summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xAuth.php382
-rwxr-xr-xConfig.php39
2 files changed, 236 insertions, 185 deletions
diff --git a/Auth.php b/Auth.php
index 600964a..87b8f1c 100755
--- a/Auth.php
+++ b/Auth.php
@@ -5,10 +5,10 @@ namespace PHPAuth;
use ZxcvbnPhp\Zxcvbn;
use PHPMailer\PHPMailer\PHPMailer;
-/***
-* Auth class
-* Required PHP 5.4 and above.
-*/
+/**
+ * Auth class
+ * Required PHP 5.4 and above.
+ */
class Auth
{
@@ -16,10 +16,9 @@ class Auth
public $config;
public $lang;
- /***
- * Initiates database connection
- */
-
+ /**
+ * Initiates database connection
+ */
public function __construct(\PDO $dbh, $config, $language = "en_GB")
{
$this->dbh = $dbh;
@@ -40,28 +39,28 @@ class Auth
date_default_timezone_set($this->config->site_timezone);
}
- /***
- * Logs a user in
- * @param string $email
- * @param string $password
- * @param int $remember
- * @param string $captcha = NULL
- * @return array $return
- */
-
+ /**
+ * Logs a user in
+ * @param string $email
+ * @param string $password
+ * @param int $remember
+ * @param string $captcha = NULL
+ * @return array $return
+ */
public function login($email, $password, $remember = 0, $captcha = NULL)
{
$return['error'] = true;
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
+
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
return $return;
@@ -72,27 +71,27 @@ class Auth
if ($validateEmail['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_password_invalid"];
+
return $return;
- } elseif($validatePassword['error'] == 1) {
+ } elseif ($validatePassword['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_password_invalid"];
+
return $return;
- } elseif($remember != 0 && $remember != 1) {
+ } elseif ($remember != 0 && $remember != 1) {
$this->addAttempt();
-
$return['message'] = $this->lang["remember_me_invalid"];
+
return $return;
}
$uid = $this->getUID(strtolower($email));
- if(!$uid) {
+ if (!$uid) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_password_incorrect"];
+
return $return;
}
@@ -100,22 +99,23 @@ class Auth
if (!password_verify($password, $user['password'])) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_password_incorrect"];
+
return $return;
}
if ($user['isactive'] != 1) {
$this->addAttempt();
-
$return['message'] = $this->lang["account_inactive"];
+
return $return;
}
$sessiondata = $this->addSession($user['uid'], $remember);
- if($sessiondata == false) {
+ if ($sessiondata == false) {
$return['message'] = $this->lang["system_error"] . " #01";
+
return $return;
}
@@ -142,58 +142,66 @@ class Auth
public function register($email, $password, $repeatpassword, $params = Array(), $captcha = NULL, $sendmail = NULL)
{
$return['error'] = true;
-
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
+
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
if ($password !== $repeatpassword) {
$return['message'] = $this->lang["password_nomatch"];
+
return $return;
}
// Validate email
$validateEmail = $this->validateEmail($email);
+
if ($validateEmail['error'] == 1) {
$return['message'] = $validateEmail['message'];
+
return $return;
}
// Validate password
$validatePassword = $this->validatePassword($password);
+
if ($validatePassword['error'] == 1) {
$return['message'] = $validatePassword['message'];
+
return $return;
}
$zxcvbn = new Zxcvbn();
- if($zxcvbn->passwordStrength($password)['score'] < intval($this->config->password_min_score)) {
+ if ($zxcvbn->passwordStrength($password)['score'] < intval($this->config->password_min_score)) {
$return['message'] = $this->lang['password_weak'];
+
return $return;
}
if ($this->isEmailTaken($email)) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_taken"];
+
return $return;
}
$addUser = $this->addUser($email, $password, $params, $sendmail);
- if($addUser['error'] != 0) {
+ if ($addUser['error'] != 0) {
$return['message'] = $addUser['message'];
+
return $return;
}
@@ -212,32 +220,34 @@ class Auth
public function activate($key)
{
$return['error'] = true;
-
$block_status = $this->isBlocked();
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
- if(strlen($key) !== 20) {
+ if (strlen($key) !== 20) {
$this->addAttempt();
-
$return['message'] = $this->lang["activationkey_invalid"];
+
return $return;
}
$getRequest = $this->getRequest($key, "activation");
- if($getRequest['error'] == 1) {
+ if ($getRequest['error'] == 1) {
$return['message'] = $getRequest['message'];
+
return $return;
}
- if($this->getBaseUser($getRequest['uid'])['isactive'] == 1) {
+ if ($this->getBaseUser($getRequest['uid'])['isactive'] == 1) {
$this->addAttempt();
$this->deleteRequest($getRequest['id']);
-
$return['message'] = $this->lang["system_error"] . " #02";
+
return $return;
}
@@ -262,8 +272,10 @@ class Auth
{
$return['error'] = true;
$block_status = $this->isBlocked();
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
@@ -271,6 +283,7 @@ class Auth
if ($validateEmail['error'] == 1) {
$return['message'] = $this->lang["email_invalid"];
+
return $return;
}
@@ -281,14 +294,16 @@ class Auth
$this->addAttempt();
$return['message'] = $this->lang["email_incorrect"];
+
return $return;
}
$addRequest = $this->addRequest($query->fetch(\PDO::FETCH_ASSOC)['id'], $email, "reset", $sendmail);
+
if ($addRequest['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $addRequest['message'];
+
return $return;
}
@@ -337,7 +352,7 @@ class Auth
$query = $this->dbh->prepare("SELECT id FROM {$this->config->table_users} WHERE email = ?");
$query->execute(array($email));
- if($query->rowCount() == 0) {
+ if ($query->rowCount() == 0) {
return false;
}
@@ -356,7 +371,7 @@ class Auth
$ip = $this->getIp();
$user = $this->getBaseUser($uid);
- if(!$user) {
+ if (!$user) {
return false;
}
@@ -365,7 +380,7 @@ class Auth
$this->deleteExistingSessions($uid);
- if($remember == true) {
+ if ($remember == true) {
$data['expire'] = date("Y-m-d H:i:s", strtotime($this->config->cookie_remember));
$data['expiretime'] = strtotime($data['expire']);
} else {
@@ -377,11 +392,12 @@ class Auth
$query = $this->dbh->prepare("INSERT INTO {$this->config->table_sessions} (uid, hash, expiredate, ip, agent, cookie_crc) VALUES (?, ?, ?, ?, ?, ?)");
- if(!$query->execute(array($uid, $data['hash'], $data['expire'], $ip, $agent, $data['cookie_crc']))) {
+ if (!$query->execute(array($uid, $data['hash'], $data['expire'], $ip, $agent, $data['cookie_crc']))) {
return false;
}
$data['expire'] = strtotime($data['expire']);
+
return $data;
}
@@ -422,12 +438,13 @@ class Auth
public function checkSession($hash)
{
$ip = $this->getIp();
-
$block_status = $this->isBlocked();
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
return false;
}
+
if (strlen($hash) != 40) {
return false;
}
@@ -440,7 +457,6 @@ class Auth
}
$row = $query->fetch(\PDO::FETCH_ASSOC);
-
$sid = $row['id'];
$uid = $row['uid'];
$expiredate = strtotime($row['expiredate']);
@@ -516,7 +532,7 @@ class Auth
$query = $this->dbh->prepare("INSERT INTO {$this->config->table_users} VALUES ()");
- if(!$query->execute()) {
+ if (!$query->execute()) {
$return['message'] = $this->lang["system_error"] . " #03";
return $return;
}
@@ -524,14 +540,14 @@ class Auth
$uid = $this->dbh->lastInsertId();
$email = htmlentities(strtolower($email));
- if($sendmail) {
+ if ($sendmail) {
$addRequest = $this->addRequest($uid, $email, "activation", $sendmail);
- if($addRequest['error'] == 1) {
+ if ($addRequest['error'] == 1) {
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_users} WHERE id = ?");
$query->execute(array($uid));
-
$return['message'] = $addRequest['message'];
+
return $return;
}
@@ -558,11 +574,11 @@ class Auth
$bindParams = array_values(array_merge(array($email, $password, $isactive), $params, array($uid)));
- if(!$query->execute($bindParams)) {
+ if (!$query->execute($bindParams)) {
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_users} WHERE id = ?");
$query->execute(array($uid));
-
$return['message'] = $this->lang["system_error"] . " #04";
+
return $return;
}
@@ -592,6 +608,7 @@ class Auth
}
$data['uid'] = $uid;
+
return $data;
}
@@ -618,6 +635,7 @@ class Auth
$data['uid'] = $uid;
unset($data['password']);
+
return $data;
}
@@ -634,55 +652,59 @@ class Auth
$return['error'] = true;
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
+
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
$validatePassword = $this->validatePassword($password);
- if($validatePassword['error'] == 1) {
+ if ($validatePassword['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $validatePassword['message'];
+
return $return;
}
$user = $this->getBaseUser($uid);
- if(!password_verify($password, $user['password'])) {
+ if (!password_verify($password, $user['password'])) {
$this->addAttempt();
-
$return['message'] = $this->lang["password_incorrect"];
+
return $return;
}
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_users} WHERE id = ?");
- if(!$query->execute(array($uid))) {
+ if (!$query->execute(array($uid))) {
$return['message'] = $this->lang["system_error"] . " #05";
+
return $return;
}
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_sessions} WHERE uid = ?");
- if(!$query->execute(array($uid))) {
+ if (!$query->execute(array($uid))) {
$return['message'] = $this->lang["system_error"] . " #06";
+
return $return;
}
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_requests} WHERE uid = ?");
- if(!$query->execute(array($uid))) {
+ if (!$query->execute(array($uid))) {
$return['message'] = $this->lang["system_error"] . " #07";
+
return $return;
}
@@ -705,23 +727,26 @@ class Auth
{
$return['error'] = true;
- if($type != "activation" && $type != "reset") {
+ if ($type != "activation" && $type != "reset") {
$return['message'] = $this->lang["system_error"] . " #08";
+
return $return;
}
// if not set manually, check config data
- if($sendmail === NULL)
- {
+ if ($sendmail === NULL) {
$sendmail = true;
- if($type == "reset" && $this->config->emailmessage_suppress_reset === true ) {
+ if ($type == "reset" && $this->config->emailmessage_suppress_reset === true ) {
$sendmail = false;
$return['error'] = false;
+
return $return;
}
+
if ($type == "activation" && $this->config->emailmessage_suppress_activation === true ) {
$sendmail = false;
$return['error'] = false;
+
return $return;
}
}
@@ -729,7 +754,7 @@ class Auth
$query = $this->dbh->prepare("SELECT id, expire FROM {$this->config->table_requests} WHERE uid = ? AND type = ?");
$query->execute(array($uid, $type));
- if($query->rowCount() > 0) {
+ if ($query->rowCount() > 0) {
$row = $query->fetch(\PDO::FETCH_ASSOC);
$expiredate = strtotime($row['expire']);
@@ -737,14 +762,16 @@ class Auth
if ($currentdate < $expiredate) {
$return['message'] = $this->lang["reset_exists"];
+
return $return;
}
$this->deleteRequest($row['id']);
}
- if($type == "activation" && $this->getBaseUser($uid)['isactive'] == 1) {
+ if ($type == "activation" && $this->getBaseUser($uid)['isactive'] == 1) {
$return['message'] = $this->lang["already_activated"];
+
return $return;
}
@@ -753,29 +780,29 @@ class Auth
$query = $this->dbh->prepare("INSERT INTO {$this->config->table_requests} (uid, rkey, expire, type) VALUES (?, ?, ?, ?)");
- if(!$query->execute(array($uid, $key, $expire, $type))) {
+ if (!$query->execute(array($uid, $key, $expire, $type))) {
$return['message'] = $this->lang["system_error"] . " #09";
+
return $return;
}
$request_id = $this->dbh->lastInsertId();
- if($sendmail === true)
- {
+ if ($sendmail === true) {
// Check configuration for SMTP parameters
- $mail = new PHPMailer;
- if($this->config->smtp) {
- $mail->isSMTP();
- $mail->Host = $this->config->smtp_host;
- $mail->SMTPAuth = $this->config->smtp_auth;
- if(!is_null($this->config->smtp_auth)) {
- $mail->Username = $this->config->smtp_username;
- $mail->Password = $this->config->smtp_password;
- }
- $mail->Port = $this->config->smtp_port;
-
- if(!is_null($this->config->smtp_security)) {
- $mail->SMTPSecure = $this->config->smtp_security;
+ $mail = new PHPMailer;
+ if ($this->config->smtp) {
+ $mail->isSMTP();
+ $mail->Host = $this->config->smtp_host;
+ $mail->SMTPAuth = $this->config->smtp_auth;
+ if (!is_null($this->config->smtp_auth)) {
+ $mail->Username = $this->config->smtp_username;
+ $mail->Password = $this->config->smtp_password;
+ }
+ $mail->Port = $this->config->smtp_port;
+
+ if (!is_null($this->config->smtp_security)) {
+ $mail->SMTPSecure = $this->config->smtp_security;
}
}
@@ -784,27 +811,27 @@ class Auth
$mail->addAddress($email);
$mail->isHTML(true);
- if($type == "activation") {
-
+ if ($type == "activation") {
$mail->Subject = sprintf($this->lang['email_activation_subject'], $this->config->site_name);
$mail->Body = sprintf($this->lang['email_activation_body'], $this->config->site_url, $this->config->site_activation_page, $key);
$mail->AltBody = sprintf($this->lang['email_activation_altbody'], $this->config->site_url, $this->config->site_activation_page, $key);
- }
- else {
+ } else {
$mail->Subject = sprintf($this->lang['email_reset_subject'], $this->config->site_name);
$mail->Body = sprintf($this->lang['email_reset_body'], $this->config->site_url, $this->config->site_password_reset_page, $key);
$mail->AltBody = sprintf($this->lang['email_reset_altbody'], $this->config->site_url, $this->config->site_password_reset_page, $key);
}
- if(!$mail->send()) {
+ if (!$mail->send()) {
$this->deleteRequest($request_id);
-
$return['message'] = $this->lang["system_error"] . " #10";
+
return $return;
}
+
}
$return['error'] = false;
+
return $return;
}
@@ -824,8 +851,8 @@ class Auth
if ($query->rowCount() === 0) {
$this->addAttempt();
-
$return['message'] = $this->lang[$type."key_incorrect"];
+
return $return;
}
@@ -836,10 +863,9 @@ class Auth
if ($currentdate > $expiredate) {
$this->addAttempt();
-
$this->deleteRequest($row['id']);
-
$return['message'] = $this->lang[$type."key_expired"];
+
return $return;
}
@@ -859,6 +885,7 @@ class Auth
protected function deleteRequest($id)
{
$query = $this->dbh->prepare("DELETE FROM {$this->config->table_requests} WHERE id = ?");
+
return $query->execute(array($id));
}
@@ -873,10 +900,12 @@ class Auth
if (strlen($password) < (int)$this->config->verify_password_min_length ) {
$return['message'] = $this->lang["password_short"];
+
return $return;
}
$return['error'] = false;
+
return $return;
}
@@ -891,12 +920,15 @@ class Auth
if (strlen($email) < (int)$this->config->verify_email_min_length ) {
$return['message'] = $this->lang["email_short"];
+
return $return;
} elseif (strlen($email) > (int)$this->config->verify_email_max_length ) {
$return['message'] = $this->lang["email_long"];
+
return $return;
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$return['message'] = $this->lang["email_invalid"];
+
return $return;
}
@@ -905,11 +937,13 @@ class Auth
if (in_array(strtolower(explode('@', $email)[1]), $bannedEmails)) {
$return['message'] = $this->lang["email_banned"];
+
return $return;
}
}
$return['error'] = false;
+
return $return;
}
@@ -926,75 +960,78 @@ class Auth
public function resetPass($key, $password, $repeatpassword, $captcha = NULL)
{
$return['error'] = true;
-
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
+
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
- if(strlen($key) != 20) {
+ if (strlen($key) != 20) {
$return['message'] = $this->lang["resetkey_invalid"];
+
return $return;
}
$validatePassword = $this->validatePassword($password);
- if($validatePassword['error'] == 1) {
+ if ($validatePassword['error'] == 1) {
$return['message'] = $validatePassword['message'];
return $return;
}
- if($password !== $repeatpassword) {
+ if ($password !== $repeatpassword) {
// Passwords don't match
$return['message'] = $this->lang["newpassword_nomatch"];
+
return $return;
}
$data = $this->getRequest($key, "reset");
- if($data['error'] == 1) {
+ if ($data['error'] == 1) {
$return['message'] = $data['message'];
+
return $return;
}
$user = $this->getBaseUser($data['uid']);
- if(!$user) {
+ if (!$user) {
$this->addAttempt();
$this->deleteRequest($data['id']);
-
$return['message'] = $this->lang["system_error"] . " #11";
+
return $return;
}
- if(password_verify($password, $user['password'])) {
+ if (password_verify($password, $user['password'])) {
$this->addAttempt();
-
$return['message'] = $this->lang["newpassword_match"];
+
return $return;
}
$password = $this->getHash($password);
-
$query = $this->dbh->prepare("UPDATE {$this->config->table_users} SET password = ? WHERE id = ?");
$query->execute(array($password, $data['uid']));
if ($query->rowCount() == 0) {
$return['message'] = $this->lang["system_error"] . " #12";
+
return $return;
}
$this->deleteRequest($data['id']);
-
$return['error'] = false;
$return['message'] = $this->lang["password_reset"];
@@ -1011,30 +1048,34 @@ class Auth
{
$return['error'] = true;
$block_status = $this->isBlocked();
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
- if($sendmail == NULL) {
+ if ($sendmail == NULL) {
$return['message'] = $this->lang['function_disabled'];
+
return $return;
}
$validateEmail = $this->validateEmail($email);
- if($validateEmail['error'] == 1) {
+ if ($validateEmail['error'] == 1) {
$return['message'] = $validateEmail['message'];
+
return $return;
}
$query = $this->dbh->prepare("SELECT id FROM {$this->config->table_users} WHERE email = ?");
$query->execute(array($email));
- if($query->rowCount() == 0) {
+ if ($query->rowCount() == 0) {
$this->addAttempt();
-
$return['message'] = $this->lang["email_incorrect"];
+
return $return;
}
@@ -1042,8 +1083,8 @@ class Auth
if ($this->getBaseUser($row['id'])['isactive'] == 1) {
$this->addAttempt();
-
$return['message'] = $this->lang["already_activated"];
+
return $return;
}
@@ -1051,8 +1092,8 @@ class Auth
if ($addRequest['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $addRequest['message'];
+
return $return;
}
@@ -1073,60 +1114,63 @@ class Auth
public function changePassword($uid, $currpass, $newpass, $repeatnewpass, $captcha = NULL)
{
$return['error'] = true;
-
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
$validatePassword = $this->validatePassword($currpass);
- if($validatePassword['error'] == 1) {
+ if ($validatePassword['error'] == 1) {
$this->addAttempt();
-
$return['message'] = $validatePassword['message'];
+
return $return;
}
$validatePassword = $this->validatePassword($newpass);
- if($validatePassword['error'] == 1) {
+ if ($validatePassword['error'] == 1) {
$return['message'] = $validatePassword['message'];
+
return $return;
- } elseif($newpass !== $repeatnewpass) {
+ } elseif ($newpass !== $repeatnewpass) {
$return['message'] = $this->lang["newpassword_nomatch"];
+
return $return;
}
$zxcvbn = new Zxcvbn();
- if($zxcvbn->passwordStrength($newpass)['score'] < intval($this->config->password_min_score)) {
+ if ($zxcvbn->passwordStrength($newpass)['score'] < intval($this->config->password_min_score)) {
$return['message'] = $this->lang['password_weak'];
+
return $return;
}
$user = $this->getBaseUser($uid);
- if(!$user) {
+ if (!$user) {
$this->addAttempt();
-
$return['message'] = $this->lang["system_error"] . " #13";
+
return $return;
}
- if(!password_verify($currpass, $user['password'])) {
+ if (!password_verify($currpass, $user['password'])) {
$this->addAttempt();
-
$return['message'] = $this->lang["password_incorrect"];
+
return $return;
}
@@ -1137,6 +1181,7 @@ class Auth
$return['error'] = false;
$return['message'] = $this->lang["password_changed"];
+
return $return;
}
@@ -1152,26 +1197,27 @@ class Auth
public function changeEmail($uid, $email, $password, $captcha = NULL)
{
$return['error'] = true;
-
$block_status = $this->isBlocked();
- if($block_status == "verify")
- {
- if($this->checkCaptcha($captcha) == false)
- {
+
+ if ($block_status == "verify") {
+ if ($this->checkCaptcha($captcha) == false) {
$return['message'] = $this->lang["user_verify_failed"];
+
return $return;
}
}
+
if ($block_status == "block") {
$return['message'] = $this->lang["user_blocked"];
+
return $return;
}
$validateEmail = $this->validateEmail($email);
- if($validateEmail['error'] == 1)
- {
+ if ($validateEmail['error'] == 1) {
$return['message'] = $validateEmail['message'];
+
return $return;
}
@@ -1179,29 +1225,30 @@ class Auth
if ($validatePassword['error'] == 1) {
$return['message'] = $this->lang["password_notvalid"];
+
return $return;
}
$user = $this->getBaseUser($uid);
- if(!$user) {
+ if (!$user) {
$this->addAttempt();
-
$return['message'] = $this->lang["system_error"] . " #14";
+
return $return;
}
- if(!password_verify($password, $user['password'])) {
+ if (!password_verify($password, $user['password'])) {
$this->addAttempt();
-
$return['message'] = $this->lang["password_incorrect"];
+
return $return;
}
if ($email == $user['email']) {
$this->addAttempt();
-
$return['message'] = $this->lang["newemail_match"];
+
return $return;
}
@@ -1210,11 +1257,13 @@ class Auth
if ($query->rowCount() == 0) {
$return['message'] = $this->lang["system_error"] . " #15";
+
return $return;
}
$return['error'] = false;
$return['message'] = $this->lang["email_changed"];
+
return $return;
}
@@ -1225,22 +1274,21 @@ class Auth
public function isBlocked()
{
- $ip = $this->getIp();
- $this->deleteAttempts($ip, false);
- $query = $this->dbh->prepare("SELECT count(*) FROM {$this->config->table_attempts} WHERE ip = ?");
- $query->execute(array($ip));
-
+ $ip = $this->getIp();
+ $this->deleteAttempts($ip, false);
+ $query = $this->dbh->prepare("SELECT count(*) FROM {$this->config->table_attempts} WHERE ip = ?");
+ $query->execute(array($ip));
$attempts = $query->fetchColumn();
- if($attempts < intval($this->config->attempts_before_verify))
- {
+ if ($attempts < intval($this->config->attempts_before_verify)) {
return "allow";
}
- if($attempts < intval($this->config->attempts_before_ban))
- {
+
+ if ($attempts < intval($this->config->attempts_before_ban)) {
return "verify";
}
- return "block";
+
+ return "block";
}
@@ -1262,12 +1310,10 @@ class Auth
protected function addAttempt()
{
$ip = $this->getIp();
-
$attempt_expiredate = date("Y-m-d H:i:s", strtotime($this->config->attack_mitigation_time));
-
$query = $this->dbh->prepare("INSERT INTO {$this->config->table_attempts} (ip, expiredate) VALUES (?, ?)");
- return $query->execute(array($ip, $attempt_expiredate));
+ return $query->execute(array($ip, $attempt_expiredate));
}
/**
@@ -1279,12 +1325,11 @@ class Auth
protected function deleteAttempts($ip, $all = false)
{
- if($all==true)
- {
- $query = $this->dbh->prepare("DELETE FROM {$this->config->table_attempts} WHERE ip = ?");
- return $query->execute(array($ip));
- }
+ if ($all==true) {
+ $query = $this->dbh->prepare("DELETE FROM {$this->config->table_attempts} WHERE ip = ?");
+ return $query->execute(array($ip));
+ }
$query = $this->dbh->prepare("SELECT id, expiredate FROM {$this->config->table_attempts} WHERE ip = ?");
$query->execute(array($ip));
@@ -1292,8 +1337,7 @@ class Auth
while ($row = $query->fetch(\PDO::FETCH_ASSOC)) {
$expiredate = strtotime($row['expiredate']);
$currentdate = strtotime(date("Y-m-d H:i:s"));
- if($currentdate > $expiredate)
- {
+ if ($currentdate > $expiredate) {
$queryDel = $this->dbh->prepare("DELETE FROM {$this->config->table_attempts} WHERE id = ?");
$queryDel->execute(array($row['id']));
}
@@ -1321,10 +1365,9 @@ class Auth
* Returns IP address
* @return string $ip
*/
-
protected function getIp()
{
- if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
+ if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
return $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
return $_SERVER['REMOTE_ADDR'];
@@ -1335,7 +1378,6 @@ class Auth
* Returns is user logged in
* @return boolean
*/
-
public function isLogged() {
return (isset($_COOKIE[$this->config->cookie_name]) && $this->checkSession($_COOKIE[$this->config->cookie_name]));
}
diff --git a/Config.php b/Config.php
index dd17b56..ed29dca 100755
--- a/Config.php
+++ b/Config.php
@@ -21,8 +21,9 @@ class Config
{
$this->dbh = $dbh;
- if (func_num_args() > 1)
+ if (func_num_args() > 1) {
$this->config_table = $config_table;
+ }
$this->config = array();
@@ -57,10 +58,12 @@ class Config
{
$query = $this->dbh->prepare("UPDATE {$this->config_table} SET value = ? WHERE setting = ?");
- if($query->execute(array($value, $setting))) {
+ if ($query->execute(array($value, $setting))) {
$this->config[$setting] = $value;
+
return true;
}
+
return false;
}
@@ -71,11 +74,11 @@ class Config
* @param mixed $value
* @return bool
*/
- public function override($setting, $value){
-
+ public function override($setting, $value)
+ {
$this->config[$setting] = $value;
- return true;
+ return true;
}
/**
@@ -88,33 +91,39 @@ class Config
{
// verify* values.
- if (! isset($this->config['verify_password_min_length']) )
+ if (!isset($this->config['verify_password_min_length'])) {
$this->config['verify_password_min_length'] = 3;
+ }
- if (! isset($this->config['verify_password_max_length']) )
+ if (!isset($this->config['verify_password_max_length'])) {
$this->config['verify_password_max_length'] = 150;
+ }
- if (! isset($this->config['verify_password_strong_requirements']) )
+ if (!isset($this->config['verify_password_strong_requirements'])) {
$this->config['verify_password_strong_requirements'] = 1;
+ }
- if (! isset($this->config['verify_email_min_length']) )
+ if (!isset($this->config['verify_email_min_length'])) {
$this->config['verify_email_min_length'] = 5;
+ }
- if (! isset($this->config['verify_email_max_length']) )
+ if (!isset($this->config['verify_email_max_length'])) {
$this->config['verify_email_max_length'] = 100;
+ }
- if (! isset($this->config['verify_email_use_banlist']) )
+ if (!isset($this->config['verify_email_use_banlist'])) {
$this->config['verify_email_use_banlist'] = 1;
+ }
// emailmessage* values
- if (! isset($this->config['emailmessage_suppress_activation']) )
+ if (!isset($this->config['emailmessage_suppress_activation'])) {
$this->config['emailmessage_suppress_activation'] = 0;
+ }
- if (! isset($this->config['emailmessage_suppress_reset']) )
+ if (!isset($this->config['emailmessage_suppress_reset'])) {
$this->config['emailmessage_suppress_reset'] = 0;
-
+ }
}
-
}
generated by cgit v1.1 at 2025-05-10 20:58:10 +0000