<?php
namespace entities\evr\security;

class Key_Hashes
{
   public function __construct()
   {
      $this->set_path();
      $this->set_hashes();
   }
   private function set_path()
   {
      $this->path = $GLOBALS["KEY_HASHES_PATH"];
   }
   private function set_hashes()
   {
      $this->hashes = file($this->path, FILE_IGNORE_NEW_LINES);
   }
   public function write()
   {
      $string = implode("\n", $this->hashes) . "\n";
      file_put_contents($this->path, $string);
   }
   public function remove($hash)
   {
      $hashes = $this->hashes;
      foreach (range(0, count($hashes) - 1) as $ii)
      {
         if ($hashes[$ii] == $hash)
         {
            array_splice($hashes, $ii, 1);
            break;
         }
      }
      $this->hashes = $hashes;
   }
}

<?php
namespace entities\evr\security;
use entities\html as html;

class Security
{
   public function __construct()
   {
      $this->registrar = new Registrar();
      $this->cookie = new Cookie();
      $this->set_username();
      $this->addresses = new Addresses($this->username);
   }
   private function set_username()
   {
      $username = null;
      if ($this->is_login())
      {
         $submission = $this->get_post_parameter("username");
         $username = $this->find_user_directory($submission);
      }
      else if ($this->cookie->exists())
      {
         $username = $this->cookie->get_username();
      }
      $this->username = $username;
   }
   private function is_login()
   {
      $action = $this->get_post_parameter("action");
      return $action == $GLOBALS["LOGIN_BUTTON_TEXT"];
   }
   public function register_user()
   {
      return $this->registrar->register();
   }
   public static function validate_key()
   {
      $hashes = new Key_Hashes();
      $key = self::get_post_parameter("key");
      if (self::find_hash($hashes, $key))
      {
         return true;
      }
      self::show_error("Key not found");
      return false;
   }
   public static function find_hash($hashes, $key)
   {
      foreach ($hashes->hashes as $hash)
      {
         if (self::match_to_hash($key, $hash))
         {
            return $hash;
         }
      }
   }
   public static function match_to_hash($key, $hash)
   {
      if (!$hash)
      {
         return $hash == crypt($key);
      }
      return $hash == crypt($key, $hash);
   }
   public static function show_error($message)
   {
      echo new html\Div(null, "error", $message);
   }
   public function validate_user()
   {
      $action = $this->get_post_parameter("action");
      if ($this->is_login())
      {
         return $this->log_user_in();
      }
      else if ($this->cookie->exists())
      {
         return $this->validate_cookie();
      }
   }
   public static function get_post_parameter($name)
   {
      if (isset($_POST[$name]))
      {
         return $_POST[$name];
      }
   }
   private function log_user_in()
   {
      $password = $this->get_post_parameter("password");
      if ($hash = $this->verify_credentials($this->username, $password))
      {
         if ($this->get_post_parameter("remember"))
         {
            $this->cookie->set($this->username, $hash);
            $this->addresses->add_current();
         }
         return true;
      }
      return false;
   }
   public static function verify_credentials($username, $password)
   {
      $hash = self::get_stored_hash($username);
      if (self::match_to_hash($password, $hash))
      {
         return $hash;
      }
      self::show_error("Username/password not found");
   }
   public static function get_stored_hash($username)
   {
      $root = $GLOBALS["USERS_PATH"] . "/";
      $path = "$root$username/" . $GLOBALS["USER_HASH_PATH"];
      if (is_file($path))
      {
         return trim(file_get_contents($path));
      }
      return null;
   }
   public static function find_user_directory($username)
   {
      $root = $GLOBALS["USERS_PATH"];
      foreach (scandir($root) as $file_name)
      {
         $path = "$root/$file_name";
         if (is_dir($path) && !strcasecmp($file_name, $username))
         {
            return $file_name;
         }
      }
   }
   private function validate_cookie()
   {
      $hash = $this->cookie->get_hash();
      $stored = self::get_stored_hash($this->username);
      if ($hash == $stored)
      {
         if ($this->addresses->find_current_address())
         {
            $this->cookie->set($this->username, $hash);
            return true;
         }
      }
      return false;
   }
   public static function show_success($message)
   {
      echo new html\Div(null, "success", $message);
   }
   public static function remove_key()
   {
      $key = self::get_post_parameter("key");
      $hashes = new Key_Hashes();
      $hash = self::find_hash($hashes, $key);
      $hashes->remove($hash);
      $hashes->write();
   }
   public function change_password()
   {
      return $this->registrar->change_password();
   }
   public function reset_password()
   {
      return $this->registrar->reset_password();
   }
}
216.73.216.52
216.73.216.52
216.73.216.52
 
July 18, 2022


A new era ‼

Our infrastructure has recently upgraded ‼

Nugget Communications Bureau 👍

You've never emailed like this before ‼

Roundcube

Webmail software for reading and sending email from @nugget.fun and @shampoo.ooo addresses.

Mailman3

Email discussion lists, modernized with likes and emojis. It can be used for announcements and newsletters in addition to discussions. See lists for Picture Processing or Scrapeboard. Nowadays, people use Discord, but you really don't have to!

FreshRSS

With this hidden in plain sight, old technology, even regular people like you and me can start our own newspaper or social media feed.

Nugget Streaming Media 👍

The content you crave ‼

HLS

A live streaming, video format based on M3U playlists that can be played with HTML5.

RTMP

A plugin for Nginx can receive streaming video from ffmpeg or OBS and forward it as an RTMP stream to sites like Youtube and Twitch or directly to VLC.


Professional ‼

Nugget Productivity Suite 👍

Unleash your potential ‼

Kanboard

Virtual index cards you can use to gamify your daily grind.

Gitea

Grab whatever game code you want, share your edits, and report bugs.

Nugget Security 👍

The real Turing test ‼

Fail2ban

Banning is even more fun when it's automated.

Spamassassin

The documentation explains, "an email which mentions rolex watches, Viagra, porn, and debt all in one" will probably be considered spam.

GoAccess

Display HTTP requests in real time, so you can watch bots try to break into WordPress.

Nugget Entertainment Software 👍

The best in gaming entertainment ‼

Emoticon vs. Rainbow

With everything upgraded to the bleeding edge, this HTML4 game is running better than ever.


Zoom ‼

The game engine I've been working on, SPACE BOX, is now able to export to web, so I'm planning on turning nugget.fun into a games portal by releasing my games on it and adding an accounts system. The upgraded server and software will make it easier to create and maintain. I'm also thinking of using advertising and subscriptions to support the portal, so some of these services, like webmail or the RSS reader, may be offered to accounts that upgrade to a paid subscription.