Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/php/lib/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'php/lib/auth.php')
-rw-r--r--php/lib/auth.php60
1 files changed, 39 insertions, 21 deletions
diff --git a/php/lib/auth.php b/php/lib/auth.php
index f03db32..eb6319c 100644
--- a/php/lib/auth.php
+++ b/php/lib/auth.php
@@ -1,4 +1,6 @@
<?php
+
+class Auth {
/**
* Home-cooked auth libraries - because PEAR is fat.
* @package mirror
@@ -10,17 +12,18 @@
* Check admin session against sessions table in database.
* @return bool
*/
-function auth_is_valid_session()
+public static function is_valid_session()
{
- if (!empty($_COOKIE['mozilla-mirror-admin'])) { // check cookie
- $res = db_query("SELECT * FROM mirror_sessions WHERE session_id = '{$_COOKIE['mozilla-mirror-admin']}'"); // check db for id
- if ($res && db_numrows($res)>0) {
- $buf = db_fetch($res,MYSQL_ASSOC);
+ $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
+ if (!empty($cookieAdmin)) { // check cookie
+ $res = DB::query("SELECT * FROM mirror_sessions WHERE session_id = ?", [$cookieAdmin]); // check db for id
+ if ($res && DB::numrows($res)>0) {
+ $buf = DB::fetch($res,PDO::FETCH_ASSOC);
// comment line below to disable gc and allow multiple sessions per username
- db_query("DELETE FROM mirror_sessions WHERE username='{$buf['username']}' AND session_id != '{$_COOKIE['mozilla-mirror-admin']}'"); // garbage collection
- $user = db_fetch(db_query("SELECT * FROM mirror_users WHERE username='{$buf['username']}'"),MYSQL_ASSOC);
+ DB::query("DELETE FROM mirror_sessions WHERE username=? AND session_id != ?", [$buf['username'], $cookieAdmin]); // garbage collection
+ $user = DB::fetch(DB::query("SELECT * FROM mirror_users WHERE username=?", [$buf['username']]),PDO::FETCH_ASSOC);
if (empty($_SESSION)) {
- auth_create_session($user); // if session isn't started, create it and push user data
+ static::create_session($user); // if session isn't started, create it and push user data
}
return true;
}
@@ -34,42 +37,57 @@ function auth_is_valid_session()
* @param string $password
* @return array|bool array containing user data or false on failure
*/
-function auth_mysql($username,$password)
+public static function query($username,$password)
{
if (empty($username)||empty($password)) {
return false;
- }
- $username = trim(strip_tags(addslashes($username)));
- $password = trim(strip_tags(addslashes($password)));
- $res = db_query("SELECT * FROM mirror_users WHERE username='{$username}' AND password=MD5('{$password}')");
- if ($res && db_numrows($res)>0) {
- return db_fetch($res,MYSQL_ASSOC);
+ }
+ $username = trim(strip_tags($username));
+ $password = trim(strip_tags($password));
+ $res = DB::query("SELECT * FROM mirror_users WHERE username=?", [$username]);
+ if ($res && DB::numrows($res)>0) {
+ $userrow = DB::fetch($res,PDO::FETCH_ASSOC);
+ if (!password_verify($password, $userrow['password'])) {
+ if ($userrow['password'] !== md5($password))
+ return false;
+ static::password_upgrade($userrow, $username, $password);
+ }
+ if (password_needs_rehash($userrow['password'], PASSWORD_DEFAULT))
+ static::password_upgrade($userrow, $username, $password);
+ return $userrow;
} else {
return false;
}
}
+private static function password_upgrade($userrow, $username, $password) {
+ require_once(LIB.'/mirror.php'); //Upgrade password security
+ Mirror::update_user($userrow['user_id'],$username,$password,$password,$userrow['firstname'],$userrow['lastname'],$userrow['email']);
+}
+
/**
* Start a valid session.
* @param array $user array containing user information.
*/
-function auth_create_session($user,$secure=0)
+public static function create_session($user,$secure=0)
{
session_name('mozilla-mirror-admin');
session_set_cookie_params(0,'/',$_SERVER['HTTP_HOST'],$secure);
session_start();
- db_query("INSERT INTO mirror_sessions(session_id,username) VALUES('".session_id()."','{$user['username']}')");
+ DB::query("INSERT INTO mirror_sessions(session_id,username) VALUES(?,?)", [session_id(), $user['username']]);
$_SESSION['user']=$user;
}
/**
* Logout.
*/
-function auth_logout()
+public static function logout()
{
// comment line below to keep gc from deleting other sessions for this user
- db_query("DELETE FROM mirror_sessions WHERE session_id='{$_COOKIE['mozilla-mirror-admin']}' OR username='{$_SESSION['user']['username']}'");
- $_COOKIE = array();
+ $cookieAdmin = filter_input(INPUT_COOKIE, 'mozilla-mirror-admin');
+ DB::query("DELETE FROM mirror_sessions WHERE session_id=? OR username=?", [$cookieAdmin, $_SESSION['user']['username']]);
+ $_COOKIE = array();
$_SESSION = array();
}
-?>
+
+}