Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* Requires Login Table with following structure
- * name varchar(40)
- * email varchar(50) primary key
- * encrypted_password varchar(80)
- * temp_start_time datetime
- * temp_password varchar(80)
- * salt varchar(10)
- */
- class UpdateUserInfo {
- private $db;
- private $error;
- public function __construct(Database $db, ErrorLog $error){
- $this->db = $db;
- $this->error = $error;
- }
- public function storeUserInfo($name, $email, $password){
- $hash = $this->hashFunction($password);
- $encryptedPassword = $hash["encrypted"];
- $salt = $hash["salt"];
- $values = array($name, $email, $encryptedPassword, $salt);
- if(!$this->db->insert("INSERT INTO login(name, email, encrypted_password, salt, null, null) VALUES(?,?,?,?)", $values)){
- $this->error->writeToErrorLog(ERR, "storeUserInfo insert failed for " . $email);
- return false;
- } else return true;
- }
- public function updateUserPassword($email, $password, $temp){
- if($this->verifyUserAuthentication($email, $temp) == "new password"){
- $hash = $this->hashFunction($password);
- $encryptedPassword = $hash["encrypted"];
- $salt = $hash["salt"];
- $values = array($encryptedPassword, $salt, $email);
- if($this->db->update("UPDATE login SET encrypted_password = ?, temp_start_time = '0000-00-00 00:00:00', temp_password = null, salt = ? WHERE email = ?", $values)){
- return true;
- } else {
- $this->error->writeToErrorLog(ERR, "updateUserPassword failed for " . $email);
- return false;
- }
- } else {
- return false;
- }
- }
- public function verifyUserAuthentication($email, $password){
- $values = array($email);
- $arr = json_decode($this->db->selectWithParams("SELECT `name`, `email`, `encrypted_password`, `temp_start_time`, `temp_password`, `salt` FROM `login` WHERE `email` = ?", $values));
- $name = '';
- $email = '';
- $salt = '';
- $encrypted_password = '';
- $tempStartTime = '';
- $tempPassword = '';
- foreach($arr as $row){
- foreach($row as $key => $value){
- switch($key){
- case 'name':
- $name = $value;
- break;
- case 'email':
- $email = $value;
- break;
- case 'salt':
- $salt = $value;
- break;
- case 'encrypted_password':
- $encrypted_password = $value;
- break;
- case 'temp_start_time':
- $tempStartTime = $value;
- break;
- case 'temp_password':
- $tempPassword = $value;
- break;
- }
- }
- }
- $hash = $this->checkHashFunction($salt, $password);
- if($encrypted_password == $hash){
- $user = array("name" => $name, "email" => $email);
- $_SESSION["email"] = $email;
- $_SESSION["login"] = $this->checkHashFunction($email, $encrypted_password);
- return $user;
- } else if(strlen($tempPassword) > 0){
- $diff = time() - strtotime($tempStartTime);
- if($diff < time()-(60*60*1)){
- if($tempPassword == $hash){
- return "new password";
- } else {
- return NULL;
- }
- } else {
- return NULL;
- }
- } else{
- return NULL;
- }
- }
- public function checkExistingUser($email){
- $values = array($email);
- $arr = $this->db->selectWithParams("SELECT `email` FROM `login` WHERE `email` = ?", $values);
- if(sizeof($arr) > 0)
- return true;
- else
- return false;
- }
- public function hashFunction($password){
- $salt = sha1(rand());
- $salt = substr($salt, 0, 10);
- $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
- $hash = array("salt"=>$salt, "encrypted"=>$encrypted);
- return $hash;
- }
- public function checkHashFunction($salt, $password){
- $hash = base64_encode(sha1($password . $salt, true) . $salt);
- return $hash;
- }
- }
Add Comment
Please, Sign In to add comment