Regatten.net/RegattenApp
1
0
Fork 0
Code Issues 40 Pull Requests Actions Packages Projects Releases Wiki Activity

api - login/out possible

Browse Source
This commit is contained in:
Timon Ostertun
2020-09-22 18:01:00 +02:00
parent 9371acec8c
commit cb840a8451
11 changed files with 602 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
api/login.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
function get_user($mysqli, $username = null) {
if ($username === null) {
return db_get_data($mysqli, DB_TABLE_USERS);
} else {
$user = db_get_data($mysqli, DB_TABLE_USERS, '*', '`username` = "' . mysqli_real_escape_string($mysqli, $username) . '"', 1);
if (($user === false) or (count($user) != 1)) return false;
return array_values($user)[0];
}
}
function get_user_by_id($mysqli, $user_id) {
$res = db_get_data($mysqli, DB_TABLE_USERS, '*', '`id` = "' . mysqli_real_escape_string($mysqli, $user_id) . '"', 1);
if (($res !== false) and (count($res) == 1)) {
return array_values($res)[0];
}
return false;
}
//function signup($mysqli, $username, $email, $password) {
// if (($username == '') or ($email == '') or ($password == '')) {
// return 1;
// }
// if (get_user($mysqli, $username) !== false) {
// return 1;
// }
// $salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), true));
// $hashpassword = hash('sha512', $password . $salt);
//
// $user = array();
// $user['username'] = $username;
// $user['email'] = $email;
// $user['password'] = $hashpassword;
// $user['salt'] = $salt;
// if (db_insert_data($mysqli, DB_TABLE_USERS, $user) !== false) {
// $values = array();
// $values['USERNAME'] = $username;
// $message = createMail('signup', STRING_SIGNUP_EMAIL_SUBJECT, $values);
// smtp_send_mail(['Regatten.net', MAIL_FROM_ADDRESS], [[$username, $email]], [], [], STRING_SIGNUP_EMAIL_SUBJECT, $message, [['Content-Type', 'text/html; charset="UTF-8"']]);
// // Analytics
// matomo_event('Login', 'SignUp', $username);
// return true;
// } else {
// return 2;
// }
//}
function get_perm($mysqli, $user_id) {
if ($user_id !== false) {
$result = get_user_by_id($mysqli, $user_id);
if ($result !== false) {
return $result[DB_FIELD_PERM];
} else {
return 0;
}
} else {
return 0;
}
}
// ### NEW LOGIN ####################################
function auth_login($mysqli, $username, $password, $device) {
$user = get_user($mysqli, $username);
if ($user === false) {
// User does not exist
return false;
}
$hashpassword = hash('sha512', $password . $user['salt']);
if ($hashpassword !== $user['password']) {
// Password incorrect
return false;
}
// All correct
$auth = [];
$auth['user'] = $user['id'];
$auth['username'] = $user['username'];
$auth['auth'] = str_replace('/', '-', str_replace('+', '_', base64_encode(openssl_random_pseudo_bytes(24))));
$salt = base64_encode(openssl_random_pseudo_bytes(24));
$hash = hash('sha512', $auth['auth'] . $salt);
$data = [
'user' => $user['id'],
'salt' => $salt,
'authhash' => $hash,
'device' => $device
];
$auth['id'] = db_insert_data($mysqli, DB_TABLE_LOGINS, $data);
return $auth;
}
function auth_logout($mysqli, $id) {
db_delete_data($mysqli, DB_TABLE_LOGINS, 'id = "' . mysqli_real_escape_string($mysqli, $id) . '"', 1);
return true;
}
function auth_check($mysqli, $id, $hash) {
$auth = db_get_data($mysqli, DB_TABLE_LOGINS, '*', 'id="' . mysqli_real_escape_string($mysqli, $id) . '"', 1);
if (($auth === false) or (count($auth) != 1)) return false;
$auth = array_values($auth)[0];
$hash = hash('sha512', $hash . $auth['salt']);
if ($hash != $auth['authhash']) return false;
db_update_data($mysqli, DB_TABLE_LOGINS, ['id' => $auth['id']], 'id="' . $auth['id'] . '"', 1); // update changed field => last login
return $auth['user'];
}
?>