db = clsDatabase::getInstance('test.login'); // Laad de database met de gegevens uit 'test.login' $this->state_loaded = false; } public function __destruct(){ } public function get_logged_in() { /* pre: - post: Geeft terug of de gebruiker is ingelogd, kijkt ook of sessie niet gestolen is. */ if ( isset ( $_SESSION['ip']) ) { return (( $_SESSION['ip'] == $_SERVER['REMOTE_ADDR'] ) && (isset($_SESSION['id']))); } else { $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; return isset($_SESSION['id']); } } public function get_id() { return $this->id; } public function get_username() { return $this->username; } public function get_startdate() { return $this->startdate; } public function get_banned() { /* pre: - post: Returned true of false. True als persoon gebanned is, false als dit niet het geval is. Init $_SESSION['bf_security_timer'] als dit nodig is, en unset deze ook als het nodig is. */ if ( $this->get_bf_counter() >= 3 ) { if ( isset ( $_SESSION['bf_security_timer'] ) ) { if ( $_SESSION['bf_security_timer'] + 5 * 60 <= time() ) { unset ( $_SESSION['bf_security_timer'] ); set_bf_counter(1,false); return false; } } else { $_SESSION['bf_security_timer'] = time(); } } else { return false; } return true; } public function get_bf_counter() { /* pre: - post: Return hoeveel pogingen er zijn gedaan om in te loggen. Init $_SESSION['bf_security_counter'] als dit nodig is. */ if ( isset ( $_SESSION['bf_security_counter'] ) ) { return $_SESSION['bf_security_counter']; } else { $_SESSION['bf_security_counter'] = 1; return 1; } } public function set_bf_counter( $arg_plus = 1, $arg_relative = true) { /* pre: 0 < $arg_plus < MAX_INT, (bool) $arg_relative post: Update $_SESSION['bf_security_counter'] met $arg_plus */ if ( $arg_relative ) { $_SESSION['bf_security_counter'] += $arg_plus ; } else { $_SESSION['bf_security_counter'] = $arg_plus ; } } public function set_username( $arg_username ) { /* pre: - post: $this->username geset als $arg_username alleen letters of underscore bevat en 2 < len($arg_username) <= 12 */ if ( (preg_match('/[A-Z_]+/i',$arg_username)) && (strlen($arg_username) > 2) && (strlen($arg_username) <= 12) ) { $this->username = $arg_username; } } public function set_email ( $arg_email ) { /* pre: - post: $this->email geset als $arg_email valide is */ if ( preg_match('/\b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b/i',$arg_email) ) { $this->email = $arg_email; } } public function log_in( $arg_username, $arg_response ) { /* pre: - post: geeft een waarde terug of de login succesvol is. Alleen succesvol bij LOGIN_SUCCESS */ if ( $this->get_banned() ) { return LOGIN_SECURITY_BAN; } // Bepaal of de sessie nog niet verlopen is if ( isset ( $_SESSION['challenge'] ) ) { $rs_user = $this->db->query("SELECT * FROM users WHERE username = '" . $this->db->quote_smart($arg_username) . "'"); // Bepaal of user bestaat if ( $rs_user->CountRows() ) { $arr_user = $rs_user->fetchRow(); // Password was gehashed verzonden, dus ook nu hashen om te vergelijken $f = bin2hex(mhash(MHASH_SHA256, $arg_username . '()' . $_SESSION['challenge'] ) ); $f = $arr_user['password'] . $f; $f = bin2hex(mhash(MHASH_SHA256,$f)); // Vergelijk server met client waarde if ( $f == $arg_response ) { $_SESSION['id'] = $arr_user['id']; $this->logged_in = true; $this->id = $arr_user['id']; $this->username = $arr_user['username']; $this->startdate = $arr_user['startdate']; $this->email = $arr_user['email']; // De challenge hebben we niet meer nodig unset($_SESSION['challenge']); return LOGIN_SUCCESS; } else { $this->set_bf_counter(); return LOGIN_INCORRECT_PWD; } } else { return LOGIN_NO_USER; } } else { return LOGIN_SESSION_EXPIRED; } } public function log_off () { /* pre: - post: Gebruiker is uitgelogd */ if ( $this->get_logged_in() ) { unset($_SESSION['id']); } } public function load(){ /* pre: - post: Laad de huidige instantie van het user object */ if (! $this->state_loaded && $this->get_logged_in() ) { $this->state_loaded = true; $arr_user = $this->db->query("SELECT * FROM users WHERE id = " . $this->db->quote_smart($_SESSION['id']) )->fetchRow(); $this->id = $arr_user['id']; $this->username = $arr_user['username']; $this->startdate = $arr_user['startdate']; $this->email = $arr_user['email']; } } public function register_user ( ) { /* pre: - post: Gebruiker toevoegd in database, en e-mail met wachtwoord verzonden */ // Niks doen als het object geladen is if ( ! $this->state_loaded ) { // Username en email moeten valide zijn if ( ($this->username != '') && ($this->email != '') ) { $rs_u = $this->db->query("SELECT username FROM users WHERE username = '" . $this->db->quote_smart($this->username) . "' OR email = '" . $this->db->quote_smart($this->email) . "'"); // Gebruiker nog emailaddress mag bestaan if ($rs_u->CountRows() ) { $arr_u = $rs_u->fetchRow(); // We weten dat of er iemand met deze username of iemand met dit emailadres bestaat, maar we weten nog niet welke van de twee. if ( $arr_u['username'] == $this->username ) { return REGISTER_USER_EXISTS; } else { return REGISTER_EMAIL_EXISTS; } } else { $pwd = ''; // Maak een nieuw wachtwoord van alleen maar hoofdletters for ( $i = 1; $i < 9;$i++ ){ $pwd .= chr(rand(65,90)); } // Voet gebruiker in in de database $rs_u = $this->db->query("INSERT INTO users VALUES(NULL,'{$this->username}','" . bin2hex(mhash(MHASH_SHA256,$pwd)) . "',NOW(), '{$this->email}')"); $this->id = $rs_u->getInsertId(); $this->startdate = time(); // Header maken voor het verzenden van e-mail $header = "Content-type: text/html; charset=iso-8859-1\r\n"; $header .= "Return-Path: test@cosa-nuova.nl\r\n"; $header .= "X-Sender: test@cosa-nuova.nl\r\n"; $header .= "From: Login Test \r\n"; $header .= "X-Mailer:PHP 5.1\r\n"; $header .= "MIME-Version: 1.0\r\n"; mail($this->email, "Login account", $pwd,$header); return REGISTER_SUCCESS; } } else { if ( $this->username == '' ) { return REGISTER_INVALID_USERNAME; }else{ return REGISTER_INVALID_EMAIL; } } } } } ?>