servnest
/
servnest
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity
servnest/inc/auth.inc.php

60 lines
1.7 KiB
PHP
Raw Blame History

<?php
if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
exit("This file is meant to be included.");
function hashPassword($password) {
return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD);
}
function checkPassword($username, $password) {
$username2[0] = $username;
$db = new PDO('sqlite:' . DB_PATH);
$op = $db->prepare('SELECT username, password FROM users WHERE username = ?');
$op->execute($username2);
$dbPassword = $op->fetch()['password'];
return password_verify($password, $dbPassword);
}
function outdatedPasswordHash($username) {
$username2[0] = $username;
$db = new PDO('sqlite:' . DB_PATH);
$op = $db->prepare('SELECT username, password FROM users WHERE username = ?');
$op->execute($username2);
$dbPassword = $op->fetch()['password'];
return password_needs_rehash($dbPassword, ALGO_PASSWORD, OPTIONS_PASSWORD);
}
function changePassword($username, $password) {
$password = hashPassword($password);
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("UPDATE users SET password = :password WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
}
function antiCSRF() {
if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN']))
exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRF verification can't be done.");
if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== ORIGIN)
exit("ERROR: Anti-CSRF verification failed");
if (isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin")
exit("ERROR: Anti-CSRF verification failed");
}
Reference in New Issue View Git Blame Copy Permalink