| [ Index ] |
PHP Cross Reference of YOURLS |
[Source view] [Print] [Project Stats]
Function related to authentication functions and nonces
| File Size: | 747 lines (25 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 1 file includes/auth.php |
| yourls_maybe_require_auth() X-Ref |
| Show login form if required return: void |
| yourls_is_valid_user() X-Ref |
| Check for valid user via login form or stored cookie. Returns true or an error message return: bool|string|mixed true if valid user, error message otherwise. Can also call yourls_die() or redirect to login page. Oh my. |
| yourls_check_username_password() X-Ref |
| Check auth against list of login=>pwd. Sets user if applicable, returns bool return: bool true if login/pwd pair is valid (and sets user if applicable), false otherwise |
| yourls_check_password_hash($user, $submitted_password ) X-Ref |
| Check a submitted password sent in plain text against stored password which can be a salted hash param: string $user param: string $submitted_password return: bool |
| yourls_hash_passwords_now( $config_file ) X-Ref |
| Overwrite plaintext passwords in config file with hashed versions. param: string $config_file Full path to file return: true|string if overwrite was successful, an error message otherwise since: 1.7 |
| yourls_phpass_hash( $password ) X-Ref |
| Create a password hash param: string $password password to hash return: string hashed password since: 1.7 |
| yourls_phpass_check( $password, $hash ) X-Ref |
| Verify that a password matches a hash param: string $password clear (eg submitted in a form) password param: string $hash hash return: bool true if the hash matches the password, false otherwise since: 1.7 |
| yourls_has_cleartext_passwords() X-Ref |
| Check to see if any passwords are stored as cleartext. return: bool true if any passwords are cleartext since: 1.7 |
| yourls_has_md5_password( $user ) X-Ref |
| Check if a user has a md5 hashed password Check if a user password is 'md5:[38 chars]'. TODO: deprecate this when/if we have proper user management with password hashes stored in the DB param: string $user user login return: bool true if password hashed, false otherwise since: 1.7 |
| yourls_has_phpass_password( $user ) X-Ref |
| Check if a user's password is hashed with password_hash Check if a user password is 'phpass:[lots of chars]'. (For historical reason we're using 'phpass' as an identifier.) TODO: deprecate this when/if we have proper user management with password hashes stored in the DB param: string $user user login return: bool true if password hashed with password_hash, otherwise false since: 1.7 |
| yourls_check_auth_cookie() X-Ref |
| Check auth against encrypted COOKIE data. Sets user if applicable, returns bool return: bool true if authenticated, false otherwise |
| yourls_check_signature_timestamp() X-Ref |
| Check auth against signature and timestamp. Sets user if applicable, returns bool Original usage : http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<md5 hash>&action=... Since 1.7.7 we allow a `hash` parameter and an arbitrary hashed signature, hashed with the `hash` function. Examples : http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<sha512 hash>&hash=sha512&action=... http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<crc32 hash>&hash=crc32&action=... return: bool False if signature or timestamp missing or invalid, true if valid since: 1.4.1 |
| yourls_check_signature() X-Ref |
| Check auth against signature. Sets user if applicable, returns bool return: bool False if signature missing or invalid, true if valid since: 1.4.1 |
| yourls_auth_signature( $username = false ) X-Ref |
| Generate secret signature hash param: false|string $username Username to generate signature for, or false to use current user return: string Signature |
| yourls_check_timestamp( $time ) X-Ref |
| Check if timestamp is not too old param: int $time Timestamp to check return: bool True if timestamp is valid |
| yourls_store_cookie( $user = '' ) X-Ref |
| Store new cookie. No $user will delete the cookie. param: string $user User login, or empty string to delete cookie return: void |
| yourls_setcookie($name, $value, $expire, $path, $domain, $secure, $httponly) X-Ref |
| Replacement for PHP's setcookie(), with support for SameSite cookie attribute param: string $name cookie name param: string $value cookie value param: int $expire time the cookie expires as a Unix timestamp (number of seconds since the epoch) param: string $path path on the server in which the cookie will be available on param: string $domain (sub)domain that the cookie is available to param: bool $secure if cookie should only be transmitted over a secure HTTPS connection param: bool $httponly if cookie will be made accessible only through the HTTP protocol return: bool setcookie() result : false if output sent before, true otherwise. This does not indicate whether the user accepted the cookie. since: 1.7.7 |
| yourls_set_user( $user ) X-Ref |
| Set user name param: string $user Username return: void |
| yourls_get_cookie_life() X-Ref |
| Get YOURLS_COOKIE_LIFE value (ie the life span of an auth cookie in seconds) Use this function instead of directly using the constant. This way, its value can be modified by plugins on a per case basis return: integer cookie life span, in seconds since: 1.7.7 |
| yourls_get_nonce_life() X-Ref |
| Get YOURLS_NONCE_LIFE value (ie life span of a nonce in seconds) Use this function instead of directly using the constant. This way, its value can be modified by plugins on a per case basis return: integer nonce life span, in seconds since: 1.7.7 |
| yourls_cookie_name() X-Ref |
| Get YOURLS cookie name The name is unique for each install, to prevent mismatch between sho.rt and very.sho.rt -- see #1673 TODO: when multi user is implemented, the whole cookie stuff should be reworked to allow storing multiple users return: string unique cookie name for a given YOURLS site since: 1.7.1 |
| yourls_cookie_value( $user ) X-Ref |
| Get auth cookie value param: string $user user name return: string cookie value since: 1.7.7 |
| yourls_tick() X-Ref |
| Return a time-dependent string for nonce creation Actually, this returns a float: ceil rounds up a value but is of type float, see https://www.php.net/ceil return: float |
| yourls_salt( $string ) X-Ref |
| Return hashed string This function is badly named, it's not a salt or a salted string : it's a cryptographic hash. param: string $string string to salt return: string hashed string since: 1.4.1 |
| yourls_hmac_algo() X-Ref |
| Return an available hash_hmac() algorithm return: string hash_hmac() algorithm since: 1.8.3 |
| yourls_create_nonce($action, $user = false ) X-Ref |
| Create a time limited, action limited and user limited token param: string $action Action to create nonce for param: false|string $user Optional user string, false for current user return: string Nonce token |
| yourls_nonce_field($action, $name = 'nonce', $user = false, $echo = true ) X-Ref |
| Echoes or returns a nonce field for inclusion into a form param: string $action Action to create nonce for param: string $name Optional name of nonce field -- defaults to 'nonce' param: false|string $user Optional user string, false if unspecified param: bool $echo True to echo, false to return nonce field return: string Nonce field |
| yourls_nonce_url($action, $url = false, $name = 'nonce', $user = false ) X-Ref |
| Add a nonce to a URL. If URL omitted, adds nonce to current URL param: string $action Action to create nonce for param: string $url Optional URL to add nonce to -- defaults to current URL param: string $name Optional name of nonce field -- defaults to 'nonce' param: false|string $user Optional user string, false if unspecified return: string URL with nonce added |
| yourls_verify_nonce($action, $nonce = false, $user = false, $return = '' ) X-Ref |
| Check validity of a nonce (ie time span, user and action match). Returns true if valid, dies otherwise (yourls_die() or die($return) if defined). If $nonce is false or unspecified, it will use $_REQUEST['nonce'] param: string $action param: false|string $nonce Optional, string: nonce value, or false to use $_REQUEST['nonce'] param: false|string $user Optional, string user, false for current user param: string $return Optional, string: message to die with if nonce is invalid return: bool|void True if valid, dies otherwise |
| yourls_is_user_from_env() X-Ref |
| Check if YOURLS_USER comes from environment variables return: bool true if YOURLS_USER and YOURLS_PASSWORD are defined as environment variables since: 1.8.2 |
| yourls_maybe_hash_passwords() X-Ref |
| Check if we should hash passwords in the config file By default, passwords are hashed. They are not if - there is no password in clear text in the config file (ie everything is already hashed) - the user defined constant YOURLS_NO_HASH_PASSWORD is true, see https://docs.yourls.org/guide/essentials/credentials.html#i-don-t-want-to-encrypt-my-password - YOURLS_USER and YOURLS_PASSWORD are provided by the environment, not the config file return: bool since: 1.8.2 |
| yourls_skip_password_hashing() X-Ref |
| Check if user setting for skipping password hashing is set return: bool since: 1.8.2 |
| Generated: Wed Sep 18 05:10:18 2024 | Cross-referenced by PHPXref 0.7.1 |