servnest/inc/auth.inc.php

<?php
if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
  exit("This file is meant to be included.");

function hashPassword($password) {
  return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD);
}

function checkPassword($username, $password) {
  $username2[0] = $username;

  $db = new PDO('sqlite:' . DB_PATH);

  $op = $db->prepare('SELECT username, password FROM users WHERE username = ?');
  $op->execute($username2);

  $dbPassword = $op->fetch()['password'];

  return password_verify($password, $dbPassword);
}

function outdatedPasswordHash($username) {
  $username2[0] = $username;

  $db = new PDO('sqlite:' . DB_PATH);

  $op = $db->prepare('SELECT username, password FROM users WHERE username = ?');
  $op->execute($username2);

  $dbPassword = $op->fetch()['password'];

  return password_needs_rehash($dbPassword, ALGO_PASSWORD, OPTIONS_PASSWORD);
}

function changePassword($username, $password) {
  $password = hashPassword($password);

  $db = new PDO('sqlite:' . DB_PATH);

  $stmt = $db->prepare("UPDATE users SET password = :password WHERE username = :username");

  $stmt->bindParam(':username', $username);
  $stmt->bindParam(':password', $password);

  $stmt->execute();
}

function antiCSRF() {

  if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN']))
    exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRS verification can't be done.");

  if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== "https://niver.4.niv.re")
    exit("ERROR: Anti-CSRF verification failed");

  if (isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin")
    exit("ERROR: Anti-CSRF verification failed");

}