Database not found."); } class Store extends SQLite3 { function __construct() { $this->open('meowboard.db'); } } $db = new Store(); $sitenameStatement = $db->prepare("SELECT * FROM settings WHERE key = 'sitename'"); $result = $sitenameStatement->execute(); $sitename = $result->fetchArray()[1]; function saltString($string) { global $db; $saltStatement = $db->prepare("SELECT * FROM settings WHERE key = 'salt'"); $result = $saltStatement->execute(); $salt = $result->fetchArray()[1]; return hash("sha512", $string . $salt); } function verifyPassword($username, $password) { global $db; $password = hash("sha512", $password); $grabUser = $db->prepare("SELECT * FROM users WHERE username = ?"); $grabUser->bindParam(1, $username, SQLITE3_TEXT); $result = $grabUser->execute(); $resultArray = $result->fetchArray(); $storedPassword = $resultArray[1]; $pepper = $resultArray[2]; $passwordFinal = hash("sha512", saltString($password) . $pepper); if ($passwordFinal != $storedPassword) { return 0; } return 1; } function issueSessionToken($username) { global $db; $token = bin2hex(random_bytes(256)); $tokenStore = saltString($token); // We store this value and give the user the unhashed token. $expiry = time() + 2_419_200_000; // 28 days. $insertTokenStatement = $db->prepare("INSERT INTO tokens (hash, username, expiry) VALUES (?, ?, ?)"); $insertTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $insertTokenStatement->bindParam(2, $username, SQLITE3_TEXT); $insertTokenStatement->bindParam(3, $expiry, SQLITE3_INTEGER); $result = $insertTokenStatement->execute(); return $token; } function flushSessionTokens() { global $db; $flushStatement = $db->prepare("DELETE FROM tokens WHERE expiry < ?"); $flushStatement->bindParam(1, time(), SQLITE3_INTEGER); $flushStatement->execute(); } function purgeSessionTokens() { global $db; $db->execute("DELETE FROM tokens"); } function deleteSessionToken($token) { global $db; $tokenStore = saltString($token); $deleteStatement = $db->prepare("DELETE FROM tokens WHERE hash = ?"); $deleteStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $deleteStatement->execute(); } function checkSessionToken($token) { global $db; flushSessionTokens(); $tokenStore = saltString($token); $getTokenStatement = $db->prepare("SELECT hash FROM tokens WHERE hash = ?"); $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $result = $getTokenStatement->execute(); $tokenInDB = $result->fetchArray()[0]; if ($tokenInDB == $tokenStore) { return 1; } return 0; } function tokenToUsername($token) { global $db; $tokenStore = saltString($token); $getTokenStatement = $db->prepare("SELECT username FROM tokens WHERE hash = ?"); $getTokenStatement->bindParam(1, $tokenStore, SQLITE3_TEXT); $result = $getTokenStatement->execute(); $username = $result->fetchArray()[0]; return $username; } function isAdmin($username) { global $db; $getTokenStatement = $db->prepare("SELECT admin FROM users WHERE username = ?"); $getTokenStatement->bindParam(1, $username, SQLITE3_TEXT); $result = $getTokenStatement->execute(); return $result->fetchArray()[0]; } ?>