Gitiles
Code Review Sign In
gerrit.avm99963.com / edu / fisi-pastanagapp / 556a05a42cc6c6ce220f58ae14c1230ae2aff71b / . / php / security.php
blob: 7f441caa7b3b1031f32e60d51ec65dec05c32ecc [file] [log] [blame]
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +0100[diff] [blame]1<?php
2require_once(dirname(__FILE__)."/../credentials.php");
3
4session_start();
5
6class Security {
7 public static function go($page) {
8 header("Location: ".$page);
9 exit();
10 }
11
12 public static function goHome() {
13 self::go("/");
14 }
15
16 public static function isSignedIn() {
17 global $_SESSION;
18
19 return isset($_SESSION["id"]);
20 }
21
22 public static function checkIsSignedIn() {
23 if (!self::isSignedIn()) {
24 self::goHome();
25 }
26 }
27
28 public static function isUserPassword($id, $password) {
29 global $conn, $_SESSION;
30
31 $credentials = new Credentials();
32
Adrià Vilanova Martínez60524332022-11-20 02:33:56 +0100[diff] [blame]33 $query = $conn->prepare("SELECT id, password FROM ".$credentials->usersdb()." WHERE id = ?");
Adrià Vilanova Martínez13cf0cd2022-11-20 01:02:20 +0100[diff] [blame]34 $query->bind_param("i", $id);
35
36 $query->execute();
37 $result = $query->get_result();
38
39 if (!$result || !$result->num_rows) {
40 return false;
41 }
42
43 $row = $result->fetch_assoc();
44
45 if ($row["password"] == "") {
46 return $row["id"];
47 }
48
49 if (!password_verify($password, $row["password"])) {
50 return false;
51 }
52
53 return $row["id"];
54 }
55
56 public static function signIn($id, $password) {
57 global $_SESSION;
58
59 $id = self::isUserPassword($id, $password);
60
61 if ($id !== false) {
62 $_SESSION["id"] = $id;
63 return true;
64 }
65
66 return false;
67 }
68
69 public static function logout() {
70 global $_SESSION;
71
72 session_destroy();
73 }
74
75 public static function htmlsafe($string) {
76 return htmlspecialchars($string);
77 }
78}