2017-08-04 16:28:16 +02:00
< ? php
/**
* Classe per la gestione delle utenze .
*
* @ since 2.3
*/
2017-08-07 13:07:18 +02:00
class Auth extends \Util\Singleton
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
protected static $status = [
'success' => [
'code' => 1 ,
'message' => 'Login riuscito!' ,
],
'failed' => [
'code' => 0 ,
'message' => 'Autenticazione fallita!' ,
],
'disabled' => [
'code' => 2 ,
'message' => 'Utente non abilitato!' ,
],
'unauthorized' => [
'code' => 3 ,
'message' => " L'utente non ha nessun permesso impostato! " ,
],
];
protected $infos ;
protected $first_module ;
protected $passwordOptions = [
'algorithm' => PASSWORD_BCRYPT ,
'options' => [],
];
protected function __construct ()
2017-08-04 16:28:16 +02:00
{
$database = Database :: getConnection ();
2017-08-07 13:07:18 +02:00
if ( $database -> isInstalled ()) {
if ( API :: isAPIRequest ()) {
$token = filter ( 'token' );
$id = $database -> fetchArray ( 'SELECT `id_utente` FROM `zz_tokens` WHERE `token` = ' . prepare ( $token ))[ 0 ][ 'id_utente' ];
}
// Controllo sulla sessione attiva
elseif ( ! empty ( $_SESSION [ 'idutente' ])) {
$id = $_SESSION [ 'idutente' ];
}
if ( ! empty ( $id )) {
$this -> identifyUser ( $id );
}
if ( ! empty ( $_SESSION [ 'idutente' ]) && $this -> isAuthenticated ()) {
$this -> saveToSession ();
}
2017-08-04 16:28:16 +02:00
}
}
public function attempt ( $username , $password )
{
session_regenerate_id ();
$database = Database :: getConnection ();
$log = [];
$log [ 'username' ] = $username ;
$log [ 'ip' ] = get_client_ip ();
2017-08-07 13:07:18 +02:00
$log [ 'stato' ] = self :: $status [ 'failed' ][ 'code' ];
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
$users = $database -> fetchArray ( 'SELECT idutente, password, enabled FROM zz_users WHERE username = ' . prepare ( $username ) . ' LIMIT 1' );
2017-08-04 16:28:16 +02:00
if ( ! empty ( $users )) {
$user = $users [ 0 ];
2017-08-07 13:07:18 +02:00
if ( ! empty ( $user [ 'enabled' ])) {
$this -> identifyUser ( $user [ 'idutente' ]);
$module = $this -> getFirstModule ();
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
if (
$this -> isAuthenticated () &&
$this -> password_check ( $password , $user [ 'password' ], $user [ 'idutente' ]) &&
! empty ( $module )
) {
$log [ 'idutente' ] = $this -> infos [ 'idutente' ];
$log [ 'stato' ] = self :: $status [ 'success' ][ 'code' ];
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
$this -> saveToSession ();
2017-08-04 16:28:16 +02:00
} else {
2017-08-07 13:07:18 +02:00
if ( empty ( $module )) {
$log [ 'stato' ] = self :: $status [ 'unauthorized' ][ 'code' ];
}
$this -> logout ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
} else {
$log [ 'stato' ] = self :: $status [ 'disabled' ][ 'code' ];
2017-08-04 16:28:16 +02:00
}
}
2017-08-07 13:07:18 +02:00
if ( $log [ 'stato' ] != self :: $status [ 'success' ][ 'code' ]) {
foreach ( self :: $status as $key => $value ) {
if ( $log [ 'stato' ] == $value [ 'code' ]) {
$_SESSION [ 'errors' ][] = $value [ 'message' ];
break ;
}
}
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
$database -> insert ( 'zz_logs' , $log );
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
return $this -> isAuthenticated ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
protected function password_check ( $password , $hash , $user_id = null )
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
$result = false ;
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
// Retrocompatibilità
if ( $hash == md5 ( $password )) {
$rehash = true ;
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
$result = true ;
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
// Nuova versione
2017-08-04 16:28:16 +02:00
if ( password_verify ( $password , $hash )) {
2017-08-07 13:07:18 +02:00
$rehash = password_needs_rehash ( $hash , $this -> passwordOptions [ 'algorithm' ], $this -> passwordOptions [ 'options' ]);
$result = true ;
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
// Controllo in automatico per futuri cambiamenti dell'algoritmo di password
if ( $rehash ) {
$database = Database :: getConnection ();
$database -> update ( 'zz_users' , [ 'password' => password_hash ( $password , $this -> passwordOptions [ 'algorithm' ], $this -> passwordOptions [ 'options' ])], [ 'idutente' => $user_id ]);
}
return $result ;
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
protected function saveToSession ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
foreach ( $this -> infos as $key => $value ) {
$_SESSION [ $key ] = $value ;
}
$identifier = md5 ( $_SESSION [ 'idutente' ] . $_SERVER [ 'HTTP_USER_AGENT' ]);
if (( empty ( $_SESSION [ 'last_active' ]) || time () < $_SESSION [ 'last_active' ] + ( 60 * 60 )) && ( empty ( $_SESSION [ 'identifier' ]) || $_SESSION [ 'identifier' ] == $identifier )) {
$_SESSION [ 'last_active' ] = time ();
$_SESSION [ 'identifier' ] = $identifier ;
}
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
protected function identifyUser ( $user_id )
2017-08-04 16:28:16 +02:00
{
$database = Database :: getConnection ();
2017-08-07 13:07:18 +02:00
$results = $database -> fetchArray ( 'SELECT idutente, idanagrafica, username, (SELECT nome FROM zz_groups WHERE id=idgruppo) AS gruppo FROM zz_users WHERE idutente = ' . prepare ( $user_id ) . ' AND enabled = 1 LIMIT 1' );
if ( ! empty ( $results )) {
$results [ 0 ][ 'is_admin' ] = ( $results [ 0 ][ 'gruppo' ] == 'Amministratori' );
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
$this -> infos = $results [ 0 ];
}
}
public function isAuthenticated ()
{
return ! empty ( $this -> infos );
}
public function isAdmin ()
{
return $this -> isAuthenticated () && ! empty ( $this -> infos [ 'is_admin' ]);
}
public function getUser ()
{
return $this -> infos ;
}
public function destory ()
{
if ( $this -> isAuthenticated () || ! empty ( $_SESSION [ 'idutente' ])) {
$this -> infos = null ;
$this -> first_module = null ;
session_unset ();
session_destroy ();
session_start ();
session_regenerate_id ();
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
$_SESSION [ 'infos' ] = [];
$_SESSION [ 'warnings' ] = [];
$_SESSION [ 'errors' ] = [];
}
}
2017-08-04 16:28:16 +02:00
2017-08-07 13:07:18 +02:00
public function getFirstModule ()
{
if ( empty ( $this -> first_module )) {
2017-08-04 16:28:16 +02:00
$query = 'SELECT id FROM zz_modules WHERE enabled = 1' ;
2017-08-07 13:07:18 +02:00
if ( ! $this -> isAdmin ()) {
2017-08-04 16:28:16 +02:00
$query .= ' AND id IN (SELECT idmodule FROM zz_permissions WHERE idgruppo = (SELECT id FROM zz_groups WHERE nome = ' . prepare ( $_SESSION [ 'gruppo' ]) . " ) AND permessi IN ('r', 'rw')) " ;
}
2017-08-07 13:07:18 +02:00
$database = Database :: getConnection ();
$results = $database -> fetchArray ( $query . " AND options != '' AND options != 'menu' AND options IS NOT NULL ORDER BY `order` ASC " );
2017-08-04 16:28:16 +02:00
if ( ! empty ( $results )) {
$module = null ;
2017-08-07 13:07:18 +02:00
$first = Settings :: get ( 'Prima pagina' );
if ( ! in_array ( $first , array_column ( $results , 'id' ))) {
$module = $results [ 0 ][ 'id' ];
2017-08-04 16:28:16 +02:00
} else {
$module = $first ;
}
2017-08-07 13:07:18 +02:00
$this -> first_module = $module ;
2017-08-04 16:28:16 +02:00
}
}
2017-08-07 13:07:18 +02:00
return $this -> first_module ;
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
public static function check ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
return self :: getInstance () -> isAuthenticated ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
public static function admin ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
return self :: getInstance () -> isAdmin ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
public static function user ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
return self :: getInstance () -> getUser ();
2017-08-04 16:28:16 +02:00
}
public static function logout ()
{
2017-08-07 13:07:18 +02:00
return self :: getInstance () -> destory ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
public static function firstModule ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
return self :: getInstance () -> getFirstModule ();
2017-08-04 16:28:16 +02:00
}
2017-08-07 13:07:18 +02:00
public static function getStatus ()
2017-08-04 16:28:16 +02:00
{
2017-08-07 13:07:18 +02:00
return self :: $status ;
2017-08-04 16:28:16 +02:00
}
}