API tools faq
paste
Guest User

Untitled

a guest
May 7th, 2019
44
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.46 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.  
  4. class Auth extends Session
  5. {
  6.     /*
  7.      * singleton pattern
  8.      */
  9.     private static $instance;
  10.     private function __construct() {}
  11.     public static function getInstance()
  12.     {
  13.         if (self::$instance)
  14.             return self::$instance;
  15.         self::$instance = new self();
  16.         return self::$instance;
  17.     }
  18.    
  19.     /*
  20.      * Auth config settings
  21.      */
  22.     private $method;
  23.     private $user_table;
  24.     private $email_field_name;
  25.     private $username_field_name;
  26.     private $password_field_name;
  27.     private $confirmation_password_field_name;
  28.     public function setConfig($config) {
  29.         $this->method = $config['method'];
  30.         $this->user_table = $config['user_table'];
  31.         $this->email_field_name = $config['email_field_name'];
  32.         $this->username_field_name = $config['username_field_name'];
  33.         $this->password_field_name = $config['password_field_name'];
  34.         $this->confirmation_password_field_name = $config['confirmation_password_field_name'];
  35.     }
  36.  
  37.  
  38.  
  39.     /*
  40.      *  load queryBuilder and Request object
  41.      */
  42.     /** @var $query Query */
  43.     private $query;
  44.     private $request;
  45.     private $errors = [];
  46.     public function init(Query $query, Request $request)
  47.     {
  48.         parent::start();
  49.         $this->query = $query;
  50.         $this->request = $request;
  51.     }
  52.  
  53.  
  54.     /*
  55.      * login
  56.      */
  57.     public function login()
  58.     {
  59.         if ($this->isUserLogged())
  60.             return $this->getLoggedUser();
  61.  
  62.         $emailField = $this->email_field_name;
  63.         $passwordField = $this->password_field_name;
  64.  
  65.         $password = $this->getUserCredentials($passwordField);
  66.         $email = $this->getUserCredentials($emailField);
  67.  
  68.         //if credentials are not present return
  69.         if (
  70.             $email == null &&
  71.             $password == null
  72.         ) return false;
  73.  
  74.         //retrieve user by username
  75.         $user = $this->getUserByEmail($email);
  76.         if ( !$user )
  77.             return false;
  78.  
  79.         //check password correctness
  80.         if ( $this->verifyPassword($password, $user->$passwordField) ) {
  81.             $this->completeLogin($user);
  82.             return true;
  83.         }
  84.         return false;
  85.  
  86.     }
  87.  
  88.  
  89.     protected function completeLogin($user)
  90.     {
  91.         $this->set('is_logged', true);
  92.         $this->set('logged_user_id',$user->id);
  93.         $this->set('logged_user_name', $user->username);
  94.     }
  95.  
  96.     /*
  97.      * logout
  98.      */
  99.     public function logout()
  100.     {
  101.         $this->delete('is_logged_in');
  102.         $this->delete('logged_user_id');
  103.         $this->delete('logged_user_name');
  104.         parent::destroy();
  105.     }
  106.  
  107.  
  108.  
  109.     /*
  110.      * register
  111.      */
  112.     public function register()
  113.     {
  114.         if ($this->isUserLogged())
  115.             $this->logout();
  116.  
  117.         $usernameField = $this->username_field_name;
  118.         $emailField = $this->email_field_name;
  119.         $passwordField = $this->password_field_name;
  120.         $confirmationPasswordField = $this->confirmation_password_field_name;
  121.  
  122.         $username = $this->getUserCredentials($usernameField);
  123.         $email = $this->getUserCredentials($emailField);
  124.         $password = $this->getUserCredentials($passwordField);
  125.         $confirmationPassword = $this->getUserCredentials($confirmationPasswordField);
  126.  
  127.         //check credentials
  128.         if (
  129.             $email == null ||
  130.             $password == null ||
  131.             $confirmationPassword == null ||
  132.             $password !== $confirmationPassword
  133.         ) return false;
  134.  
  135.  
  136.         //vlidate credentials
  137.         $errors = array_merge(
  138.             $this->validateUsername($username),
  139.             $this->validateEmail($email),
  140.             $this->validatePassword($password)
  141.         );
  142.         if ( sizeof($errors) > 0 ) {
  143.             $this->errors = $errors;
  144.             return false;
  145.         }
  146.  
  147.  
  148.         $encryptedPassword = $this->encryptPassword($password);
  149.         $this->query->insert($this->user_table, [
  150.             $usernameField => $username,
  151.             $emailField => $email,
  152.             $passwordField => $encryptedPassword
  153.         ]);
  154.         return true;
  155.     }
  156.  
  157.  
  158.  
  159.  
  160.  
  161.     /*
  162.      * DB queries
  163.      */
  164.     protected function getUserByEmail($email)
  165.     {
  166.         $userTable = $this->user_table;
  167.         $emailField = $this->email_field_name;
  168.         $users = $this->query->selectWhere(
  169.             $userTable,
  170.             [$emailField => " = '$email'"]
  171.         );
  172.         return sizeof($users) == 1 ? $users[1] : null;
  173.     }
  174.     protected function getUserByUsername($username)
  175.     {
  176.         $userTable = $this->user_table;
  177.         $usernameColumn = $this->username_field_name;
  178.         $users = $this->query->selectWhere(
  179.             $userTable,
  180.             [$usernameColumn => " = '$username'"]
  181.         );
  182.         return sizeof($users) == 1 ? $users[1] : null;
  183.     }
  184.     protected function getUserById($id)
  185.     {
  186.         $userTable = $this->user_table;
  187.         $users = $this->query->selectWhere(
  188.             $userTable,
  189.             ['id' => " = '$id'"]
  190.         );
  191.         return sizeof($users) == 1 ? $users[1] : null;
  192.     }
  193.  
  194.  
  195.     /*
  196.      * utilities
  197.      */
  198.     protected function encryptPassword($password)
  199.     {
  200.         $passwordHash = password_hash($password, PASSWORD_BCRYPT, array('cost' => 12));
  201.         return $passwordHash;
  202.     }
  203.     protected function getUserCredentials($key)
  204.     {
  205.         $method = $this->method;
  206.         return $this->request->$method($key);
  207.     }
  208.     protected function verifyPassword($submittedPassword, $dbPassword)
  209.     {
  210.         $submittedPassword = $this->encryptPassword($submittedPassword);
  211.         return $submittedPassword === $dbPassword;
  212.     }
  213.     public function getLoggedUser()
  214.     {
  215.         if ($this->isUserLogged()) {
  216.             $id = $this->get('logged_user_id');
  217.             return $this->getUserById($id);
  218.         }
  219.         return null;
  220.     }
  221.  
  222.     protected function isUserLogged()
  223.     {
  224.         return $this->get('is_logged') ?? false;
  225.     }
  226.  
  227.     public function getErrors()
  228.     {
  229.         return $this->errors;
  230.     }
  231.  
  232.  
  233.     protected function validateUsername($username)
  234.     {
  235.         $errors = [];
  236.         if (strlen($username) < '3') {
  237.             $errors[] = 'Username too short.';
  238.         }
  239.         if (strlen($username) > '50') {
  240.             $errors[] = 'Username too long';
  241.         }
  242.         // Match a-z, A-Z, 1-9, -, _.
  243.         if (!preg_match("/^[a-zA-Z\d-_]+$/i", $username)) {
  244.             $errors[] = 'Disallowed characters';
  245.         }
  246.         return $errors;
  247.     }
  248.  
  249.     protected function validatePassword($password)
  250.     {
  251.         $errors = [];
  252.         if (strlen($password) < '8') {
  253.             $errors[] = 'Password too short';
  254.         }
  255.         if (!preg_match("#[0-9]+#", $password)) {
  256.             $errors[] = 'Password need numbers';
  257.         }
  258.         if (!preg_match("#[A-Z]+#", $password)) {
  259.             $errors[] = 'Pasword need uppercase letters';
  260.         }
  261.         if (!preg_match("#[a-z]+#", $password)) {
  262.             $errors[] = 'Pasword need lowercase letters';
  263.         }
  264.         return $errors;
  265.     }
  266.  
  267.     protected function validateEmail($email)
  268.     {
  269.         $errors = [];
  270.         // Remove all illegal characters from email
  271.         $email = filter_var($email, FILTER_SANITIZE_EMAIL);
  272.         // Validate e-mail
  273.         if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  274.             $this->errors[] = 'E-mail address is not valid';
  275.         }
  276.         return $errors;
  277.     }
  278. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!