lib/admin.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

<?php

class admin {

    const SESSION_TIMEOUT = 86400 * 14;
    const COOKIE_NAME = 'admin_key';

    protected static ?bool $isAdmin = null;

    public static function isAdmin(): bool {
        if (is_null(self::$isAdmin))
            self::$isAdmin = self::_verifyKey();
        return self::$isAdmin;
    }

    protected static function _verifyKey(): bool {
        if (isset($_COOKIE[self::COOKIE_NAME])) {
            $cookie = (string)$_COOKIE[self::COOKIE_NAME];
            if ($cookie !== self::getKey())
                self::unsetCookie();
            return true;
        }
        return false;
    }

    public static function checkPassword(string $pwd): bool {
        return salt_password($pwd) === config::get('admin_pwd');
    }

    protected static function getKey(): string {
        global $config;
        $admin_pwd_hash = config::get('admin_pwd');
        return salt_password("$admin_pwd_hash|{$_SERVER['REMOTE_ADDR']}");
    }

    public static function setCookie(): void {
        global $config;
        $key = self::getKey();
        setcookie(self::COOKIE_NAME, $key, time() + self::SESSION_TIMEOUT, '/', $config['cookie_host']);
    }

    public static function unsetCookie(): void {
        global $config;
        setcookie(self::COOKIE_NAME, '', 1, '/', $config['cookie_host']);
    }

    public static function logAuth(): void {
        getDb()->insert('admin_log', [
            'ts' => time(),
            'ip' => ip2ulong($_SERVER['REMOTE_ADDR']),
            'ua' => $_SERVER['HTTP_USER_AGENT'] ?? '',
        ]);
    }

}