This repository has been archived by the owner on Jul 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
helpers.php
127 lines (109 loc) · 4.79 KB
/
helpers.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
/*
* Anna Dorottya Simon, Márk Szabó
* Neptun-ID: R48G73, EMX74N
* Applied cryptography project - a postquantum messenger application
* January 2017
* This solution was submitted and prepared by Anna Dorottya Simon(R48G73), Márk Szabó(EMX74N) for the project assignment of the Applied cryptography project seminar course.
* We declare that this solution is our own work.
* We have put the necessary references wherever we have used bigger and/or complicated external codes in our project. For shorter code snippets (usually from Stack Overflow) we have put the reference there in most cases.
* Given the uniqueness of the project (no other student had, have or will have the same project) we have published our code on GitHub with the permission of our professors.
* Students’ regulation of Eötvös Loránd University (ELTE Regulations Vol. II. 74/C. § ) states that as long as a student presents another student’s work - or at least the significant part of it - as his/her own performance, it will count as a disciplinary fault. The most serious consequence of a disciplinary fault can be dismissal of the student from the University.
*/
function loginhelper($conn, $username, $password) {
// prepare, bind and execute
$stmt = $conn->prepare("SELECT password, privatekey FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
if ($stmt->errno)
return "Error during the execution of the SQL query";
//get the result
$stmt->bind_result($db_password, $privatekey);
if(!$stmt->fetch()) { //username not found in users!
//check if username is in unverified_users
$stmt = $conn->prepare("SELECT username FROM unverified_users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
if ($stmt->errno)
return "Error during the execution of the SQL query";
$stmt->bind_result($db_username);
if($stmt->fetch()){ //username found in unverified_users!
return "Please verify your e-mail before sign in."; //username unverified
} else {
return "Incorrect credentials"; //username does not found
}
}
if(password_verify($password,$db_password)) {
return "1".$privatekey;
$stmt->close();
} else {
return "Incorrect credentials";
$stmt->close();
}
}
function userExists($conn, $username) {
// prepare, bind and execute
$stmt = $conn->prepare("SELECT username FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
if ($stmt->errno)
return "Error during the execution of the SQL query";
//get the result
$stmt->bind_result($db_username);
if(!$stmt->fetch())
return False; //user does not exist
return True; //user exists
}
function getUserId($conn, $username) {
// prepare, bind and execute
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
if ($stmt->errno)
return "Error during the execution of the SQL query";
//get the result
$stmt->bind_result($userid);
if(!$stmt->fetch())
return "Error - user does not exist";
return $userid; //user exists
}
// Process verification codes and clean unverified_users table
function verifyhelper($conn, $code) {
$ret_message="";
$now = time();
// check if code exists
$stmt = $conn->prepare("SELECT UNIX_TIMESTAMP(expires) FROM unverified_users WHERE registrationcode=?");
$stmt->bind_param("s", $code);
$stmt->execute();
if($stmt->errno) {
return("Error during the execution of the SQL query");
}
$stmt->bind_result($db_expires);
if(!$stmt->fetch()) { //code does not exist
$ret_message .= "Invalid code requested";
} else { //code exists
if($now > $db_expires) { //expired code
$ret_message.="Code expired. Please register again\n";
} else { //valid code found!
$stmt->close();
$stmt = $conn->prepare("INSERT INTO users (username, password, privatekey, publickey) SELECT username, password, privatekey, publickey FROM unverified_users WHERE registrationcode=?");
$stmt->bind_param("s", $code);
$stmt->execute();
if($stmt->errno) {
return("Error during the execution of the SQL query");
}
$ret_message.="Thanks for registering. Now you can sign in.";
}
}
//delete processed entry and clean up table from expired codes
$stmt = $conn->prepare("DELETE FROM unverified_users WHERE registrationcode=? OR expires<FROM_UNIXTIME(?)");
$stmt->bind_param("ss", $code, $now);
$stmt->execute();
if($stmt->errno) {
//weird things can happen if execution reaches here and user verify same code, because it will be generated duplicated entry in table users
//maybe create alert about this situation: alertWebmaster("check for duplicated usernames in table users");
$ret_message.="\n Error flushing code";
}
return $ret_message;
}
?>