mirror of
https://github.com/delight-im/PHP-Auth.git
synced 2025-10-24 12:26:05 +02:00
490 lines
15 KiB
PHP
490 lines
15 KiB
PHP
<?php
|
|
|
|
/*
|
|
* PHP-Auth (https://github.com/delight-im/PHP-Auth)
|
|
* Copyright (c) delight.im (https://www.delight.im/)
|
|
* Licensed under the MIT License (https://opensource.org/licenses/MIT)
|
|
*/
|
|
|
|
/*
|
|
* WARNING:
|
|
*
|
|
* Do *not* use these files from the `tests` directory as the foundation
|
|
* for the usage of this library in your own code. Instead, please follow
|
|
* the `README.md` file in the root directory of this project.
|
|
*/
|
|
|
|
// enable error reporting
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', 'stdout');
|
|
|
|
// enable assertions
|
|
ini_set('assert.active', 1);
|
|
@ini_set('zend.assertions', 1);
|
|
ini_set('assert.exception', 1);
|
|
|
|
header('Content-type: text/html; charset=utf-8');
|
|
|
|
require __DIR__.'/../vendor/autoload.php';
|
|
|
|
$db = new PDO('mysql:dbname=php_auth;host=127.0.0.1;charset=utf8mb4', 'root', 'monkey');
|
|
// or
|
|
// $db = new PDO('sqlite:../Databases/php_auth.sqlite');
|
|
|
|
$auth = new \Delight\Auth\Auth($db);
|
|
|
|
$result = processRequestData($auth);
|
|
|
|
showDebugData($auth, $result);
|
|
|
|
if ($auth->check()) {
|
|
showAuthenticatedUserForm();
|
|
}
|
|
else {
|
|
showGuestUserForm();
|
|
}
|
|
|
|
function processRequestData(\Delight\Auth\Auth $auth) {
|
|
if (isset($_POST)) {
|
|
if (isset($_POST['action'])) {
|
|
if ($_POST['action'] === 'login') {
|
|
if ($_POST['remember'] == 1) {
|
|
// keep logged in for one year
|
|
$rememberDuration = (int) (60 * 60 * 24 * 365.25);
|
|
}
|
|
else {
|
|
// do not keep logged in after session ends
|
|
$rememberDuration = null;
|
|
}
|
|
|
|
$onBeforeSuccess = function ($userId) {
|
|
return \mt_rand(1, 100) <= 50;
|
|
};
|
|
|
|
try {
|
|
if (isset($_POST['email'])) {
|
|
$auth->login($_POST['email'], $_POST['password'], $rememberDuration, $onBeforeSuccess);
|
|
}
|
|
elseif (isset($_POST['username'])) {
|
|
$auth->loginWithUsername($_POST['username'], $_POST['password'], $rememberDuration, $onBeforeSuccess);
|
|
}
|
|
else {
|
|
return 'either email address or username required';
|
|
}
|
|
|
|
return 'ok';
|
|
}
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
return 'wrong email address';
|
|
}
|
|
catch (\Delight\Auth\UnknownUsernameException $e) {
|
|
return 'unknown username';
|
|
}
|
|
catch (\Delight\Auth\AmbiguousUsernameException $e) {
|
|
return 'ambiguous username';
|
|
}
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
return 'wrong password';
|
|
}
|
|
catch (\Delight\Auth\EmailNotVerifiedException $e) {
|
|
return 'email not verified';
|
|
}
|
|
catch (\Delight\Auth\AttemptCancelledException $e) {
|
|
return 'attempt randomly cancelled';
|
|
}
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
return 'too many requests';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'register') {
|
|
try {
|
|
if ($_POST['require_verification'] == 1) {
|
|
$callback = function ($selector, $token) {
|
|
echo '<pre>';
|
|
echo 'Email confirmation';
|
|
echo "\n";
|
|
echo ' > Selector';
|
|
echo "\t\t\t\t";
|
|
echo htmlspecialchars($selector);
|
|
echo "\n";
|
|
echo ' > Token';
|
|
echo "\t\t\t\t";
|
|
echo htmlspecialchars($token);
|
|
echo '</pre>';
|
|
};
|
|
}
|
|
else {
|
|
$callback = null;
|
|
}
|
|
|
|
if (!isset($_POST['require_unique_username'])) {
|
|
$_POST['require_unique_username'] = '0';
|
|
}
|
|
|
|
if ($_POST['require_unique_username'] == 0) {
|
|
return $auth->register($_POST['email'], $_POST['password'], $_POST['username'], $callback);
|
|
}
|
|
else {
|
|
return $auth->registerWithUniqueUsername($_POST['email'], $_POST['password'], $_POST['username'], $callback);
|
|
}
|
|
}
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
return 'invalid email address';
|
|
}
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
return 'invalid password';
|
|
}
|
|
catch (\Delight\Auth\UserAlreadyExistsException $e) {
|
|
return 'email address already exists';
|
|
}
|
|
catch (\Delight\Auth\DuplicateUsernameException $e) {
|
|
return 'username already exists';
|
|
}
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
return 'too many requests';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'confirmEmail') {
|
|
try {
|
|
$auth->confirmEmail($_POST['selector'], $_POST['token']);
|
|
|
|
return 'ok';
|
|
}
|
|
catch (\Delight\Auth\InvalidSelectorTokenPairException $e) {
|
|
return 'invalid token';
|
|
}
|
|
catch (\Delight\Auth\TokenExpiredException $e) {
|
|
return 'token expired';
|
|
}
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
return 'too many requests';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'forgotPassword') {
|
|
try {
|
|
$auth->forgotPassword($_POST['email'], function ($selector, $token) {
|
|
echo '<pre>';
|
|
echo 'Password reset';
|
|
echo "\n";
|
|
echo ' > Selector';
|
|
echo "\t\t\t\t";
|
|
echo htmlspecialchars($selector);
|
|
echo "\n";
|
|
echo ' > Token';
|
|
echo "\t\t\t\t";
|
|
echo htmlspecialchars($token);
|
|
echo '</pre>';
|
|
});
|
|
|
|
return 'ok';
|
|
}
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
return 'invalid email address';
|
|
}
|
|
catch (\Delight\Auth\EmailNotVerifiedException $e) {
|
|
return 'email not verified';
|
|
}
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
return 'too many requests';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'resetPassword') {
|
|
try {
|
|
$auth->resetPassword($_POST['selector'], $_POST['token'], $_POST['password']);
|
|
|
|
return 'ok';
|
|
}
|
|
catch (\Delight\Auth\InvalidSelectorTokenPairException $e) {
|
|
return 'invalid token';
|
|
}
|
|
catch (\Delight\Auth\TokenExpiredException $e) {
|
|
return 'token expired';
|
|
}
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
return 'invalid password';
|
|
}
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
return 'too many requests';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'changePassword') {
|
|
try {
|
|
$auth->changePassword($_POST['oldPassword'], $_POST['newPassword']);
|
|
|
|
return 'ok';
|
|
}
|
|
catch (\Delight\Auth\NotLoggedInException $e) {
|
|
return 'not logged in';
|
|
}
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
return 'invalid password(s)';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'logout') {
|
|
$auth->logout();
|
|
|
|
return 'ok';
|
|
}
|
|
else if ($_POST['action'] === 'admin.createUser') {
|
|
try {
|
|
if (!isset($_POST['require_unique_username'])) {
|
|
$_POST['require_unique_username'] = '0';
|
|
}
|
|
|
|
if ($_POST['require_unique_username'] == 0) {
|
|
return $auth->admin()->createUser($_POST['email'], $_POST['password'], $_POST['username']);
|
|
}
|
|
else {
|
|
return $auth->admin()->createUserWithUniqueUsername($_POST['email'], $_POST['password'], $_POST['username']);
|
|
}
|
|
}
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
return 'invalid email address';
|
|
}
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
return 'invalid password';
|
|
}
|
|
catch (\Delight\Auth\UserAlreadyExistsException $e) {
|
|
return 'email address already exists';
|
|
}
|
|
catch (\Delight\Auth\DuplicateUsernameException $e) {
|
|
return 'username already exists';
|
|
}
|
|
}
|
|
else if ($_POST['action'] === 'admin.deleteUser') {
|
|
if (isset($_POST['id'])) {
|
|
try {
|
|
$auth->admin()->deleteUserById($_POST['id']);
|
|
}
|
|
catch (\Delight\Auth\UnknownIdException $e) {
|
|
return 'unknown ID';
|
|
}
|
|
}
|
|
elseif (isset($_POST['email'])) {
|
|
try {
|
|
$auth->admin()->deleteUserByEmail($_POST['email']);
|
|
}
|
|
catch (\Delight\Auth\InvalidEmailException $e) {
|
|
return 'unknown email address';
|
|
}
|
|
}
|
|
elseif (isset($_POST['username'])) {
|
|
try {
|
|
$auth->admin()->deleteUserByUsername($_POST['username']);
|
|
}
|
|
catch (\Delight\Auth\UnknownUsernameException $e) {
|
|
return 'unknown username';
|
|
}
|
|
catch (\Delight\Auth\AmbiguousUsernameException $e) {
|
|
return 'ambiguous username';
|
|
}
|
|
}
|
|
else {
|
|
return 'either ID, email or username required';
|
|
}
|
|
|
|
return 'ok';
|
|
}
|
|
else {
|
|
throw new Exception('Unexpected action: '.$_POST['action']);
|
|
}
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
function showDebugData(\Delight\Auth\Auth $auth, $result) {
|
|
echo '<pre>';
|
|
|
|
echo 'Last operation'."\t\t\t\t";
|
|
var_dump($result);
|
|
echo 'Session ID'."\t\t\t\t";
|
|
var_dump(session_id());
|
|
echo "\n";
|
|
|
|
echo '$auth->isLoggedIn()'."\t\t\t";
|
|
var_dump($auth->isLoggedIn());
|
|
echo '$auth->check()'."\t\t\t\t";
|
|
var_dump($auth->check());
|
|
echo "\n";
|
|
|
|
echo '$auth->getUserId()'."\t\t\t";
|
|
var_dump($auth->getUserId());
|
|
echo '$auth->id()'."\t\t\t\t";
|
|
var_dump($auth->id());
|
|
echo "\n";
|
|
|
|
echo '$auth->getEmail()'."\t\t\t";
|
|
var_dump($auth->getEmail());
|
|
echo '$auth->getUsername()'."\t\t\t";
|
|
var_dump($auth->getUsername());
|
|
|
|
echo '$auth->getStatus()'."\t\t\t";
|
|
echo convertStatusToText($auth);
|
|
echo ' / ';
|
|
var_dump($auth->getStatus());
|
|
|
|
echo '$auth->isRemembered()'."\t\t\t";
|
|
var_dump($auth->isRemembered());
|
|
echo '$auth->getIpAddress()'."\t\t\t";
|
|
var_dump($auth->getIpAddress());
|
|
echo "\n";
|
|
|
|
echo 'Auth::createRandomString()'."\t\t";
|
|
var_dump(\Delight\Auth\Auth::createRandomString());
|
|
echo 'Auth::createUuid()'."\t\t\t";
|
|
var_dump(\Delight\Auth\Auth::createUuid());
|
|
|
|
echo '</pre>';
|
|
}
|
|
|
|
function convertStatusToText(\Delight\Auth\Auth $auth) {
|
|
if ($auth->isLoggedIn() === true) {
|
|
if ($auth->getStatus() === \Delight\Auth\Status::NORMAL && $auth->isNormal()) {
|
|
return 'normal';
|
|
}
|
|
elseif ($auth->getStatus() === \Delight\Auth\Status::ARCHIVED && $auth->isArchived()) {
|
|
return 'archived';
|
|
}
|
|
elseif ($auth->getStatus() === \Delight\Auth\Status::BANNED && $auth->isBanned()) {
|
|
return 'banned';
|
|
}
|
|
elseif ($auth->getStatus() === \Delight\Auth\Status::LOCKED && $auth->isLocked()) {
|
|
return 'locked';
|
|
}
|
|
elseif ($auth->getStatus() === \Delight\Auth\Status::PENDING_REVIEW && $auth->isPendingReview()) {
|
|
return 'pending review';
|
|
}
|
|
elseif ($auth->getStatus() === \Delight\Auth\Status::SUSPENDED && $auth->isSuspended()) {
|
|
return 'suspended';
|
|
}
|
|
}
|
|
elseif ($auth->isLoggedIn() === false) {
|
|
if ($auth->getStatus() === null) {
|
|
return 'none';
|
|
}
|
|
}
|
|
|
|
throw new Exception('Invalid status `' . $auth->getStatus() . '`');
|
|
}
|
|
|
|
function showGeneralForm() {
|
|
echo '<form action="" method="get" accept-charset="utf-8">';
|
|
echo '<button type="submit">Refresh</button>';
|
|
echo '</form>';
|
|
}
|
|
|
|
function showAuthenticatedUserForm() {
|
|
showGeneralForm();
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="changePassword" />';
|
|
echo '<input type="text" name="oldPassword" placeholder="Old password" /> ';
|
|
echo '<input type="text" name="newPassword" placeholder="New password" /> ';
|
|
echo '<button type="submit">Change password</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="logout" />';
|
|
echo '<button type="submit">Logout</button>';
|
|
echo '</form>';
|
|
}
|
|
|
|
function showGuestUserForm() {
|
|
showGeneralForm();
|
|
|
|
echo '<h1>Public</h1>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="login" />';
|
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
|
echo '<input type="text" name="password" placeholder="Password" /> ';
|
|
echo '<select name="remember" size="1">';
|
|
echo '<option value="0">Remember (keep logged in)? — No</option>';
|
|
echo '<option value="1">Remember (keep logged in)? — Yes</option>';
|
|
echo '</select> ';
|
|
echo '<button type="submit">Log in with email address</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="login" />';
|
|
echo '<input type="text" name="username" placeholder="Username" /> ';
|
|
echo '<input type="text" name="password" placeholder="Password" /> ';
|
|
echo '<select name="remember" size="1">';
|
|
echo '<option value="0">Remember (keep logged in)? — No</option>';
|
|
echo '<option value="1">Remember (keep logged in)? — Yes</option>';
|
|
echo '</select> ';
|
|
echo '<button type="submit">Log in with username</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="register" />';
|
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
|
echo '<input type="text" name="password" placeholder="Password" /> ';
|
|
echo '<input type="text" name="username" placeholder="Username (optional)" /> ';
|
|
echo '<select name="require_verification" size="1">';
|
|
echo '<option value="0">Require email confirmation? — No</option>';
|
|
echo '<option value="1">Require email confirmation? — Yes</option>';
|
|
echo '</select> ';
|
|
echo '<select name="require_unique_username" size="1">';
|
|
echo '<option value="0">Username — Any</option>';
|
|
echo '<option value="1">Username — Unique</option>';
|
|
echo '</select> ';
|
|
echo '<button type="submit">Register</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="confirmEmail" />';
|
|
echo '<input type="text" name="selector" placeholder="Selector" /> ';
|
|
echo '<input type="text" name="token" placeholder="Token" /> ';
|
|
echo '<button type="submit">Confirm email</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="forgotPassword" />';
|
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
|
echo '<button type="submit">Forgot password</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="resetPassword" />';
|
|
echo '<input type="text" name="selector" placeholder="Selector" /> ';
|
|
echo '<input type="text" name="token" placeholder="Token" /> ';
|
|
echo '<input type="text" name="password" placeholder="New password" /> ';
|
|
echo '<button type="submit">Reset password</button>';
|
|
echo '</form>';
|
|
|
|
echo '<h1>Administration</h1>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="admin.createUser" />';
|
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
|
echo '<input type="text" name="password" placeholder="Password" /> ';
|
|
echo '<input type="text" name="username" placeholder="Username (optional)" /> ';
|
|
echo '<select name="require_unique_username" size="1">';
|
|
echo '<option value="0">Username — Any</option>';
|
|
echo '<option value="1">Username — Unique</option>';
|
|
echo '</select> ';
|
|
echo '<button type="submit">Create user</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="admin.deleteUser" />';
|
|
echo '<input type="text" name="id" placeholder="ID" /> ';
|
|
echo '<button type="submit">Delete user by ID</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="admin.deleteUser" />';
|
|
echo '<input type="text" name="email" placeholder="Email" /> ';
|
|
echo '<button type="submit">Delete user by email</button>';
|
|
echo '</form>';
|
|
|
|
echo '<form action="" method="post" accept-charset="utf-8">';
|
|
echo '<input type="hidden" name="action" value="admin.deleteUser" />';
|
|
echo '<input type="text" name="username" placeholder="Username" /> ';
|
|
echo '<button type="submit">Delete user by username</button>';
|
|
echo '</form>';
|
|
}
|