tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Ivan Diaz] - Some improvements to login/session system

This commit is contained in:
Ivan Diaz 2016-02-02 18:41:10 -03:00
parent b2c66113df
commit cf0163f221
4 changed files with 52 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
server/controllers/user.php
View File

@ -5,36 +5,47 @@ $app->group('/user', function () use ($app) {
echo "Returns the user with $by = $value as a json";
});
//TODO: THIS METHOD CAN BE ONLY USED IF IT IS LOGIN AS ADMIN
$app->get('/add/:email/:pass', function ($email, $pass) use ($app) {
$app->post('/create', function () use ($app) {
$email = Controller::request('email');
$password = Controller::request('password');
$userInstance = new User();
$userInstance->setProperties(array(
'email' => $email,
'password' => $pass,
'password' => User::hashPassword($password),
'admin' => 0
));
$id = $userInstance->store();
$userId = $userInstance->store();
Response::respondSuccess(array(
'id' => $id
'userId' => $userId,
'userEmail' => $email
));
});
$app->post('/login', function () use ($app) {
$session = Session::getInstance();
$email = Controller::request('email');
$password = Controller::request('password');
if ($userInstance = User::getUser($email, 'email')) {
$pass = $userInstance->password;
if ($session->sessionExists()) {
Response::respondError(ERRORS::SESSION_EXISTS);
}
else {
$userInstance = User::authenticate($email, $password);
if (!$userInstance) {
Response::respondError(ERRORS::INVALID_CREDENTIALS);
}
if ($userInstance->password === $password) {
Response::respondSuccess();
}
else {
Response::respondError(ERRORS::INVALID_CREDENTIALS);
}
$session->createSession($userInstance->id);
Response::respondSuccess(array(
'userId' => $userInstance->id,
'userEmail' => $userInstance->email,
'userIsAdmin' => $userInstance->admin,
'token' => $session->getToken()
));
});
});

1
server/models/ERRORS.php
View File

@ -1,4 +1,5 @@
<?php
class ERRORS {
const INVALID_CREDENTIALS = 'User or password is not defined';
const SESSION_EXISTS = 'User is already logged in';
}

16
server/models/Session.php
View File

@ -3,7 +3,7 @@
class Session {
private $instance = null;
private function __construct() {}
private function __construct() {}
public function initSession() {
session_start();
@ -22,7 +22,7 @@ class Session {
}
public function createSession($userId) {
$this->store('userid', $userId);
$this->store('userId', $userId);
$this->store('token', $this->generateToken());
}
@ -30,17 +30,25 @@ class Session {
return $this->getStoredData('token');
}
public function sessionExists() {
return !!$this->getToken();
}
public function checkAuthentication($data) {
return $this->getStoredData('user_id') === $data['user_id'] &&
return $this->getStoredData('userId') === $data['userId'] &&
$this->getStoredData('token') === $data['token'];
}
public function isLoggedWithId($userId) {
return ($this->getStoredData('userId') === $userId);
}
private function store($key, $value) {
$_SESSION[$key] = $value;
}
private function getStoredData($key) {
return $_SESSION[$key];
return $_SESSION[$key] || null;
}
private function generateToken() {

14
server/models/User.php
View File

@ -3,6 +3,20 @@
class User extends DataStore {
const TABLE = 'users';
public static function hashPassword($password) {
return password_hash($password);
}
public static function verifyPassword($password, $hash) {
return password_verify($password, $hash);
}
public static function authenticate($userEmail, $userPassword) {
$user = static::getUser($userEmail, 'email');
return ($user && static::verifyPassword($userPassword, $user->password)) ? $user : null;
}
public static function getProps() {
return array(
'email',