function Puff_Member_2FA_Disable($Connection, $Username, $Code) { global $Sitewide; require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php'; //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t disable 2FA for it.'); } //// Get Secret $Secret = mysqli_fetch_once($Connection, 'SELECT `2FA Secret` FROM `Members` WHERE `Username`=\'' . $Username . '\';'); if (empty($Secret['2FA Secret'])) { return array('error' => 'Sorry, 2FA isn\'t set up for that user.'); } $Secret = $Secret['2FA Secret']; //// Generate all the 2FA Stuff $Check = Authenticatron_Check($Code, $Secret); if ($Check) { //// Update Database $Result = mysqli_query($Connection, 'UPDATE `Members` SET `2FA Active`=\'0\' WHERE `Username`=\'' . $Username . '\';'); return $Result; } else { return array('error' => 'Sorry, your code was not valid. They are only valid for 30 seconds.'); } }
function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.'); } //// Re-Generate a Salt // The salt will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } //// Hash Password $Hashed = Puff_Member_PassHash($Password, $Salt); //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession); //// Update Database $Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Member_Key_Like($Connection, $Username, $Key) { $Username = Puff_Member_Sanitize_Username($Username); $Key = htmlentities($Key, ENT_QUOTES, 'UTF-8'); $Result = mysqli_query($Connection, 'SELECT * FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key` LIKE \'%' . $Key . '%\';'); return $Result; }
function Puff_Member_Key_Value($Connection, $Username, $Key) { $Username = Puff_Member_Sanitize_Username($Username); $Key = htmlentities($Key, ENT_QUOTES, 'UTF-8'); $Result = mysqli_fetch_once($Connection, 'SELECT `Value` FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key`=\'' . $Key . '\';'); return $Result['Value']; }
function Puff_Member_Session_Create($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.'); } //// Generate a Session // The Session will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Session = Puff_SecureRandom(); if (!$Session) { return array('error' => 'Error: No secure source was available for Session generation. Your password could not be secured. This is not your fault.'); } //// Collision Chance // 16 base // 128 characters // 16^128 = 1.34*10^124 //// Insert into Database $Result = mysqli_query($Connection, 'INSERT INTO `Sessions` (`Username`, `Session`) VALUES (\'' . $Username . '\', \'' . $Session . '\');'); $Result = array('Result' => $Result, 'Session' => $Session); return $Result; }
function Puff_Member_Key_Update($Connection, $Username, $Key, $Value) { $Username = Puff_Member_Sanitize_Username($Username); $Key = htmlentities($Key, ENT_QUOTES, 'UTF-8'); $Value = htmlentities($Value, ENT_QUOTES, 'UTF-8'); $Result = mysqli_query($Connection, 'REPLACE INTO `KeyValues` (`Username`, `Key`, `Value`) VALUES (\'' . $Username . '\', \'' . $Key . '\', \'' . $Value . '\');'); return $Result; }
function Puff_Member_Key_Create($Connection, $Username, $Key, $Value) { $Username = Puff_Member_Sanitize_Username($Username); $Key = htmlentities($Key, ENT_QUOTES, 'UTF-8'); $OldValue = Puff_Member_Key_Value($Connection, $Username, $Key); if ($OldValue) { return array('error' => 'Sorry, that UserKeyValue combination already exists.'); } $Result = mysqli_query($Connection, 'INSERT INTO `KeyValues`(`Username`, `Key`, `Value`) VALUES (\'' . $Username . '\', \'' . $Key . '\', \'' . $Value . '\');'); return $Result; }
function Puff_Member_Session_Disable_All($Connection, $Username, $Exemption = false) { $Username = Puff_Member_Sanitize_Username($Username); $SQL = 'UPDATE `Sessions` SET `Active`=\'0\' WHERE `Username`=\'' . $Username . '\''; if ($Exemption) { $SQL .= ' AND NOT `Session`=\'' . $Exemption . '\''; } $SQL .= ';'; $Result = mysqli_query($Connection, $SQL); return $Result; }
function Puff_Member_Key_Destroy($Connection, $Username, $Key) { $Username = Puff_Member_Sanitize_Username($Username); $Key = htmlentities($Key, ENT_QUOTES, 'UTF-8'); $OldValue = Puff_Member_Key_Value($Connection, $Username, $Key); if (!$OldValue) { return array('error' => 'Sorry, that UserKeyValue combination doesn\'t exist.'); } //// Destroy the User $Result = mysqli_query($Connection, 'DELETE FROM `KeyValues` WHERE `Username`=\'' . $Username . '\' AND `Key`=\'' . $Key . '\';'); return $Result; }
function Puff_Member_Enable($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if (!$MemberExists) { return array('warning' => 'Sorry, that user does not exist.'); } //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username); //// Enable the User $Result = mysqli_query($Connection, 'UPDATE `Members` SET `Active`=\'1\' WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Member_Destroy($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if (!$MemberExists) { return array('warning' => 'Sorry, that user does not exist. I guess that means it\'s sort of gone already?'); } //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username); //// Destroy the User $Result = mysqli_query($Connection, 'DELETE FROM `Members` WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Member_2FA_Create($Connection, $Username) { global $Sitewide, $Base32_Chars, $PHPQRCode; require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php'; //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.'); } //// Generate all the 2FA Stuff $Authenticatron = Authenticatron_New($Username); //// Update Database mysqli_query($Connection, 'UPDATE `Members` SET `2FA Secret`=\'' . $Authenticatron['Secret'] . '\' WHERE `Username`=\'' . $Username . '\';'); unset($Authenticatron['Secret']); return $Authenticatron; }
function Puff_Member_Create($Connection, $Username, $Password) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if ($MemberExists) { // TODO Try to log-in instead. return array('error' => 'Sorry, that username is not available. Please choose a different username, or login if this is your username.'); } //// Generate a Salt // The salt will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } //// Hash Password $Hashed = Puff_Member_PassHash($Password, $Salt); //// Insert into Database $Result = mysqli_query($Connection, 'INSERT INTO `Members` (`Username`, `Password`, `Salt`, `PassHash`) VALUES (\'' . $Username . '\', \'' . $Hashed['Password'] . '\', \'' . $Salt . '\', \'' . $Hashed['PassHash'] . '\');'); return $Result; }