Taeluf.com

File code/class/Lib.php

class Tlf\User\Lib

Constants

Properties

  • public $config = []; Expects web_address = http://example.com
    Expects email_from = help@example.com
  • public string $password_symbols = '~!@#$%^&*()_-+={[]}|\:;"'<,>.?/';` valid symbol characters for a password
  • public int $max_len = 72; max len should not be changed, bc bcrypt limit is 72 chars
  • public int $min_len = 8;
  • public bool $require_num = true;
  • public bool $require_symbol = true;
  • public bool $require_mix_case = true;
  • public string $user_class = '\\Tlf\\User'; the class of the user to instantiate
  • public \PDO $pdo;
  • public $disabled_pages = []; to disable a page just add its page identifier to this array. One of 'login', 'register', 'reset-password', 'logout', or 'terms'
  • public array $valid_sessions = []; This should only be set after a session is validated
  • public array $latest_csrf = [];
  • public array $queries = []; Array of query strings identifiable by key. Generated by LilSql (of LilDb package)

Methods

  • public function __construct($pdo)

  • public function is_post():bool

  • public function init_db()

  • public function page_is_disabled(string $page_id) Checks if a page is disabled in $this->disabled_pages and outputs a message if so

  • public function role_deny(string $role, string $permission) delete an entry in role_permission table

  • public function role_delete(string $role) Delete all entries with given role from role_permission and user_role tables

  • public function role_allow(string $role, string $permission) add entry to role_permission table

  • public function is_password_valid(string $password)

  • public function user_from_email(string $email) get a user by their email. User may or may not be in the database/registered/active

  • public function user_from_cookie($cookie=null) Login a user by validating the cookie sent with their request

  • public function make_csrf_code()

  • public function enable_csrf(string $key_prefix='',int $expiry_minutes60, string $url_path'')

  • public function get_csrf_post_key(string $key_prefix=''): string get the key of the csrf data in $_POST for the given key

  • public function get_csrf_session_key(string $key_prefix=''): string

  • public function get_csrf_session_input(string $key_prefix=''): string

  • public function csrf_is_valid(string $key_prefix=''): bool Checks $_POST for the csrf token

  • public function security_consent_box()