/
lib.php
107 lines (97 loc) · 3.55 KB
/
lib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?
/*************Cleans up string input****************/
function input_clean($input){
return htmlspecialchars(strip_tags(trim($input)));
}
/*****************************************************/
/**************Returns connection or false**************************/
function db_connect()
{
@ $link = new mysqli('localhost','quadcore','Vek,6zum','quadcore');
if(mysqli_connect_errno()){
return false;
}
else
return $link;
}
/*****************************************************************/
/*********************Sets up session path************************/
function set_path(){
ini_set('session.save_path','tmp');
ini_set('session.gc_probability',1);
ini_set('session.cookie_httponly',1);
}
/**************************************************************/
/********************Redirects to home page********************/
function redirect_home(){
header("Location: index.php");
}
/****************************************************************/
/********************Redirects to login page********************/
function redirect_login(){
header("Location: login.php");
}
/****************************************************************/
/****************FORCE SSL SECURED CONNECTION********************/
function force_ssl(){
if(empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on"){
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
/****************************************************************/
/************ GENERATE RANDOM STRING FOR COOKIE TOKEN ***********/
function gen_token($length = 20){
return bin2hex(openssl_random_pseudo_bytes($length));
}
/****************************************************************/
/************** CHECK COOKIES FOR AUTOMATIC LOGIN ***************/
function auto_login(){
if(!isset($_SESSION['valid_user']) && isset($_COOKIE['active'])
&& $_COOKIE['active']==1){
$token = input_clean($_COOKIE['token']);
$selector = input_clean($_COOKIE['selector']);
if(!($db = db_connect())){
echo "<br><br><br>Database Error";
exit;
}
else{
$selector = mysqli_real_escape_string($db, $selector);
$hToken = crypt($token, "$5$");
$query = "select user_id, user_name,token from user
where selector=?";
$stmt=$db->prepare($query);
$stmt->bind_param('s',$selector);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows>0){
$stmt->bind_result($user_id, $user_name, $token);
$stmt->fetch();
if(hash_equals($hToken, $token)){
$_SESSION['valid_user'] = $user_name;
$_SESSION['user_id'] = $user_name;
}
else{
setcookie('active', null, time()-3600);
setcookie('token', null, time()-3600);
setcookie('selector', null, time()-3600);
}
}
}
}
}
/****************************************************************/
if(!function_exists('hash_equals')){
function hash_equals($str1, $str2){
if(strlen($str1) != strlen($str2))
return false;
else{
$res = $str1 ^ $str2;
$ret = 0;
for($i=strlen($res)-1; $i>=0; $i--)
$ret |= ord($res[$i]);
return !$ret;
}
}
}
?>