-
Notifications
You must be signed in to change notification settings - Fork 67
/
Auth.inc.php
128 lines (110 loc) · 4.08 KB
/
Auth.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
ob_start();
require_once('Localization.inc.php');
require_once('View.inc.php');
require_once('Writer.inc.php');
ob_end_clean();
class Auth
{
function __construct()
{
global $projectTmpDir;
$this->passwordHashFilepath = $projectTmpDir . '/password_hash.php';
$this->answerSentFlag = false;
}
private function templateOutput($message, $error = '')
{
global $locals, $currentLang;
$view = new View();
define('PS_ACTIVE_' . strtoupper($currentLang), '');
foreach ($locals as $lang) {
define('PS_ACTIVE_' . strtoupper($lang), 'passive');
}
define('PS_PASS_SET', file_exists($this->passwordHashFilepath) ? '1' : '0');
define('PS_AUTH_FORM_MESSAGE', $message);
define('PS_AUTH_FORM_ERROR', $error);
define('PS_LANG', $currentLang);
define('PS_AUTH_FORM_TARGET', $_SERVER['REQUEST_URI']);
$view->display('auth.tpl');
}
private function checkPasswordStrength($password)
{
if (strlen($password) < 8) {
return false;
}
$hasDigit = preg_match("/\d+/", $password) ? 1 : 0;
$hasUppercase = preg_match("/[A-Z]+/", $password) ? 1 : 0;
$hasLowercase = preg_match("/[a-z]+/", $password) ? 1 : 0;
$hasSpecial = preg_match("/\W+/", $password) ? 1 : 0;
$passwordStrength = $hasDigit + $hasUppercase + $hasLowercase + $hasSpecial;
if ($passwordStrength < 3) {
return false;
}
return true;
}
private function setPasswordHashCookie($passwordHash)
{
$cookieExpirationTimestamp = time() + 86400;
//TODO: apply cookie path to manul dir
$cookiePath = '/';
$httpOnly = true;
setcookie('antimalware_password_hash', $passwordHash, $cookieExpirationTimestamp,
$cookiePath, null, null, $httpOnly);
$_COOKIE['antimalware_password_hash'] = $passwordHash;
}
private function tryToAuthenticate()
{
if (is_file($this->passwordHashFilepath)) {
$passwordHashFileLines = file($this->passwordHashFilepath);
$passwordHash = $passwordHashFileLines[1];
if (!empty($_COOKIE['antimalware_password_hash'])) {
$passwordHashFromCookie = $_COOKIE['antimalware_password_hash'];
return ($passwordHashFromCookie === $passwordHash);
} elseif (!empty($_POST['password'])) {
$passwordHashFromPost = hash('sha256', $_POST['password']);
if ($passwordHashFromPost === $passwordHash) {
$this->setPasswordHashCookie($passwordHash);
return true;
}
}
}
return false;
}
private function setNewPassword($password)
{
if (!file_exists($this->passwordHashFilepath)) {
$passwordHash = hash('sha256', $password);
file_put_contents2($this->passwordHashFilepath, "<?php die('Forbidden'); ?>\n" . $passwordHash);
$this->setPasswordHashCookie($passwordHash);
}
}
public function auth()
{
$result = false;
$isPasswordSet = is_file($this->passwordHashFilepath);
$isPasswordSent = !empty($_POST['password']);
if ($isPasswordSet) {
if (!$this->tryToAuthenticate()) {
if ($isPasswordSent) {
$this->templateOutput(PS_ENTER_PASSWORD, PS_ERR_INVALID_PASSWORD);
} else {
$this->templateOutput(PS_ENTER_PASSWORD);
}
} else {
$result = true;
}
} else {
if ($isPasswordSent) {
if ($this->checkPasswordStrength($_POST['password'])) {
$this->setNewPassword($_POST['password']);
$result = true;
} else {
$this->templateOutput(PS_CHOOSE_STRONG_PASS, PS_ERR_SHORT_PASSWORD);
}
} else {
$this->templateOutput(PS_CHOOSE_STRONG_PASS, '');
}
}
return $result;
}
}