function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.');
}
//// Re-Generate a Salt
// The salt will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
//// Hash Password
$Hashed = Puff_Member_PassHash($Password, $Salt);
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession);
//// Update Database
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Runonce_Create($Connection, $Session = false)
{
//// Check Session Existence
if ($Session) {
$Session = htmlentities($Session, ENT_QUOTES, 'UTF-8');
$SessionExists = Puff_Member_Session_Exists($Connection, $Session);
if (!$SessionExists) {
// Let's just silently agree if the session doesn't exist.
$Session = false;
}
} else {
// We won't set a session if it's not checkable.
$Session = false;
}
//// Generate a Runonce
// The Runonce will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Runonce = Puff_SecureRandom();
if (!$Runonce) {
return array('error' => 'Error: No secure source was available for Runonce generation. This is not your fault.');
}
//// Insert into Database
$Result = mysqli_query($Connection, 'INSERT INTO `Runonces` (`Runonce`, `Session`) VALUES (\'' . $Runonce . '\', \'' . $Session . '\');');
$Return['Result'] = $Result;
$Return['Runonce'] = $Runonce;
return $Return;
}
function Puff_Member_Session_Create($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.');
}
//// Generate a Session
// The Session will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Session = Puff_SecureRandom();
if (!$Session) {
return array('error' => 'Error: No secure source was available for Session generation. Your password could not be secured. This is not your fault.');
}
//// Collision Chance
// 16 base
// 128 characters
// 16^128 = 1.34*10^124
//// Insert into Database
$Result = mysqli_query($Connection, 'INSERT INTO `Sessions` (`Username`, `Session`) VALUES (\'' . $Username . '\', \'' . $Session . '\');');
$Result = array('Result' => $Result, 'Session' => $Session);
return $Result;
}
function Puff_Member_PassHash($Password, $Salt = false, $PassHash = 'sha512')
{
if (!$Salt) {
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
}
$Password = hash($PassHash, $Password);
$Password = hash($PassHash, $Password . $Salt);
return array('Password' => $Password, 'Salt' => $Salt, 'PassHash' => $PassHash);
}
function Puff_Member_Create($Connection, $Username, $Password)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if ($MemberExists) {
// TODO Try to log-in instead.
return array('error' => 'Sorry, that username is not available. Please choose a different username, or login if this is your username.');
}
//// Generate a Salt
// The salt will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
//// Hash Password
$Hashed = Puff_Member_PassHash($Password, $Salt);
//// Insert into Database
$Result = mysqli_query($Connection, 'INSERT INTO `Members` (`Username`, `Password`, `Salt`, `PassHash`) VALUES (\'' . $Username . '\', \'' . $Hashed['Password'] . '\', \'' . $Salt . '\', \'' . $Hashed['PassHash'] . '\');');
return $Result;
}
