Skip to content

Instantly share code, notes, and snippets.

@Gydo194

Gydo194/Auth2.php

Last active October 24, 2017 09:22
Show Gist options
  • Save Gydo194/10a168be6e2ab3de61179973d60e038f to your computer and use it in GitHub Desktop.
Save Gydo194/10a168be6e2ab3de61179973d60e038f to your computer and use it in GitHub Desktop.
Download ZIP
PHP Authentication class
Raw
Auth2.php
<?php
/*
* WARNING: this is highly in beta and could contain many bugs or architectural issues.
* It also has NO database support, line 153 defines the correct username and password.
*
* This is a test authentication mechanism for use in PHP web applications.
* Do not use this yet for production!
*/
/**
* Description of Auth2
*
* @author Gydo194
*/
/*
* use hasSessionLogin for nosess checking
* just dont start session if nosess is set in request params
*/
class Auth2 {
//put your code here
private $nosess = false;
public function __construct(bool $nosess = false) {
$this->nosess = $nosess;
}
private function getEmptyUser(): array {
return array(
"user" => null,
"pass" => null,
"login" => false,
);
}
public function login(): array {
/*
* Get session user
* if verify session user
* return session user
* else get request user
* verify request user creds
* if verify request user
* return verified request user
*
*/
/*
$session_user = self::getSessionLogin(); //returns user from session, or empty user if none present or nosess
$request_user = null;
if(self::verifyUser($session_user)) {
echo "**session user succeeded***<br>";
return $session_user;
}
else
{
$request_user = self::getCredsFromRequest();
echo "REQUEST USER "; var_dump($request_user);
$request_user = self::verifyUserCreds($request_user);
echo "<br>REQUEST USER2 "; var_dump($request_user);
if(self::verifyUser($request_user)) {echo "***request user succeeded***<br>"; return $request_user;}
}
echo "***all failed, returning empty session user**<br>";
return $session_user;
*
*/
$session_user = self::getSessionLogin();
//if(self::verifyUser($session_user)) return $session_user;
//if we're still alive the session user is invalid/non-existent.
$request_user = self::getCredsFromRequest();
$request_user = self::verifyUserCreds($request_user);
if (self::verifyUser($request_user)) {
self::saveLogin($request_user);
return $request_user;
}
return $session_user;
//now we will have to verifyUser() on the returned array from login().
//but we will have access to the username instead of a boolean specifying whether a user is successfully logged in.
}
private function hasSessionLogin(): bool { //also use as check for nosess?
if (!session_id())
return false;
if (isset($_SESSION["user"]["login"]))
return true;
return false;
}
private function getSessionLogin(): array {
$user = self::getEmptyUser();
if (!self::hasSessionLogin())
return $user; //no session login is present or nosess is active, return empty user
$user["user"] = $_SESSION["user"]["user"];
$user["pass"] = $_SESSION["user"]["pass"];
$user["login"] = $_SESSION["user"]["login"];
return $user;
}
private function saveLogin(array $user): void {
if (!session_id())
return;
$_SESSION["user"]["user"] = $user["user"];
$_SESSION["user"]["pass"] = $user["pass"];
$_SESSION["user"]["login"] = $user["login"];
}
public static function verifyUser(array $user): bool { //check all indexes
if (isset($user["login"])) {
if ($user["login"] === true)
return true;
else
return false;
}
}
private function getCredsFromRequest(): array {
$user = self::getEmptyUser();
if (isset($_GET["user"]) && isset($_GET["pass"])) {
//use GET request params
$user["user"] = filter_input(INPUT_GET, "user");
$user["pass"] = filter_input(INPUT_GET, "pass");
} elseif (isset($_POST["user"]) && isset($_POST["pass"])) {
//use POST request params
$user["user"] = filter_input(INPUT_POST, "user");
$user["pass"] = filter_input(INPUT_POST, "pass");
}
return $user; //return invalid user (not modified), verifyUser will fail on this
}
private function verifyUserCreds(array $user): array {
//check user creds against database
//return bool or modify index in array?
// first set login index false??
/*
if (!self::verifyUser($user)) {
$user["login"] = false;
return $user;
}
*/
if ($user["user"] == "USER" && $user["pass"] == "PASS") {
$user["login"] = true;
return $user;
}
return $user;
}
//public static function getLogin(): array { if() //would use nonstatic methods
}
if (!isset($_REQUEST["nosess"]))
session_start();
else
echo "<br>NoSess active<br>";
if (isset($_REQUEST["logout"]))
session_destroy();
//$_SESSION["user"] = array("user" => "Gydo194", "pass" => "derp", "login" => true);
echo "SESSION---------<br>";
if (isset($_SESSION))
var_dump($_SESSION);
else
echo "_SESSION undefined.";
echo "<br>END SESSION---------<br>";
$a = new Auth2();
//var_dump($a->verifyUser($_SESSION["user"]));
$user;
var_dump($user = $a->login());
echo "<BR>";
echo Auth2::verifyUser($user) ? "TRUE" : "FALSE";
/*
* Usage:
* $auth = new Auth2();
* $user = $auth->login();
* $login = Auth2::verifyUser($user);
* or
* $login = $auth->verifyUser($user);
*
* $user will be of type array and contain an index "user" which holds the username,
* an index "pass" which will contain the user's password,
* and an index "login" which is a boolean specifying whether the user is valid or not.
*
* $login will be a boolean which will specify if the user is valid.
*
* so for example:
* if($login) {
* render the app
* } else {
* render a login panel
* }
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment