/
Authorisation.php
152 lines (125 loc) · 2.84 KB
/
Authorisation.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
/**
* Authorisation module.
*
* @author Chris Worfolk <chris@societaspro.org>
* @package SocietasPro
* @subpackage Core
*/
class Authorisation extends Singleton {
private static $instance;
/**
* Encode a password
*
* @param string $password Password to encode
* @return string Encoded password
*/
public function encodePassword ($password) {
$encodedPassword = md5(PASSWORD_SALT . $password);
return $encodedPassword;
}
/**
* Get the admin style
*
* @return int AdminStyle
*/
public function getAdminStyle () {
if (SessionManager::get("sp_admin_style")) {
return intval(SessionManager::get("sp_admin_style"));
} else {
return 0;
}
}
/**
* Get the current user's ID
*
* @return int ID
*/
public function getID () {
if (SessionManager::get("sp_user_id")) {
return intval(SessionManager::get("sp_user_id"));
} else {
return 0;
}
}
/**
* Singleton
*/
public static function getInstance () {
if (!isset(self::$instance)) {
$className = __CLASS__;
self::$instance = new $className;
}
return self::$instance;
}
/**
* Check if the user is logged in
*
* @return boolean True if logged in, otherwise false
*/
public function isLoggedIn () {
if (SessionManager::get("sp_logged_in")) {
if (SessionManager::get("sp_logged_in") == "true") {
return true;
}
}
return false;
}
/**
* Login
*
* @param string $email Email address
* @param string $password Password
* @param string $msg Return message
* @return boolean Success
*/
public function login ($email, $password, &$msg) {
// initialise variables
$success = false;
// create a database connection
$db = Database::getInstance();
// select the user
$sql = "SELECT * FROM ".DB_PREFIX."members
WHERE memberEmail = ? ";
$rec = $db->prepare($sql);
$rec->execute(array($email));
if ($rec->rowCount() > 0) {
// check the password
$row = $rec->fetch();
if ($this->encodePassword($password) == $row["memberPassword"]) {
// check they are a manager or admin
if ($row["memberPrivileges"] >= 2) {
// successfully logged in
$success = true;
}
}
}
// check for success
if ($success) {
SessionManager::set("sp_logged_in", "true");
SessionManager::set("sp_user_id", $row["memberID"]);
SessionManager::set("sp_admin_style", $row["memberAdminStyle"]);
return true;
} else {
$msg = "There was no match for the username and password.";
return false;
}
}
/**
* Log a user out
*/
public function logout () {
SessionManager::set("sp_logged_in", "false");
session_destroy();
}
/**
* Set the admin style
*
* @param int $value AdminStyle
* @return boolean Success
*/
public function setAdminStyle ($value) {
SessionManager::set("sp_admin_style", intval($value));
return true;
}
}