tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged in Login-System (pull request #7) 

[Ivan Diaz] - Some improvements to login/session system
This commit is contained in:
Ivan Diaz 2016-03-21 18:09:47 -05:00
parent fefd530b2a 9d72b58a74
commit c32249c236
5 changed files with 56 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
api/controllers/user/login.php
View File

@ -4,17 +4,29 @@ class LoginController extends Controller {
const PATH = '/login';
public function handler() {
$session = Session::getInstance();
$email = Controller::request('email');
$password = Controller::request('password');
$user = User::getUser($email, 'email');
if ($user === null || $user->password !== $password) {
Response::respondError(ERRORS::INVALID_CREDENTIALS);
if ($session->sessionExists()) {
Response::respondError(ERRORS::SESSION_EXISTS);
return;
}
Response::respondSuccess();
return;
$userInstance = User::getUser($email, $password);
if ($userInstance !== null) {
$session->createSession($userInstance->id);
Response::respondSuccess(array(
'userId' => $userInstance->id,
'userEmail' => $userInstance->email,
'userIsAdmin' => $userInstance->admin,
'token' => $session->getToken()
));
} else {
Response::respondError(ERRORS::INVALID_CREDENTIALS);
}
}
}

16
api/controllers/user/signup.php
View File

@ -7,16 +7,22 @@ class SignUpController extends Controller {
$email = Controller::request('email');
$password = Controller::request('password');
$userId = $this->createNewUserAndRetrieveId($email, $password);
Response::respondSuccess(array(
'userId' => $userId,
'userEmail' => $email
));
}
public function createNewUserAndRetrieveId() {
$userInstance = new User();
$userInstance->setProperties(array(
'email' => $email,
'password' => $password,
'password' => User::hashPassword($password),
'admin' => 0
));
$id = $userInstance->store();
Response::respondSuccess(array(
'id' => $id
));
return $userInstance->store();
}
}

1
api/models/ERRORS.php
View File

@ -1,4 +1,5 @@
<?php
class ERRORS {
const INVALID_CREDENTIALS = 'User or password is not defined';
const SESSION_EXISTS = 'User is already logged in';
}

16
api/models/Session.php
View File

@ -3,7 +3,7 @@
class Session {
private $instance = null;
private function __construct() {}
private function __construct() {}
public function initSession() {
session_start();
@ -22,7 +22,7 @@ class Session {
}
public function createSession($userId) {
$this->store('userid', $userId);
$this->store('userId', $userId);
$this->store('token', $this->generateToken());
}
@ -30,17 +30,25 @@ class Session {
return $this->getStoredData('token');
}
public function sessionExists() {
return !!$this->getToken();
}
public function checkAuthentication($data) {
return $this->getStoredData('user_id') === $data['user_id'] &&
return $this->getStoredData('userId') === $data['userId'] &&
$this->getStoredData('token') === $data['token'];
}
public function isLoggedWithId($userId) {
return ($this->getStoredData('userId') === $userId);
}
private function store($key, $value) {
$_SESSION[$key] = $value;
}
private function getStoredData($key) {
return $_SESSION[$key];
return $_SESSION[$key] || null;
}
private function generateToken() {

14
api/models/User.php
View File

@ -3,6 +3,20 @@
class User extends DataStore {
const TABLE = 'users';
public static function hashPassword($password) {
return password_hash($password);
}
public static function verifyPassword($password, $hash) {
return password_verify($password, $hash);
}
public static function authenticate($userEmail, $userPassword) {
$user = static::getUser($userEmail, 'email');
return ($user && static::verifyPassword($userPassword, $user->password)) ? $user : null;
}
public static function getProps() {
return array(
'email',