X-Git-Url: https://git-public.kairo.at/?a=blobdiff_plain;ds=sidebyside;f=authutils.php-class;h=555721e4a91f74ef9f07d8606b7c8c7efcb66c28;hb=77f0f9ff1f1c54aef1e7370144df302d83118f70;hp=0b7d4b1e2acd4328e7ec0b25cc8160d119dae91e;hpb=087085d618e57aea5f292a5bb57d46304574cc6a;p=authserver.git diff --git a/authutils.php-class b/authutils.php-class index 0b7d4b1..555721e 100755 --- a/authutils.php-class +++ b/authutils.php-class @@ -7,8 +7,16 @@ class AuthUtils { // KaiRo.at authentication utilities PHP class // This class contains helper functions for the authentication system. // - // function __construct() + // function __construct($settings, $db) // CONSTRUCTOR + // Settings are an associative array with a numeric pwd_cost field and an array pwd_nonces field. + // The DB is a PDO object. + // + // public $db + // A PDO database object for interaction. + // + // public $running_on_localhost + // A boolean telling if the system is running on localhost (where https is not required). // // private $pwd_cost // The cost parameter for use with PHP password_hash function. @@ -17,6 +25,12 @@ class AuthUtils { // The array of nonces to use for "peppering" passwords. For new hashes, the last one of those will be used. // Generate a nonce with this command: |openssl rand -base64 48| // + // function log($code, $additional_info) + // Log an entry for admin purposes, with a code and some additional info. + // + // function checkForSecureConnection() + // Check is the connection is secure and return an array of error messages (empty if it's secure). + // // function checkPasswordConstraints($new_password, $user_email) // Check password constraints and return an array of error messages (empty if all constraints are met). // @@ -44,19 +58,38 @@ class AuthUtils { // function pwdNeedsRehash($user) // Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed. - function __construct($settings) { + function __construct($settings, $db) { // *** constructor *** - if (array_key_exists('pwd_nonces', $settings)) { - $this->pwd_nonces = $settings['pwd_nonces']; - } + $this->db = $db; + $this->running_on_localhost = preg_match('/^((.+\.)?localhost|127\.0\.0\.\d+)$/', $_SERVER['SERVER_NAME']); if (array_key_exists('pwd_cost', $settings)) { $this->pwd_cost = $settings['pwd_cost']; } + if (array_key_exists('pwd_nonces', $settings)) { + $this->pwd_nonces = $settings['pwd_nonces']; + } } + public $db = null; + public $running_on_localhost = false; private $pwd_cost = 10; private $pwd_nonces = array(); + function log($code, $info) { + $result = $this->db->prepare('INSERT INTO `auth_log` (`code`, `info`, `ip_addr`) VALUES (:code, :info, :ipaddr);'); + if (!$result->execute(array(':code' => $code, ':info' => $info, ':ipaddr' => $_SERVER['REMOTE_ADDR']))) { + // print($result->errorInfo()[2]); + } + } + + function checkForSecureConnection() { + $errors = array(); + if (($_SERVER['SERVER_PORT'] != 443) && !$this->running_on_localhost) { + $errors[] = _('You are not accessing this site on a secure connection, so authentication doesn\'t work.'); + } + return $errors; + } + function checkPasswordConstraints($new_password, $user_email) { $errors = array(); if ($new_password != trim($new_password)) {