<?php namespace HashOver;// Copyright (C) 2015-2021 Jacob Barkdull// This file is part of HashOver.//// HashOver is free software: you can redistribute it and/or modify// it under the terms of the GNU Affero General Public License as// published by the Free Software Foundation, either version 3 of the// License, or (at your option) any later version.//// HashOver is distributed in the hope that it will be useful,// but WITHOUT ANY WARRANTY; without even the implied warranty of// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the// GNU Affero General Public License for more details.//// You should have received a copy of the GNU Affero General Public License// along with HashOver. If not, see <http://www.gnu.org/licenses/>.class SessionLogin{ protected $setup; protected $locale; protected $crypto; public $enabled = true; public $name; public $password; public $loginHash; public $email; public $website; public function __construct (Setup $setup, Cookies $cookies, Locale $locale) { // Store parameters as properties $this->setup = $setup; $this->locale = $locale; // Instantiate Crypto class $this->crypto = new Crypto (); // Check if cookies are disabled if ($setup->setsCookies === false) { // If so, disable login method $this->enabled = false; // Disable login setting $setup->allowsLogin = false; $setup->syncSettings (); } else { // If not, start session @session_start (); } } // Sets a session value protected function sessionSet ($name, $value = '') { // Add pseudo-namespacing prefix to session key $name = 'hashover-' . $name; // Set session value $_SESSION[$name] = $value; } // Get session value protected function sessionGet ($name, $trim = false) { // Add pseudo-namespacing prefix to session key $name = 'hashover-' . $name; // Check if session value exists if (!empty ($_SESSION[$name])) { // If so, store as value for cleaner code $value = $_SESSION[$name]; // Strip escape slashes from session value $value = $this->setup->stripMagicQuotes ($value); // Return trimmed value if told to if ($trim === true) { $value = trim ($value, " \r\n\t"); } // Otherwise, return value as-is return $value; } // If not, return null return null; } // Set login credentials public function setCredentials () { // Set login session values $this->sessionSet ('name', $this->name); $this->sessionSet ('password', $this->password); $this->sessionSet ('website', $this->website); // Check if an email was given if (!empty ($this->email)) { // If so, generate encrypted string / decryption keys from email $email = $this->crypto->encrypt ($this->email); // And set email and encryption session values $this->sessionSet ('email', $email['encrypted']); $this->sessionSet ('encryption', $email['keys']); } else { // If not, remove email and encryption session values $this->sessionSet ('email', ''); $this->sessionSet ('encryption', ''); } } // Get login credentials public function getCredentials () { // Get user name via session value $this->name = $this->sessionGet ('name', true); // Get user password via session value $this->password = $this->sessionGet ('password', true); // Decrypt email session value $encrypted_email = $this->sessionGet ('email', true); $encryption = $this->sessionGet ('encryption', true); $email = $this->crypto->decrypt ($encrypted_email, $encryption); // Validate email address if (filter_var ($email, FILTER_VALIDATE_EMAIL)) { $this->email = trim ($email, " \r\n\t"); } // Get user website via session value $this->website = $this->sessionGet ('website', true); // Get login hash via session value $this->loginHash = $this->sessionGet ('login', true); } // Main login method public function setLogin () { // Set login session value $this->sessionSet ('login', $this->loginHash); } // Main logout method public function clearLogin () { // Remove login session value $this->sessionSet ('login', ''); }}