function Puff_Member_2FA_Disable($Connection, $Username, $Code)
{
global $Sitewide;
require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php';
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t disable 2FA for it.');
}
//// Get Secret
$Secret = mysqli_fetch_once($Connection, 'SELECT `2FA Secret` FROM `Members` WHERE `Username`=\'' . $Username . '\';');
if (empty($Secret['2FA Secret'])) {
return array('error' => 'Sorry, 2FA isn\'t set up for that user.');
}
$Secret = $Secret['2FA Secret'];
//// Generate all the 2FA Stuff
$Check = Authenticatron_Check($Code, $Secret);
if ($Check) {
//// Update Database
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `2FA Active`=\'0\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
} else {
return array('error' => 'Sorry, your code was not valid. They are only valid for 30 seconds.');
}
}
function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.');
}
//// Re-Generate a Salt
// The salt will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
//// Hash Password
$Hashed = Puff_Member_PassHash($Password, $Salt);
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession);
//// Update Database
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Member_Key_Like($Connection, $Username, $Key)
{
$Username = Puff_Member_Sanitize_Username($Username);
$Key = htmlentities($Key, ENT_QUOTES, 'UTF-8');
$Result = mysqli_query($Connection, 'SELECT * FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key` LIKE \'%' . $Key . '%\';');
return $Result;
}
function Puff_Member_Key_Value($Connection, $Username, $Key)
{
$Username = Puff_Member_Sanitize_Username($Username);
$Key = htmlentities($Key, ENT_QUOTES, 'UTF-8');
$Result = mysqli_fetch_once($Connection, 'SELECT `Value` FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key`=\'' . $Key . '\';');
return $Result['Value'];
}
function Puff_Member_Session_Create($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.');
}
//// Generate a Session
// The Session will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Session = Puff_SecureRandom();
if (!$Session) {
return array('error' => 'Error: No secure source was available for Session generation. Your password could not be secured. This is not your fault.');
}
//// Collision Chance
// 16 base
// 128 characters
// 16^128 = 1.34*10^124
//// Insert into Database
$Result = mysqli_query($Connection, 'INSERT INTO `Sessions` (`Username`, `Session`) VALUES (\'' . $Username . '\', \'' . $Session . '\');');
$Result = array('Result' => $Result, 'Session' => $Session);
return $Result;
}
function Puff_Member_Key_Update($Connection, $Username, $Key, $Value)
{
$Username = Puff_Member_Sanitize_Username($Username);
$Key = htmlentities($Key, ENT_QUOTES, 'UTF-8');
$Value = htmlentities($Value, ENT_QUOTES, 'UTF-8');
$Result = mysqli_query($Connection, 'REPLACE INTO `KeyValues` (`Username`, `Key`, `Value`) VALUES (\'' . $Username . '\', \'' . $Key . '\', \'' . $Value . '\');');
return $Result;
}
function Puff_Member_Key_Create($Connection, $Username, $Key, $Value)
{
$Username = Puff_Member_Sanitize_Username($Username);
$Key = htmlentities($Key, ENT_QUOTES, 'UTF-8');
$OldValue = Puff_Member_Key_Value($Connection, $Username, $Key);
if ($OldValue) {
return array('error' => 'Sorry, that UserKeyValue combination already exists.');
}
$Result = mysqli_query($Connection, 'INSERT INTO `KeyValues`(`Username`, `Key`, `Value`) VALUES (\'' . $Username . '\', \'' . $Key . '\', \'' . $Value . '\');');
return $Result;
}
function Puff_Member_Session_Disable_All($Connection, $Username, $Exemption = false)
{
$Username = Puff_Member_Sanitize_Username($Username);
$SQL = 'UPDATE `Sessions` SET `Active`=\'0\' WHERE `Username`=\'' . $Username . '\'';
if ($Exemption) {
$SQL .= ' AND NOT `Session`=\'' . $Exemption . '\'';
}
$SQL .= ';';
$Result = mysqli_query($Connection, $SQL);
return $Result;
}
function Puff_Member_Key_Destroy($Connection, $Username, $Key)
{
$Username = Puff_Member_Sanitize_Username($Username);
$Key = htmlentities($Key, ENT_QUOTES, 'UTF-8');
$OldValue = Puff_Member_Key_Value($Connection, $Username, $Key);
if (!$OldValue) {
return array('error' => 'Sorry, that UserKeyValue combination doesn\'t exist.');
}
//// Destroy the User
$Result = mysqli_query($Connection, 'DELETE FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key`=\'' . $Key . '\';');
return $Result;
}
function Puff_Member_Enable($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if (!$MemberExists) {
return array('warning' => 'Sorry, that user does not exist.');
}
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username);
//// Enable the User
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `Active`=\'1\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Member_Destroy($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if (!$MemberExists) {
return array('warning' => 'Sorry, that user does not exist. I guess that means it\'s sort of gone already?');
}
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username);
//// Destroy the User
$Result = mysqli_query($Connection, 'DELETE FROM `Members` WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Member_2FA_Create($Connection, $Username)
{
global $Sitewide, $Base32_Chars, $PHPQRCode;
require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php';
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.');
}
//// Generate all the 2FA Stuff
$Authenticatron = Authenticatron_New($Username);
//// Update Database
mysqli_query($Connection, 'UPDATE `Members` SET `2FA Secret`=\'' . $Authenticatron['Secret'] . '\' WHERE `Username`=\'' . $Username . '\';');
unset($Authenticatron['Secret']);
return $Authenticatron;
}
function Puff_Member_Create($Connection, $Username, $Password)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if ($MemberExists) {
// TODO Try to log-in instead.
return array('error' => 'Sorry, that username is not available. Please choose a different username, or login if this is your username.');
}
//// Generate a Salt
// The salt will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
//// Hash Password
$Hashed = Puff_Member_PassHash($Password, $Salt);
//// Insert into Database
$Result = mysqli_query($Connection, 'INSERT INTO `Members` (`Username`, `Password`, `Salt`, `PassHash`) VALUES (\'' . $Username . '\', \'' . $Hashed['Password'] . '\', \'' . $Salt . '\', \'' . $Hashed['PassHash'] . '\');');
return $Result;
}
