2019-05-09 18:54:39 +12:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Auth;
|
|
|
|
|
|
|
|
use Database\Document;
|
|
|
|
|
|
|
|
class Auth
|
|
|
|
{
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Gender.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const USER_GENDER_TYPE_NOT_SET = 0;
|
|
|
|
const USER_GENDER_TYPE_MALE = 1;
|
|
|
|
const USER_GENDER_TYPE_FEMALE = 2;
|
|
|
|
const USER_GENDER_TYPE_OTHER = 3;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Status.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const USER_STATUS_UNACTIVATED = 0;
|
|
|
|
const USER_STATUS_ACTIVATED = 1;
|
|
|
|
const USER_STATUS_BLOCKED = 2;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Types.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const USER_TYPE_USER = 0;
|
|
|
|
const USER_TYPE_PARENT = 1;
|
|
|
|
const USER_TYPE_APP = 2;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Roles.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const USER_ROLE_GUEST = 0;
|
|
|
|
const USER_ROLE_MEMBER = 1;
|
|
|
|
const USER_ROLE_ADMIN = 2;
|
|
|
|
const USER_ROLE_DEVELOPER = 3;
|
|
|
|
const USER_ROLE_OWNER = 4;
|
|
|
|
const USER_ROLE_APP = 5;
|
|
|
|
const USER_ROLE_SYSTEM = 6;
|
|
|
|
const USER_ROLE_ALL = '*';
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Token Types.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const TOKEN_TYPE_LOGIN = 1;
|
|
|
|
const TOKEN_TYPE_CONFIRM = 2;
|
|
|
|
const TOKEN_TYPE_RECOVERY = 3;
|
|
|
|
const TOKEN_TYPE_INVITE = 4;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Token Expiration times.
|
2019-05-09 18:54:39 +12:00
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
const TOKEN_EXPIRATION_LOGIN_LONG = 31536000; /* 1 year */
|
|
|
|
const TOKEN_EXPIRATION_LOGIN_SHORT = 3600; /* 1 hour */
|
|
|
|
const TOKEN_EXPIRATION_RECOVERY = 3600; /* 1 hour */
|
|
|
|
const TOKEN_EXPIRATION_CONFIRM = 3600 * 24 * 7; /* 7 days */
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @var string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static $cookieName = 'a-session';
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Unique ID.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* @var int
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static $unique = 0;
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* User Secret Key.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static $secret = '';
|
2019-05-09 18:54:39 +12:00
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Set Cookie Name.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* @param $string
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function setCookieName($string)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return self::$cookieName = $string;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Encode Session.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
2019-09-07 05:04:26 +12:00
|
|
|
* @param int $id
|
2019-05-09 18:54:39 +12:00
|
|
|
* @param string $secret
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function encodeSession($id, $secret)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return base64_encode(json_encode([
|
|
|
|
'id' => $id,
|
|
|
|
'secret' => $secret,
|
|
|
|
]));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Decode Session.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* @param string $session
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return array
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @throws \Exception
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function decodeSession($session)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
$session = json_decode(base64_decode($session), true);
|
2019-09-07 05:04:26 +12:00
|
|
|
$default = ['id' => null, 'secret' => ''];
|
2019-05-09 18:54:39 +12:00
|
|
|
|
2019-09-07 05:04:26 +12:00
|
|
|
if (!is_array($session)) {
|
2019-05-09 18:54:39 +12:00
|
|
|
return $default;
|
|
|
|
}
|
|
|
|
|
|
|
|
return array_merge($default, $session);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Encode.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* One-way encryption
|
|
|
|
*
|
|
|
|
* @param $string
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function hash($string)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
2019-09-07 05:04:26 +12:00
|
|
|
return hash('sha256', $string);
|
2019-05-09 18:54:39 +12:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Password Hash.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* One way string hashing for user passwords
|
|
|
|
*
|
|
|
|
* @param $string
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return bool|string
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function passwordHash($string)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return password_hash($string, PASSWORD_BCRYPT, array('cost' => 8));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Password verify.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* @param $plain
|
|
|
|
* @param $hash
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return bool
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function passwordVerify($plain, $hash)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return password_verify($plain, $hash);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Password Generator.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* Generate random password string
|
|
|
|
*
|
|
|
|
* @param int $length
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return string
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @throws \Exception
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function passwordGenerator(int $length = 20):string
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return bin2hex(random_bytes($length));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Token Generator.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
|
|
|
* Generate random password string
|
|
|
|
*
|
|
|
|
* @param int $length
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return string
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @throws \Exception
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function tokenGenerator(int $length = 128):string
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
return bin2hex(random_bytes($length));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2019-09-07 05:04:26 +12:00
|
|
|
* Verify token and check that its not expired.
|
2019-05-09 18:54:39 +12:00
|
|
|
*
|
2019-09-07 05:04:26 +12:00
|
|
|
* @param array $tokens
|
|
|
|
* @param int $type
|
2019-05-09 18:54:39 +12:00
|
|
|
* @param string $secret
|
2019-09-07 05:04:26 +12:00
|
|
|
*
|
2019-05-09 18:54:39 +12:00
|
|
|
* @return bool|int
|
|
|
|
*/
|
2019-09-07 05:04:26 +12:00
|
|
|
public static function tokenVerify(array $tokens, int $type, string $secret)
|
2019-05-09 18:54:39 +12:00
|
|
|
{
|
|
|
|
foreach ($tokens as $token) { /* @var $token Document */
|
2019-09-07 05:04:26 +12:00
|
|
|
if (isset($token['type']) &&
|
2019-05-09 18:54:39 +12:00
|
|
|
isset($token['secret']) &&
|
|
|
|
isset($token['expire']) &&
|
|
|
|
$token['type'] == $type &&
|
|
|
|
$token['secret'] === self::hash($secret) &&
|
|
|
|
$token['expire'] >= time()) {
|
|
|
|
return $token->getUid();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2019-09-07 05:04:26 +12:00
|
|
|
}
|