-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthentication.php
103 lines (78 loc) · 2.29 KB
/
authentication.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
require_once('config.php');
require_once('utils.php');
//Queries server for login and returns JWT
//This needs to be here instead of login.php because
//Including login.php executes that script, whereas this is just a callable function
function auth_login($email, $password, $conn){
$stm = $conn->prepare('SELECT id, hashword FROM users WHERE email = :email');
$stm->bindParam(':email', $email, PDO::PARAM_STR);
$stm->execute();
$row = $stm->fetch(PDO::FETCH_ASSOC);
$id = $row['id'];
$hash = $row['hashword'];
//Password correct, generate JWT
if(password_verify($password, $hash)){
return generateJWT($id, 'buyer');
}
//Password incorrect
else{
return null;
}
}
function generateJWT($user_id, $role){
$secret = JWTSECRET;
$header = json_encode([
'typ' => 'JWT',
'alg' => 'H256'
]);
$exp = strtotime(JWTTIMEOUT);
$payload = json_encode([
'user_id' => $user_id,
'role' => $role,
'exp' => $exp
]);
$base64UrlHeader = base64UrlEncode($header);
$base64UrlPayload = base64UrlEncode($payload);
$signature = hash_hmac('sha256', $base64UrlHeader . '.' . $base64UrlPayload, $secret, true);
$base64UrlSignature = base64UrlEncode($signature);
$jwt = $base64UrlHeader . '.' . $base64UrlPayload . '.' . $base64UrlSignature;
return $jwt;
}
function verifyJWT($jwt){
$secret = JWTSECRET;
$tokenParts = explode('.', $jwt);
if(sizeof($tokenParts) != 3){
return false;
}
$header = base64_decode($tokenParts[0]);
$payload = base64_decode($tokenParts[1]);
$signatureProvided = $tokenParts[2];
$expiration = json_decode($payload)->exp;
$tokenExpired = ($expiration - time() < 0);
//Token has expired and is not valid
if($tokenExpired){
return false;
}
$base64UrlHeader = base64UrlEncode($header);
$base64UrlPayload = base64UrlEncode($payload);
$signature = hash_hmac('sha256', $base64UrlHeader . '.' . $base64UrlPayload, $secret, true);
$base64UrlSignature = base64UrlEncode($signature);
$signatureValid = ($base64UrlSignature === $signatureProvided);
//Invalid signatures, don't match
if(!$signatureValid){
return false;
}
$payload = (array) json_decode($payload);
return $payload;
}
function verifyHeader($header){
if($header == NULL){
return false;
}
$split = explode(' ', $header);
$type = $split[0];
$jwt = $split[1];
return verifyJWT($jwt);
}
?>