Files
Sentri/pub/login/php/authFunctions.php

119 lines
3.9 KiB
PHP

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
function checkLoginAttempts()
{
$stmt = $GLOBALS['conn']->prepare("SELECT address
FROM ip_login_attempts
WHERE address LIKE ?
AND timestamp > (UNIX_TIMESTAMP() - 600)
");
$stmt->bind_param('s', $_SERVER['REMOTE_ADDR']);
$stmt->execute();
$stmt->store_result();
return $stmt->num_rows;
}
function addLoginAttempts()
{
$ip = $_SERVER["REMOTE_ADDR"];
$stmt = $GLOBALS['conn']->prepare("INSERT INTO ip_login_attempts (address, timestamp) VALUES (?, UNIX_TIMESTAMP())");
$stmt->bind_param('s', $ip);
$stmt->execute();
$stmt->close();
}
function setTimeZoneCookie()
{
?>
<script>
document.cookie = "user_timezone=" + Intl.DateTimeFormat().resolvedOptions().timeZone + "; path=/";
</script>
<?php
}
function getUserTimezone()
{
$default_timezone = 'America/New_York';
if (isset($_COOKIE['user_timezone']) && in_array($_COOKIE['user_timezone'], DateTimeZone::listIdentifiers())) {
$timezone = $_COOKIE['user_timezone'];
} else {
$timezone = $default_timezone;
}
return $timezone;
}
function setSessionParams()
{
if (isset($_SESSION['user']['user_uuid'])) {
$user_uuid = $_SESSION['user']['user_uuid'];
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM system_users INNER JOIN system_user_groups ON system_users.user_group_uuid = system_user_groups.user_group_uuid WHERE user_uuid = ? LIMIT 1");
$stmt->bind_param('s', $user_uuid);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
$_SESSION['user'] = ['user_uuid' => $user['user_uuid'],
'user_email' => $user['user_email'],
'user_first_name' => $user['user_first_name'],
'user_full_name' => $user['user_full_name'],
'user_group_uuid' => $user['user_group_uuid'],
'user_group_weight' => $user['user_group_weight'],
'user_group_type' => $user['user_group_type'],
'user_pref_language' => $user['user_pref_language'],
'user_two_factor_enabled' => $user['user_two_factor_enabled'],
'user_profile_picture' => $user['user_profile_picture'],
'user_profile_picture_thumbnail' => $user['user_profile_picture_thumbnail'],
'user_timezone' => getUserTimezone(),
];
$stmt = $GLOBALS['conn']->prepare("SELECT system_user_group_permissions.permission_value, system_permissions.permission_name
FROM system_user_group_permissions
INNER JOIN system_permissions ON system_user_group_permissions.permission_uuid = system_permissions.permission_uuid
WHERE user_group_uuid = ?");
$stmt->bind_param('s', $user['user_group_uuid']);
$_SESSION['permission'] = array();
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$_SESSION['permission'][$row['permission_name']] = $row['permission_value'];
}
}
}
function loginUser($user_uuid)
{
$update = $GLOBALS['conn']->prepare("UPDATE system_users SET user_last_login_timestamp = ? WHERE user_uuid = ?");
$update->bind_param('is', time(), $user_uuid);
$update->execute();
session_regenerate_id(true);
$_SESSION['user'] = ['user_uuid' => $user_uuid];
setSessionParams();
}
# link the verification code input and check if its an valid code.
function linkVerificationPosts()
{
$codeParts = [];
$allSet = true;
for ($i = 1; $i <= 6; $i++) {
$key = 'verification-' . $i;
if (isset($_POST[$key]) && $_POST[$key] !== '') {
$codeParts[] = $_POST[$key];
} else {
$allSet = false;
break;
}
}
if ($allSet) {
return implode('', $codeParts);
} else {
return false;
}
}