Adrià Vilanova MartÃnez | 13cf0cd | 2022-11-20 01:02:20 +0100 | [diff] [blame] | 1 | <?php |
| 2 | require_once(dirname(__FILE__)."/../credentials.php"); |
| 3 | |
| 4 | session_start(); |
| 5 | |
| 6 | class Security { |
| 7 | public static function go($page) { |
| 8 | header("Location: ".$page); |
| 9 | exit(); |
| 10 | } |
| 11 | |
| 12 | public static function goHome() { |
| 13 | self::go("/"); |
| 14 | } |
| 15 | |
| 16 | public static function isSignedIn() { |
| 17 | global $_SESSION; |
| 18 | |
| 19 | return isset($_SESSION["id"]); |
| 20 | } |
| 21 | |
| 22 | public static function checkIsSignedIn() { |
| 23 | if (!self::isSignedIn()) { |
| 24 | self::goHome(); |
| 25 | } |
| 26 | } |
| 27 | |
| 28 | public static function isUserPassword($id, $password) { |
| 29 | global $conn, $_SESSION; |
| 30 | |
| 31 | $credentials = new Credentials(); |
| 32 | |
| 33 | $query = $conn->prepare("SELECT id, password FROM ".$credentials->usersdb." WHERE id = ?"); |
| 34 | $query->bind_param("i", $id); |
| 35 | |
| 36 | $query->execute(); |
| 37 | $result = $query->get_result(); |
| 38 | |
| 39 | if (!$result || !$result->num_rows) { |
| 40 | return false; |
| 41 | } |
| 42 | |
| 43 | $row = $result->fetch_assoc(); |
| 44 | |
| 45 | if ($row["password"] == "") { |
| 46 | return $row["id"]; |
| 47 | } |
| 48 | |
| 49 | if (!password_verify($password, $row["password"])) { |
| 50 | return false; |
| 51 | } |
| 52 | |
| 53 | return $row["id"]; |
| 54 | } |
| 55 | |
| 56 | public static function signIn($id, $password) { |
| 57 | global $_SESSION; |
| 58 | |
| 59 | $id = self::isUserPassword($id, $password); |
| 60 | |
| 61 | if ($id !== false) { |
| 62 | $_SESSION["id"] = $id; |
| 63 | return true; |
| 64 | } |
| 65 | |
| 66 | return false; |
| 67 | } |
| 68 | |
| 69 | public static function logout() { |
| 70 | global $_SESSION; |
| 71 | |
| 72 | session_destroy(); |
| 73 | } |
| 74 | |
| 75 | public static function htmlsafe($string) { |
| 76 | return htmlspecialchars($string); |
| 77 | } |
| 78 | } |