197 lines
6.3 KiB
PHP
197 lines
6.3 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
namespace Domframework;
|
|
|
|
/** The abstraction class of the users
|
|
* Allow to manage the users in multiple storages (SQL, HTPasswd, passwd file).
|
|
* CRUD the users and allow to modify the password
|
|
*/
|
|
class Users
|
|
{
|
|
/** Connect to the storage
|
|
*/
|
|
public function connect ()
|
|
{
|
|
}
|
|
|
|
/** Initialise the storage
|
|
* Create the structure of data needed to the class
|
|
*/
|
|
public function initStorage ()
|
|
{
|
|
}
|
|
|
|
/** Create a new user
|
|
* If the password is not provided, create a default passwd (can be disable
|
|
* password)
|
|
* @param string $email The email to create
|
|
* @param string $firstname The firstname to create
|
|
* @param string $lastname The lastname to create
|
|
* @param string|null $password The password of the user
|
|
*/
|
|
public function adduser ($email, $firstname, $lastname, $password=null)
|
|
{
|
|
}
|
|
|
|
/** Delete a user
|
|
* @param string $email The email to delete
|
|
*/
|
|
public function deluser ($email)
|
|
{
|
|
}
|
|
|
|
/** Update a user
|
|
* @param string $oldemail The old email to update
|
|
* @param string $newemail The new mail to store
|
|
* @param string $firstname The new firstname to store
|
|
* @param string $lastname The lastname to store
|
|
*/
|
|
public function updateuser ($oldemail, $newemail, $firstname, $lastname)
|
|
{
|
|
}
|
|
|
|
/** List the users
|
|
*/
|
|
public function listusers ()
|
|
{
|
|
}
|
|
|
|
/** Change password
|
|
* @param string $email the user email to change the password
|
|
* @param string $oldpassword The old password (to check if the user have the
|
|
* rights to change the password)
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function changepassword ($email, $oldpassword, $newpassword)
|
|
{
|
|
}
|
|
|
|
/** Overwrite password (without oldpassword check)
|
|
* Must be reserved to the administrators. For the users, use changepassword
|
|
* method
|
|
* @param string $email the user email to change the password
|
|
* @param string $newpassword The new password to be recorded
|
|
*/
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
}
|
|
|
|
/** Check if the provided password is correctely associated to the email user
|
|
* @param string $email The email to validate
|
|
* @param string $password The password to validate
|
|
*/
|
|
public function checkValidPassword ($email, $password)
|
|
{
|
|
}
|
|
|
|
/** Check if the user provided is correct
|
|
* @param string $email The email to validate
|
|
*/
|
|
public function checkEmail ($email)
|
|
{
|
|
if (! is_string ($email))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid email provided : not a string"),
|
|
500);
|
|
if (strlen ($email) < 5)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid email provided : too short"),
|
|
500);
|
|
if (strpos ($email, ":") !== false)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid email provided : colon forbidden"),
|
|
500);
|
|
return true;
|
|
}
|
|
|
|
/** Check if the firstname provided is correct
|
|
* @param string $firstname The firstname to check
|
|
*/
|
|
public function checkFirstname ($firstname)
|
|
{
|
|
if (! is_string ($firstname))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid firstname provided : not a string"),
|
|
500);
|
|
if (strlen ($firstname) < 1)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid firstname provided : too short"),
|
|
500);
|
|
if (strpos ($firstname, ":") !== false)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid firstname provided : colon forbidden"),
|
|
500);
|
|
return true;
|
|
}
|
|
|
|
/** Check if the lastname provided is correct
|
|
* @param string $lastname The lastname to check
|
|
*/
|
|
public function checkLastname ($lastname)
|
|
{
|
|
if (! is_string ($lastname))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid lastname provided : not a string"),
|
|
500);
|
|
if (strpos ($lastname, ":") !== false)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid lastname provided : colon forbidden"),
|
|
500);
|
|
return true;
|
|
}
|
|
|
|
/** Check if the password provided is correct
|
|
* @param string $password The password to check
|
|
*/
|
|
public function checkPassword ($password)
|
|
{
|
|
if (! is_string ($password))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid password provided : not a string"),
|
|
500);
|
|
if (strlen ($password) < 5)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid password provided : too short"),
|
|
500);
|
|
if (strlen ($password) >= 128)
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Invalid password provided : too long"),
|
|
500);
|
|
return true;
|
|
}
|
|
|
|
/** Crypt the password with the best algorithm available
|
|
* @param string $password The password to crypt
|
|
*/
|
|
public function cryptPasswd ($password)
|
|
{
|
|
if (! function_exists ("openssl_random_pseudo_bytes"))
|
|
throw new \Exception (dgettext ("domframework",
|
|
"No PHP support for openssl_random_pseudo_bytes"),
|
|
500);
|
|
$cost = 11;
|
|
$salt = substr (base64_encode (openssl_random_pseudo_bytes (17)), 0, 22);
|
|
$salt = str_replace ("+", ".", $salt);
|
|
$param = '$'.implode ('$', array(
|
|
"2y", //select the most secure version of blowfish (>=PHP 5.3.7)
|
|
str_pad ($cost, 2, "0", STR_PAD_LEFT), //add the cost in two digits
|
|
$salt //add the salt
|
|
));
|
|
//now do the actual hashing
|
|
return crypt ($password, $param);
|
|
}
|
|
|
|
/** Check if the password is enough complex
|
|
* Return True if the password is enough complex
|
|
* @param string $password The password to check
|
|
*/
|
|
public function passwdComplexity ($password)
|
|
{
|
|
}
|
|
}
|