decpdf.site/lib/Auth.php

<?php

class Auth {

	static function routes() {
		Routes::add_web("GET", "/register", ["Auth", "register"]);
		Routes::add_web("POST", "/register", ["Auth", "do_register"]);
		Routes::add_web("GET", "/login", ["Auth", "login"]);
		Routes::add_web("POST", "/login", ["Auth", "do_login"]);
		Routes::add_web("GET", "/logout", ["Auth", "logout"]);
		Routes::add_web("GET", "/account", ["Auth", "account"], ["Auth", "logged_in"]);
		Routes::add_web("POST", "/account/chpass", ["Auth", "chpass"], ["Auth", "logged_in"]);
		Routes::add_web("GET", "/account/{tab}", ["Auth", "account"], ["Auth", "logged_in"]);
	}

	static function chpass($_request) {
		$session = Session::all_data();
		$user = get_user();
		$current = $_request->post("current");
		$chash = hash("sha256", $current);
		if ($chash != $user->password) {
			flash("error", "Wrong password. Try again.");
			return redirect("/account");
		}

		$p1 = $_request->post("pass1");
		$p2 = $_request->post("pass2");

		if ($p1 != $p2) {
			flash("error", "Your new passwords don't match.");
			return redirect("/account");
		}

		if (strlen($p1) < 6) {
			flash("error", "Your new password is too short. Pick one that is 6 characters or more.");
			return redirect("/account");
		}
	

		$user->password = hash("sha256", $p1);
		$user->save();
		flash("success", "Your password has been changed.");
		return redirect("/account");
	}

	static function account($tab = "account") {
		$session = Session::all_data();
		return blade("account", ["tab" => $tab, "session" => $session, "user" => get_user()]);
	}

	static function can_upload() {
		$user = get_user();
		if (!$user) return false;
		return $user->can_upload == "Y";
	}

	static function can_moderate() {
		$user = get_user();
		if (!$user) return false;
		return $user->can_moderate == "Y";
	}

	static function register() {
		if (array_key_exists("HTTP_REFERER", $_SERVER)) {
			Session::set("login_return", $_SERVER['HTTP_REFERER']);
		} else {
			Session::set("login_return", "/");
		}
		return blade("register");
	}

	static function do_register($_request) {
		$username = $_request->post("username");
		$email = $_request->post("email");
		$password = $_request->post("password");
		$confirm = $_request->post("confirm");

		if ($username == "") {
			flash("error", "You haven't provided a username.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		if ($email == "") {
			flash("error", "You haven't provided an email address.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		if (strlen($password) < 6) {
			flash("error", "You need to give a password of at least 6 characters.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		if ($password != $confirm) {
			flash("error", "Your two passwords do not match.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
			flash("error", "Your email address doesn't appear to be valid.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}
		
		$exist = User::find([["username", "=", strtolower($username)]])->first();
		if ($exist) {
			flash("error", "That username has already been taken. Pick another.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		$exist = User::find([["email", "=", $email]])->first();
		if ($exist) {
			flash("error", "An account with that email address already exists.");
			return blade("register", ["username" => $username, "email" => $email, "password" => $password, "confirm" => $confirm]);
		}

		$u = new User;
		$u->username = $username;
		$u->email = $email;
		$u->password = hash("sha256", $password);
		$u->save();

		Session::set("user", $u->id);
		

		flash("success", "Registration successful. You have also been automatically logged in.");
		$ret = Session::get("login_return");
		return redirect($ret);
	
	}

	static function logged_in() {
		$user = get_user();
		return $user !== false;
	}

	static function do_login() {
		$username = $_POST['username'];
		$password = $_POST['password'];

		if (!$username) return blade("login");
		if (!$password) return blade("login");

		$user = User::find([["username", "=", $username]])->first();
		if (!$user) {
			$user = User::find([["email", "=", $username]])->first();
		}

		$pwe = hash("sha256", $password);
		if ($pwe == $user->password) {
			Session::set("user", $user->id);
			flash("success", "Log in successful");
			$ret = Session::get("login_return");
			return redirect($ret);
		}
		flash("error", "Invalid username or password.");
		return blade("login");
	}

	public static function login() {
		if (array_key_exists("HTTP_REFERER", $_SERVER)) {
			Session::set("login_return", $_SERVER['HTTP_REFERER']);
		} else {
			Session::set("login_return", "/");
		}
		return blade("login");
	}

	public static function logout() {
		Session::unset("user");
		return redirect($_SERVER['HTTP_REFERER']);
	}

}