<?php/* Requires Login Table with following structure * name varchar(40)

1. <?php
2. /* Requires Login Table with following structure
3. * name varchar(40)
4. * email varchar(50) primary key
5. * encrypted_password varchar(80)
6. * temp_start_time datetime
7. * temp_password varchar(80)
8. * salt varchar(10)
9. */
10.  
11. class UpdateUserInfo {
12. private $db;
13. private $error;
14.  
15. public function __construct(Database $db, ErrorLog $error){
16. $this->db = $db;
17. $this->error = $error;
18. }
19.  
20. public function storeUserInfo($name, $email, $password){
21. $hash = $this->hashFunction($password);
22. $encryptedPassword = $hash["encrypted"];
23. $salt = $hash["salt"];
24. $values = array($name, $email, $encryptedPassword, $salt);
25. if(!$this->db->insert("INSERT INTO login(name, email, encrypted_password, salt, null, null) VALUES(?,?,?,?)", $values)){
26. $this->error->writeToErrorLog(ERR, "storeUserInfo insert failed for " . $email);
27. return false;
28. } else return true;
29. }
30.  
31. public function updateUserPassword($email, $password, $temp){
32. if($this->verifyUserAuthentication($email, $temp) == "new password"){
33. $hash = $this->hashFunction($password);
34. $encryptedPassword = $hash["encrypted"];
35. $salt = $hash["salt"];
36.  
37. $values = array($encryptedPassword, $salt, $email);
38. if($this->db->update("UPDATE login SET encrypted_password = ?, temp_start_time = '0000-00-00 00:00:00', temp_password = null, salt = ? WHERE email = ?", $values)){
39. return true;
40. } else {
41. $this->error->writeToErrorLog(ERR, "updateUserPassword failed for " . $email);
42. return false;
43. }
44. } else {
45. return false;
46. }
47. }
48.  
49. public function verifyUserAuthentication($email, $password){
50. $values = array($email);
51. $arr = json_decode($this->db->selectWithParams("SELECT `name`, `email`, `encrypted_password`, `temp_start_time`, `temp_password`, `salt` FROM `login` WHERE `email` = ?", $values));
52. $name = '';
53. $email = '';
54. $salt = '';
55. $encrypted_password = '';
56. $tempStartTime = '';
57. $tempPassword = '';
58.  
59. foreach($arr as $row){
60. foreach($row as $key => $value){
61. switch($key){
62. case 'name':
63. $name = $value;
64. break;
65. case 'email':
66. $email = $value;
67. break;
68. case 'salt':
69. $salt = $value;
70. break;
71. case 'encrypted_password':
72. $encrypted_password = $value;
73. break;
74. case 'temp_start_time':
75. $tempStartTime = $value;
76. break;
77. case 'temp_password':
78. $tempPassword = $value;
79. break;
80. }
81. }
82. }
83.  
84. $hash = $this->checkHashFunction($salt, $password);
85.  
86. if($encrypted_password == $hash){
87. $user = array("name" => $name, "email" => $email);
88. $_SESSION["email"] = $email;
89. $_SESSION["login"] = $this->checkHashFunction($email, $encrypted_password);
90. return $user;
91. } else if(strlen($tempPassword) > 0){
92. $diff = time() - strtotime($tempStartTime);
93. if($diff < time()-(60*60*1)){
94. if($tempPassword == $hash){
95. return "new password";
96. } else {
97. return NULL;
98. }
99. } else {
100. return NULL;
101. }
102. } else{
103. return NULL;
104. }
105. }
106.  
107. public function checkExistingUser($email){
108. $values = array($email);
109. $arr = $this->db->selectWithParams("SELECT `email` FROM `login` WHERE `email` = ?", $values);
110. if(sizeof($arr) > 0)
111. return true;
112. else
113. return false;
114. }
115.  
116. public function hashFunction($password){
117. $salt = sha1(rand());
118. $salt = substr($salt, 0, 10);
119. $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
120. $hash = array("salt"=>$salt, "encrypted"=>$encrypted);
121. return $hash;
122. }
123.  
124. public function checkHashFunction($salt, $password){
125. $hash = base64_encode(sha1($password . $salt, true) . $salt);
126. return $hash;
127. }
128. }