<?php
class Auth
{
public function __lang($str)
{
return $str;
}
public function bdd()
{
$pdo = new PDO('mysql:dbname=api;host=127.0.0.1', 'root', '');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_OBJ);
return $pdo;
}
public function isEmailTaken($email)
{
$state['error'] = true;
$req = $this->bdd()->prepare("SELECT count(*) FROM users WHERE email = :email");
$req->execute(['email' => $email]);
if ($req->fetchColumn() == 0) {
$state['error'] = false;
return $state;
}
$state['message'] = $this->__lang("email_taken");
return $state;
}
public function isUsernameTaken($usr)
{
$state['error'] = true;
$req = $this->bdd()->prepare("SELECT count(*) FROM users WHERE username = :username");
$req->execute(['username' => $usr]);
if ($req->fetchColumn() == 0) {
$state['error'] = false;
return $state;
}
$state['message'] = $this->__lang("username_taken");
return $state;
}
public function validateUsername($usr) {
$state['error'] = true;
if (strlen($usr) < (int) '5' ) {
$state['message'] = $this->__lang("username_short " . (int) '5' );
return $state;
} elseif (strlen($usr) > (int) '10' ) {
$state['message'] = $this->__lang("username_long " . (int) '10' );
return $state;
}
$state['error'] = false;
return $state;
}
public function validatePassword($psw) {
$state['error'] = true;
if (strlen($psw) < (int) '5' ) {
$state['message'] = $this->__lang("password_short " . (int) '5' );
return $state;
}
$state['error'] = false;
return $state;
}
public function validateEmail($email) {
$state['error'] = true;
if (strlen($email) < (int) '5' ) {
$state['message'] = $this->__lang("email_short " . (int) '5' );
return $state;
} elseif (strlen($email) > (int) '50' ) {
$state['message'] = $this->__lang("email_long " . (int) '50' );
return $state;
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$state['message'] = $this->__lang("email_invalid", $email);
return $state;
}
$state['error'] = false;
return $state;
}
public function addUser($psw, $usr, $email)
{
$req = $this->bdd()->prepare("INSERT INTO users (username, password, email) VALUES (:username, :password, :email)");
$psw_c = password_hash($psw, PASSWORD_BCRYPT);
$req->execute(array("username" => $usr, "password" => $psw_c, "email" => $email));
}
public function connectUser($psw, $usr)
{
$req = $this->bdd()->prepare('SELECT * FROM users WHERE username = :username OR email = :username');
$req->execute(['username' => $usr]);
$user = $req->fetch();
if(password_verify($psw, $user->password)){
$state['error'] = false;
return $state;
}
$state['error'] = true;
return $state;
}
public function addSession($usr)
{
$req = $this->bdd()->prepare('SELECT * FROM users WHERE username = :username OR email = :username');
$req->execute(['username' => $usr]);
$auth = $req->fetch();
if(session_status() == PHP_SESSION_NONE){
session_start();
}
$_SESSION['auth'] = $auth;
}
public function delSession()
{
$_SESSION['auth'] = null;
session_destroy();
}
public function register($psw, $psw_confirm, $usr, $email)
{
$state['message'] = true;
//validate password
$validatePassword = $this->validatePassword($psw);
if ($validatePassword['error'] == 1) {
$state['message'] = $validatePassword['message'];
return $state;
}
if ($psw !== $psw_confirm) {
$state['message'] = $this->__lang("password_no_match");
return $state;
}
//validate username
$validateUsername = $this->validateUsername($usr);
$isUsernameTaken = $this->isUsernameTaken($usr);
if ($validateUsername['error'] == 1) {
$state['message'] = $validateUsername['message'];
return $state;
}
if ($isUsernameTaken['error'] == 1) {
$state['message'] = $isUsernameTaken['message'];
return $state;
}
//validate email
$validateEmail = $this->validateEmail($email);
$isEmailTaken = $this->isEmailTaken($email);
if ($validateEmail['error'] == 1) {
$state['message'] = $this->__lang("email_invalid");
return $state;
}
if ($isEmailTaken['error'] == 1) {
$state['message'] = $validateUsername['message'];
return $state;
}
//add user
$this->addUser($psw, $usr, $email);
//success message
$state['message'] = false;
$state['message'] = $this->__lang("register_success");
return $state;
}
public function login($psw, $usr)
{
$state['message'] = true;
//validate username
$validateUsername = $this->validateUsername($usr);
if ($validateUsername['error'] == 1)
{
$state['message'] = $this->__lang("account_username_invalid");
return $state;
}
//validate password
$validatePassword = $this->validatePassword($psw);
if ($validatePassword['error'] == 1)
{
$state['message'] = $this->__lang("account_password_invalid");
return $state;
}
//connect user
$connectUser = $this->connectUser($psw, $usr);
if ($connectUser['error'] == 1) {
$state['message'] = $this->__lang("not_logged");
return $state;
}
//session start
$this->addSession($usr);
$state['message'] = false;
$state['message'] = $this->__lang("logged");
return $state;
}
}