Inicio Explorar Axuda
Rexistro Iniciar sesión
Omnimaga
/
bugs
2
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 35bbb53c30
Ramas Etiquetas
bugs
/
php
/
security.php

security.php 1.7 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. <?php
    2. 

  2. 	function salt(){
    3. 

  3. 		return uniqid(mt_rand(0,61),true);
    4. 

  4. 	}
    5. 

  5. 	function saltedHash($pass,$salt){
    6. 

  6. 		$hash = $pass.$salt;
    7. 

  7. 		for($i = 0;$i<50;$i++){
    8. 

  8. 			$hash = hash('sha512',$pass.$hash.$salt);
    9. 

  9. 		}
    10. 

  10. 		return $hash;
    11. 

  11. 	}
    12. 

  12. 	function compareSaltedHash($pass,$salt,$hash){
    13. 

  13. 		return $hash == saltedHash($pass,$salt);
    14. 

  14. 	}
    15. 

  15. 	function securityKey($username,$salt){
    16. 

  16. 		return saltedHash($username,$salt);
    17. 

  17. 	}
    18. 

  18. 	function authenticate(){
    19. 

  19. 		if(loggedIn()){
    20. 

  20. 			setKey(getKey());
    21. 

  21. 		}
    22. 

  22. 	}
    23. 

  23. 	function login($username,$password){
    24. 

  24. 		global $LOGGEDIN;
    25. 

  25. 		if($res = query("SELECT name,password,salt FROM `users` WHERE name = '%s'",Array($username))){
    26. 

  26. 			if($res->num_rows == 1){
    27. 

  27. 				$row = $res->fetch_assoc();
    28. 

  28. 				if(compareSaltedHash($password,$row['salt'],$row['password'])){
    29. 

  29. 					$_SESSION['username'] = $username;
    30. 

  30. 					$key = securityKey($username,$_SERVER['REMOTE_ADDR']);
    31. 

  31. 					setKey($key);
    32. 

  32. 					$LOGGEDIN = true;
    33. 

  33. 					return $key;
    34. 

  34. 				}
    35. 

  35. 			}
    36. 

  36. 		}
    37. 

  37. 		return false;
    38. 

  38. 	}
    39. 

  39. 	function loggedIn(){
    40. 

  40. 		global $LOGGEDIN;
    41. 

  41. 		global $_COOKIE;
    42. 

  42. 		if(isset($_COOKIE['username'])&&isset($_COOKIE['key'])){
    43. 

  43. 			if(isUser($_COOKIE['username'])&&securityKey($_COOKIE['username'],$_SERVER['REMOTE_ADDR'])==$_COOKIE['key']){
    44. 

  44. 				$_SESSION['username'] = $_COOKIE['username'];
    45. 

  45. 				setKey($_COOKIE['key']);
    46. 

  46. 				$LOGGEDIN = true;
    47. 

  47. 				return true;
    48. 

  48. 			}
    49. 

  49. 		}
    50. 

  50. 		setKey(null);
    51. 

  51. 		$LOGGEDIN = false;
    52. 

  52. 		return false;
    53. 

  53. 	}
    54. 

  54. 	function setKey($key){
    55. 

  55. 		if($key == null){
    56. 

  56. 			unset($_SESSION['key']);
    57. 

  57. 			unset($_SESSION['username']);
    58. 

  58. 		}else{
    59. 

  59. 			$_SESSION['key'] = $key;
    60. 

  60. 			setcookie('username',$_SESSION['username'],time()+get('expire'));
    61. 

  61. 			setcookie('key',$key,time()+get('expire'));
    62. 

  62. 		}
    63. 

  63. 		return $key;
    64. 

  64. 	}
    65. 

  65. 	function getKey(){
    66. 

  66. 		return isset($_SESSION['key'])?$_SESSION['key']:null;
    67. 

  67. 	}
    68. 

  68. ?>
    69.