NextStudyAI/Auth.php at main · AnouarVision/NextStudyAI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
require_once 'DbConnector.php';
require_once __DIR__ . '/config/env.php';

define('MAX_LOGIN_ATTEMPTS', 5);
define('BASE_LOCKOUT_SECONDS', 60);

loadEnv(__DIR__ . '/.env');

$dbHost = getenv('DB_HOST');
$dbUser = getenv('DB_USER');
$dbPass = getenv('DB_PASS');
$dbName = getenv('DB_NAME');
$apiKey = getenv('API_KEY');


class Auth {
    private DbConnector $db;

    public function __construct() {
        global $dbHost, $dbUser, $dbPass, $dbName;
        $this->db = new DbConnector($dbHost, $dbUser, $dbPass, $dbName);
    }

    // Attempt user login
    public function login(string $email, string $password): array|false {
        $stmt = $this->db->prepare('SELECT id, password, role FROM users WHERE email = ? AND account_status = "active"');
        $stmt->execute([$email]);
        $user = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($user && password_verify($password, $user['password'])) {
            $this->resetLoginAttempts();
            return $user;
        }

        $this->incrementLoginAttempts();
        return false;
    }

    // Increase login attempts counter
    public function incrementLoginAttempts(): void {
        if (!isset($_SESSION['login_attempts'])) {
            $_SESSION['login_attempts'] = 0;
        }
        $_SESSION['login_attempts']++;
        $_SESSION['last_attempt_time'] = time();
    }

    // Reset login attempts counter
    public function resetLoginAttempts(): void {
        $_SESSION['login_attempts'] = 0;
        $_SESSION['last_attempt_time'] = null;
    }

    // Calculate lockout duration based on failed attempts
    private function getLockoutTime(): int {
        $attempts = $_SESSION['login_attempts'] ?? 0;
        if ($attempts < MAX_LOGIN_ATTEMPTS) return 0;
        $lockout = BASE_LOCKOUT_SECONDS * pow(2, $attempts - MAX_LOGIN_ATTEMPTS);
        return min($lockout, 900);
    }

    // Check if the user is temporarily locked out
    public function isLockedOut(): bool {
        if (!isset($_SESSION['login_attempts'])) return false;
        $lockout = $this->getLockoutTime();
        if ($lockout <= 0) return false;

        $diff = time() - ($_SESSION['last_attempt_time'] ?? 0);
        if ($diff < $lockout) return true;

        $this->resetLoginAttempts();
        return false;
    }

    // Logout user and destroy session
    public function logout(): void {
        $_SESSION = [];
        if (ini_get("session.use_cookies")) {
            $params = session_get_cookie_params();
            setcookie(session_name(), '', time() - 42000,
                $params["path"], $params["domain"],
                $params["secure"], $params["httponly"]
            );
        }
        session_destroy();
    }

    // Access the database connector
    public function getDb(): DbConnector {
        return $this->db;
    }
}