Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Auth extends Session
- {
- /*
- * singleton pattern
- */
- private static $instance;
- private function __construct() {}
- public static function getInstance()
- {
- if (self::$instance)
- return self::$instance;
- self::$instance = new self();
- return self::$instance;
- }
- /*
- * Auth config settings
- */
- private $method;
- private $user_table;
- private $email_field_name;
- private $username_field_name;
- private $password_field_name;
- private $confirmation_password_field_name;
- public function setConfig($config) {
- $this->method = $config['method'];
- $this->user_table = $config['user_table'];
- $this->email_field_name = $config['email_field_name'];
- $this->username_field_name = $config['username_field_name'];
- $this->password_field_name = $config['password_field_name'];
- $this->confirmation_password_field_name = $config['confirmation_password_field_name'];
- }
- /*
- * load queryBuilder and Request object
- */
- /** @var $query Query */
- private $query;
- private $request;
- private $errors = [];
- public function init(Query $query, Request $request)
- {
- parent::start();
- $this->query = $query;
- $this->request = $request;
- }
- /*
- * login
- */
- public function login()
- {
- if ($this->isUserLogged())
- return $this->getLoggedUser();
- $emailField = $this->email_field_name;
- $passwordField = $this->password_field_name;
- $password = $this->getUserCredentials($passwordField);
- $email = $this->getUserCredentials($emailField);
- //if credentials are not present return
- if (
- $email == null &&
- $password == null
- ) return false;
- //retrieve user by username
- $user = $this->getUserByEmail($email);
- if ( !$user )
- return false;
- //check password correctness
- if ( $this->verifyPassword($password, $user->$passwordField) ) {
- $this->completeLogin($user);
- return true;
- }
- return false;
- }
- protected function completeLogin($user)
- {
- $this->set('is_logged', true);
- $this->set('logged_user_id',$user->id);
- $this->set('logged_user_name', $user->username);
- }
- /*
- * logout
- */
- public function logout()
- {
- $this->delete('is_logged_in');
- $this->delete('logged_user_id');
- $this->delete('logged_user_name');
- parent::destroy();
- }
- /*
- * register
- */
- public function register()
- {
- if ($this->isUserLogged())
- $this->logout();
- $usernameField = $this->username_field_name;
- $emailField = $this->email_field_name;
- $passwordField = $this->password_field_name;
- $confirmationPasswordField = $this->confirmation_password_field_name;
- $username = $this->getUserCredentials($usernameField);
- $email = $this->getUserCredentials($emailField);
- $password = $this->getUserCredentials($passwordField);
- $confirmationPassword = $this->getUserCredentials($confirmationPasswordField);
- //check credentials
- if (
- $email == null ||
- $password == null ||
- $confirmationPassword == null ||
- $password !== $confirmationPassword
- ) return false;
- //vlidate credentials
- $errors = array_merge(
- $this->validateUsername($username),
- $this->validateEmail($email),
- $this->validatePassword($password)
- );
- if ( sizeof($errors) > 0 ) {
- $this->errors = $errors;
- return false;
- }
- $encryptedPassword = $this->encryptPassword($password);
- $this->query->insert($this->user_table, [
- $usernameField => $username,
- $emailField => $email,
- $passwordField => $encryptedPassword
- ]);
- return true;
- }
- /*
- * DB queries
- */
- protected function getUserByEmail($email)
- {
- $userTable = $this->user_table;
- $emailField = $this->email_field_name;
- $users = $this->query->selectWhere(
- $userTable,
- [$emailField => " = '$email'"]
- );
- return sizeof($users) == 1 ? $users[1] : null;
- }
- protected function getUserByUsername($username)
- {
- $userTable = $this->user_table;
- $usernameColumn = $this->username_field_name;
- $users = $this->query->selectWhere(
- $userTable,
- [$usernameColumn => " = '$username'"]
- );
- return sizeof($users) == 1 ? $users[1] : null;
- }
- protected function getUserById($id)
- {
- $userTable = $this->user_table;
- $users = $this->query->selectWhere(
- $userTable,
- ['id' => " = '$id'"]
- );
- return sizeof($users) == 1 ? $users[1] : null;
- }
- /*
- * utilities
- */
- protected function encryptPassword($password)
- {
- $passwordHash = password_hash($password, PASSWORD_BCRYPT, array('cost' => 12));
- return $passwordHash;
- }
- protected function getUserCredentials($key)
- {
- $method = $this->method;
- return $this->request->$method($key);
- }
- protected function verifyPassword($submittedPassword, $dbPassword)
- {
- $submittedPassword = $this->encryptPassword($submittedPassword);
- return $submittedPassword === $dbPassword;
- }
- public function getLoggedUser()
- {
- if ($this->isUserLogged()) {
- $id = $this->get('logged_user_id');
- return $this->getUserById($id);
- }
- return null;
- }
- protected function isUserLogged()
- {
- return $this->get('is_logged') ?? false;
- }
- public function getErrors()
- {
- return $this->errors;
- }
- protected function validateUsername($username)
- {
- $errors = [];
- if (strlen($username) < '3') {
- $errors[] = 'Username too short.';
- }
- if (strlen($username) > '50') {
- $errors[] = 'Username too long';
- }
- // Match a-z, A-Z, 1-9, -, _.
- if (!preg_match("/^[a-zA-Z\d-_]+$/i", $username)) {
- $errors[] = 'Disallowed characters';
- }
- return $errors;
- }
- protected function validatePassword($password)
- {
- $errors = [];
- if (strlen($password) < '8') {
- $errors[] = 'Password too short';
- }
- if (!preg_match("#[0-9]+#", $password)) {
- $errors[] = 'Password need numbers';
- }
- if (!preg_match("#[A-Z]+#", $password)) {
- $errors[] = 'Pasword need uppercase letters';
- }
- if (!preg_match("#[a-z]+#", $password)) {
- $errors[] = 'Pasword need lowercase letters';
- }
- return $errors;
- }
- protected function validateEmail($email)
- {
- $errors = [];
- // Remove all illegal characters from email
- $email = filter_var($email, FILTER_SANITIZE_EMAIL);
- // Validate e-mail
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $this->errors[] = 'E-mail address is not valid';
- }
- return $errors;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement