* @license BSD */ namespace Domframework; /** The abstraction class of the users * Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file). * CRUD the users and allow to modify the password */ class Users { /** Connect to the storage */ public function connect () { } /** Initialise the storage * Create the structure of data needed to the class */ public function initStorage () { } /** Create a new user * If the password is not provided, create a default passwd (can be disable * password) * @param string $email The email to create * @param string $firstname The firstname to create * @param string $lastname The lastname to create * @param string|null $password The password of the user */ public function adduser ($email, $firstname, $lastname, $password=null) { } /** Delete a user * @param string $email The email to delete */ public function deluser ($email) { } /** Update a user * @param string $oldemail The old email to update * @param string $newemail The new mail to store * @param string $firstname The new firstname to store * @param string $lastname The lastname to store */ public function updateuser ($oldemail, $newemail, $firstname, $lastname) { } /** List the users */ public function listusers () { } /** Change password * @param string $email the user email to change the password * @param string $oldpassword The old password (to check if the user have the * rights to change the password) * @param string $newpassword The new password to be recorded */ public function changepassword ($email, $oldpassword, $newpassword) { } /** Overwrite password (without oldpassword check) * Must be reserved to the administrators. For the users, use changepassword * method * @param string $email the user email to change the password * @param string $newpassword The new password to be recorded */ public function overwritepassword ($email, $newpassword) { } /** Check if the provided password is correctely associated to the email user * @param string $email The email to validate * @param string $password The password to validate */ public function checkValidPassword ($email, $password) { } /** Check if the user provided is correct * @param string $email The email to validate */ public function checkEmail ($email) { if (! is_string ($email)) throw new \Exception (dgettext ("domframework", "Invalid email provided : not a string"), 500); if (strlen ($email) < 5) throw new \Exception (dgettext ("domframework", "Invalid email provided : too short"), 500); if (strpos ($email, ":") !== false) throw new \Exception (dgettext ("domframework", "Invalid email provided : colon forbidden"), 500); return true; } /** Check if the firstname provided is correct * @param string $firstname The firstname to check */ public function checkFirstname ($firstname) { if (! is_string ($firstname)) throw new \Exception (dgettext ("domframework", "Invalid firstname provided : not a string"), 500); if (strlen ($firstname) < 1) throw new \Exception (dgettext ("domframework", "Invalid firstname provided : too short"), 500); if (strpos ($firstname, ":") !== false) throw new \Exception (dgettext ("domframework", "Invalid firstname provided : colon forbidden"), 500); return true; } /** Check if the lastname provided is correct * @param string $lastname The lastname to check */ public function checkLastname ($lastname) { if (! is_string ($lastname)) throw new \Exception (dgettext ("domframework", "Invalid lastname provided : not a string"), 500); if (strpos ($lastname, ":") !== false) throw new \Exception (dgettext ("domframework", "Invalid lastname provided : colon forbidden"), 500); return true; } /** Check if the password provided is correct * @param string $password The password to check */ public function checkPassword ($password) { if (! is_string ($password)) throw new \Exception (dgettext ("domframework", "Invalid password provided : not a string"), 500); if (strlen ($password) < 5) throw new \Exception (dgettext ("domframework", "Invalid password provided : too short"), 500); if (strlen ($password) >= 128) throw new \Exception (dgettext ("domframework", "Invalid password provided : too long"), 500); return true; } /** Crypt the password with the best algorithm available * @param string $password The password to crypt */ public function cryptPasswd ($password) { if (! function_exists ("openssl_random_pseudo_bytes")) throw new \Exception (dgettext ("domframework", "No PHP support for openssl_random_pseudo_bytes"), 500); $cost = 11; $salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22); $salt = str_replace ("+", ".", $salt); $param = '$'.implode ('$', array( "2y", //select the most secure version of blowfish (>=PHP 5.3.7) str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits $salt //add the salt )); //now do the actual hashing return crypt ($password, $param); } /** Check if the password is enough complex * Return True if the password is enough complex * @param string $password The password to check */ public function passwdComplexity ($password) { } }