65536, 'time_cost' => 4, 'threads' => 64, ]; function checkPasswordFormat($password) { if (preg_match('/' . PASSWORD_REGEX . '/Du', $password) !== 1) output(403, 'Password malformed.'); } function checkUsernameFormat($username) { if (preg_match('/' . USERNAME_REGEX . '/Du', $username) !== 1) output(403, 'Username malformed.'); } function hashPassword($password) { return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD); } function userExist($username) { return isset(query('select', 'users', ['username' => $username], 'username')[0]); } function checkPassword($username, $password) { return password_verify($password, query('select', 'users', ['username' => $username], 'password')[0]); } function outdatedPasswordHash($username) { return password_needs_rehash(query('select', 'users', ['username' => $username], 'password')[0], ALGO_PASSWORD, OPTIONS_PASSWORD); } function changePassword($username, $password) { $db = new PDO('sqlite:' . DB_PATH); $stmt = $db->prepare('UPDATE users SET password = :password WHERE username = :username'); $stmt->bindValue(':username', $username); $stmt->bindValue(':password', hashPassword($password)); $stmt->execute(); } function rateLimit() { if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0) rateLimitAccount(PAGE_METADATA['tokens_account_cost']); if (PAGE_METADATA['tokens_instance_cost'] ?? 0 > 0) rateLimitInstance(PAGE_METADATA['tokens_instance_cost']); } function rateLimitAccount($requestedTokens) { // Get $userData = query('select', 'users', ['username' => $_SESSION['username']]); $tokens = $userData[0]['bucket_tokens']; $bucketLastUpdate = $userData[0]['bucket_last_update']; // Compute $tokens = min(86400, $tokens + (time() - $bucketLastUpdate)); if ($requestedTokens > $tokens) output(453, 'Limite d\'actions par compte atteinte. Réessayez plus tard.'); $tokens -= $requestedTokens; // Update $db = new PDO('sqlite:' . DB_PATH); $stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE username = :username'); $stmt->bindValue(':username', $_SESSION['username']); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->bindValue(':bucket_last_update', time()); $stmt->execute(); } function rateLimitInstance($requestedTokens) { // Get $tokens = query('select', 'params', ['name' => 'instance_bucket_tokens'], 'value')[0]; $bucketLastUpdate = query('select', 'params', ['name' => 'instance_bucket_last_update'], 'value')[0]; // Compute $tokens = min(86400, $tokens + (time() - $bucketLastUpdate)); if ($requestedTokens > $tokens) output(453, 'Limite d\'actions globale atteinte. Réessayez plus tard.'); $tokens -= $requestedTokens; // Update $db = new PDO('sqlite:' . DB_PATH); $stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';"); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->execute(); $stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';"); $stmt->bindValue(':bucket_last_update', time()); $stmt->execute(); }