added data adapter for authme, crazylogin and discuz

2016-03-13 15:38:34 +08:00 · 2016-03-13 15:38:34 +08:00 · 80dca173a7
commit 80dca173a7
parent 3015a36cdb
9 changed files with 291 additions and 21 deletions
--- a/ajax.php
+++ b/ajax.php
@ -3,7 +3,7 @@
 * @Author: printempw
 * @Date:   2016-01-16 23:01:33
 * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-12 16:34:14
+ * @Last Modified time: 2016-03-13 14:03:58
 *
 * - login, register, logout
 * - upload, change, delete
@ -67,7 +67,7 @@ if ($action == "login") {
                // then reject the registration.
                if ($user->db->getNumRows('ip', $ip) < REGS_PER_IP) {
                    // use once md5 to encrypt password
-                    if ($user->register(md5($_POST['passwd']), $ip)) {
+                    if ($user->register($_POST['passwd'], $ip)) {
                        $json['errno'] = 0;
                        $json['msg'] = "注册成功~";
                    } else {
--- a/config.example.php
+++ b/config.example.php
@ -14,19 +14,10 @@ define('DB_PORT', 3306);
 /* MySQL 主机 */
 define('DB_HOST', 'localhost');

-/**
- * 数据表前缀
- *
- * 如果您有在同一数据库内安装多个 Blessing Skin Server 的需求，
- * 或者需要与 Authme、Discuz 等程序对接时，请为每个皮肤站设置
- * 不同的数据表前缀。前缀名只能为数字、字母加下划线。
- */
-define('DB_PREFIX', 'bs_');
-
 /* 盐，用于 token 加密，修改为任意随机字符串 */
-define('SALT', '9tvsh55d*s');
+define('SALT', '9tvsE+1._%R4@VLaX(I|.U+h_d*s');

-/* 调试模式，开启后将会显示所有错误提示 */
+/* 调试模式，开启后将会显示所有用于错误提示 */
 define('DEBUG_MODE', false);

 /* 同一 IP 最大可注册账户数 */
@ -37,3 +28,20 @@ define('API_TYPE', 0);

 /* 站点名称，推荐英文（字体原因） */
 define('SITE_TITLE', 'Blessing Skin Server');
+
+/**
+ * 数据表前缀
+ *
+ * 如果您有在同一数据库内安装多个 Blessing Skin Server 的需求，
+ * 或者需要与 Authme、Discuz 等程序对接时，请为每个皮肤站设置
+ * 不同的数据表前缀。前缀名只能为数字、字母加下划线。
+ */
+define('DB_PREFIX', '');
+
+/**
+ * 数据对接适配器
+ *
+ * 目前可进行数据对接的程序有 Authme、Crazylogin、Discuz
+ * 只可填写 `Authme`，`Crazy` 或者 `Discuz`，留空即为不进行数据对接
+ */
+define('DATA_ADAPTER', '');
--- a/includes/AuthmeDatabase.class.php
+++ b/includes/AuthmeDatabase.class.php
@ -0,0 +1,70 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-03-13 11:59:32
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-03-13 15:29:23
+ */
+
+class AuthmeDatabase extends Database implements EncryptInterface, SyncInterface
+{
+    protected $table_name = "authme";
+
+    /**
+     * Default SHA256 encryption method for Authme
+     *
+     * http://pastebin.com/1wy9g2HT
+     */
+    public function encryptPassword($raw_passwd, $username="") {
+        $hash = hash('sha256', hash('sha256', $raw_passwd) . SALT);
+        $encrypt = '$SHA$' . SALT . '$' . $hash;
+        return $encrypt;
+    }
+
+    public function createRecord($username, $password, $ip) {
+        $sql = "INSERT INTO ".$this->table_name." (username, password, ip)
+                VALUES ('$username', '$password', '$ip')";
+        return $this->query($sql);
+
+    }
+
+    public function sync($username) {
+        $exist_in_bs_table = $this->checkRecordExist('username', $username);
+        $exist_in_authme_table = ($this->query("SELECT * FROM ".$this->table_name."
+            WHERE username='$username'")->num_rows) ? true : false;
+
+        if ($exist_in_bs_table && !$exist_in_authme_table) {
+            $result = $this->select('username', $username);
+            $this->createRecord($username, $result['password'], $result['ip']);
+            return $this->sync($username);
+        }
+
+        if (!$exist_in_bs_table && $exist_in_authme_table) {
+            $result = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array();
+            $this->insert(array(
+                                "uname" => $username,
+                                "passwd" => $result['password'],
+                                "ip" => $result['ip']
+                            ));
+            return $this->sync($username);
+        }
+
+        if (!($exist_in_bs_table || $exist_in_authme_table))
+            return false;
+
+        if ($exist_in_bs_table && $exist_in_authme_table) {
+            $passwd1 = $this->select('username', $username)['password'];
+            $passwd2 = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array()['password'];
+            if ($passwd1 == $passwd2) {
+                return true;
+            } else {
+                // sync password
+                $this->update($username, 'password', $passwd2);
+                return $this->sync($username);
+            }
+        }
+
+    }
+}
--- a/includes/CrazyDatabase.class.php
+++ b/includes/CrazyDatabase.class.php
@ -0,0 +1,74 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-03-13 12:15:08
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-03-13 15:29:19
+ */
+
+class CrazyDatabase extends Database implements EncryptInterface, SyncInterface
+{
+    protected $table_name = "CrazyLogin_accounts";
+
+    /**
+     * Fucking CrazyCrypt1
+     *
+     * https://github.com/ST-DDT/CrazyLogin/blob/master/php/Encryptors/CrazyCrypt1.php
+     */
+    public function encryptPassword($raw_passwd, $username="") {
+        $text = "ÜÄaeut//&/=I " . $raw_passwd . "7421€547" . $username . "__+IÄIH§%NK " . $raw_passwd;
+        $t1 = unpack("H*", $text);
+        $t2 = substr($t1[1], 0, mb_strlen($text, 'UTF-8')*2);
+        $t3 = pack("H*", $t2);
+        $encrypt = hash("sha512", $t3);
+        return $encrypt;
+    }
+
+    public function createRecord($username, $password, $ip) {
+        $sql = "INSERT INTO ".$this->table_name." (username, password, ips)
+                VALUES ('$username', '$password', '$ip')";
+        return $this->query($sql);
+
+    }
+
+    public function sync($username) {
+        $exist_in_bs_table = $this->checkRecordExist('username', $username);
+        $exist_in_crazy_table = ($this->query("SELECT * FROM ".$this->table_name."
+            WHERE username='$username'")->num_rows) ? true : false;
+
+        if ($exist_in_bs_table && !$exist_in_crazy_table) {
+            $result = $this->select('username', $username);
+            $this->createRecord($username, $result['password'], $result['ip']);
+            return $this->sync($username);
+        }
+
+        if (!$exist_in_bs_table && $exist_in_crazy_table) {
+            $result = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array();
+            $this->insert(array(
+                                "uname" => $username,
+                                "passwd" => $result['password'],
+                                "ip" => $result['ips']
+                            ));
+            return $this->sync($username);
+        }
+
+        if (!($exist_in_bs_table || $exist_in_crazy_table))
+            return false;
+
+        if ($exist_in_bs_table && $exist_in_crazy_table) {
+            $passwd1 = $this->select('username', $username)['password'];
+            $passwd2 = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array()['password'];
+            if ($passwd1 == $passwd2) {
+                return true;
+            } else {
+                // sync password
+                $this->update($username, 'password', $passwd2);
+                return $this->sync($username);
+            }
+        }
+
+    }
+
+}
--- a/includes/Database.class.php
+++ b/includes/Database.class.php
@ -3,10 +3,10 @@
 * @Author: printempw
 * @Date:   2016-02-02 21:59:06
 * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-13 11:27:11
+ * @Last Modified time: 2016-03-13 14:21:10
 */

-class Database
+class Database implements EncryptInterface, SyncInterface
 {
    private $connection = null;

@ -85,4 +85,13 @@ class Database
        return $this->query("DELETE FROM ".DB_PREFIX."users WHERE username='$uname'");
    }

+    public function encryptPassword($raw_passwd, $username="") {
+        $encrypt = md5($raw_passwd);
+        return $encrypt;
+    }
+
+    public function sync($username) {
+        return ($this->checkRecordExist('username', $username)) ? true : false;
+    }
+
 }
--- a/includes/DiscuzDatabase.class.php
+++ b/includes/DiscuzDatabase.class.php
@ -0,0 +1,68 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-03-13 14:59:32
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-03-13 15:29:26
+ */
+
+class DiscuzDatabase extends Database implements EncryptInterface, SyncInterface
+{
+    protected $table_name = "pre_ucenter_members";
+
+    /**
+     * Discuz's Fucking dynamic salt
+     */
+    public function encryptPassword($raw_passwd, $username="") {
+        $salt = $this->query("SELECT * FROM ".$this->table_name."
+            WHERE username='$username'")->fetch_array()['salt'];
+        $encrypt = md5(md5($raw_passwd).$salt);
+        return $encrypt;
+    }
+
+    public function createRecord($username, $password, $ip) {
+        $sql = "INSERT INTO ".$this->table_name." (username, password, regip)
+                VALUES ('$username', '$password', '$ip')";
+        return $this->query($sql);
+    }
+
+    public function sync($username) {
+        $exist_in_bs_table = $this->checkRecordExist('username', $username);
+        $exist_in_discuz_table = ($this->query("SELECT * FROM ".$this->table_name."
+            WHERE username='$username'")->num_rows) ? true : false;
+
+        if ($exist_in_bs_table && !$exist_in_discuz_table) {
+            $result = $this->select('username', $username);
+            $this->createRecord($username, $result['password'], $result['ip']);
+            return $this->sync($username);
+        }
+
+        if (!$exist_in_bs_table && $exist_in_discuz_table) {
+            $result = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array();
+            $this->insert(array(
+                                "uname" => $username,
+                                "passwd" => $result['password'],
+                                "ip" => $result['regip']
+                            ));
+            return $this->sync($username);
+        }
+
+        if (!($exist_in_bs_table || $exist_in_discuz_table))
+            return false;
+
+        if ($exist_in_bs_table && $exist_in_discuz_table) {
+            $passwd1 = $this->select('username', $username)['password'];
+            $passwd2 = $this->query("SELECT * FROM ".$this->table_name."
+                WHERE username='$username'")->fetch_array()['password'];
+            if ($passwd1 == $passwd2) {
+                return true;
+            } else {
+                // sync password
+                $this->update($username, 'password', $passwd2);
+                return $this->sync($username);
+            }
+        }
+
+    }
+}
--- a/includes/EncryptInterface.class.php
+++ b/includes/EncryptInterface.class.php
@ -0,0 +1,20 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-03-13 11:53:47
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-03-13 14:31:29
+ */
+
+interface EncryptInterface
+{
+    /**
+     * Encrypt password, please define it to adapt to other encryption method
+     *
+     * @param  string $raw_passwd
+     * @param  string $username
+     * @return string, ecrypted password
+     */
+    public function encryptPassword($raw_passwd, $username="");
+
+}
--- a/includes/SyncInterface.class.php
+++ b/includes/SyncInterface.class.php
@ -0,0 +1,19 @@
+<?php
+/**
+ * @Author: printempw
+ * @Date:   2016-03-13 13:31:28
+ * @Last Modified by:   printempw
+ * @Last Modified time: 2016-03-13 14:35:37
+ */
+
+interface SyncInterface
+{
+    /**
+     * Synchronize records between tables of bs and other programs
+     *
+     * @param  string $username, unique identifier of each record
+     * @return bool
+     */
+    public function sync($username);
+
+}
--- a/includes/User.class.php
+++ b/includes/User.class.php
@ -3,7 +3,7 @@
 * @Author: printempw
 * @Date:   2016-01-16 23:01:33
 * @Last Modified by:   printempw
- * @Last Modified time: 2016-03-13 09:30:07
+ * @Last Modified time: 2016-03-13 14:45:04
 */

 class User
@ -18,10 +18,12 @@ class User

    function __construct($uname) {
        $this->uname = Utils::convertString($uname);
-        $this->db = new Database();
-        if ($this->db->checkRecordExist('username', $this->uname)) {
+        $class_name = DATA_ADAPTER."Database";
+        $this->db = new $class_name();
+
+        if ($this->db->sync($this->uname)) {
            $this->passwd = $this->db->select('username', $this->uname)['password'];
-            $this->token = md5($this->uname . $this->passwd.SALT);
+            $this->token = md5($this->uname . $this->passwd . SALT);
            $this->is_registered = true;
            if ($this->db->select('username', $this->uname)['uid'] == 1) {
                $this->is_admin = true;
@ -30,7 +32,7 @@ class User
    }

    public function checkPasswd($raw_passwd) {
-        if (md5($raw_passwd) == $this->passwd) {
+        if ($this->db->encryptPassword($raw_passwd, $this->uname) == $this->passwd) {
            return true;
        } else {
            return false;
@ -61,7 +63,7 @@ class User
    public function register($passwd, $ip) {
        return $this->db->insert(array(
                                        "uname" => $this->uname,
-                                        "passwd" => $passwd,
+                                        "passwd" => $this->db->encryptPassword($passwd),
                                        "ip" => $ip
                                    ));
    }