function Puff_Member_2FA_Enable($Connection, $Username, $Code, $CurrentSession)
{
global $Sitewide;
require_once $Sitewide['Puff']['Libs'] . 'authenticatron.php';
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, that user doesn\'t exist, so we can\'t make a session for it.');
}
//// Get Secret
$Secret = mysqli_fetch_once($Connection, 'SELECT `2FA Secret` FROM `Members` WHERE `Username`=\'' . $Username . '\';');
if (empty($Secret['2FA Secret'])) {
return array('error' => 'Sorry, 2FA isn\'t set up for that user.');
}
$Secret = $Secret['2FA Secret'];
//// Generate all the 2FA Stuff
$Check = Authenticatron_Check($Code, $Secret);
if ($Check) {
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession);
//// Update Database
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `2FA Active`=\'1\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
} else {
return array('error' => 'Sorry, your code was not valid. They are only valid for 30 seconds.');
}
}
function Puff_Member_Password($Connection, $Username, $Password, $CurrentSession = false)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username, true);
if (!$MemberExists) {
return array('error' => 'Sorry, we can\'t change the password for a member that doesn\'t exist.');
}
//// Re-Generate a Salt
// The salt will be a 128 character hexidecimal hash from a secure source.
// Will return an error if no secure source is available.
$Salt = Puff_SecureRandom();
if (!$Salt) {
return array('error' => 'Error: No secure source was available for Salt generation. Your password could not be secured. This is not your fault.');
}
//// Hash Password
$Hashed = Puff_Member_PassHash($Password, $Salt);
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username, $CurrentSession);
//// Update Database
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `Password`=\'' . $Hashed['Password'] . '\', `Salt`=\'' . $Salt . '\', `PassHash`=\'' . $Hashed['PassHash'] . '\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Member_Enable($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if (!$MemberExists) {
return array('warning' => 'Sorry, that user does not exist.');
}
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username);
//// Enable the User
$Result = mysqli_query($Connection, 'UPDATE `Members` SET `Active`=\'1\' WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
function Puff_Member_Destroy($Connection, $Username)
{
//// Check Member Existence
// For the sake of the space-time continuum,
// new users should not already exist.
$Username = Puff_Member_Sanitize_Username($Username);
$MemberExists = Puff_Member_Exists($Connection, $Username);
if (!$MemberExists) {
return array('warning' => 'Sorry, that user does not exist. I guess that means it\'s sort of gone already?');
}
//// Disable existing Sessions
Puff_Member_Session_Disable_All($Connection, $Username);
//// Destroy the User
$Result = mysqli_query($Connection, 'DELETE FROM `Members` WHERE `Username`=\'' . $Username . '\';');
return $Result;
}
$Result['Exists'] = Puff_Member_Session_Exists($Connection, $Result['Create']['Session']);
var_dump($Result['Exists']);
echo 'Puff_Member_Session_Disable' . PHP_EOL;
$Result['Disable'] = Puff_Member_Session_Disable($Connection, $Result['Create']['Session']);
var_dump($Result['Disable']);
echo 'Puff_Member_Session_Exists' . PHP_EOL;
$Result['Exists2'] = Puff_Member_Session_Exists($Connection, $Result['Create']['Session']);
var_dump($Result['Exists2']);
$Result['Exists2'] = !$Result['Exists2'];
echo 'Puff_Member_Session_Create' . PHP_EOL;
$Result['Create2'] = Puff_Member_Session_Create($Connection, $Username);
var_dump($Result['Create2']);
echo 'Puff_Member_Session_Exists' . PHP_EOL;
$Result['Exists3'] = Puff_Member_Session_Exists($Connection, $Result['Create2']['Session']);
var_dump($Result['Exists3']);
echo 'Puff_Member_Session_Create' . PHP_EOL;
$Result['Create3'] = Puff_Member_Session_Create($Connection, $Username);
var_dump($Result['Create3']);
echo 'Puff_Member_Session_Disable_All' . PHP_EOL;
$Result['DisableAll'] = Puff_Member_Session_Disable_All($Connection, $Username);
var_dump($Result['DisableAll']);
echo 'Puff_Member_Session_Exists' . PHP_EOL;
$Result['Exists4'] = Puff_Member_Session_Exists($Connection, $Result['Create2']['Session']);
var_dump($Result['Exists4']);
$Result['Exists4'] = !$Result['Exists4'];
echo 'Puff_Member_Destroy' . PHP_EOL;
$Result['Destroy'] = Puff_Member_Destroy($Connection, $Username);
var_dump($Result['Destroy']);
if (in_array(false, $Result, true)) {
exit(1);
}
