templatecity/website
Template
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

inital template

Browse Source
This commit is contained in:
Schreiner Pascal
2021-01-23 23:11:19 +01:00
commit 083337b7d6
40 changed files with 22633 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

372
sources/backend/lib/account.php Normal file
View File

@@ -0,0 +1,372 @@
<?php
#--------------------#
#----- by 4nima -----#
#----- v. 1.3.1 -----#
#-- coding@4nima.de -#
#--------------------#
#>> Verbessungsideen
#> Errorcodes einbauen
#> DB in Eigenschaften einbinden
class Account {
#> Usergrunddaten (änderbar)
public $username;
public $uid;
public $permit;
public $email;
public $token;
#> Usergrunddaten (unveränderbar)
private $password;
private $userip = USER_IP;
#> Login Einstellungen
public $maxLoginTime = LOGIN_FAIL_TIME;
#> Mail Einstellungen (für neue User Mails)
// Mail-Text in Konfig einplfegen (Bei Mail muss der Token angehabgen werden)
public $mailFrom = MAIL_FROM;
public $mailSubject = MAIL_SUBJECT;
public $mailText = MAIL_TEXT;
public $mailPage = MAIL_PAGE;
public $mailFooter = MAIL_FOOTER;
// public $db;
public function __construct() {
}
# >>> static functions <<<
#>> Liest Accounts aus der DB entsprechend der Einstellung aus und gibt diese zurück
public static function accountList($db, $type = '') {
$db->query('
SELECT *
FROM accounts
WHERE active = :active
');
switch ($type) {
case 'All':
$db->query('
SELECT *
FROM accounts
');
break;
case 'Deactivate':
$db->bind(':active', 0);
break;
case 'Active':
$db->bind(':active', 1);
break;
case 'Not Active':
$db->bind(':active', 2);
break;
default:
$db->query('
SELECT *
FROM accounts
WHERE active > 0
');
break;
}
$accounts = $db->resultset();
if ($accounts) {
return $accounts;
} else {return FALSE;}
}
# >>> public functions <<<
#>> (Zwischen)Speichert einen User wenn alle Vorgaben erfüllt sind
public function newUser($user, $pass, $mail = '') {
if ($user != '' && $pass != '') {
if ($this->checkUser($user) && $this->checkPass($pass)) {
$this->username = $user;
$this->password = $this->hashPass($pass);
if ($mail == '' || $this->checkMail($mail)) {
$this->email = $mail;
return TRUE;
} else {return FALSE;}
} else {return FALSE;}
} else {return FALSE;}
}
#>> Speichert den User in der Datenbank und versendet bei Hinterlegter E-Mail eine bestätigung
public function saveUser($db, $permit = 100) {
if ($this->username != '' && $this->password != '') {
$db->query('
SELECT username
FROM accounts
WHERE username = :user
');
$db->bind(':user', $this->username);
$checkUsername = $db->resultset();
if ($checkUsername[0]['username'] == '') {
$time = time();
$this->token = md5($time.$this->username);
$db->query('
INSERT INTO accounts
(username, uid, email, passHash, permit, created, tokenTime, token, active)
VALUES
(:user, :uid, :mail, :pass, :permit, :time, :time, :token, 2)
');
$db->bind(':user', $this->username);
$db->bind(':mail', $this->email);
$db->bind(':pass', $this->password);
$db->bind(':permit', $permit);
$db->bind(':time', $time);
$db->bind(':token', $this->token);
$db->execute();
if ($this->email != '') {
$mailContent = 'Hallo '.$this->usernmae;
$mailContent .= '<br>';
$mailContent .= $this->mailText;
$mailContent .= '<br>';
$mailContent .= $this->mailPage;
$mailContent .= $this->token;
$mailContent .= '<br>';
$mailContent .= $this->mailFooter;
mail($this->email,
$this->mailSubject,
$mailContent,
$this->mailFrom
);
}
return TRUE;
} else {return FALSE;}
} else {return FALSE;}
}
#>> Prüft ob von dieser IP mehr als X fehlgeschlagene Login versuche kamen
public function notBlocked($db, $trys = 5) {
$db->query('
SELECT result
FROM logLogin
WHERE result = 0
AND fromIp = :ip
AND time > :time
');
$db->bind(':ip', $this->userip);
$db->bind(':time', $this->maxLoginTime);
$loginFails = $db->resultset();
if (count($loginFails[0]['result']) <= $trys) {
// Versuche und Zeit in Config aufnehmen
return TRUE;
} else {return FALSE;}
}
#>> Prüft die Eingaben und gleicht diese dann mit der Datenbank ab
public function login($db, $user, $pass) {
$loginTry = FALSE;
if ($this->notBlocked($db)) {
if ($this->checkUser($user) && $this->checkPass($pass)) {
$db->query('
SELECT uid, passHash, permit
FROM accounts
WHERE active = 1
AND username = :user
');
$db->bind(':user', $user);
$login = $db->resultset();
if (password_verify($pass, $login[0]['passHash'])) {
$this->username = $user;
$this->uid = $login[0]['uid'];
$this->permit = $login[0]['permit'];
$loginTry = TRUE;
}
}
}
$db->query('
INSERT INTO logLogin
(usedName, time, fromIp, result)
VALUES
(:user, :time, :ip, :result)
');
$db->bind(':user', $user);
$db->bind(':time', time());
$db->bind(':ip', $this->userip);
$db->bind(':result', $loginTry);
$db->execute();
if ($loginTry) {
return TRUE;
} else {return FALSE;};
}
#>> Prüft ob die UID mit der in der DB übereinstimmen und setzt den Permit neu
public function checkLogin($db) {
$uid = $this->uid;
$db->query('
SELECT username, permit
FROM accounts
WHERE active = 1
AND uid = :uid
');
$db->bind(':uid', $uid);
$login = $db->resultset();
if ($login[0]['permit'] > 0) {
$this->username = $login[0]['username'];
$this->permit = $login[0]['permit'];
return TRUE;
} else {return FALSE;}
}
#>> Prüft den Eingetragenen Token mit in der DB ab und setzt bei erfolg den Account auf Aktiv (1)
public function confirmAcc($db) {
if ($this->uid != '' || $this->token != '') {
$db->query('
SELECT token
FROM accounts
WHERE active = 2
AND uid = :uid
');
$db->bind(':uid', $this->uid);
$token = $db->resultset();
if ($token[0]['token'] == $this->token) {
$db->query('
UPDATE accounts
SET token = "",
active = 1
WHERE uid = :uid
');
$db->bind(':uid', $this->uid);
$db->execute();
return TRUE;
} else {return FALSE;}
} else {return FALSE;}
}
#>> Prüft ob das alte Passwort (in Eigenschaft gespeichert) dem in der DB entspricht und Prüft neues Passwort auf anforderungen, danach Ientrag in DB
public function switchPass($db, $newPass) {
if ($this->password != '' && $newPass != '') {
if (checkPass($this->password) && checkPass($newPass)) {
$db->query('
SELECT password
FROM accounts
WHERE uid = :uid
');
$db->bind(':uid', $this->uid);
$db->bind(':pass', $this->password);
$pass = $db->resultset();
if (password_verify($this->password, $login[0]['passHash'])) {
$newPass = hashPass($newPass);
$db->query('
UPDATE accounts
SET passHash = :pass
WHERE uid = :uid
');
$db->bind(':uid', $this->uid);
$db->bind(':pass', $newPass);
$db->execute();
return TRUE;
} else {return FALSE;}
} else {return FALSE;}
} else {return FALSE;}
}
#>> Deaktiviert einen Account dessen UID in den Eigenschfaten gespeichert ist
public function deactivateAccount($db) {
if ($this->uid != '') {
$db->query('
UPDATE accounts
SET active = 0
WHERE uid = :uid
');
$db->bind(':uid', $this->uid);
$db->execute();
return TRUE;
} else {return FALSE;}
}
# >>> private functions <<<
#>> Prüft einen String auf bestimmte Inhalte und gibt ihn entsprechend Formatiert zurück
private function checkString($string) {
$string = htmlentities($string);
return $string;
}
#>> Prüft ob der Username keine Sonderzeichen enthält
private function checkUser($user) {
if (!preg_match('#[!-/:-@\[-`{-~]#', $this->checkString($user)) && strlen($user) <= 50) {
return TRUE;
} else {return FALSE;}
}
#>> Prüft das Passwort auf ausreichende Komplexität
private function checkPass($pass) {
if ($this->checkString($pass) === $pass) {
if (strlen($pass) > 8
&& preg_match('`[A-Z]`',$pass)
&& preg_match('`[a-z]`',$pass)
&& preg_match('`[0-9]`',$pass)
&& preg_match('#[!-/:-@\[-`{-~]#',$pass)
) {
return TRUE;
} else {return FALSE;}
} else {return FALSE;}
}
#>> hasht das Passwort
private function hashPass($pass) {
return password_hash($pass, PASSWORD_DEFAULT);
}
#>> Prüft E-Mail auf korrekte Syntax & den Host auf existenz
private function checkMail($mail) {
if (filter_var($mail, FILTER_VALIDATE_EMAIL)) {
$hostname = preg_replace('/^.*@/', '', $mail);
if (count(dns_get_record($hostname))) {
return TRUE;
// Eriwetung: Prüfung ob E-Mails tatsächlich existieren
} else {return FALSE;}
} else {return FALSE;}
}
# >> Firststeps <<
public static function createDB($db) {
//
// $db->query('
// CREATE TABLE `network`.`accounts` (
// `idAcc` INT NOT NULL AUTO_INCREMENT,
// `username` VARCHAR(50) NOT NULL,
// `uid` VARCHAR(256) NOT NULL,
// `email` VARCHAR(50) NULL,
// `passHash` VARCHAR(256) NOT NULL,
// `permit` INT(3) NOT NULL DEFAULT 100,
// `tokenTime` INT(25) NULL DEFAULT 0,
// `token` VARCHAR(256) NULL,
// `created` INT(25) NOT NULL DEFAULT 0,
// `active` INT(1) NOT NULL DEFAULT 0 COMMENT '0 = Deaktiviert\n1 = Aktiv \n2 = Warte auf AKtivierung\n3 = PW wechel Reset',
// PRIMARY KEY (`idAcc`))
// COMMENT = 'Userverwaltung by 4nima, coding@4nima.de';
// ');
// CREATE TABLE `network`.`logLogin` (
// `idLogin` INT NOT NULL AUTO_INCREMENT,
// `usedName` VARCHAR(50) NOT NULL COMMENT 'Welcher Username genutzt wurde',
// `fromIp` VARCHAR(15) NOT NULL COMMENT 'Von welcher IP kam der Versuch\n',
// `time` VARCHAR(25) NOT NULL COMMENT 'wann war der Versuch\n',
// `success` INT(1) NOT NULL COMMENT 'Hatte der Versuch erfolg\n',
// PRIMARY KEY (`idLogin`))
// COMMENT = 'Accountverwaltung by 4nima, coding@4nima.de';
}
}
?>