صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
CopperWire
/
daktylos
4
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 8aa30918b5
شاخه‌ها تگ‌ها
daktylos
/
libs
/
Authorize.class.php

Authorize.class.php 2.1 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. <?php
    2. 

  2. class Authorize {
    3. 

  3. 	public function login($username, $password) {
    4. 

  4. 		$database = SqliteDatabase::getSingleton();
    5. 

  5. 		$sql = "SELECT rowid as user_id, username, display_name FROM users WHERE username = :username AND password = :password LIMIT 1;";
    6. 

  6. 		$queryData = array();
    7. 

  7. 		$queryData['username'] = $username;
    8. 

  8. 		$queryData['password'] = Authorize::hash($password);
    9. 

  9. 		$userData = $database->preparedQueryArray($sql, $queryData);
    10. 

  10. 		if(count($userData) == 0 || count($userData) > 1) {
    11. 

  11. 			//injection attack or user not found
    12. 

  12. 			return false;
    13. 

  13. 		}
    14. 

  14. 		$user = $userData[0];
    15. 

  15. 		
    16. 

  16. 		$sql = "SELECT a.rowid, a.subdomain, a.display_name  FROM user_accounts ua JOIN accounts a ON ua.account_id = a.rowid WHERE ua.user_id = :user_id";
    17. 

  17. 		
    18. 

  18. 		$queryData = array();
    19. 

  19. 		$queryData['user_id'] = $user['user_id'];
    20. 

  20. 		$domains = $database->preparedQueryArray($sql, $queryData);
    21. 

  21. 

  22. 		foreach($domains as $domain) {
    23. 

  23. 			if(DOMAIN == $domain['subdomain']) {
    24. 

  24. 				$response = array("authorized" => true);
    25. 

  25. 				$response['display_name'] = $user['display_name'];
    26. 

  26. 				$response['user_id'] = $user['user_id'];
    27. 

  27. 				$response['domain'] = $domain['subdomain'];
    28. 

  28. 				$response['client_id'] = $domain['rowid'];
    29. 

  29. 				$_SESSION = $response;
    30. 

  30. 				$loggerData = array();
    31. 

  31. 				$loggerData['display_name'] = $user['display_name'];
    32. 

  32. 				$loggerData['user_id'] = $user['user_id'];
    33. 

  33. 				SecurityLogger::action("login", $loggerData, time());
    34. 

  34. 				return $response;
    35. 

  35. 			}
    36. 

  36. 		}
    37. 

  37. 		$loggerData = array();
    38. 

  38. 					$loggerData['attempted_username'] = $username;
    39. 

  39. 					$loggerData['ip_address'] = $_SERVER['REMOTE_ADDR'];
    40. 

  40. 					SecurityLogger::action("login-failed", $loggerData, time());
    41. 

  41. 		return false;
    42. 

  42. 	}
    43. 

  43. 

  44. 	public static function hasPermission() {
    45. 

  45. 		$loggedIn = isset($_SESSION['authorized']) && $_SESSION['authorized'];
    46. 

  46. 		$onAdminSession = isset($_SESSION['domain']) && $_SESSION['domain'] == "admin";
    47. 

  47. 		$actuallyAdmin = DOMAIN == "admin";
    48. 

  48. 

  49. 		return $loggedIn && $onAdminSession && $actuallyAdmin;
    50. 

  50. 	}
    51. 

  51. 

  52. 

  53. 

  54. 	public static function hash($value) {
    55. 

  55. 		return hash("sha256", $value);
    56. 

  56. 	}
    57. 

  57. 

  58. 	public static function isLoggedIn() {
    59. 

  59. 		return isset($_SESSION['authorized']) && $_SESSION['authorized'];
    60. 

  60. 	}
    61. 

  61. }
    62.