API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 20th, 2016
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.47 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. require_once 'userAuth.class.php';
  4.  
  5. $USER = new userAuth();
  6.  
  7. # Check login state
  8. if( $USER->isLogin()) {
  9. echo $USER->showEmail();
  10. }
  11.  
  12.  
  13. # Login
  14. if (isset($_POST['login-button'])) {
  15. $login = $USER->Login($_POST['Lemail'], $_POST['LPass']);
  16. if ($login['State'] == true) {
  17. echo $USER->showEmail();
  18. }
  19. else {
  20. echo $login['Msg'];
  21. }
  22. }
  23.  
  24. # Register
  25. if (isset($_POST['register-button'])) {
  26. $register = $USER->Register($_POST['Remail'], $_POST['RPass1'], $_POST['RPass2'], $_POST['g-recaptcha-response']);
  27. if ($register['State'] == true) {
  28. echo "We have register your email to our databases.";
  29. }
  30. else {
  31. echo $register['Msg'];
  32. }
  33. }
  34.  
  35. # Logout
  36. if (isset($_POST['logout-button'])) {
  37. $USER->Logout();
  38. }
  39. ?>
  40.  
  41. <!DOCTYPE html>
  42. <html>
  43. <head>
  44. <title>Simple Sign In/Out</title>
  45. </head>
  46. <body>
  47. <form id="login" method="POST">
  48. <input id="Lemail" name="Lemail" placeholder="Email" required="required" type="email" autocomplete="off">
  49. <input id="LPass" name="LPass" placeholder="Password" required="required" type="password" autocomplete="off">
  50. <button type="submit" id="login-button" name="login-button">Dive</button>
  51.  
  52. </form>
  53.  
  54. <form id="register" method="POST">
  55. <input id="Remail" name="Remail" placeholder="Your_Email@secretsea.com" required="required" type="text" autocomplete="off" >
  56. <input id="RPass1" name="RPass1" placeholder="Your Password" required="required" type="password" autocomplete="off">
  57. <input id="RPass2" name="RPass2" placeholder="Your Password" required="required" type="password" autocomplete="off">
  58. <button type="submit" id="register-button" name="register-button">Register</button>
  59. </form>
  60.  
  61. <form id="logout" method="POST">
  62. <button id="logout-button" name="logout-button">Logout</button>
  63. </form>
  64. </body>
  65. </html>
  66.  
  67. <?php
  68. require_once 'main.class.php';
  69. require_once '../lib/bcrypt.php';
  70.  
  71. class userAuth extends Main
  72. {
  73.  
  74. private $L_UserEmail = NULL;
  75. private $L_UserPass = NULL;
  76.  
  77. private $R_UserEmail = NULL;
  78. private $R_UserPass1 = NULL;
  79. private $R_UserPass2 = NULL;
  80. private $ReCaptcha = NULL;
  81.  
  82.  
  83. public function showEmail() {
  84. return $this->getUserEmail();
  85. }
  86.  
  87. public function isLogin() {
  88. if($this->UserIsLogin()) {
  89. return true;
  90. }
  91. else {
  92. return false;
  93. }
  94. }
  95.  
  96.  
  97. private function UserIsLogin() {
  98. if (isset($_SESSION['login'])) {
  99. return true;
  100. }
  101. else {
  102. return false;
  103. }
  104. }
  105.  
  106.  
  107. public function Login($UserEmail, $UserPass) {
  108. $this->L_UserEmail = $UserEmail;
  109. $this->L_UserPass = $UserPass;
  110.  
  111. if (!$this->exist_LoginEmail()) {
  112. return $this->setReturnState('User email does not exist in our databases.');
  113. }
  114.  
  115. if (!$this->correct_LoginPass()) {
  116. return $this->setReturnState('Password is wrong.');
  117. }
  118.  
  119. return $this->doLogin();
  120.  
  121. }
  122.  
  123. public function Logout(/*$emails*/) {
  124. $this->clearUserEmail();
  125. session_destroy();
  126. }
  127.  
  128. public function Register($UserEmail, $UserPass1, $UserPass2, $ReCaptcha) {
  129. $this->R_UserEmail = $UserEmail;
  130. $this->R_UserPass1 = $UserPass1;
  131. $this->R_UserPass2 = $UserPass2;
  132. $this->ReCaptcha = $ReCaptcha;
  133.  
  134.  
  135. /*if (!$this->valid_Captcha()) {
  136. return $this->setReturnState('Please verify yourself as human.');
  137. }*/
  138.  
  139. if (!$this->valid_RegisterEmail()) {
  140. return $this->setReturnState('Only letters and nubers are allowed for email. Please see <a href="#">security</a> for more details.');
  141. }
  142.  
  143. if (!$this->valid_RegisterPass()) {
  144. return $this->setReturnState('Passwords do not match.');
  145. }
  146.  
  147. if ($this->exist_RegisterEmail()) {
  148. return $this->setReturnState('Email already registered.');
  149. }
  150.  
  151. return $this->doRegister();
  152.  
  153. }
  154.  
  155.  
  156.  
  157. private function exist_LoginEmail() {
  158. try {
  159. $STH = $this->DHB->prepare("SELECT UserEmail FROM Users WHERE UserEmail = :user_email");
  160. $STH->bindParam(':user_email', $this->L_UserEmail);
  161. $STH->execute();
  162.  
  163. # Get the user info
  164. $row = $STH->fetchAll();
  165.  
  166. # Check if username exist
  167. if (!$row) {
  168. return false;
  169. }
  170. else {
  171. return true;
  172. }
  173. }
  174. catch(PDOException $e) {
  175. file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
  176. return false;
  177. }
  178. }
  179.  
  180. private function correct_LoginPass() {
  181. try {
  182. $STH = $this->DHB->prepare("SELECT UserPass FROM Users WHERE UserEmail = :user_email");
  183. $STH->bindParam(':user_email', $this->L_UserEmail);
  184. $STH->execute();
  185.  
  186. # Get the user info
  187. $row = $STH->fetchAll();
  188.  
  189. $isGood = password_verify($this->L_UserPass, $row[0]['UserPass']);
  190.  
  191. # Check if password is good
  192. if ($isGood) {
  193. return true;
  194. }
  195. else {
  196. return false;
  197. }
  198. }
  199. catch(PDOException $e) {
  200. file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
  201. return false;
  202. }
  203. }
  204.  
  205. private function valid_Captcha() {
  206. # FIRST WE CHECK IF THE FORM WAS POSTED BY A HUMAN
  207. if ($this->ReCaptcha == NULL) {
  208. return false;
  209. }
  210.  
  211. # HAS THE USER BEEN AUTHORIAZED BY GOOGLE ?
  212. $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Lc6mxcTAAAAAABnITaUtxp3pbH_xUf8fEtj_f7p&response=".$this->ReCaptcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
  213. if($response.success == false) {
  214. return false;
  215. }
  216.  
  217. return true;
  218. }
  219.  
  220. private function valid_RegisterEmail() {
  221. # CHECK IF EMAIL CONSISTS ONLY a-z A-Z 0-9 characters
  222. if (!ctype_alnum($this->R_UserEmail)) {
  223. return false;
  224. }
  225.  
  226. return true;
  227. }
  228.  
  229. private function valid_RegisterPass() {
  230. if ($this->R_UserPass1 == $this->R_UserPass2) {
  231. return true;
  232. }
  233.  
  234. return false;
  235. }
  236.  
  237. private function exist_RegisterEmail() {
  238. $this->R_UserEmail .= '@secretsea.com';
  239. try {
  240. # STH means "Statement Handle"
  241. $STH = $this->DHB->prepare("SELECT * FROM Users WHERE UserEmail = :user_email");
  242. $STH->bindParam(':user_email', $this->R_UserEmail);
  243. $STH->execute();
  244.  
  245. if($STH->rowCount() <= 0) { # Check if username is already registered
  246. # Email has not registered yet
  247. return false;
  248. }
  249.  
  250. return true;
  251.  
  252. }
  253. catch(PDOException $e) {
  254. file_put_contents('../lib/PDOErrors.txt', $e->getMessage(), FILE_APPEND);
  255. return false;
  256. }
  257. }
  258.  
  259. private function doRegister() {
  260. $hashedPassword = password_hash($this->R_UserPass1, PASSWORD_BCRYPT, array("cost" => 13));
  261.  
  262. $STH = $this->DHB->prepare("INSERT INTO Users(UserEmail, UserPass) values(:user_email, :user_pass)");
  263. $STH->bindParam(':user_email', $this->R_UserEmail);
  264. $STH->bindParam(':user_pass', $hashedPassword);
  265. $STH->execute();
  266.  
  267. if (!$STH) {
  268. return $this->setReturnState('We could not process your order. Please try again later.');
  269. }
  270.  
  271. return $this->setReturnState(null, true);
  272. }
  273.  
  274. private function doLogin() {
  275. $this->setUserEmail($this->L_UserEmail);
  276. return $this->setReturnState(null, true);
  277. }
  278.  
  279. private function setUserEmail($email) {
  280. $_SESSION['login'] = $email;
  281. }
  282.  
  283. private function clearUserEmail() {
  284. unset($_SESSION['login']);
  285. }
  286.  
  287. } # End of User Auth Class
  288. ?>
  289.  
  290. <?php
  291.  
  292. # The symbolic constants of databse connection
  293. require_once '../lib/config.php';
  294.  
  295. class Main
  296. {
  297. protected $DHB = NULL;
  298.  
  299. function __construct()
  300. {
  301. try {
  302. # DHB : Database Handle
  303. $this->DHB = new PDO("mysql:host=".DB_HOST.";dbname=".DB_DATABSE, DB_USER, DB_PASSWORD);
  304. $this->DHB->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
  305. }
  306. catch(PDOException $e) {
  307. file_put_contents('../PDOErrors.txt', $e->getMessage(), FILE_APPEND);
  308. }
  309. }
  310.  
  311. protected function getUserEmail() {
  312. return $_SESSION['login'];
  313. }
  314.  
  315. protected function setReturnState($msg, $state = false) {
  316. return array('State' => $state, 'Msg' => $msg);
  317. }
  318.  
  319. }
  320. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!