Taeluf.com

File src/class/Lib.php

class Tlf\User\Lib

See source code at /src/class/Lib.php

Constants

Properties

  • public $config = []; See Configurations.php for available configs
  • public string $password_symbols = '~!@#$%^&*()_-+={[]}|\:;"'<,>.?/';` valid symbol characters for a password
  • public int $max_len = 72; max len should not be changed, bc bcrypt limit is 72 chars
  • public int $min_len = 8;
  • public bool $require_num = true;
  • public bool $require_symbol = true;
  • public bool $require_mix_case = true;
  • public string $user_class = '\\Tlf\\User'; the class of the user to instantiate
  • public \Tlf\User\MailService $mail_service = \Tlf\User\MailServicePHP_MAIL; Which mail service to use when sending emails to users
  • public mixed $mail_service_callable = null; If $mail_service is set to case CUSTOM_CALLABLE = 'CUSTOM_CALLABLE'; ... then this callable is used
  • public \PDO $pdo;
  • public $disabled_pages = []; to disable a page just add its page identifier to this array. One of 'login', 'register', 'reset-password', 'logout', or 'terms'
  • public array $valid_sessions = []; This should only be set after a session is validated
  • public array $latest_csrf = [];
  • public array $queries = []; Array of query strings identifiable by key. Generated by LilSql (of LilDb package)
  • protected array $cookie_users = []; To cache users loaded by their cookie.
    array<string cookie, Tlf\User $user>
  • static protected array $invalidated_user_cookies = []; Array of cookies that have been invalidated.

There may be conflicting cookies across instances, so there is some tiny risk of re-loading a user that's already cached in some complex setups. But there should be no security risk, since in the worst-case scenario we just remove a user from cache that should be in the cache.

Methods

  • static public function remove_from_cookie_cache(string $cookie) Ensures that a user identified by the given cookie will not be loaded from cache during the current request. (i.e. this is only in-memory change, nothing persistent)

This affects all instances of \Tlf\User\Lib;

  • public function __construct($pdo)

  • public function is_post():bool

  • public function init_db()

  • public function page_is_disabled(string $page_id) Checks if a page is disabled in $this->disabled_pages and outputs a message if so

  • public function role_deny(string $role, string $permission) delete an entry in role_permission table

  • public function role_delete(string $role) Delete all entries with given role from role_permission and user_role tables

  • public function role_allow(string $role, string $permission) add entry to role_permission table

  • public function is_password_valid(string $password)

  • public function users_with_role(string $role): array Get an array of users.

  • public function user_from_email(string $email): \Tlf\User get a user by their email. User may or may not be in the database/registered/active

  • public function user_from_cookie(string $cookie=null) Login a user by validating the cookie sent with their request

  • public function send_mail( string $to, string $subject, string $message, arraystring $additional_headers = [], string $additional_params ""): bool Send email using the configured email service. Default config uses php mail()

  • public function make_csrf_code()

  • public function enable_csrf(string $key_prefix='',int $expiry_minutes60, string $url_path'')

  • public function get_csrf_post_key(string $key_prefix=''): string get the key of the csrf data in $_POST for the given key

  • public function get_csrf_session_key(string $key_prefix=''): string

  • public function get_csrf_session_input(string $key_prefix=''): string

  • public function csrf_is_valid(string $key_prefix=''): bool Checks $_POST for the csrf token

  • public function security_consent_box()