function Puff_Member_2FA_Enable($Connection, $Username, $Code, $CurrentSession) { global $Sitewide; require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php'; //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.'); } //// Get Secret $Secret = mysqli_fetch_once($Connection, 'SELECT `2FA Secret` FROM `Members` WHERE `Username`=\'' . $Username . '\';'); if (empty($Secret['2FA Secret'])) { return array('error' => 'Sorry, 2FA isn\'t set up for that user.'); } $Secret = $Secret['2FA Secret']; //// Generate all the 2FA Stuff $Check = Authenticatron_Check($Code, $Secret); if ($Check) { //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession); //// Update Database $Result = mysqli_query($Connection, 'UPDATE `Members` SET `2FA Active`=\'1\' WHERE `Username`=\'' . $Username . '\';'); return $Result; } else { return array('error' => 'Sorry, your code was not valid. They are only valid for 30 seconds.'); } }
function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username, true); if (!$MemberExists) { return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.'); } //// Re-Generate a Salt // The salt will be a 128 character hexidecimal hash from a secure source. // Will return an error if no secure source is available. $Salt = Puff_SecureRandom(); if (!$Salt) { return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.'); } //// Hash Password $Hashed = Puff_Member_PassHash($Password, $Salt); //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession); //// Update Database $Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Member_Enable($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if (!$MemberExists) { return array('warning' => 'Sorry, that user does not exist.'); } //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username); //// Enable the User $Result = mysqli_query($Connection, 'UPDATE `Members` SET `Active`=\'1\' WHERE `Username`=\'' . $Username . '\';'); return $Result; }
function Puff_Member_Destroy($Connection, $Username) { //// Check Member Existence // For the sake of the space-time continuum, // new users should not already exist. $Username = Puff_Member_Sanitize_Username($Username); $MemberExists = Puff_Member_Exists($Connection, $Username); if (!$MemberExists) { return array('warning' => 'Sorry, that user does not exist. I guess that means it\'s sort of gone already?'); } //// Disable existing Sessions Puff_Member_Session_Disable_All($Connection, $Username); //// Destroy the User $Result = mysqli_query($Connection, 'DELETE FROM `Members` WHERE `Username`=\'' . $Username . '\';'); return $Result; }
$Result['Exists'] = Puff_Member_Session_Exists($Connection, $Result['Create']['Session']); var_dump($Result['Exists']); echo 'Puff_Member_Session_Disable' . PHP_EOL; $Result['Disable'] = Puff_Member_Session_Disable($Connection, $Result['Create']['Session']); var_dump($Result['Disable']); echo 'Puff_Member_Session_Exists' . PHP_EOL; $Result['Exists2'] = Puff_Member_Session_Exists($Connection, $Result['Create']['Session']); var_dump($Result['Exists2']); $Result['Exists2'] = !$Result['Exists2']; echo 'Puff_Member_Session_Create' . PHP_EOL; $Result['Create2'] = Puff_Member_Session_Create($Connection, $Username); var_dump($Result['Create2']); echo 'Puff_Member_Session_Exists' . PHP_EOL; $Result['Exists3'] = Puff_Member_Session_Exists($Connection, $Result['Create2']['Session']); var_dump($Result['Exists3']); echo 'Puff_Member_Session_Create' . PHP_EOL; $Result['Create3'] = Puff_Member_Session_Create($Connection, $Username); var_dump($Result['Create3']); echo 'Puff_Member_Session_Disable_All' . PHP_EOL; $Result['DisableAll'] = Puff_Member_Session_Disable_All($Connection, $Username); var_dump($Result['DisableAll']); echo 'Puff_Member_Session_Exists' . PHP_EOL; $Result['Exists4'] = Puff_Member_Session_Exists($Connection, $Result['Create2']['Session']); var_dump($Result['Exists4']); $Result['Exists4'] = !$Result['Exists4']; echo 'Puff_Member_Destroy' . PHP_EOL; $Result['Destroy'] = Puff_Member_Destroy($Connection, $Username); var_dump($Result['Destroy']); if (in_array(false, $Result, true)) { exit(1); }