\Auth_Manager

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the dsphinx.
Neither the name of the dsphinx nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY dsphinx ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL dsphinx BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Summary

Methods

Properties

Constants

isLoggedIN()
init()
logout()
_set_sessions()
get_level()
get_info()
get_username()
Decrypt_from_JS()
salt_password()
salt_password_generate()
Logging()
validation_tried()
changepassword()
getAuthDB()
validation()
password_rules()
password_rules_text()
rememberMyLoginAtSessionValidation()
rememberMyLoginAtSession()
securing()
__construct()
__destruct()
delete()
open()
close()
read()
write()
destroy()
clean()
insert()
existed_user()
insert_user()
list_user()

$PASSWORD_MESSAGE
$AuthDB
$secretCookieWord
$MAX_USER_LEVEL
$ADMIN_USER_LEVEL
$_rec

LOCK_AFTER_FAILED_LOGIN
DEFAULT_ALGORITHM
PASSWORD_MIN_LENGTH

No protected methods found

No protected properties found

N/A

No private methods found

$alive
$dbc

N/A

File: App/Library/Auth/Auth_Manager.php
Package: Default
Class hierarchy: \Sessions

\Auth

\Auth_Manager

Constants

LOCK_AFTER_FAILED_LOGIN

LOCK_AFTER_FAILED_LOGIN

DEFAULT_ALGORITHM

DEFAULT_ALGORITHM

PASSWORD_MIN_LENGTH

PASSWORD_MIN_LENGTH

Properties

$PASSWORD_MESSAGE

$PASSWORD_MESSAGE :

Type

$AuthDB

$AuthDB :

Type

$secretCookieWord

$secretCookieWord :

Type

$MAX_USER_LEVEL

$MAX_USER_LEVEL :

Type

$ADMIN_USER_LEVEL

$ADMIN_USER_LEVEL :

Type

$_rec

$_rec :

Type

$alive

$alive :

Type

$dbc

$dbc :

Type

Methods

isLoggedIN()

isLoggedIN() : boolean

Returns

boolean —

check if user is already logged on

init()

init()

default initialization for auth

logout()

logout() : boolean

Returns

boolean —

logout and clear $_SEESSION

_set_sessions()

_set_sessions(null  $sessions = NULL, null  $username = NULL, null  $level = NULL)

Parameters

null	$sessions
null	$username
null	$level	Prevent's session fixation Set SEssions Variables

get_level()

get_level()

get_info()

get_info(  $field = "surname")

Parameters

$field

get_username()

get_username()

Decrypt_from_JS()

Decrypt_from_JS(  $pass,   $pass_aes_iv,   $pass_aes_key) : string

Parameters

$pass

$pass_aes_iv

$pass_aes_key

Encrypted Password from Javascript via CryptoJS with AES

return decrypted AES 128 password

Returns

string

salt_password()

salt_password(  $password, null  $salt = NULL,   $algorithm = self::DEFAULT_ALGORITHM) : string

Parameters

	$password
null	$salt
	$algorithm

Returns

string

salt_password_generate()

salt_password_generate() : string

Returns

string —

generate salt fro password

Logging()

Logging(  $section,   $message, string  $table = "Logging", null  $geolocation = NULL) : boolean

Parameters

	$section
	$message
string	$table
null	$geolocation

Returns

boolean —

log events

validation_tried()

validation_tried()

Κατώφλι threshold for failed logins

changepassword()

changepassword(  $password, string  $password_verification = "", null  $userid = NULL) : boolean

Parameters

	$password
string	$password_verification
null	$userid	Change user password

Returns

boolean

getAuthDB()

getAuthDB()

validation()

validation(  $loginname,   $pass, null  $pass_aes_iv = NULL, null  $pass_aes_key = NULL) : boolean

Parameters

	$loginname
	$pass
null	$pass_aes_iv
null	$pass_aes_key	Validate input login name and password ...

Returns

boolean

password_rules()

password_rules(null  $pass = NULL) : boolean

Parameters

null

$pass

Password unit test

Returns

boolean

password_rules_text()

password_rules_text()

rememberMyLoginAtSessionValidation()

rememberMyLoginAtSessionValidation() : boolean

Returns

boolean —

Check if Cookie exists end bypass validation

rememberMyLoginAtSession()

rememberMyLoginAtSession(  $username,   $remember = FALSE)

Parameters

	$username	Remember my login at session
	$remember

securing()

securing()

Trying to protect against well known attacks

__construct()

__construct()

__destruct()

__destruct()

delete()

delete()

open()

open()

close()

close()

read()

read(  $sid)

Parameters

$sid

write()

write(  $sid,   $data)

Parameters

	$sid
	$data

destroy()

destroy(  $sid)

Parameters

$sid

clean()

clean(  $expire)

Parameters

$expire

insert()

insert(  $_posted) : boolean

Parameters

$_posted

HTML input names must be the same with DB field to simplicity !

Insert new User

Returns

boolean

existed_user()

existed_user(  $email) : boolean

Parameters

$email

check if user exists

Returns

boolean

insert_user()

insert_user(  $_posted)

Parameters

$_posted

Create simple USER with low level priviledges

list_user()

list_user(  $sql = "SELECT * FROM Auth")

Parameters

$sql