| <?php |
| require_once(dirname(__FILE__)."/../credentials.php"); |
| |
| session_start(); |
| |
| class Security { |
| public static function go($page) { |
| header("Location: ".$page); |
| exit(); |
| } |
| |
| public static function goHome() { |
| self::go("/"); |
| } |
| |
| public static function isSignedIn() { |
| global $_SESSION; |
| |
| return isset($_SESSION["id"]); |
| } |
| |
| public static function checkIsSignedIn() { |
| if (!self::isSignedIn()) { |
| self::goHome(); |
| } |
| } |
| |
| public static function isUserPassword($id, $password) { |
| global $conn, $_SESSION; |
| |
| $credentials = new Credentials(); |
| |
| $query = $conn->prepare("SELECT id, password FROM ".$credentials->usersdb." WHERE id = ?"); |
| $query->bind_param("i", $id); |
| |
| $query->execute(); |
| $result = $query->get_result(); |
| |
| if (!$result || !$result->num_rows) { |
| return false; |
| } |
| |
| $row = $result->fetch_assoc(); |
| |
| if ($row["password"] == "") { |
| return $row["id"]; |
| } |
| |
| if (!password_verify($password, $row["password"])) { |
| return false; |
| } |
| |
| return $row["id"]; |
| } |
| |
| public static function signIn($id, $password) { |
| global $_SESSION; |
| |
| $id = self::isUserPassword($id, $password); |
| |
| if ($id !== false) { |
| $_SESSION["id"] = $id; |
| return true; |
| } |
| |
| return false; |
| } |
| |
| public static function logout() { |
| global $_SESSION; |
| |
| session_destroy(); |
| } |
| |
| public static function htmlsafe($string) { |
| return htmlspecialchars($string); |
| } |
| } |