  91. } else {
  92. Log::write("LOAD SESSION: USER");
  93. $this->conf = unserialize($session['conf']);
  94. $this->uconf = unserialize($user['conf']);
  95. $this->user = array(
  96. 'id' => $user['id'],
  97. 'name' => $user['username'],
  98. 'display-name' => $user['dname'],
  99. 'first-name' => $user['fname'],
  100. 'middle-name' => $user['mname'],
  101. 'last-name' => $user['lname'],
  102. 'email' => $user['email'] );
  103. $this->role = $user['role'];
  104. $this->type = $user['type'];
  105. $this->session = $session['id'];
  106. $this->guest = false;
  107. $this->action = 'Reload';
  108. $this->login = true;
  109. }
  110. }
  111.  
  112. private function create_session() {
  113. Log::write('create_session invoked');
  114.  
  115. $limit = $this->limit;
  116. $do_guest = true;
  117.  
  118. if($this->action == 'Not Run') return false;
  119. Log::write('OK guess we keep going');
  120.  
  121. if(isset($_POST['UAU']) and isset($_POST['UAP'])) {
  122. /* REGISTERED SESSION CREATION */
  123. Log::write('Registered session creation, maybe');
  124.  
  125. # Generate Validation Info
  126. $username = mysql_safe($_POST['UAU']);
  127. $password = md5($_POST['UAP']);
  128. $user = mysql_fetch_assoc(MySQL::query("SELECT * FROM `[prefix]users` WHERE `username` = CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci", $username));
  129.  
  130. // Reload
  131. if($password == $user['password']) {
  132. Log::write('RSC yup');
  133.  
  134. $session = $this->generate_keys(x, $user['username'], $user['password']);
  135. $this->conf = import("Default User Conf");
  136. $this->uconf = unserialize($user['conf']);
  137. $this->user = array(
  138. 'id' => $user['id'],
  139. 'name' => $user['username'],
  140. 'display-name' => $user['dname'],
  141. 'first-name' => $user['fname'],
  142. 'middle-name' => $user['mname'],
  143. 'last-name' => $user['lname'],
  144. 'email' => $user['email'] );
  145. $this->role = $user['role'];
  146. $this->type = $user['type'];
  147. $this->session = $session['id'];
  148. $this->guest = false;
  149. $this->mode = 'New';
  150. $this->login = true;
  151.  
  152. setcookie('sess_id', $session['id'], $limit);
  153. setcookie('sess_verify', $session['verify'], $limit);
  154. MySQL::query("INSERT INTO `[database]`.`[prefix]sessions` (`id`, `key`, `user`, `conf`, `expire`, `guest`) VALUES ('%s', '%s', '%s', '%s', '%s', %s);", $session['id'], $session['key'], $user['username'], $this->conf, $limit, '0');
  155.  
  156. Log::write("KEY: {$session['key']}");
  157. Log::write("ID: {$session['id']}");
  158. Log::write("ID: {$_COOKIE['sess_id']}");
  159. Log::write("VERIFY: {$session['verify']}");
  160. Log::write("VERIFY: {$_COOKIE['sess_verify']}");
  161. Log::write('CREDS: '.$user['username'].$user['password']);
  162. $do_guest = false;
  163. }
  164.  
  165. }
  166.  
  167. if($do_guest) {
  168. /* GUEST SESSION CREATION */
  169.  
  170. Log::write('Guest session creation');
  171. $session = $this->generate_keys(x, null, null);
  172. $this->conf = import("Guest Conf");
  173. $this->uconf = array();
  174. $this->user = import("Guest User");
  175. $this->role = 'guest';
  176. $this->type = UATypeGuest;
  177. $this->session = $session['id'];
  178. $this->mode = 'New Guest';
  179.  
  180. setcookie('sess_id', $session['id'], $limit);
  181. setcookie('sess_verify', $session['verify'], $limit);
  182. MySQL::query("INSERT INTO `[database]`.`[prefix]sessions` (`id`, `key`, `user`, `conf`, `expire`, `guest`) VALUES ('%s', '%s', '%s', '%s', '%s', %s);", $session['id'], $session['key'], client_ip, $this->conf, $limit, '1');
  183.  
  184. Log::write("KEY: {$session['key']}");
  185. Log::write("ID: {$session['id']}");
  186. Log::write("ID: {$_COOKIE['sess_id']}");
  187. Log::write("VERIFY: {$session['verify']}");
  188. Log::write("VERIFY: {$_COOKIE['sess_verify']}");
  189. }
  190.  
  191. }
  192.  
  193. public function read($key) {
  194.  
  195. }
  196.  
  197. public function write($key, $value) {
  198.  
  199. }
  200.  
  201. public function delete($key) {
  202.  
  203. }
  204.  
  205. public function uread($key) {
  206.  
  207. }
  208.  
  209. public function uwrite($key, $value) {
  210.  
  211. }
  212.  
  213. public function udelete($key) {
  214.  
  215. }
  216.  
  217. private function generate_keys($auth_token, $username, $password) {
  218. $sess['key'] = md5($auth_token);
  219. Log::write("KEY {$sess['key']}");
  220. $sess['id'] = md5($sess['key']);
  221. Log::write("ID: {$sess['id']}");
  222. $sess['verify'] = md5($sess['key'].$username.$password.client_ip);
  223. Log::write("VERIFY {$sess['verify']}");
  224. return $sess;
  225. }
  226.  
  227. private function validate_keys($key, $rSess_id, $rSess_verify, $username, $password) {
  228. Log::write("VKEY {$key}");
  229. $sess['id'] = md5($key);
  230. Log::write("VID {$sess['id']}");
  231. $sess['verify'] = md5($key.$username.$password.client_ip);
  232. Log::write("VVERIFY {$sess['verify']}");
  233. if($sess['id'] == $rSess_id and $sess['verify'] == $rSess_verify) return true;
  234. else return false;
  235. }
  236.  
  237. public function integrity() {
  238. $gen = $this->generate_keys(x, 'foo', 'bar');
  239. if($this->validate_keys($gen['key'], $gen['id'], $gen['verify'], 'foo', 'bar')) return true;
  240. else return false;
  241. }
  242.  
  243. public function log_msgs() {
  244. Log::write("User Authentication Action: $this->action");
  245. Log::write("User Authentication Mode: $this->mode");
  246. }
  247.  
  248. public function require_type() {
  249. if($this->type == UATypeAdmin) return true;
  250. if($this->verification != false) {
  251. $types = func_get_args();
  252. foreach($types as $type) $switch = ($type == $this->type) ? true : false ;
  253. if($switch) {
  254. $this->verification = true;
  255. } elseif($type == UATypeGuest) {
  256. Registry::fetch('Interface')->display_login();
  257. $this->verification = false;
  258. Registry::fetch('Interface')->notification(UIError, "You must login to access this page.");
  259. } else {
  260. $this->verification = false;
  261. Registry::fetch('Interface')->error("Permission Denied", "You do not have access rights for this page.");
  262. } return $switch;
  263. } else return false;
  264. }
  265.  
  266. public function require_role() {
  267. if($this->type == UATypeAdmin) return true;
  268. if($this->verification != false) {
  269. $roles = func_get_args();
  270. foreach($roles as $role) $switch = (in_array($role, $this->roles)) ? true : false ;
  271. if($switch) {
  272. $this->verification = true;
  273. } elseif($this->type == UATypeGuest) {
  274. Registry::fetch('Interface')->display_login();
  275. $this->verification = false;
  276. Registry::fetch('Interface')->notification(UIError, "You must login to access this page.");
  277. } else {
  278. $this->verification = false;
  279. Registry::fetch('Interface')->error("Permission Denied", "You do not have access rights for this page.");
  280. } return $switch;
  281. } else return false;
  282. }
  283.  
  284. public function type() {
  285. $types = func_get_args();
  286. if(count($types) > 0) {
  287. foreach($types as $type) $switch = ($type == $this->type) ? true : false ;
  288. return $swtich;
  289. } else return $this->type;
  290. }
  291.  
  292. public function role() {
  293. $roles = func_get_args();
  294. if(count($roles) > 0) {
  295. foreach($roles as $role) $switch = (in_array($role, $this->roles)) ? true : false ;
  296. return $switch;
  297. } else return $this->role;
  298. }
  299.  
  300. private function killSession() {
  301. Registry::fetch('System')->end("Force Kill");
  302. }
  303.  
  304. public function diagnostics($return=false) {
  305. $output['cookie-session-id'] = $_COOKIE['sess_id'];
  306. $output['cookie-session-verifiy'] = $_COOKIE['sess_verify'];
  307. if(is_null($this->conf) or count($this->conf) == 0) $output['session-config'] = null;
  308. else $output['session-config'] = print_r($this->conf, true);
  309. if(is_null($this->uconf) or count($this->uconf) == 0) $output['user-config'] = null;
  310. else $output['user-config'] = print_r($this->uconf, true);
  311. $output['user-information'] = print_r($this->user, true);
  312. $output['role'] = $this->role;
  313. $output['type'] = $this->type;
  314. $output['guest-user'] = $this->guest;
  315. $output['is-logged-in'] = $this->login;
  316. $output['session-id'] = $this->session;
  317. $output['load-action'] = $this->action;
  318. $output['load-mode'] = $this->mode;
  319. $output['session-time-limit'] = uncrunch(Conf::read("User Authentication Session Limit")).' or until '.$this->limit;
  320. $output['verification'] = $this->verification;
  321. $output['roles'] = print_r($this->roles, true);
  322. $output['key-test'] = $this->integrity();
  323. return diagnostic($output, $return);
  324. }
  325.  
  326. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!