#533 Add integration sample for BCrypt

samples/website_integration/bcrypt/form.php

@@ -0,0 +1,86 @@
+<!--
+  This is a demo page for AuthMe website integration with BCrypt.
+  See integration.php for the PHP code you need.
+-->
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+   <title>AuthMe Integration Sample</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ </head>
+ <body>
+<?php
+error_reporting(E_ALL);
+
+$action = get_from_post_or_empty('action');
+$user = get_from_post_or_empty('username');
+$pass = get_from_post_or_empty('password');
+
+$was_successful = false;
+if ($action && $user && $pass) {
+    require_once('integration.php');
+    if ($action === 'Log in') {
+        $was_successful = process_login($user, $pass);
+    } else if ($action === 'Register') {
+        $was_successful = process_register($user, $pass);
+    }
+}
+
+if (!$was_successful) {
+    echo '<h1>Login sample</h1>
+This is a demo form for AuthMe website integration. Enter your AuthMe login details
+into the following form to test it.
+<form method="post">
+ <table>
+   <tr><td>Name</td><td><input type="text" value="' . htmlspecialchars($user) . '" name="username" /></td></tr>
+   <tr><td>Pass</td><td><input type="password" value="' . htmlspecialchars($pass) . '" name="password" /></td></tr>
+   <tr>
+     <td><input type="submit" name="action" value="Log in" /></td>
+     <td><input type="submit" name="action" value="Register" /></td>
+   </tr>
+ </table>
+</form>';
+}
+
+function get_from_post_or_empty($index_name) {
+    return trim(
+        filter_input(INPUT_POST, $index_name, FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW)
+            ?: '');
+}
+
+
+// Login logic
+function process_login($user, $pass) {
+    if (authme_check_password($user, $pass)) {
+        printf('<h1>Hello, %s!</h1>', htmlspecialchars($user));
+        echo 'Successful login. Nice to have you back!'
+            . '<br /><a href="form.php">Back to form</a>';
+        return true;
+    } else {
+        echo '<h1>Error</h1> Invalid username or password.';
+    }
+    return false;
+}
+
+// Register logic
+function process_register($user, $pass) {
+    if (authme_has_user($user)) {
+        echo '<h1>Error</h1> This user already exists.';
+    } else {
+        // Note that we don't validate the password or username at all in this demo...
+        $register_success = authme_register($user, $pass);
+        if ($register_success) {
+            printf('<h1>Welcome, %s!</h1>Thanks for registering', htmlspecialchars($user));
+            echo '<br /><a href="form.php">Back to form</a>';
+            return true;
+        } else {
+            echo '<h1>Error</h1>Unfortunately, there was an error during the registration.';
+        }
+    }
+    return false;
+}
+
+?>
+
+ </body>
+</html>

samples/website_integration/bcrypt/integration.php

@@ -0,0 +1,107 @@
+<?php
+/*****************************************************************************
+ * AuthMe website integration logic for BCrypt                               *
+ * --------------------------------                                          *
+ * Check with authme_check_password() whether the received username and      *
+ * password match the AuthMe MySQL database. Don't forget to adjust the      *
+ * database info in authme_get_hash().                                       *
+ *                                                                           *
+ * Source: https://github.com/AuthMe-Team/AuthMeReloaded/                    *
+ *****************************************************************************/
+
+/** The name of the authme MySQL table. */
+define('AUTHME_TABLE', 'authme');
+
+
+/**
+ * Entry point function to check supplied credentials against the AuthMe database.
+ *
+ * @param string $username the username
+ * @param string $password the password
+ * @return bool true iff the data is correct, false otherwise
+ */
+function authme_check_password($username, $password) {
+    if (is_scalar($username) && is_scalar($password)) {
+        $hash = authme_get_hash($username);
+        if ($hash) {
+            return password_verify($password, $hash);
+        }
+    }
+    return false;
+}
+
+/**
+ * Returns a connection to the database.
+ *
+ * @return mysqli|null the mysqli object or null upon error
+ */
+function authme_get_mysqli() {
+    $mysqli = new mysqli('localhost', 'root', '', 'authme');
+    if (mysqli_connect_error()) {
+        printf('Could not connect to AuthMe database. Errno: %d, error: "%s"',
+            mysqli_connect_errno(), mysqli_connect_error());
+        return null;
+    }
+    return $mysqli;
+}
+
+/**
+ * Retrieves the hash associated with the given user from the database.
+ *
+ * @param string $username the username whose hash should be retrieved
+ * @return string|null the hash, or null if unavailable (e.g. username doesn't exist)
+ */
+function authme_get_hash($username) {
+    // Add here your database host, username, password and database name
+    $mysqli = authme_get_mysqli();
+    if ($mysqli !== null) {
+        $stmt = $mysqli->prepare('SELECT password FROM ' . AUTHME_TABLE . ' WHERE username = ?');
+        $stmt->bind_param('s', $username);
+        $stmt->execute();
+        $stmt->bind_result($password);
+        if ($stmt->fetch()) {
+            return $password;
+        }
+    }
+    return null;
+}
+
+/**
+ * Returns whether the user exists in the database or not.
+ *
+ * @param string $username the username to check
+ * @return bool true if the user exists; false otherwise
+ */
+function authme_has_user($username) {
+    $mysqli = authme_get_mysqli();
+    if ($mysqli !== null) {
+        $stmt = $mysqli->prepare('SELECT 1 FROM ' . AUTHME_TABLE . ' WHERE username = ?');
+        $stmt->bind_param('s', $username);
+        $stmt->execute();
+        return $stmt->fetch();
+    }
+
+    // Defensive default to true; we actually don't know
+    return true;
+}
+
+/**
+ * Registers a player with the given username.
+ *
+ * @param string $username the username to register
+ * @param string $password the password to associate to the user
+ * @return bool whether or not the registration was successful
+ */
+function authme_register($username, $password) {
+    $mysqli = authme_get_mysqli();
+    if ($mysqli !== null) {
+        $hash = password_hash($password, PASSWORD_BCRYPT);
+        $stmt = $mysqli->prepare('INSERT INTO ' . AUTHME_TABLE . ' (username, realname, password, ip) '
+            . 'VALUES (?, ?, ?, ?)');
+        $username_low = strtolower($username);
+        $stmt->bind_param('ssss', $username, $username_low, $hash, $_SERVER['REMOTE_ADDR']);
+        return $stmt->execute();
+    }
+    return false;
+}
+

samples/website_integration/sha256/form.php

@@ -1,5 +1,5 @@
 <!--
-  This is a demo page for AuthMe website integration.
+  This is a demo page for AuthMe website integration with SHA256.
   See integration.php for the PHP code you need.
 -->
 <!DOCTYPE html>
@@ -36,7 +36,7 @@ into the following form to test it.
  <table>
    <tr><td>Name</td><td><input type="text" value="' . htmlspecialchars($user) . '" name="username" /></td></tr>
    <tr><td>Pass</td><td><input type="password" value="' . htmlspecialchars($pass) . '" name="password" /></td></tr>
-   <tr><td colspan="2"><input type="submit" value=" Log in " />
+   <tr><td colspan="2"><input type="submit" value=" Log in " /></td></tr>
  </table>
 </form>';
 }

samples/website_integration/sha256/integration.php

@@ -1,6 +1,6 @@
 <?php
 /*****************************************************************************
- * AuthMe website integration logic                                          *
+ * AuthMe website integration logic for SHA256                               *
  * --------------------------------                                          *
  * Check with authme_check_password() whether the received username and      *
  * password match the AuthMe MySQL database. Don't forget to adjust the      *