summaryrefslogtreecommitdiff
path: root/localwebsite/classes
diff options
context:
space:
mode:
authorEvgeny Zinoviev <me@ch1p.io>2022-05-26 21:18:29 +0300
committerEvgeny Zinoviev <me@ch1p.io>2022-05-27 01:04:47 +0300
commitcf0b9f036b3e3eb218610e7eeececda1320d9f50 (patch)
tree39e6d1853aecb3fb77036a941a4c6df12a0ce793 /localwebsite/classes
parentc3ed2483ea508141431be74f29f7c209271897cd (diff)
auth
Diffstat (limited to 'localwebsite/classes')
-rw-r--r--localwebsite/classes/User.php11
-rw-r--r--localwebsite/classes/auth.php66
-rw-r--r--localwebsite/classes/config.php10
-rw-r--r--localwebsite/classes/users.php39
4 files changed, 126 insertions, 0 deletions
diff --git a/localwebsite/classes/User.php b/localwebsite/classes/User.php
new file mode 100644
index 0000000..9019082
--- /dev/null
+++ b/localwebsite/classes/User.php
@@ -0,0 +1,11 @@
+<?php
+
+class User extends model {
+
+ const DB_TABLE = 'users';
+
+ public int $id;
+ public string $username;
+ public string $password;
+
+}
diff --git a/localwebsite/classes/auth.php b/localwebsite/classes/auth.php
new file mode 100644
index 0000000..2cdee72
--- /dev/null
+++ b/localwebsite/classes/auth.php
@@ -0,0 +1,66 @@
+<?php
+
+class auth {
+
+ public static ?User $authorizedUser = null;
+
+ const SESSION_TIMEOUT = 86400 * 365;
+ const COOKIE_NAME = 'auth';
+
+ public static function getToken(): ?string {
+ return $_COOKIE[self::COOKIE_NAME] ?? null;
+ }
+
+ public static function setToken(string $token) {
+ setcookie(self::COOKIE_NAME,
+ $token,
+ time() + self::SESSION_TIMEOUT,
+ '/',
+ config::get('auth_cookie_host'),
+ true);
+ }
+
+ public static function resetToken() {
+ if (!headers_sent())
+ setcookie(self::COOKIE_NAME, null, -1, '/', config::get('auth_cookie_host'));
+ }
+
+ public static function id(bool $do_check = true): int {
+ if ($do_check)
+ self::check();
+
+ if (!self::$authorizedUser)
+ return 0;
+
+ return self::$authorizedUser->id;
+ }
+
+ public static function check(?string $pwhash = null): bool {
+ if (self::$authorizedUser !== null)
+ return true;
+
+ // get auth token
+ if (!$pwhash)
+ $pwhash = self::getToken();
+
+ if (!is_string($pwhash))
+ return false;
+
+ // find session by given token
+ $user = users::getUserByPwhash($pwhash);
+ if (is_null($user)) {
+ self::resetToken();
+ return false;
+ }
+
+ self::$authorizedUser = $user;
+
+ return true;
+ }
+
+ public static function logout() {
+ self::resetToken();
+ self::$authorizedUser = null;
+ }
+
+} \ No newline at end of file
diff --git a/localwebsite/classes/config.php b/localwebsite/classes/config.php
new file mode 100644
index 0000000..87ecf1c
--- /dev/null
+++ b/localwebsite/classes/config.php
@@ -0,0 +1,10 @@
+<?php
+
+class config {
+
+ public static function get(string $key) {
+ global $config;
+ return is_callable($config[$key]) ? $config[$key]() : $config[$key];
+ }
+
+} \ No newline at end of file
diff --git a/localwebsite/classes/users.php b/localwebsite/classes/users.php
new file mode 100644
index 0000000..1160dba
--- /dev/null
+++ b/localwebsite/classes/users.php
@@ -0,0 +1,39 @@
+<?php
+
+class users {
+
+ public static function add(string $username, string $password): int {
+ $db = getDB();
+ $db->insert('users', [
+ 'username' => $username,
+ 'password' => pwhash($password)
+ ]);
+ return $db->insertId();
+ }
+
+ public static function exists(string $username): bool {
+ $db = getDB();
+ $count = (int)$db->querySingle("SELECT COUNT(*) FROM users WHERE username=?", $username);
+ return $count > 0;
+ }
+
+ public static function validatePassword(string $username, string $password): bool {
+ $db = getDB();
+ $row = $db->querySingleRow("SELECT * FROM users WHERE username=?", $username);
+ if (!$row)
+ return false;
+
+ return $row['password'] == pwhash($password);
+ }
+
+ public static function getUserByPwhash(string $pwhash): ?User {
+ $db = getDB();
+ $data = $db->querySingleRow("SELECT * FROM users WHERE password=?", $pwhash);
+ return $data ? new User($data) : null;
+ }
+
+ public static function setPassword(int $id, string $new_password) {
+ getDB()->exec("UPDATE users SET password=? WHERE id=?", pwhash($new_password), $id);
+ }
+
+} \ No newline at end of file