function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.'); } //// Re-Generate a Salt // The salt will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } //// Hash Password $Hashed = Puff_Member_PassHash($Password, $Salt); //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession); //// Update Database $Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Runonce_Create($Connection, $Session = false) { //// Check Session Existence if ($Session) { $Session = htmlentities($Session, ENT_QUOTES, 'UTF-8'); $SessionExists = Puff_Member_Session_Exists($Connection, $Session); if (!$SessionExists) { // Let's just silently agree if the session doesn't exist. $Session = false; } } else { // We won't set a session if it's not checkable. $Session = false; } //// Generate a Runonce // The Runonce will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Runonce = Puff_SecureRandom(); if (!$Runonce) { return array('error' => 'Error: No secure source was available for Runonce generation. This is not your fault.'); } //// Insert into Database $Result = mysqli_query($Connection, 'INSERT INTO `Runonces` (`Runonce`, `Session`) VALUES (\'' . $Runonce . '\', \'' . $Session . '\');'); $Return['Result'] = $Result; $Return['Runonce'] = $Runonce; return $Return; }
function Puff_Member_Session_Create($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.'); } //// Generate a Session // The Session will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Session = Puff_SecureRandom(); if (!$Session) { return array('error' => 'Error: No secure source was available for Session generation. Your password could not be secured. This is not your fault.'); } //// Collision Chance // 16 base // 128 characters // 16^128 = 1.34*10^124 //// Insert into Database $Result = mysqli_query($Connection, 'INSERT INTO `Sessions` (`Username`, `Session`) VALUES (\'' . $Username . '\', \'' . $Session . '\');'); $Result = array('Result' => $Result, 'Session' => $Session); return $Result; }
function Puff_Member_PassHash($Password, $Salt = false, $PassHash = 'sha512') { if (!$Salt) { $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } } $Password = hash($PassHash, $Password); $Password = hash($PassHash, $Password . $Salt); return array('Password' => $Password, 'Salt' => $Salt, 'PassHash' => $PassHash); }
function Puff_Member_Create($Connection, $Username, $Password) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if ($MemberExists) { // TODO Try to log-in instead. return array('error' => 'Sorry, that username is not available. Please choose a different username, or login if this is your username.'); } //// Generate a Salt // The salt will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } //// Hash Password $Hashed = Puff_Member_PassHash($Password, $Salt); //// Insert into Database $Result = mysqli_query($Connection, 'INSERT INTO `Members` (`Username`, `Password`, `Salt`, `PassHash`) VALUES (\'' . $Username . '\', \'' . $Hashed['Password'] . '\', \'' . $Salt . '\', \'' . $Hashed['PassHash'] . '\');'); return $Result; }