| [ Index ] |
PHP Cross Reference of YOURLS |
[Source view] [Print] [Project Stats]
Function related to authentication functions and nonces
| File Size: | 747 lines (25 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 1 file includes/auth.php |
| yourls_maybe_require_auth() X-Ref |
| Show login form if required return: void |
| yourls_is_valid_user() X-Ref |
| Check for valid user via login form or stored cookie. Returns true or an error message return: bool|string|mixed true if valid user, error message otherwise. Can also call yourls_die() or redirect to login page. Oh my. |
| yourls_check_username_password() X-Ref |
| Check auth against list of login=>pwd. Sets user if applicable, returns bool return: bool true if login/pwd pair is valid (and sets user if applicable), false otherwise |
| yourls_check_password_hash($user, $submitted_password ) X-Ref |
| Check a submitted password sent in plain text against stored password which can be a salted hash return: bool param: string $user param: string $submitted_password |
| yourls_hash_passwords_now( $config_file ) X-Ref |
| Overwrite plaintext passwords in config file with hashed versions. return: true|string if overwrite was successful, an error message otherwise param: string $config_file Full path to file since: 1.7 |
| yourls_phpass_hash( $password ) X-Ref |
| Create a password hash return: string hashed password param: string $password password to hash since: 1.7 |
| yourls_phpass_check( $password, $hash ) X-Ref |
| Verify that a password matches a hash return: bool true if the hash matches the password, false otherwise param: string $password clear (eg submitted in a form) password param: string $hash hash since: 1.7 |
| yourls_has_cleartext_passwords() X-Ref |
| Check to see if any passwords are stored as cleartext. return: bool true if any passwords are cleartext since: 1.7 |
| yourls_has_md5_password( $user ) X-Ref |
| Check if a user has a md5 hashed password Check if a user password is 'md5:[38 chars]'. TODO: deprecate this when/if we have proper user management with password hashes stored in the DB return: bool true if password hashed, false otherwise param: string $user user login since: 1.7 |
| yourls_has_phpass_password( $user ) X-Ref |
| Check if a user's password is hashed with password_hash Check if a user password is 'phpass:[lots of chars]'. (For historical reason we're using 'phpass' as an identifier.) TODO: deprecate this when/if we have proper user management with password hashes stored in the DB return: bool true if password hashed with password_hash, otherwise false param: string $user user login since: 1.7 |
| yourls_check_auth_cookie() X-Ref |
| Check auth against encrypted COOKIE data. Sets user if applicable, returns bool return: bool true if authenticated, false otherwise |
| yourls_check_signature_timestamp() X-Ref |
| Check auth against signature and timestamp. Sets user if applicable, returns bool Original usage : http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<md5 hash>&action=... Since 1.7.7 we allow a `hash` parameter and an arbitrary hashed signature, hashed with the `hash` function. Examples : http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<sha512 hash>&hash=sha512&action=... http://sho.rt/yourls-api.php?timestamp=<timestamp>&signature=<crc32 hash>&hash=crc32&action=... return: bool False if signature or timestamp missing or invalid, true if valid since: 1.4.1 |
| yourls_check_signature() X-Ref |
| Check auth against signature. Sets user if applicable, returns bool return: bool False if signature missing or invalid, true if valid since: 1.4.1 |
| yourls_auth_signature( $username = false ) X-Ref |
| Generate secret signature hash return: string Signature param: false|string $username Username to generate signature for, or false to use current user |
| yourls_check_timestamp( $time ) X-Ref |
| Check if timestamp is not too old return: bool True if timestamp is valid param: int $time Timestamp to check |
| yourls_store_cookie( $user = '' ) X-Ref |
| Store new cookie. No $user will delete the cookie. return: void param: string $user User login, or empty string to delete cookie |
| yourls_setcookie($name, $value, $expire, $path, $domain, $secure, $httponly) X-Ref |
| Replacement for PHP's setcookie(), with support for SameSite cookie attribute return: bool setcookie() result : false if output sent before, true otherwise. This does not indicate whether the user accepted the cookie. param: string $name cookie name param: string $value cookie value param: int $expire time the cookie expires as a Unix timestamp (number of seconds since the epoch) param: string $path path on the server in which the cookie will be available on param: string $domain (sub)domain that the cookie is available to param: bool $secure if cookie should only be transmitted over a secure HTTPS connection param: bool $httponly if cookie will be made accessible only through the HTTP protocol since: 1.7.7 |
| yourls_set_user( $user ) X-Ref |
| Set user name return: void param: string $user Username |
| yourls_get_cookie_life() X-Ref |
| Get YOURLS_COOKIE_LIFE value (ie the life span of an auth cookie in seconds) Use this function instead of directly using the constant. This way, its value can be modified by plugins on a per case basis return: integer cookie life span, in seconds since: 1.7.7 |
| yourls_get_nonce_life() X-Ref |
| Get YOURLS_NONCE_LIFE value (ie life span of a nonce in seconds) Use this function instead of directly using the constant. This way, its value can be modified by plugins on a per case basis return: integer nonce life span, in seconds since: 1.7.7 |
| yourls_cookie_name() X-Ref |
| Get YOURLS cookie name The name is unique for each install, to prevent mismatch between sho.rt and very.sho.rt -- see #1673 TODO: when multi user is implemented, the whole cookie stuff should be reworked to allow storing multiple users return: string unique cookie name for a given YOURLS site since: 1.7.1 |
| yourls_cookie_value( $user ) X-Ref |
| Get auth cookie value return: string cookie value param: string $user user name since: 1.7.7 |
| yourls_tick() X-Ref |
| Return a time-dependent string for nonce creation Actually, this returns a float: ceil rounds up a value but is of type float, see https://www.php.net/ceil return: float |
| yourls_salt( $string ) X-Ref |
| Return hashed string This function is badly named, it's not a salt or a salted string : it's a cryptographic hash. return: string hashed string param: string $string string to salt since: 1.4.1 |
| yourls_hmac_algo() X-Ref |
| Return an available hash_hmac() algorithm return: string hash_hmac() algorithm since: 1.8.3 |
| yourls_create_nonce($action, $user = false ) X-Ref |
| Create a time limited, action limited and user limited token return: string Nonce token param: string $action Action to create nonce for param: false|string $user Optional user string, false for current user |
| yourls_nonce_field($action, $name = 'nonce', $user = false, $echo = true ) X-Ref |
| Echoes or returns a nonce field for inclusion into a form return: string Nonce field param: string $action Action to create nonce for param: string $name Optional name of nonce field -- defaults to 'nonce' param: false|string $user Optional user string, false if unspecified param: bool $echo True to echo, false to return nonce field |
| yourls_nonce_url($action, $url = false, $name = 'nonce', $user = false ) X-Ref |
| Add a nonce to a URL. If URL omitted, adds nonce to current URL return: string URL with nonce added param: string $action Action to create nonce for param: string $url Optional URL to add nonce to -- defaults to current URL param: string $name Optional name of nonce field -- defaults to 'nonce' param: false|string $user Optional user string, false if unspecified |
| yourls_verify_nonce($action, $nonce = false, $user = false, $return = '' ) X-Ref |
| Check validity of a nonce (ie time span, user and action match). Returns true if valid, dies otherwise (yourls_die() or die($return) if defined). If $nonce is false or unspecified, it will use $_REQUEST['nonce'] return: bool|void True if valid, dies otherwise param: string $action param: false|string $nonce Optional, string: nonce value, or false to use $_REQUEST['nonce'] param: false|string $user Optional, string user, false for current user param: string $return Optional, string: message to die with if nonce is invalid |
| yourls_is_user_from_env() X-Ref |
| Check if YOURLS_USER comes from environment variables return: bool true if YOURLS_USER and YOURLS_PASSWORD are defined as environment variables since: 1.8.2 |
| yourls_maybe_hash_passwords() X-Ref |
| Check if we should hash passwords in the config file By default, passwords are hashed. They are not if - there is no password in clear text in the config file (ie everything is already hashed) - the user defined constant YOURLS_NO_HASH_PASSWORD is true, see https://docs.yourls.org/guide/essentials/credentials.html#i-don-t-want-to-encrypt-my-password - YOURLS_USER and YOURLS_PASSWORD are provided by the environment, not the config file return: bool since: 1.8.2 |
| yourls_skip_password_hashing() X-Ref |
| Check if user setting for skipping password hashing is set return: bool since: 1.8.2 |
| Generated: Sat Feb 22 05:10:06 2025 | Cross-referenced by PHPXref 0.7.1 |