2016-04-10 14:40:49 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace manager\repo;
|
2016-04-11 08:18:10 +00:00
|
|
|
use \manager\sessionManager;
|
2016-04-10 14:40:49 +00:00
|
|
|
use \manager\Database;
|
|
|
|
|
|
|
|
class token{
|
|
|
|
|
|
|
|
/* Gestion de la table Token (pour secu) et des derivations
|
|
|
|
*
|
|
|
|
* 1. Gestion des access
|
|
|
|
* - getAll()
|
2016-04-11 08:18:10 +00:00
|
|
|
* - getById(id_token)
|
2016-04-10 14:40:49 +00:00
|
|
|
*
|
|
|
|
* 2. Gestion de la verification
|
|
|
|
* - check(token, id_personne)
|
|
|
|
*
|
2016-04-11 08:18:10 +00:00
|
|
|
* 4. Gestion de creation
|
|
|
|
* - generate(name, duration)
|
2016-04-10 14:40:49 +00:00
|
|
|
*
|
|
|
|
* 4. Gestion de creation
|
|
|
|
* - create(pseudo, nom, prenom, facebook, telephone)
|
|
|
|
*
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
/* RETOURNE LA LISTE DE TOUS LES TOKENS
|
|
|
|
*
|
|
|
|
* @return tokens<Array> Liste de tous les tokens
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function getAll(){
|
|
|
|
/* [1] On prepare et execute la requete
|
|
|
|
=========================================================*/
|
2016-04-11 12:26:38 +00:00
|
|
|
$request = Database::getPDO()->query("SELECT id_token as id, name, token, expires, (CURDATE() > expires) as expired
|
2016-04-10 14:40:49 +00:00
|
|
|
FROM api_token
|
2016-04-10 16:50:07 +00:00
|
|
|
ORDER BY expires DESC");
|
2016-04-10 14:40:49 +00:00
|
|
|
|
2016-04-11 12:26:38 +00:00
|
|
|
|
|
|
|
/* [3] On retourne les donnees
|
2016-04-10 14:40:49 +00:00
|
|
|
=========================================================*/
|
2016-04-11 12:26:38 +00:00
|
|
|
return Database::delNumeric( $request->fetchAll() );
|
2016-04-10 14:40:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2016-04-11 08:18:10 +00:00
|
|
|
/* RETOURNE LE TOKEN D'ID SPECIFIE OU FALSE
|
|
|
|
*
|
|
|
|
* @id_token<int> UID du token en question
|
|
|
|
*
|
|
|
|
* @return token<Array> Retourne les donnees du token ou FALSE si erreur
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function getById($id_token){
|
|
|
|
/* [0] Verification des INPUT
|
|
|
|
=========================================================*/
|
|
|
|
if( !Database::check('id', $id_token) ) return false;
|
|
|
|
|
|
|
|
|
|
|
|
/* [1] On cherche dans la bdd
|
|
|
|
=========================================================*/
|
|
|
|
$get_token = Database::getPDO()->prepare("SELECT id_token FROM api_token WHERE id_token = :id_token");
|
|
|
|
$get_token->execute( array( ':id_token' => $id_token ) );
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] On renvoie la valeur ou FALSE
|
|
|
|
=========================================================*/
|
|
|
|
return $get_token->fetch();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-04-10 14:40:49 +00:00
|
|
|
|
2016-04-10 15:40:09 +00:00
|
|
|
/* VERIFIE SI UN TOKEN EST VALIDE
|
|
|
|
*
|
|
|
|
* @token<String> Token en question
|
|
|
|
*
|
2016-04-13 11:37:36 +00:00
|
|
|
* @return permissions<Array> Retourne les permissions (droits) du token s'il est valide sinon retourne FAUX
|
2016-04-10 15:40:09 +00:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function check($token){
|
|
|
|
/* [0] Verification des INPUT
|
|
|
|
=========================================================*/
|
|
|
|
// si le format est incorrect, on retourne FAUX
|
|
|
|
if( !Database::check('sha1', $token) ) return false;
|
|
|
|
|
|
|
|
|
2016-04-11 10:20:34 +00:00
|
|
|
/* [1] Verification du token local
|
|
|
|
=========================================================*/
|
|
|
|
if( substr($_SESSION['session_token'], 0, 40) == $token ) return true;
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] Verification dans la base de donnees
|
2016-04-10 15:40:09 +00:00
|
|
|
=========================================================*/
|
2016-04-13 11:37:36 +00:00
|
|
|
$check = Database::getPDO()->prepare("SELECT id_token, permission
|
2016-04-10 15:40:09 +00:00
|
|
|
FROM api_token
|
2016-04-11 12:22:08 +00:00
|
|
|
WHERE CURDATE() <= expires
|
2016-04-10 15:40:09 +00:00
|
|
|
AND token = :token");
|
|
|
|
$check->execute(array( ':token' => $token ));
|
|
|
|
|
2016-04-13 11:37:36 +00:00
|
|
|
$token_info = $check->fetch();
|
2016-04-10 15:40:09 +00:00
|
|
|
|
2016-04-13 11:37:36 +00:00
|
|
|
// Si le token est inactif, on retourne FALSE
|
|
|
|
if( $token_info === false ) return false;
|
|
|
|
|
|
|
|
|
|
|
|
/* [3] On retourne le resultat (les permissions du token)
|
2016-04-10 15:40:09 +00:00
|
|
|
=========================================================*/
|
2016-04-13 11:37:36 +00:00
|
|
|
return explode( ',', str_replace(' ', '', $token_info['permission']) );
|
2016-04-10 15:40:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-04-11 10:20:34 +00:00
|
|
|
|
|
|
|
|
2016-04-11 08:18:10 +00:00
|
|
|
/* GENERE UN NOUVEAU TOKEN DE NOM ET EXPIRATION SPECIFIEE
|
|
|
|
*
|
|
|
|
* @name<String> Nom attribue au token
|
|
|
|
* @duration<int> Duree du token en jours
|
|
|
|
*
|
|
|
|
* @return id_token<int> Renvoie l'id du token cree
|
|
|
|
* @return FALSE Renvoie FALSE si erreur
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function generate($name, $duration){
|
|
|
|
/* [0] Verification des INPUT
|
|
|
|
=========================================================*/
|
2016-04-11 10:20:34 +00:00
|
|
|
if( !Database::check('varchar(50)', $name) || !Database::check('int', $duration) ) return false;
|
2016-04-11 12:07:52 +00:00
|
|
|
|
2016-04-11 10:20:34 +00:00
|
|
|
|
2016-04-11 12:22:08 +00:00
|
|
|
// On definit la date d'expiration du token
|
|
|
|
$expiration = date('Y-m-d', time()+$duration*3600*24);
|
2016-04-11 08:18:10 +00:00
|
|
|
|
|
|
|
/* [1] Generation d'un token si pas deja dans la BDD
|
|
|
|
=========================================================*/
|
|
|
|
$token_used = true;
|
|
|
|
// tant qu'un token a deja la meme valeur
|
|
|
|
while( $token_used ){
|
2016-04-13 11:37:36 +00:00
|
|
|
$token = sessionManager::sha1(uniqid());
|
2016-04-11 08:18:10 +00:00
|
|
|
|
|
|
|
// Verification dans la BDD
|
|
|
|
$check = Database::getPDO()->prepare("SELECT id_token FROM api_token WHERE token = :token");
|
|
|
|
$check->execute( array( ':token' => $token ) );
|
2016-04-10 15:40:09 +00:00
|
|
|
|
2016-04-11 08:18:10 +00:00
|
|
|
// VRAI un token est identique
|
|
|
|
$token_used = $check->fetch() !== false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] On cree le token
|
|
|
|
=========================================================*/
|
|
|
|
$create = Database::getPDO()->prepare("INSERT INTO api_token(id_token, token, name, expires)
|
2016-04-11 12:22:08 +00:00
|
|
|
VALUES(DEFAULT, :token, :name, :expiration)");
|
2016-04-11 08:18:10 +00:00
|
|
|
$create->execute(array(
|
2016-04-11 12:22:08 +00:00
|
|
|
':token' => $token,
|
|
|
|
':name' => $name,
|
|
|
|
':expiration' => $expiration
|
2016-04-11 08:18:10 +00:00
|
|
|
));
|
|
|
|
|
|
|
|
/* [3] On verifie qu'il a bien ete cree
|
|
|
|
=========================================================*/
|
|
|
|
$created = Database::getPDO()->prepare("SELECT id_token FROM api_token
|
|
|
|
WHERE token = :token
|
2016-04-11 12:07:52 +00:00
|
|
|
AND name = :name");
|
2016-04-11 08:18:10 +00:00
|
|
|
$created->execute(array(
|
|
|
|
':token' => $token,
|
2016-04-11 12:22:08 +00:00
|
|
|
':name' => $name
|
2016-04-11 08:18:10 +00:00
|
|
|
));
|
2016-04-11 12:07:52 +00:00
|
|
|
|
|
|
|
$created_data = $created->fetch();
|
|
|
|
|
2016-04-11 08:18:10 +00:00
|
|
|
// Si pas cree, on retourne une erreur
|
2016-04-11 12:07:52 +00:00
|
|
|
if( $created_data === false ) return false;
|
2016-04-11 08:18:10 +00:00
|
|
|
|
|
|
|
|
|
|
|
/* [4] On retourne l'id du token cree
|
|
|
|
=========================================================*/
|
2016-04-11 12:07:52 +00:00
|
|
|
return $created_data['id_token'];
|
2016-04-11 08:18:10 +00:00
|
|
|
|
|
|
|
}
|
2016-04-10 15:40:09 +00:00
|
|
|
|
2016-04-10 14:40:49 +00:00
|
|
|
|
2016-04-11 10:20:34 +00:00
|
|
|
|
|
|
|
|
|
|
|
/* SUPPRIME UN TOKEN D'ID SPECIFIE
|
|
|
|
*
|
|
|
|
* @id_token<int> UID du token en question
|
|
|
|
*
|
|
|
|
* @return status<bool> VRAI si le token est bien cree sinon FALSE
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function remove($id_token){
|
|
|
|
/* [0] Verification des INPUT
|
|
|
|
=========================================================*/
|
|
|
|
if( !Database::check('id', $id_token) ) return false;
|
|
|
|
|
|
|
|
|
|
|
|
/* [1] On verifie l'existance du token
|
|
|
|
=========================================================*/
|
|
|
|
if( !self::getById($id_token) ) return false;
|
|
|
|
|
|
|
|
|
|
|
|
/* [2] Suppression du token
|
|
|
|
=========================================================*/
|
|
|
|
$remove = Database::getPDO()->prepare("DELETE FROM api_token
|
|
|
|
WHERE id_token = :id_token");
|
|
|
|
$remove->execute(array( ':id_token' => $id_token ));
|
|
|
|
|
|
|
|
|
|
|
|
/* [3] On retourne VRAI si le token est bien supprime
|
|
|
|
=========================================================*/
|
|
|
|
return self::getById($id_token) === false;
|
|
|
|
}
|
|
|
|
|
2016-04-10 14:40:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|