June 7, 2018♦
<?php
namespace account;
require_once "verify_user_credentials.php";
function add_user_cookie($name)
{
$hash = get_stored_hash($name);
$expiration = time() + 30 * 24 * 60 * 60;
$path = "/";
setcookie("name", $name, $expiration, $path);
setcookie("hash", $hash, $expiration, $path);
setcookie("id", null, 0, $path);
setcookie("code", null, 0, $path);
}
<?php
namespace account;
class Mail
{
public function __construct($recipient, $sender, $subject)
{
$this->recipient = $recipient;
$this->sender = $sender;
$this->subject = $subject;
}
public function send()
{
$header = $this->build_header();
$message = $this->build_message();
return mail($this->recipient, $this->subject, $message, $header);
}
private function build_header()
{
$header = "From: " . $this->sender . "\r\n";
$header .= "Content-Type: text/plain\r\n";
return $header;
}
protected function build_message()
{
return "default message\n";
}
}
<?php
namespace account;
require_once "Errors.php";
require_once "get_user_path.php";
require_once "user_exists.php";
$GLOBALS["HASH_FILE_NAME"] = "hash";
function verify_user_credentials($name, $password=null, $hash=null)
{
$errors = new Errors();
if (!user_exists($name))
{
$errors->add("username not found (note: usernames are case-sensitive)");
}
else if (!is_null($password))
{
if (!match_password_to_hash($name, $password))
{
$errors->add("password doesn't match username");
}
}
else
{
if ($hash != get_stored_hash($name))
{
$errors->add("invalid or missing hash in cookie");
}
}
return $errors;
}
function match_password_to_hash($username, $password)
{
return match_to_hash($password, get_stored_hash($username));
}
function get_stored_hash($username)
{
$path = build_user_path($username) . $GLOBALS["HASH_FILE_NAME"];
return trim(file_get_contents($path));
}
function match_to_hash($key, $hash)
{
return $hash == crypt($key, $hash);
}
<?php
namespace account;
class User
{
function __construct(
$name, $password=null, $repeated_password=null, $submitted_hash=null,
$email_address=null)
{
$this->name = $name;
$this->password = $password;
$this->repeated_password = $repeated_password;
$this->submitted_hash = $submitted_hash;
$this->email_address = $email_address;
}
}
<?php
namespace account;
require_once "Errors.php";
require_once "user_exists.php";
require_once "get_user_path.php";
require_once "Password_Mail.php";
require_once "add_user_account.php";
$GLOBALS["EMAIL_ADDRESS_FILE_NAME"] = "email";
$GLOBALS["GENERATED_PASSWORD_LENGTH"] = 10;
submit_reset_password_request();
function submit_reset_password_request()
{
$name = $_GET["name"];
$email_address = $_GET["email"];
$errors = new Errors();
if (!user_exists($name))
{
$errors->add("username not found");
}
else if (!match_to_existing($name, $email_address))
{
$errors->add("submitted address doesn't match account address");
}
else
{
store_password(build_user_path($name), email_password($email_address));
}
echo $errors;
}
function match_to_existing($name, $email_address)
{
$path = build_user_path($name) . $GLOBALS["EMAIL_ADDRESS_FILE_NAME"];
if (file_exists($path))
{
return $email_address == trim(file_get_contents($path));
}
return false;
}
function email_password($email_address)
{
$password = generate_password();
$mail = new Password_Mail($email_address, $password);
$mail->send();
return $password;
}
function generate_password()
{
$length = $GLOBALS["GENERATED_PASSWORD_LENGTH"];
$set = generate_character_set();
$password = "";
for ($ii = 0; $ii < $length; $ii++)
{
$password .= $set[rand(0, strlen($set) - 1)];
}
return $password;
}
function generate_character_set()
{
$set = "";
for ($ii = 0; $ii <= 90 - 65; $ii++)
{
$set .= chr($ii + 65);
}
for ($ii = 0; $ii <= 122 - 97; $ii++)
{
$set .= chr($ii + 97);
}
for ($ii = 0; $ii <= 9; $ii++)
{
$set .= $ii;
}
return $set;
}
function send_password($password)
{
$email_address = $this->get_email_address();
}
<?php
namespace account;
require_once "Errors.php";
define("USERNAME_MIN_LENGTH", 5);
define("USERNAME_MAX_LENGTH", 15);
define("PASSWORD_MIN_LENGTH", 7);
define("PASSWORD_MAX_LENGTH", 15);
function validate_submission($username, $password, $email_address)
{
$errors = new Errors();
validate_username($username, $errors);
validate_password($password, $errors);
validate_email_address($email_address, $errors);
return $errors;
}
function validate_username($username, $errors)
{
if (user_exists($username))
{
$errors->add("username taken");
}
$length = strlen($username);
if ($length < USERNAME_MIN_LENGTH)
{
$errors->add("username too short");
}
if ($length > USERNAME_MAX_LENGTH)
{
$errors->add("username too long");
}
if (!validate_username_characters($username))
{
$errors->add("username contains invalid characters");
}
}
function validate_username_characters($username)
{
return !preg_match("/[^0-9a-zA-Z]/", $username);
}
function validate_password($password, $errors)
{
if ($password[0] != $password[1])
{
$errors->add("submitted passwords don't match");
}
$length = strlen($password[0]);
if ($length < PASSWORD_MIN_LENGTH)
{
$errors->add("password too short");
}
if ($length > PASSWORD_MAX_LENGTH)
{
$errors->add("password too long");
}
}
function validate_email_address($email_address, $errors)
{
if (!preg_match("/.+@.+\..+/", $email_address))
{
$errors->add("invalid email address format");
}
}