mirror of
https://github.com/opensupports/opensupports.git
synced 2025-07-27 07:44:29 +02:00
Merged in Login-System (pull request #7)
[Ivan Diaz] - Some improvements to login/session system
This commit is contained in:
Ivan Diaz
commit
c32249c236
@ -4,17 +4,29 @@ class LoginController extends Controller {
|
|||||||
const PATH = '/login';
|
const PATH = '/login';
|
||||||
|
|
||||||
public function handler() {
|
public function handler() {
|
||||||
|
$session = Session::getInstance();
|
||||||
|
|
||||||
$email = Controller::request('email');
|
$email = Controller::request('email');
|
||||||
$password = Controller::request('password');
|
$password = Controller::request('password');
|
||||||
|
|
||||||
$user = User::getUser($email, 'email');
|
if ($session->sessionExists()) {
|
||||||
|
Response::respondError(ERRORS::SESSION_EXISTS);
|
||||||
if ($user === null || $user->password !== $password) {
|
|
||||||
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
Response::respondSuccess();
|
$userInstance = User::getUser($email, $password);
|
||||||
return;
|
|
||||||
|
if ($userInstance !== null) {
|
||||||
|
$session->createSession($userInstance->id);
|
||||||
|
|
||||||
|
Response::respondSuccess(array(
|
||||||
|
'userId' => $userInstance->id,
|
||||||
|
'userEmail' => $userInstance->email,
|
||||||
|
'userIsAdmin' => $userInstance->admin,
|
||||||
|
'token' => $session->getToken()
|
||||||
|
));
|
||||||
|
} else {
|
||||||
|
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,16 +7,22 @@ class SignUpController extends Controller {
|
|||||||
$email = Controller::request('email');
|
$email = Controller::request('email');
|
||||||
$password = Controller::request('password');
|
$password = Controller::request('password');
|
||||||
|
|
||||||
|
$userId = $this->createNewUserAndRetrieveId($email, $password);
|
||||||
|
|
||||||
|
Response::respondSuccess(array(
|
||||||
|
'userId' => $userId,
|
||||||
|
'userEmail' => $email
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function createNewUserAndRetrieveId() {
|
||||||
$userInstance = new User();
|
$userInstance = new User();
|
||||||
$userInstance->setProperties(array(
|
$userInstance->setProperties(array(
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'password' => $password,
|
'password' => User::hashPassword($password),
|
||||||
'admin' => 0
|
'admin' => 0
|
||||||
));
|
));
|
||||||
$id = $userInstance->store();
|
|
||||||
|
|
||||||
Response::respondSuccess(array(
|
return $userInstance->store();
|
||||||
'id' => $id
|
|
||||||
));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
class ERRORS {
|
class ERRORS {
|
||||||
const INVALID_CREDENTIALS = 'User or password is not defined';
|
const INVALID_CREDENTIALS = 'User or password is not defined';
|
||||||
|
const SESSION_EXISTS = 'User is already logged in';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
class Session {
|
class Session {
|
||||||
private $instance = null;
|
private $instance = null;
|
||||||
|
|
||||||
private function __construct() {}
|
private function __construct() {}
|
||||||
|
|
||||||
public function initSession() {
|
public function initSession() {
|
||||||
session_start();
|
session_start();
|
||||||
@ -22,7 +22,7 @@ class Session {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function createSession($userId) {
|
public function createSession($userId) {
|
||||||
$this->store('userid', $userId);
|
$this->store('userId', $userId);
|
||||||
$this->store('token', $this->generateToken());
|
$this->store('token', $this->generateToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,17 +30,25 @@ class Session {
|
|||||||
return $this->getStoredData('token');
|
return $this->getStoredData('token');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function sessionExists() {
|
||||||
|
return !!$this->getToken();
|
||||||
|
}
|
||||||
|
|
||||||
public function checkAuthentication($data) {
|
public function checkAuthentication($data) {
|
||||||
return $this->getStoredData('user_id') === $data['user_id'] &&
|
return $this->getStoredData('userId') === $data['userId'] &&
|
||||||
$this->getStoredData('token') === $data['token'];
|
$this->getStoredData('token') === $data['token'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isLoggedWithId($userId) {
|
||||||
|
return ($this->getStoredData('userId') === $userId);
|
||||||
|
}
|
||||||
|
|
||||||
private function store($key, $value) {
|
private function store($key, $value) {
|
||||||
$_SESSION[$key] = $value;
|
$_SESSION[$key] = $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getStoredData($key) {
|
private function getStoredData($key) {
|
||||||
return $_SESSION[$key];
|
return $_SESSION[$key] || null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function generateToken() {
|
private function generateToken() {
|
||||||
|
|||||||
@ -3,6 +3,20 @@
|
|||||||
class User extends DataStore {
|
class User extends DataStore {
|
||||||
const TABLE = 'users';
|
const TABLE = 'users';
|
||||||
|
|
||||||
|
public static function hashPassword($password) {
|
||||||
|
return password_hash($password);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function verifyPassword($password, $hash) {
|
||||||
|
return password_verify($password, $hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function authenticate($userEmail, $userPassword) {
|
||||||
|
$user = static::getUser($userEmail, 'email');
|
||||||
|
|
||||||
|
return ($user && static::verifyPassword($userPassword, $user->password)) ? $user : null;
|
||||||
|
}
|
||||||
|
|
||||||
public static function getProps() {
|
public static function getProps() {
|
||||||
return array(
|
return array(
|
||||||
'email',
|
'email',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user