/
core.users.php
executable file
·133 lines (103 loc) · 2.98 KB
/
core.users.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
class user_lister extends fs_filelister {
var $_varname = 'cache';
var $_cachefile = null;
var $_directory = USERS_DIR;
function bdb_entrylister() {
$this->_cachefile = CACHE_DIR . 'userlist.php';
parent::__construct();
}
function _checkFile($directory, $file) {
if (fnmatch('*.php', $file)) {
array_push($this->_list, basename($file, EXT));
return 0;
}
}
}
function user_list() {
$obj = new user_lister();
if ($users = $obj->getList()) {
return $entry_arr;
} else
return false;
}
function user_pwd($userid, $pwd) {
return password_hash($userid . $pwd, PASSWORD_DEFAULT);
}
function user_login($userid, $pwd, $params = null) {
global $loggedin;
$loggedin = false;
// get user data
$user = user_get($userid);
// user not found? get outta here
if (!isset($user) || !isset($user ['password'])) {
return $loggedin;
}
// check the password
if (password_verify($userid . $pwd, $user ['password'])) {
$loggedin = true;
} //
// for FP instances updated from 1.1 to 1.2: check password the old-fashioned way (with wp_hash() which uses md5)
elseif (wp_hash($userid . $pwd) == $user ['password']) {
$loggedin = true;
// re-hash password with current algorithm, ...
$user ['password'] = $pwd;
// ... save in user file ...
user_add($user);
// ... and update user data from re-read user file
$user = user_get($userid);
}
if ($loggedin) {
// session_regenerate_id();
$expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
}
return $loggedin;
}
function user_logout() {
global $loggedin;
if (user_loggedin()) {
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
}
$loggedin = false;
}
function user_loggedin() {
global $loggedin, $fp_user;
if ($loggedin)
return $fp_user;
if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE])) {
$fp_user = null;
return $loggedin = false;
}
$fp_user = user_get($_COOKIE [USER_COOKIE]);
if (!$fp_user) {
return false;
}
if ($_COOKIE [PASS_COOKIE] == $fp_user ['password']) {
$loggedin = true;
return $fp_user;
}
$fp_user = null;
$loggedin = false;
return false;
}
function user_get($userid = null) {
if ($userid == null && ($user = user_loggedin())) {
return $user;
}
// We need to include the user file.
// At first: Get files in fp_content/users (array_slice removes first elements "." and "..")
$userfiles = array_slice(scandir(USERS_DIR), 2);
// If PHP file for given user exists ...
if (in_array($userid . '.php', $userfiles)) {
// ... include it
include (USERS_DIR . $userid . ".php");
return $user;
}
}
function user_add($user) {
$user ['password'] = user_pwd($user ['userid'], $user ['password']);
return system_save(USERS_DIR . $user ['userid'] . ".php", compact('user'));
}