diff --git a/.gitignore b/.gitignore new file mode 100644 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/vendor/ diff --git a/composer.json b/composer.json new file mode 100644 --- /dev/null +++ b/composer.json @@ -0,0 +1,20 @@ +{ + "name": "keruald/keruald", + "description": "Bricks to build web sites", + "type": "library", + "require": { + "keruald/omnitools": "^0.2.0" + }, + "license": "BSD-2-Clause", + "authors": [ + { + "name": "Sébastien Santoro", + "email": "dereckson@espace-win.org" + } + ], + "autoload": { + "psr-4": { + "Keruald\\Core\\": "src/", + } + }, +} diff --git a/includes/config.php b/includes/config.php --- a/includes/config.php +++ b/includes/config.php @@ -1,5 +1,7 @@ sql_escape($user_id); @@ -64,136 +57,13 @@ return $db->sql_query_express($sql, "Can't get user id from specified username"); } -//////////////////////////////////////////////////////////////////////////////// -/// /// -/// Misc helper functions /// -/// /// -//////////////////////////////////////////////////////////////////////////////// - -// Plural management - -/** - * Gets a "s" if the specified amount requests the plural - * - * @param mixed $amount the quantity (should be numeric) - * @return string 's' if the amount is greater or equal than 2 ; otherwise, '' - */ -function s ($amount) { - if ($amount >= 2 || $amount <= -2 ) return 's'; -} - -/** - * Prints human-readable information about a variable, wrapped in a 
 block
- *
- * @param mixed $mixed the variable to dump
- */
-function dprint_r ($mixed) {
-    echo '
';
-    print_r($mixed);
-    echo '
';
-}
-
-/**
- * Generates a new GUID
- *
- * @return string a guid (without {})
- */
-function new_guid () {
-    //The guid chars
-    $chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');
-
-    //Let's build our 36 characters string
-    //e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
-    $guid = "";
-    for ($i = 0 ; $i < 36 ; $i++) {
-        if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
-            //Dashes at position 9, 14, 19 and 24
-            $guid .= "-";
-        } else {
-            //0-f hex digit elsewhere
-            $guid .= $chars[mt_rand() % sizeof($characters)];
-        }
-    }
-    return $guid;
-}
-
-/**
- * Determines if the expression is a valid guid (in uuid notation, without {})
- *
- * @param string $expression the guid to check
- * @return true if the expression is a valid guid ; otherwise, false
- */
-function is_guid ($expression) {
-    //We avoid regexp to speed up the check
-    //A guid is a 36 characters string
-    if (strlen($expression) != 36) {
-        return false;
-    }
-
-    $expression = strtolower($expression);
-    for ($i = 0 ; $i < 36 ; $i++) {
-        if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
-            //with dashes
-            if ($expression[$i] != '-') {
-                return false;
-            }
-        } else {
-            //and hex numbers
-            if (!is_numeric($expression[$i])
-                && $expression[$i] != 'a' && $expression[$i] != 'b'
-                && $expression[$i] != 'c' && $expression[$i] != 'd'
-                && $expression[$i] != 'e' && $expression[$i] != 'f') {
-                return false;
-            }
-        }
-    }
-
-    return true;
-}
-
-/**
- * Gets file extension
- *
- * @param string $file the file to get the extension
- */
-function get_extension ($file) {
-    $dotPosition = strrpos($file, ".");
-
-    return substr($file, $dotPosition + 1);
-}
-
-/**
- * Determines if a string starts with specified substring
- *
- * @param string $haystack the string to check
- * @param string $needle the substring to determines if it's the start
- * @param boolean $case_sensitive determines if the search must be case sensitive
- * @return boolean true if $haystack starts with $needle ; otherwise, false.
- */
-function string_starts_with ($haystack, $needle, $case_sensitive = true) {
-    if (!$case_sensitive) {
-        $haystack = strtoupper($haystack);
-        $needle = strtoupper($needle);
-    }
-    if ($haystack == $needle) {
-        return true;
-    }
-
-    return strpos($haystack, $needle) === 0;
-}
-
 ////////////////////////////////////////////////////////////////////////////////
 ///                                                                          ///
 /// URL helpers functions                                                    ///
 ///                                                                          ///
 ////////////////////////////////////////////////////////////////////////////////
 
-/**
- * Gets URL
- *
- * @return string URL
- */
-function get_url () {
+function get_url () : string {
     global $Config;
     if (func_num_args() > 0) {
         $pieces = func_get_args();
@@ -205,12 +75,7 @@
     }
 }
 
-/**
- * Gets page URL
- *
- * @return string URL
- */
-function get_page_url () {
+function get_page_url () : string {
     $url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
     if (substr($url, -10) == "/index.php") {
         return substr($url, 0, -9);
@@ -218,30 +83,12 @@
     return $url;
 }
 
-/**
- * Gets server URL
- *
- * @todo find a way to detect https:// on non standard port
- * @return string the server URL
- */
-function get_server_url () {
-    switch ($port = $_SERVER['SERVER_PORT']) {
-        case '80':
-            return "http://$_SERVER[SERVER_NAME]";
-
-        case '443':
-            return "https://$_SERVER[SERVER_NAME]";
-
-        default:
-            return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
-    }
-}
-
 /**
  * Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
+ *
  * @return string the relevant URL part
  */
-function get_current_url () {
+function get_current_url () : string {
     global $Config;
 
     //Gets relevant URL part from relevant $_SERVER variables
@@ -252,20 +99,21 @@
     }
 
     //In other cases, we'll need to get the relevant part of the URL
-    $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
+    $server_url = Request::getServerURL();
+    $current_url = $server_url . $_SERVER['REQUEST_URI'];
 
     //Relevant URL part starts after the site URL
     $len = strlen($Config['SiteURL']);
 
     //We need to assert it's the correct site
     if (substr($current_url, 0, $len) != $Config['SiteURL']) {
-        dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL
Current value: $Config[SiteURL]
Expected value: a string starting by " . get_server_url(), "Setup");
+        dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL
Current value: $Config[SiteURL]
Expected value: a string starting by $server_url", "Setup");
     }
 
     if (array_key_exists('REDIRECT_URL', $_SERVER)) {
         //With mod_rewrite, we can use REDIRECT_URL
         //We takes the end of the URL, ie *FROM* $len position
-        return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
+        return substr($server_url. $_SERVER["REDIRECT_URL"], $len);
     }
 
     //Last possibility: use REQUEST_URI, but remove QUERY_STRING
@@ -273,7 +121,7 @@
     //but you need to discard $_SERVER['QUERY_STRING']
 
     //We takes the end of the URL, ie *FROM* $len position
-    $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
+    $url = substr($server_url . $_SERVER["REQUEST_URI"], $len);
 
     //But if there are a query string (?action=... we need to discard it)
     if ($_SERVER['QUERY_STRING']) {
@@ -285,13 +133,11 @@
 
 /**
  * Gets an array of url fragments to be processed by controller
- *
- * @return array an array containing URL fragments
  */
-function get_current_url_fragments () {
+function get_current_url_fragments () : array {
     $url_source = get_current_url();
     if ($url_source == '/index.php') {
-        return array();
+        return [];
     }
 
     return explode('/', substr($url_source, 1));
diff --git a/includes/error.php b/includes/error.php
--- a/includes/error.php
+++ b/includes/error.php
@@ -34,25 +34,14 @@
  *      consider Advanced PHP debugger: www.php.net/manual/en/book.apd.php
  */
 
+use Keruald\OmniTools\Debug\Debugger;
+
 //Error code constants
 define ("SQL_ERROR",      65);
 define ("HACK_ERROR",     99);
 define ("GENERAL_ERROR", 117);
 
-/**
- * Prints human-readable information about a variable
- * wrapped in a general error and dies
- *
- * @param mixed $mixed the variable to dump
- */
-function dieprint_r ($var, $title = '') {
-    if (!$title) {
-        $title = 'Debug';
-    }
-
-    //GENERAL_ERROR with print_r call as message
-    message_die(GENERAL_ERROR, '
' . print_r($var, true) .'
', $title);
-}
+Debugger::register();
 
 /**
  * Prints an error message and dies
diff --git a/includes/login.php b/includes/login.php
deleted file mode 100644
--- a/includes/login.php
+++ /dev/null
@@ -1,37 +0,0 @@
-sql_escape($_POST['username']);
-    $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
-    if ( !($result = $db->sql_query($sql)) ) {
-        message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
-    }
-    if ($row = $db->sql_fetchrow($result)) {
-        if (!$row['user_password']) {
-            // No password set
-            $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
-        } elseif ($row['user_password'] != md5($_POST['password'])) {
-            // The password doesn't match
-            $LoginError = "Incorrect password.";
-        } else {
-            // Login successful
-            Session::load()->user_login($row['user_id']);
-            $LoginSuccessful = true;
-        }
-    }
-} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
-    // User have submitted logout form or clicked a logout link
-    Session::load()->user_logout();
-}
diff --git a/includes/mysql.php b/includes/mysql.php
deleted file mode 100644
--- a/includes/mysql.php
+++ /dev/null
@@ -1,157 +0,0 @@
-id = @mysql_connect($host, $username, $password) or $this->sql_die();
-
-            //Selects database
-            if ($database != '') {
-                mysql_select_db($database, $this->id);
-            }
-        }
-
-        /**
-         * Outputs a can't connect to the SQL server message and exits.
-         * It's called on connect failure
-         */
-        private function sql_die () {
-            //You can custom here code when you can't connect to SQL server
-            //e.g. in a demo or appliance context, include('start.html'); exit;
-            die ("Can't connect to SQL server.");
-        }
-
-        /**
-         * Sends a unique query to the database
-         *
-         * @return mixed if the query is successful, a result identifier ; otherwise, false
-         */
-        function sql_query ($query) {
-            return mysql_query($query, $this->id);
-        }
-
-        /**
-         * Fetches a row of result into an associative array
-         *
-         * @return array an associative array with columns names as keys and row values as values
-         */
-        function sql_fetchrow ($result) {
-            return mysql_fetch_array($result);
-        }
-
-        /*
-         * Gets last SQL error information
-         * @return array an array with two keys, code and message, containing error information
-         */
-        function sql_error () {
-            $error['code'] = mysql_errno($this->id);
-            $error['message'] = mysql_error($this->id);
-
-            return $error;
-        }
-
-        /**
-         * Gets the number of rows affected or returned by a query
-         *
-         * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
-         */
-        function sql_numrows ($result) {
-            return mysql_num_rows($result);
-        }
-
-        /*
-         * Gets the primary key value of the last query (works only in INSERT context)
-         *
-         * @return int  the primary key value
-         */
-        function sql_nextid () {
-            return mysql_insert_id($this->id);
-        }
-
-        /**
-         * Express query method, returns an immediate and unique result
-         *
-         * @param string $query the query to execute
-         * @param string $error_message the error message
-         * @param boolean $return_as_string return result as string, and not as an array
-         * @return mixed the row or the scalar result
-         */
-        function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
-            if ($query === '' || $query === false || $query === null) {
-                //No query, no value
-                return '';
-            } elseif (!$result = $this->sql_query($query)) {
-                //An error have occured
-                message_die(SQL_ERROR, $error_message, '', '', '', $query);
-            } else {
-                //Fetches row
-                $row = $this->sql_fetchrow($result);
-
-                //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
-                return $return_as_string ? $row[0] : $row;
-            }
-        }
-
-        /**
-         * Escapes a SQL expression
-         *
-         * @param string expression The expression to escape
-         * @return string The escaped expression
-         */
-        function sql_escape ($expression) {
-            return mysql_real_escape_string($expression);
-        }
-
-        /**
-         * Sets charset
-         */
-        function set_charset ($encoding) {
-            if (function_exists('mysql_set_charset')) {
-                //>PHP 5.2.3
-                mysql_set_charset($encoding, $this->id);
-            } else {
-                //TODO: set connection variables to utf8
-            }
-        }
-    }
-
-    // Creates an instance of this database class with configuration values
-    $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
-
-    // To improve security, we unset sql parameters
-    unset($Config['sql']);
-
-    // Sets SQL connexion in UTF8. PHP 5.2.3+
-    $db->set_charset('utf8');
-}
diff --git a/index.php b/index.php
--- a/index.php
+++ b/index.php
@@ -1,9 +1,9 @@
 get_logged_user();
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -45,20 +51,20 @@
 /// Your application initialization logic
 ///
 
-//[TODO] Loads your template engine or prepares the document to print
-//[TODO] Loads languages file if you're into L10n
+// [TODO] Loads your template engine or prepares the document to print
+// [TODO] Loads languages file if you're into L10n
 
 ////////////////////////////////////////////////////////////////////////////////
 ///
 /// Serves the requested page
 ///
 
-//[TODO] Understand the URL if not done yet and calls relevant script
-//[TODO] As a MVC sample, here a Xen-like approach.
+// [TODO] Understand the URL if not done yet and calls relevant script
+// [TODO] As a MVC sample, here a Xen-like approach.
 //       For a content-or iented, see the Pluton index.php
 //
-//Tip: to understand the url, get_current_url_fragments will output an array:
-//www.yourdomain.tld/planet/mars/sat?name=demios -> {'planet', 'mars', 'sat'}
+// Tip: to understand the url, get_current_url_fragments will output an array:
+// www.yourdomain.tld/planet/mars/sat?name=demios -> {'planet', 'mars', 'sat'}
 
 /*
 $url = get_current_url_fragments();
@@ -67,18 +73,16 @@
         //Calls homepage controller
         include("controllers/home.php");
         break;
-    
+
     case 'planet':
     case 'user':
     case 'anotherstuff':
         //Calls requested controller
         include("controllers/$controller.php");
         break;
-    
+
     default:
         header("HTTP/1.0 404 Not Found");
         dieprint_r($url, 'Unknown URL');
 }
 */
-
-?>
diff --git a/src/Database/Database.php b/src/Database/Database.php
new file mode 100644
--- /dev/null
+++ b/src/Database/Database.php
@@ -0,0 +1,73 @@
+
+ * $Config['database']['engine'] = 'MySQL'; //will use DatabaseMySQL class.
+ * 
+ *
+ * @package     Zed
+ * @subpackage  Database
+ * @author      Sébastien Santoro aka Dereckson 
+ * @copyright   2015 Sébastien Santoro aka Dereckson
+ * @license     http://www.opensource.org/licenses/bsd-license.php BSD
+ * @link        http://scherzo.dereckson.be/doc/zed
+ * @link        http://zed.dereckson.be/
+ * @filesource
+ */
+
+namespace Keruald\Core\Database;
+
+use Exception;
+
+/**
+ * Databasecaller
+ */
+class Database {
+    /**
+     * Gets the database instance, initializing it if needed
+     *
+     * The correct database instance to initialize will be determined from the
+     * $Config['database']['product'] preference.
+     *
+     * The database class to use will be Database + (preference engine, capitalized)
+     *
+     * This method will creates an instance of the specified object,
+     * calling the load static method from this object class.
+     *
+     * Example:
+     *
+     * 
+     * $Config['database']['engine'] = 'quux';
+     * $db = Database::load($Config['database']);
+     * 
+     *
+     * Database:load() will call DatabaseQuux:load();
+     *
+     * @return Database the database instance
+     */
+    static function load ($config) {
+        if (!isset($config['product'])) {
+            throw new Exception("A database engine (a MySQL variant is recommended) should be configured. Please ensure you have a database block with an [\"engine\"] value in the configuration.");
+        }
+
+        $engine_class = self::getProductClass($config['product']);
+
+        return call_user_func([$engine_class, 'load'], $config);
+    }
+
+    static private function getProductClass (string $product) : string {
+        return 'Database' . $product;
+    }
+}
diff --git a/src/Database/DatabaseMySQLi.php b/src/Database/DatabaseMySQLi.php
new file mode 100644
--- /dev/null
+++ b/src/Database/DatabaseMySQLi.php
@@ -0,0 +1,168 @@
+
+ * @copyright   2014 Sébastien Santoro aka Dereckson
+ * @license     http://www.opensource.org/licenses/bsd-license.php BSD
+ * @link        http://scherzo.dereckson.be/doc/zed
+ * @link        http://zed.dereckson.be/
+ * @filesource
+ */
+
+namespace Keruald\Core\Database;
+
+use mysqli;
+use mysqli_result;
+
+/**
+ * SQL layer and helper class: MySQLi
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+class DatabaseMySQLi {
+    /**
+     * @var int the connection identifier
+     */
+    private $db;
+
+    /**
+     * Initializes a new instance of the database abstraction class, for MySQLi engine
+     */
+    function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+        //Checks extension requirement
+        if (!class_exists("mysqli")) {
+            message_die(GENERAL_ERROR, "You've chosen to use a MySQLi database engine, but the MySQLi extension is missing.", "Setup issue");
+        }
+
+        //Connects to MySQL server
+        $this->db = new mysqli($host, $username, $password) or $this->sql_die();
+
+        //Selects database
+        if ($database != '') {
+            $this->db->select_db($database);
+        }
+    }
+
+    /**
+     * Outputs a can't connect to the SQL server message and exits.
+     * It's called on connect failure
+     */
+    private function sql_die () : void {
+        //You can custom here code when you can't connect to SQL server
+        //e.g. in a demo or appliance context, include('start.html'); exit;
+        die ("Can't connect to SQL server.");
+    }
+
+    /**
+     * Sends a unique query to the database
+     *
+     * @return mixed if the query is successful, a mysqli_result instance ; otherwise, false
+     */
+    function sql_query (string $query) {
+        return $this->db->query($query);
+    }
+
+    /**
+     * Fetches a row of result into an associative array
+     *
+     * @return mixed an array of strings that corresponds to the fetched row or null if there
+     * are no more rows in resultset.
+     */
+    function sql_fetchrow (mysqli_result $result) {
+        return $result->fetch_array();
+    }
+
+    /**
+     * Gets last SQL error information
+     *
+     * @return array an array with two keys, error code (int) and message (string)
+     */
+    function sql_error () : array {
+        return [
+            'code' => $this->db->errno,
+            'message' => $this->db->error
+        ];
+    }
+
+    /**
+     * Gets the number of rows affected or returned by a query
+     *
+     * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+     */
+    function sql_numrows (mysqli_result $result) : int {
+        return $result->num_rows;
+    }
+
+    /**
+     * Gets the primary key value of the last query (works only in INSERT context)
+     *
+     * @return mixed the primary key value
+     */
+    function sql_nextid () {
+        return $this->db->insert_id;
+    }
+
+    /**
+     * Express query method, returns an immediate and unique result
+     *
+     * @param string $query the query to execute
+     * @param string $error_message the error message
+     * @param boolean $return_as_string return result as string, and not as an array
+     * @return mixed the row or the scalar result
+     */
+    function sql_query_express ($query = '', string $error_message = "Impossible d'exécuter cette requête.", bool $return_as_string = true) {
+        if ($query === '' || $query === false || $query === null) {
+            //No query, no value
+            return '';
+        } elseif (!$result = $this->sql_query($query)) {
+            //An error have occurred
+            message_die(SQL_ERROR, $error_message, '', '', '', $query);
+        } else {
+            //Fetches row
+            $row = $this->sql_fetchrow($result);
+
+            //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+            return $return_as_string ? $row[0] : $row;
+        }
+    }
+
+    function sql_escape (string $expression) : string {
+        return $this->db->real_escape_string($expression);
+    }
+
+
+    function set_charset ($encoding) : bool {
+       return $this->db->set_charset($encoding);
+    }
+
+    /**
+     * Loads a database instance, connected and ready to process queries.
+     */
+    static function load (array $config) : DatabaseMySQLi {
+        //Creates an instance of this database class with configuration values
+        $db = new self(
+            $config['host'],
+            $config['username'],
+            $config['password'],
+            $config['database']
+        );
+
+        //Sets SQL connexion in UTF-8.
+        $db->set_charset('utf8');
+
+        return $db;
+    }
+}
diff --git a/src/Login.php b/src/Login.php
new file mode 100644
--- /dev/null
+++ b/src/Login.php
@@ -0,0 +1,118 @@
+sql_escape($_POST['username']);
+
+        $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
+        if ( !($result = $db->sql_query($sql)) ) {
+            message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+        }
+
+        if (!$row = $db->sql_fetchrow($result)) {
+            $this->setLoginErrorToDefaultMessage();
+            return;
+        }
+
+        if (!$row['user_password']) {
+            // No password set
+            $this->loginError =
+                "This account exists but the password is undefined. Contact the site administrator.";
+
+            return;
+        }
+
+        $user = new User();
+        $user->load_from_row($row);
+
+        if (!$user->checkPassword($_POST['password'], $row['user_password'])) {
+            $this->setLoginErrorToDefaultMessage();
+            return;
+        }
+
+        $this->loginSucessful = true;
+        Session::load()->user_login($user->id);
+    }
+
+    public static function logout () : void {
+        Session::load()->user_logout();
+    }
+
+    public function getLoginError () : string {
+        return $this->loginError;
+    }
+
+    public function getDefaultErrorMessage () : string {
+        return $this->defaultErrorMessage;
+    }
+
+    public function setDefaultErrorMessage (string $defaultErrorMessage) : void {
+        $this->defaultErrorMessage = $defaultErrorMessage;
+    }
+
+    public function setLoginErrorToDefaultMessage () : void {
+        $this->loginError = $this->defaultErrorMessage;
+    }
+
+    /**
+     * @return bool
+     */
+    public function isLoginSucessful () : bool {
+        return $this->loginSucessful;
+    }
+}
+
diff --git a/includes/objects/README b/src/Objects/README
rename from includes/objects/README
rename to src/Objects/README
diff --git a/includes/objects/user.php b/src/Objects/User.php
rename from includes/objects/user.php
rename to src/Objects/User.php
--- a/includes/objects/user.php
+++ b/src/Objects/User.php
@@ -1,5 +1,7 @@
 name = $_POST['name'];
         if (array_key_exists('password', $_POST)) $this->password = $_POST['password'];
         if (array_key_exists('active', $_POST)) $this->active = $_POST['active'];
@@ -52,7 +58,7 @@
     /**
      * Loads the object User (ie fill the properties) from the database
      */
-    function load_from_database () {
+    function load_from_database () : bool {
         global $db;
         $sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
         if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
@@ -69,7 +75,7 @@
     /**
      * Loads the object User (ie fill the properties) from the database row
      */
-    function load_from_row ($row) {
+    function load_from_row (array $row) : void {
         $this->id       = $row['user_id'];
         $this->name     = $row['username'];
         $this->password = $row['user_password'];
@@ -81,7 +87,7 @@
     /**
      * Saves to database
      */
-    function save_to_database () {
+    function save_to_database () : void {
         global $db;
 
         $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
@@ -106,7 +112,7 @@
     /**
      * Updates the specified field in the database record
      */
-    function save_field ($field) {
+    function save_field (string $field) : void {
         global $db;
         if (!$this->id) {
             message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
@@ -122,7 +128,7 @@
     /**
      * Generates a unique user id
      */
-    function generate_id () {
+    function generate_id () : int {
         global $db;
 
         do {
@@ -132,15 +138,15 @@
                 message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
             }
             $row = $db->sql_fetchrow($result);
-        } while ($row[0]);
+        } while ((int)$row[0]);
     }
 
     /**
      * Fills password field with encrypted version
      * of the specified clear password
      */
-    public function set_password ($newpassword) {
-        $this->password = md5($newpassword);
+    public function set_password ($newPassword) {
+        $this->password = $this->computePasswordHash($newPassword);
     }
 
     /**
@@ -149,7 +155,7 @@
      * @param string $login the login to check
      * @return boolean true if the login is avaiable ; otherwise, false.
      */
-    public static function is_available_login ($login) {
+    public static function is_available_login (string $login) : bool {
         global $db;
         $sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username = '$login'";
         if (!$result = $db->sql_query($sql)) {
@@ -164,7 +170,7 @@
      *
      * @return User the new user instance
      */
-    public static function create () {
+    public static function create () : User {
         $user = new User();
         $user->generate_id();
         $user->active = true;
@@ -176,7 +182,7 @@
      *
      * @return User the user matching the specified e-mail ; null, if the mail were not found.
      */
-    public static function get_user_from_email ($mail) {
+    public static function get_user_from_email (string $mail) : ?User {
         global $db;
         $sql = "SELECT username FROM " . TABLE_USERS . " WHERE user_email = '$mail'";
         if (!$result = $db->sql_query($sql)) {
diff --git a/src/Objects/WithAuthentication.php b/src/Objects/WithAuthentication.php
new file mode 100644
--- /dev/null
+++ b/src/Objects/WithAuthentication.php
@@ -0,0 +1,15 @@
+validateAndMigratePassword($passwordToCheck, $hash);
+        }
+
+        return password_verify($passwordToCheck, $hash);
+    }
+
+    public function computePasswordHash (string $password) : string {
+        return password_hash($password, PASSWORD_ARGON2I)
+    }
+
+    public static function isLegacyPassword (string $hash) : bool {
+        return len($hash) > 0 && $hash[0] !== '$';
+    }
+
+    private function validateAndMigratePassword (string $password, string $hash) : bool {
+        if (md5($passwordToCheck) !== $hash) {
+            return false;
+        }
+
+        $this->migratePassword($password);
+
+        return true;
+    }
+
+    private function migratePassword (string $password) : void {
+        $this->set_password($password);
+        $this->save_field("user_password");
+    }
+
+}
diff --git a/includes/session.php b/src/Session.php
rename from includes/session.php
rename to src/Session.php
--- a/includes/session.php
+++ b/src/Session.php
@@ -1,5 +1,9 @@
 sql_escape($Config['ResourceID']) . '\'' : 'default';
 
@@ -114,7 +118,7 @@
     /*
      * Updates or creates a session in the database
      */
-    public function update () {
+    public function update () : void {
         global $db, $Config;
 
         //Cleans up session
@@ -138,7 +142,7 @@
      * Gets the number of online users
      * @return int the online users count
      */
-    public function count_online () {
+    public function count_online () : int {
         //Keeps result for later method call
         static $count = -1;
 
@@ -161,7 +165,7 @@
      * @param string $info the field to get
      * @return string the session specified field's value
      */
-    public function get_info ($info) {
+    public function get_info (string $info) : string {
         global $db;
 
         $id = $db->sql_escape($this->id);
@@ -175,7 +179,7 @@
      * @param string $info the field to update
      * @param string $value the value to set
      */
-    public function set_info ($info, $value) {
+    public function set_info (string $info, string $value) : void {
         global $db;
 
         $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
@@ -190,7 +194,7 @@
      * Gets logged user information
      * @return User the logged user information
      */
-    public function get_logged_user () {
+    public function get_logged_user () : User {
         global $db;
 
         //Gets session information
@@ -202,7 +206,6 @@
         $row = $db->sql_fetchrow($result);
 
         //Gets user instance
-        require_once('includes/objects/user.php');
         $user = new User($row['user_id']);
 
         //Adds session property to this user instance
@@ -216,7 +219,7 @@
      * Cleans session
      * This method is to be called when an event implies a session destroy
      */
-    public function clean () {
+    public function clean () : void {
         //Destroies $_SESSION array values, help ID
         foreach ($_SESSION as $key => $value) {
             if ($key != 'ID') {
@@ -229,7 +232,7 @@
      * Updates the session in an user login context
      * @param string $user_id the user ID
      */
-    public function user_login ($user_id) {
+    public function user_login (string $user_id) : void {
         global $db;
 
         //Sets specified user ID in sessions table
@@ -244,7 +247,7 @@
     /**
      * Updates the session in an user logout context
      */
-    public function user_logout () {
+    public function user_logout () : void {
         global $db;
 
         //Sets anonymous user in sessions table