We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
servnest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f15681999b
Branches Tags
servnest
/
fn
/
auth.php

auth.php 3.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. <?php
    2. 

  2. 

  3. const USERNAME_REGEX = '^.{1,1024}$';
    4. 

  4. const PASSWORD_REGEX = '^(?=.*[\p{Ll}])(?=.*[\p{Lu}])(?=.*[\p{N}]).{8,1024}|.{10,1024}$';
    5. 

  5. 

  6. const PLACEHOLDER_USERNAME = 'lain';
    7. 

  7. const PLACEHOLDER_PASSWORD = '••••••••••••••••••••••••';
    8. 

  8. 

  9. // Password storage security
    10. 

  10. const ALGO_PASSWORD = PASSWORD_ARGON2ID;
    11. 

  11. const OPTIONS_PASSWORD = [
    12. 

  12. 	'memory_cost' => 65536,
    13. 

  13. 	'time_cost' => 4,
    14. 

  14. 	'threads' => 64,
    15. 

  15. ];
    16. 

  16. 

  17. function checkUsernameFormat($username) {
    18. 

  18. 	if (preg_match('/' . USERNAME_REGEX . '/Du', $username) !== 1)
    19. 

  19. 		output(403, 'Username malformed.');
    20. 

  20. }
    21. 

  21. 

  22. function checkPasswordFormat($password) {
    23. 

  23. 	if (preg_match('/' . PASSWORD_REGEX . '/Du', $password) !== 1)
    24. 

  24. 		output(403, 'Password malformed.');
    25. 

  25. }
    26. 

  26. 

  27. function hashUsername($username) {
    28. 

  28. 	return base64_encode(sodium_crypto_pwhash(32, $username, hex2bin(query('select', 'params', ['name' => 'username_salt'], 'value')[0]), 2**10, 2**14, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13));
    29. 

  29. }
    30. 

  30. 

  31. function hashPassword($password) {
    32. 

  32. 	return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD);
    33. 

  33. }
    34. 

  34. 

  35. function usernameExists($username) {
    36. 

  36. 	return isset(query('select', 'users', ['username' => $username], 'id')[0]);
    37. 

  37. }
    38. 

  38. 

  39. function checkPassword($id, $password) {
    40. 

  40. 	return password_verify($password, query('select', 'users', ['id' => $id], 'password')[0]);
    41. 

  41. }
    42. 

  42. 

  43. function outdatedPasswordHash($id) {
    44. 

  44. 	return password_needs_rehash(query('select', 'users', ['id' => $id], 'password')[0], ALGO_PASSWORD, OPTIONS_PASSWORD);
    45. 

  45. }
    46. 

  46. 

  47. function changePassword($id, $password) {
    48. 

  48. 	$db = new PDO('sqlite:' . DB_PATH);
    49. 

  49. 

  50. 	$stmt = $db->prepare('UPDATE users SET password = :password WHERE id = :id');
    51. 

  51. 

  52. 	$stmt->bindValue(':id', $id);
    53. 

  53. 	$stmt->bindValue(':password', hashPassword($password));
    54. 

  54. 

  55. 	$stmt->execute();
    56. 

  56. }
    57. 

  57. 

  58. function rateLimit() {
    59. 

  59. 	if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0)
    60. 

  60. 		rateLimitAccount(PAGE_METADATA['tokens_account_cost']);
    61. 

  61. 

  62. 	if (PAGE_METADATA['tokens_instance_cost'] ?? 0 > 0)
    63. 

  63. 		rateLimitInstance(PAGE_METADATA['tokens_instance_cost']);
    64. 

  64. }
    65. 

  65. 

  66. function rateLimitAccount($requestedTokens) {
    67. 

  67. 	// Get
    68. 

  68. 	$userData = query('select', 'users', ['id' => $_SESSION['id']]);
    69. 

  69. 	$tokens = $userData[0]['bucket_tokens'];
    70. 

  70. 	$bucketLastUpdate = $userData[0]['bucket_last_update'];
    71. 

  71. 

  72. 	// Compute
    73. 

  73. 	$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
    74. 

  74. 

  75. 	if ($requestedTokens > $tokens)
    76. 

  76. 		output(453, 'Limite d\'actions par compte atteinte. Réessayez plus tard.');
    77. 

  77. 

  78. 	$tokens -= $requestedTokens;
    79. 

  79. 

  80. 	// Update
    81. 

  81. 	$db = new PDO('sqlite:' . DB_PATH);
    82. 

  82. 	$stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id');
    83. 

  83. 	$stmt->bindValue(':id', $_SESSION['id']);
    84. 

  84. 	$stmt->bindValue(':bucket_tokens', $tokens);
    85. 

  85. 	$stmt->bindValue(':bucket_last_update', time());
    86. 

  86. 	$stmt->execute();
    87. 

  87. }
    88. 

  88. 

  89. function rateLimitInstance($requestedTokens) {
    90. 

  90. 	// Get
    91. 

  91. 	$tokens = query('select', 'params', ['name' => 'instance_bucket_tokens'], 'value')[0];
    92. 

  92. 	$bucketLastUpdate = query('select', 'params', ['name' => 'instance_bucket_last_update'], 'value')[0];
    93. 

  93. 

  94. 	// Compute
    95. 

  95. 	$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
    96. 

  96. 

  97. 	if ($requestedTokens > $tokens)
    98. 

  98. 		output(453, 'Limite d\'actions globale atteinte. Réessayez plus tard.');
    99. 

  99. 

  100. 	$tokens -= $requestedTokens;
    101. 

  101. 

  102. 	// Update
    103. 

  103. 	$db = new PDO('sqlite:' . DB_PATH);
    104. 

  104. 	$stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';");
    105. 

  105. 	$stmt->bindValue(':bucket_tokens', $tokens);
    106. 

  106. 	$stmt->execute();
    107. 

  107. 

  108. 	$stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';");
    109. 

  109. 	$stmt->bindValue(':bucket_last_update', time());
    110. 

  110. 	$stmt->execute();
    111. 

  111. }
    112.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5