API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 10th, 2017
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.76 KB | None | 0 0
raw download clone embed print report
  1. .
  2. +-- css
  3. | +-- images
  4. | +-- style.css
  5. +-- includes
  6. | +-- config.php
  7. | +-- connection.php
  8. | +-- footer.php
  9. | +-- header.php
  10. | +-- session.php
  11. | +-- user.php
  12. +-- dashboard.php
  13. +-- login.php
  14. +-- logout.php
  15.  
  16. <?php
  17. define('DB_HOST', 'localhost');
  18. define('DB_USER', 'root');
  19. define('DB_PASS', '');
  20. define('DB_NAME', 'cms');
  21. ?>
  22.  
  23. <?php
  24.  
  25. include 'config.php';
  26.  
  27. class Connection{
  28. public function openConnection(){
  29. try{
  30. $db = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME, DB_USER, DB_PASS);
  31. return $db;
  32. }catch (PDOException $e){
  33. return 'Database Error.';
  34. }
  35. }
  36. }
  37.  
  38. ?>
  39.  
  40. <?php
  41.  
  42. class User{
  43.  
  44. private $userData;
  45.  
  46. public function createUser($userId){
  47. $connection = new Connection;
  48. $db = $connection->openConnection();
  49.  
  50. $stmt = $db->query("SELECT * FROM users WHERE user_id = '$userId'");
  51.  
  52. $results = $stmt->fetch();
  53. $this->userData = $results;
  54. }
  55.  
  56. public function getId(){
  57. return $this->userData['user_id'];
  58. }
  59.  
  60. public function getUsername(){
  61. return $this->userData['user_username'];
  62. }
  63. }
  64.  
  65. ?>
  66.  
  67. <?php
  68.  
  69. include "includes/user.php";
  70.  
  71. class Session{
  72. public function createSession(){
  73. session_start();
  74. }
  75.  
  76. public function logUser($userId){
  77. $_SESSION['userId'] = $userId;
  78.  
  79. $selector = base64_encode(random_bytes(8));
  80. $token = bin2hex(random_bytes(32));
  81.  
  82. $cookieValue = $selector.':'.base64_encode($token);
  83. $hashedToken = hash('sha256', $token);
  84.  
  85. $timestamp = time() + (86400 * 14);
  86.  
  87. setcookie('authToken', $cookieValue, $timestamp, NULL, NULL, NULL, true);
  88.  
  89. $connection = new Connection;
  90. $db = $connection->openConnection();
  91.  
  92. $stmt = $db->query("INSERT INTO logins (login_selector, login_token, login_userId, login_expires) VALUES ('$selector', '$hashedToken', '$userId', '$timestamp')");
  93. }
  94.  
  95. public function relogUser($userId){
  96. $_SESSION['userId'] = $userId;
  97. }
  98.  
  99. public function isLogged(){
  100. if(isset($_SESSION['userId'])){
  101. return true;
  102. }else{
  103. if(isset($_COOKIE['authToken'])){
  104. $connection = new Connection;
  105. $db = $connection->openConnection();
  106.  
  107. list($selector, $token) = explode(':', $_COOKIE['authToken']);
  108.  
  109. $stmt = $db->prepare('SELECT * FROM logins WHERE login_selector = :login_selector');
  110. $stmt->bindValue(':login_selector', $selector);
  111.  
  112. $stmt->execute();
  113. $results = $stmt->fetch();
  114.  
  115. if($results){
  116. if(hash_equals($results['login_token'], hash('sha256', base64_decode($token)))){
  117. $this->relogUser($results['login_userId']);
  118. }else{
  119. $this->logOut();
  120. return false;
  121. }
  122. }else{
  123. return false;
  124. }
  125. }else{
  126. return false;
  127. }
  128. }
  129. }
  130.  
  131. public function logOut(){
  132. $connection = new Connection;
  133. $db = $connection->openConnection();
  134.  
  135. list($selector, $token) = explode(':', $_COOKIE['authToken']);
  136.  
  137. $stmt = $db->prepare('DELETE FROM logins WHERE login_selector = :login_selector');
  138. $stmt->bindValue(':login_selector', $selector);
  139.  
  140. $stmt->execute();
  141.  
  142. $stmt = $db->prepare('DELETE FROM logins WHERE login_userId = :login_userId');
  143. $stmt->bindValue(':login_userId', $_SESSION['userId']);
  144.  
  145. $stmt->execute();
  146.  
  147. unset($_SESSION['userId']);
  148. setcookie('authToken', '', 1);
  149. unset($_COOKIE['authToken']);
  150. }
  151.  
  152. public function getId(){
  153. return $_SESSION['userId'];
  154. }
  155. }
  156.  
  157. ?>
  158.  
  159. <?php
  160. include "includes/header.php";
  161. include "includes/connection.php";
  162. include "includes/session.php";
  163.  
  164. $session = new Session;
  165. $session->createSession();
  166.  
  167. if($session->isLogged()){
  168. header('Location: dashboard.php');
  169. exit();
  170. }
  171.  
  172. $connection = new Connection;
  173. $db = $connection->openConnection();
  174.  
  175. if(isset($_POST['username']) && isset($_POST['password'])){
  176. $username = $_POST['username'];
  177. $password = $_POST['password'];
  178.  
  179. if(strlen($username) > 0 && strlen($password) > 0){
  180. $stmt = $db->prepare('SELECT * FROM users WHERE user_username = :username');
  181. $stmt->bindValue(':username', $username);
  182.  
  183. $stmt->execute();
  184. $results = $stmt->fetch();
  185.  
  186. if($results){
  187. $verify = password_verify($password, $results['user_password']);
  188. if($verify){
  189. $session->logUser($results['user_id']);
  190. header('Location: dashboard.php');
  191. }else{
  192. //handle wrong password
  193. }
  194. }else{
  195. //handle no user found
  196. }
  197. }
  198. }
  199. ?>
  200.  
  201. <div class="wrapper">
  202. <div class="login">
  203. <form method="post" action="">
  204. <input type="text" name="username" placeholder="Username">
  205. <input type="password" name="password" placeholder="Password">
  206.  
  207. <button>Log In</button>
  208. </form>
  209. </div>
  210. </div>
  211.  
  212.  
  213.  
  214.  
  215. <?php
  216. include "includes/footer.php";
  217. ?>
  218.  
  219. <?php
  220. include "includes/header.php";
  221. include "includes/connection.php";
  222. include "includes/session.php";
  223.  
  224. $session = new Session;
  225. $session->createSession();
  226.  
  227. if(!$session->isLogged()){
  228. header('Location: login.php');
  229. exit();
  230. }
  231.  
  232. $user = new User;
  233. $user->createUser($_SESSION['userId']);
  234. ?>
  235.  
  236. <div class="wrapper">
  237. <p>Secret page, testing!</p>
  238. <a href="logout.php">Log out</a>
  239. </div>
  240.  
  241.  
  242. <?php
  243. include "includes/footer.php";
  244. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!