/** * Authenticates a user * @return boolean */ private function authenticate(Anonymous $toBeLoggedIn) { $user = $this->UserCollection->getUser($toBeLoggedIn->getUsername()); if ($user) { $login = password_verify($toBeLoggedIn->getPassword(), $user->getPassword()); if ($login) { return true; } else { $username = $toBeLoggedIn->getUsername(); $stmt = $this->UserCollection->db->db->prepare("SELECT temp_password FROM users WHERE username = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $temporaryPassword = $stmt->fetch(); $temporaryPassword = $temporaryPassword[0]; if ($temporaryPassword == $toBeLoggedIn->getPassword()) { return true; } } } else { return false; } }
/** * 获取一个cookie对象 * * @return \AnonymousClass\Cookie */ public static function cookie() { static $cookie = null; if (null === $cookie) { $config = (array) Core::config('cookie'); if ($config['domain']) { # 这里对IP+PORT形式的domain需要特殊处理下,经测试,当这种情况下,设置session id的cookie的话会失败,需要把端口去掉 if (\preg_match('#^([0-9]+.[0-9]+.[0-9]+.[0-9]+):[0-9]+$#', $config['domain'], $m)) { $config['domain'] = $m[1]; //只保留IP } } // 新建一个匿名对象 $cookie = new \Anonymous(); $cookie->get = function ($name = null) use($config) { if (isset($config['prefix']) && $config['prefix']) { $name = $config['prefix'] . $name; } if (isset($_COOKIE[$name])) { return $_COOKIE[$name]; } else { return null; } }; $cookie->set = function ($name, $value = null, $expire = null, $path = null, $domain = null, $secure = null, $httponly = null) use($config) { if (\headers_sent()) { return false; } \is_array($name) && \extract($name, \EXTR_OVERWRITE); foreach (array('value', 'expire', 'domain', 'path', 'secure', 'httponly', 'prefix') as $item) { if (${$item} === null && isset($config[$item])) { ${$item} = $config[$item]; } } $config['prefix'] && ($name = $config['prefix'] . $name); $expire = $expire == 0 ? 0 : $_SERVER['REQUEST_TIME'] + (int) $expire; return \setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); }; $cookie->delete = function ($name, $path = null, $domain = null) use($cookie) { return $cookie->set($name, '', -864000, $path, $domain, false, false); }; } return $cookie; }
/** * Adds new user to collection * @return boolean */ private function add(Anonymous $userToAdd) { $username = $userToAdd->getUsername(); $password = $userToAdd->getPassword(); assert(isset($username) && isset($password)); if (strlen($username) >= 3 && strlen($password) >= 6) { $userExists = false; foreach ($this->users as $key => $user) { if ($username == $user->getUsername()) { $userExists = true; } } $newUser = new User($username, $password); $username = $newUser->getUsername(); $password = $newUser->getPassword(); if (!$userExists) { $stmt = $this->db->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)"); $stmt->bindParam(':username', $username); $stmt->bindParam(':password', $password); try { $stmt->execute(); } catch (\Exception $e) { throw new \exceptions\FailedRegistrationException('User already exists'); } $this->users[] = $userToAdd; return true; } else { if ($userExists) { throw new \exceptions\FailedRegistrationException('User already exists'); } } } else { throw new \exceptions\FailedRegistrationException('Too short password or username'); } }