June 6, 2016♦
<?php
namespace entities\evr\security;
class Key_Hashes
{
public function __construct()
{
$this->set_path();
$this->set_hashes();
}
private function set_path()
{
$this->path = $GLOBALS["KEY_HASHES_PATH"];
}
private function set_hashes()
{
$this->hashes = file($this->path, FILE_IGNORE_NEW_LINES);
}
public function write()
{
$string = implode("\n", $this->hashes) . "\n";
file_put_contents($this->path, $string);
}
public function remove($hash)
{
$hashes = $this->hashes;
foreach (range(0, count($hashes) - 1) as $ii)
{
if ($hashes[$ii] == $hash)
{
array_splice($hashes, $ii, 1);
break;
}
}
$this->hashes = $hashes;
}
}
<?php
namespace entities\evr\security;
use entities\html as html;
class Security
{
public function __construct()
{
$this->registrar = new Registrar();
$this->cookie = new Cookie();
$this->set_username();
$this->addresses = new Addresses($this->username);
}
private function set_username()
{
$username = null;
if ($this->is_login())
{
$submission = $this->get_post_parameter("username");
$username = $this->find_user_directory($submission);
}
else if ($this->cookie->exists())
{
$username = $this->cookie->get_username();
}
$this->username = $username;
}
private function is_login()
{
$action = $this->get_post_parameter("action");
return $action == $GLOBALS["LOGIN_BUTTON_TEXT"];
}
public function register_user()
{
return $this->registrar->register();
}
public static function validate_key()
{
$hashes = new Key_Hashes();
$key = self::get_post_parameter("key");
if (self::find_hash($hashes, $key))
{
return true;
}
self::show_error("Key not found");
return false;
}
public static function find_hash($hashes, $key)
{
foreach ($hashes->hashes as $hash)
{
if (self::match_to_hash($key, $hash))
{
return $hash;
}
}
}
public static function match_to_hash($key, $hash)
{
if (!$hash)
{
return $hash == crypt($key);
}
return $hash == crypt($key, $hash);
}
public static function show_error($message)
{
echo new html\Div(null, "error", $message);
}
public function validate_user()
{
$action = $this->get_post_parameter("action");
if ($this->is_login())
{
return $this->log_user_in();
}
else if ($this->cookie->exists())
{
return $this->validate_cookie();
}
}
public static function get_post_parameter($name)
{
if (isset($_POST[$name]))
{
return $_POST[$name];
}
}
private function log_user_in()
{
$password = $this->get_post_parameter("password");
if ($hash = $this->verify_credentials($this->username, $password))
{
if ($this->get_post_parameter("remember"))
{
$this->cookie->set($this->username, $hash);
$this->addresses->add_current();
}
return true;
}
return false;
}
public static function verify_credentials($username, $password)
{
$hash = self::get_stored_hash($username);
if (self::match_to_hash($password, $hash))
{
return $hash;
}
self::show_error("Username/password not found");
}
public static function get_stored_hash($username)
{
$root = $GLOBALS["USERS_PATH"] . "/";
$path = "$root$username/" . $GLOBALS["USER_HASH_PATH"];
if (is_file($path))
{
return trim(file_get_contents($path));
}
return null;
}
public static function find_user_directory($username)
{
$root = $GLOBALS["USERS_PATH"];
foreach (scandir($root) as $file_name)
{
$path = "$root/$file_name";
if (is_dir($path) && !strcasecmp($file_name, $username))
{
return $file_name;
}
}
}
private function validate_cookie()
{
$hash = $this->cookie->get_hash();
$stored = self::get_stored_hash($this->username);
if ($hash == $stored)
{
if ($this->addresses->find_current_address())
{
$this->cookie->set($this->username, $hash);
return true;
}
}
return false;
}
public static function show_success($message)
{
echo new html\Div(null, "success", $message);
}
public static function remove_key()
{
$key = self::get_post_parameter("key");
$hashes = new Key_Hashes();
$hash = self::find_hash($hashes, $key);
$hashes->remove($hash);
$hashes->write();
}
public function change_password()
{
return $this->registrar->change_password();
}
public function reset_password()
{
return $this->registrar->reset_password();
}
}
