prod-releaser.php/build/api/core/Authentification.php

<?php

	namespace api\core;

	use \database\core\Repo;
	use \error\core\Error;


	class Authentification{

		// Contiendra les erreurs
		public $error;


		/*************************/
		/* SECURE SHA1 ALGORITHM */
		/*************************/
		public static function secure_hash($data, $depth=1){
			/* [1] On hash @depth times
			=========================================================*/
			$hash = $data;
			$c = 0;

			for( $h = 0 ; $h < $depth ; $h++ ){
				$hash = hash('sha256', '">\[..|{@#))'.hash('sha256', $hash.'_)Q@#((%*_$%(@#') );
					$c++;
			}


			/* [2] Return result
			=========================================================*/
			return $hash;
		}


		/* INITIALISATION DU SYSTEME ET MISE A JOUR CONSTANTES D'AUTHENTIFICATION
		*
		*
		*/
		public static function check(){
			/* (1) Initialisation des variables
			---------------------------------------------------------*/
			/* (1) Token de header */
			if( !isset($GLOBALS['TOKEN']) )
				$GLOBALS['TOKEN'] = null;

			echo "1. ".$GLOBALS['TOKEN']."\n";

			/* (1) Liste des permissions */
			if( !isset($GLOBALS['PERM']) )
				$GLOBALS['PERM'] = [];

			echo "2. ".$GLOBALS['TOKEN']."\n";

			/* (2) Gestion de AUTH (authentification) dans HEADER
			---------------------------------------------------------*/
			$GLOBALS['TOKEN'] = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '';
			echo "3. ".$GLOBALS['TOKEN']."\n";

			/* (3) Gestion de AUTH en fonction du token
			---------------------------------------------------------*/
			if( preg_match('/^[a-f0-9]{64}$/', $GLOBALS['TOKEN'], $match) )
				$GLOBALS['TOKEN'] = $match[0];
			else
				$GLOBALS['TOKEN'] = null;

			echo "4. ".$GLOBALS['TOKEN']."\n";

			/* (4) On vérifie l'authentification par BDD
			---------------------------------------------------------*/
			if( !self::deepCheck() )
				$GLOBALS['TOKEN'] = null;
			echo "5. ".$GLOBALS['TOKEN']."\n";
		}


		/* VERIFICATION DE L'AUTHENTIFICATION
		*
		*
		*/
		public static function deepCheck(){
			/* [1] Si aucun token
			=========================================================*/
			if( is_null($GLOBALS['TOKEN']) )
				return false;


			/* [2] Vérification du système
			=========================================================*/
				/* (1) Fetch cyclic-hashing-system -> check file */
				$fn =  __BUILD__.'/api/chs/hash';

				if( !is_file($fn) )
					return false;

				/* (2) Read file -> check content */
				$fc = file_get_contents($fn);

				if( strlen($fc) !== 64 )
					return false;

			/* [3] Hash comparison
			=========================================================*/
				/* (1) Compares content */
				$hashed = self::secure_hash($GLOBALS['TOKEN']);

				if( $hashed !== $fc )
					return false;

				/* (2) Stores new content */
				file_put_contents($fn, $GLOBALS['TOKEN']);

				/* (3) Stores permission */
				if( !in_array('cyclic-hash', $GLOBALS['PERM']) )
					$GLOBALS['PERM'][] = 'cyclic-hash';


			/* [4] Returns true if no error
			=========================================================*/
			return true;

		}


		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
		*
		* @module<String> 										Module concerné
		* @expected<array> 										Liste des permissions attendues
		*
		* @return status<Boolean> 								Si FALSE, pas la permission, sinon si
		*
		*/
		public static function permission($module, $expected){
			/* [1] Setup
			=========================================================*/
			/* (1) If no expected, return true */
			if( !is_array($expected) || count($expected) === 0 )
				return true;

			/* (2) Mise à jour de l'authentification */
			self::check();


			var_dump('expected');
			var_dump($expected);
			var_dump('yours');
			var_dump($GLOBALS['PERM']);

			/* [2] Gestion des permissions
			=========================================================*/
				/* (1) Vérification de toutes les permissions requises */
				foreach($expected as $permission)
					// Si il manque au minimum une permission, on retourne FALSE
					if( !in_array($permission, $GLOBALS['PERM']) )
						return Error::PermissionError;


			/* [3] Si on a toutes les permissions requises
			=========================================================*/
			return Error::Success;
		}


		/* RENVOIE LE NIVEAU D'AUTHENTIFICATION
		*
		* @return auth<int> 						Niveau d'authentification (0 à 2)
		*
		*/
		public static function auth(){
			return !is_array($GLOBALS['PERM']) ? 0 : count($GLOBALS['PERM']);
		}

	}

?>
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`<?php`

			`namespace api\core;`

			`use \database\core\Repo;`
			`use \error\core\Error;`




			`class Authentification{`

			`// Contiendra les erreurs`
			`public $error;`


			`/*************************/`
			`/* SECURE SHA1 ALGORITHM */`
			`/*************************/`
			`public static function secure_hash($data, $depth=1){`
			`/* [1] On hash @depth times`
			`=========================================================*/`
			`$hash = $data;`
			`$c = 0;`

			`for( $h = 0 ; $h < $depth ; $h++ ){`
			`$hash = hash('sha256', '">\[..\|{@#))'.hash('sha256', $hash.'_)Q@#((%*_$%(@#') );`
			`$c++;`
			`}`


			`/* [2] Return result`
			`=========================================================*/`
			`return $hash;`
			`}`




			`/* INITIALISATION DU SYSTEME ET MISE A JOUR CONSTANTES D'AUTHENTIFICATION`
			`*`
			`*`
			`*/`
			`public static function check(){`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (1) Initialisation des variables`
			`---------------------------------------------------------*/`
			`/* (1) Token de header */`
			`if( !isset($GLOBALS['TOKEN']) )`
			`$GLOBALS['TOKEN'] = null;`

Dbug 2016-11-08 09:47:01 +00:00			`echo "1. ".$GLOBALS['TOKEN']."\n";`

[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (1) Liste des permissions */`
Test + cyclic verification 2016-11-08 09:05:08 +00:00			`if( !isset($GLOBALS['PERM']) )`
			`$GLOBALS['PERM'] = [];`

Dbug 2016-11-08 09:47:01 +00:00			`echo "2. ".$GLOBALS['TOKEN']."\n";`
Test + cyclic verification 2016-11-08 09:05:08 +00:00
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (2) Gestion de AUTH (authentification) dans HEADER`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`---------------------------------------------------------*/`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`$GLOBALS['TOKEN'] = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '';`
Dbug 2016-11-08 09:47:01 +00:00			`echo "3. ".$GLOBALS['TOKEN']."\n";`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (3) Gestion de AUTH en fonction du token`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`---------------------------------------------------------*/`
debug 2016-11-08 09:38:23 +00:00			`if( preg_match('/^[a-f0-9]{64}$/', $GLOBALS['TOKEN'], $match) )`
			`$GLOBALS['TOKEN'] = $match[0];`
			`else`
			`$GLOBALS['TOKEN'] = null;`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00
Dbug 2016-11-08 09:47:01 +00:00			`echo "4. ".$GLOBALS['TOKEN']."\n";`

[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (4) On vérifie l'authentification par BDD`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`---------------------------------------------------------*/`
			`if( !self::deepCheck() )`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`$GLOBALS['TOKEN'] = null;`
Dbug 2016-11-08 09:47:01 +00:00			`echo "5. ".$GLOBALS['TOKEN']."\n";`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`}`




			`/* VERIFICATION DE L'AUTHENTIFICATION`
			`*`
			`*`
			`*/`
			`public static function deepCheck(){`
mintest 2016-11-08 09:44:29 +00:00			`/* [1] Si aucun token`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`=========================================================*/`
mintest 2016-11-08 09:44:29 +00:00			`if( is_null($GLOBALS['TOKEN']) )`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`return false;`


Dbug 2016-11-08 09:47:01 +00:00			`/* [2] Vérification du système`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`=========================================================*/`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (1) Fetch cyclic-hashing-system -> check file */`
			`$fn = __BUILD__.'/api/chs/hash';`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`if( !is_file($fn) )`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`return false;`

[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`/* (2) Read file -> check content */`
			`$fc = file_get_contents($fn);`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`if( strlen($fc) !== 64 )`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`return false;`

Dbug 2016-11-08 09:47:01 +00:00			`/* [3] Hash comparison`
			`=========================================================*/`
			`/* (1) Compares content */`
fix cyclic hash algo 2016-11-08 09:41:27 +00:00			`$hashed = self::secure_hash($GLOBALS['TOKEN']);`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00
Dbug 2016-11-08 09:47:01 +00:00			`if( $hashed !== $fc )`
Test + cyclic verification 2016-11-08 09:05:08 +00:00			`return false;`

Dbug 2016-11-08 09:47:01 +00:00			`/* (2) Stores new content */`
[api\Authentification] management (almost done, module 'authentification/renew' todo) 2016-11-08 09:14:31 +00:00			`file_put_contents($fn, $GLOBALS['TOKEN']);`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00
Dbug 2016-11-08 09:47:01 +00:00			`/* (3) Stores permission */`
auth upgrade 2016-11-08 09:37:29 +00:00			`if( !in_array('cyclic-hash', $GLOBALS['PERM']) )`
			`$GLOBALS['PERM'][] = 'cyclic-hash';`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00

Dbug 2016-11-08 09:47:01 +00:00			`/* [4] Returns true if no error`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`=========================================================*/`
			`return true;`
Test + cyclic verification 2016-11-08 09:05:08 +00:00
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`}`




			`/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES`
			`*`
			`* @module<String> Module concerné`
			`* @expected<array> Liste des permissions attendues`
			`*`
			`* @return status<Boolean> Si FALSE, pas la permission, sinon si`
			`*`
			`*/`
			`public static function permission($module, $expected){`
auth upgrade 2016-11-08 09:37:29 +00:00			`/* [1] Setup`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`=========================================================*/`
auth upgrade 2016-11-08 09:37:29 +00:00			`/* (1) If no expected, return true */`
			`if( !is_array($expected) \|\| count($expected) === 0 )`
			`return true;`

			`/* (2) Mise à jour de l'authentification */`
Test + cyclic verification 2016-11-08 09:05:08 +00:00			`self::check();`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00

dbug 2016-11-08 09:39:11 +00:00			`var_dump('expected');`
			`var_dump($expected);`
			`var_dump('yours');`
			`var_dump($GLOBALS['PERM']);`

Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`/* [2] Gestion des permissions`
			`=========================================================*/`
			`/* (1) Vérification de toutes les permissions requises */`
			`foreach($expected as $permission)`
			`// Si il manque au minimum une permission, on retourne FALSE`
Test + cyclic verification 2016-11-08 09:05:08 +00:00			`if( !in_array($permission, $GLOBALS['PERM']) )`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`return Error::PermissionError;`


Test + cyclic verification 2016-11-08 09:05:08 +00:00			`/* [3] Si on a toutes les permissions requises`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`=========================================================*/`
			`return Error::Success;`
			`}`





			`/* RENVOIE LE NIVEAU D'AUTHENTIFICATION`
			`*`
			`* @return auth<int> Niveau d'authentification (0 à 2)`
			`*`
			`*/`
			`public static function auth(){`
mintest 2016-11-08 09:44:29 +00:00			`return !is_array($GLOBALS['PERM']) ? 0 : count($GLOBALS['PERM']);`
Updated [manager\ManagerError] to [error\core\Error] Gestion de l'authentification + mise en place du system de hash cyclique 2016-11-08 08:54:59 +00:00			`}`

			`}`

			`?>`