mirror of
https://github.com/opensupports/opensupports.git
synced 2025-07-30 01:05:18 +02:00
[Ivan Diaz] - Some improvements to login/session system
This commit is contained in:
Ivan Diaz
parent
b2c66113df
commit
cf0163f221
@ -5,36 +5,47 @@ $app->group('/user', function () use ($app) {
|
|||||||
echo "Returns the user with $by = $value as a json";
|
echo "Returns the user with $by = $value as a json";
|
||||||
});
|
});
|
||||||
|
|
||||||
//TODO: THIS METHOD CAN BE ONLY USED IF IT IS LOGIN AS ADMIN
|
$app->post('/create', function () use ($app) {
|
||||||
$app->get('/add/:email/:pass', function ($email, $pass) use ($app) {
|
$email = Controller::request('email');
|
||||||
|
$password = Controller::request('password');
|
||||||
|
|
||||||
$userInstance = new User();
|
$userInstance = new User();
|
||||||
$userInstance->setProperties(array(
|
$userInstance->setProperties(array(
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'password' => $pass,
|
'password' => User::hashPassword($password),
|
||||||
'admin' => 0
|
'admin' => 0
|
||||||
));
|
));
|
||||||
$id = $userInstance->store();
|
$userId = $userInstance->store();
|
||||||
|
|
||||||
Response::respondSuccess(array(
|
Response::respondSuccess(array(
|
||||||
'id' => $id
|
'userId' => $userId,
|
||||||
|
'userEmail' => $email
|
||||||
));
|
));
|
||||||
});
|
});
|
||||||
|
|
||||||
$app->post('/login', function () use ($app) {
|
$app->post('/login', function () use ($app) {
|
||||||
|
$session = Session::getInstance();
|
||||||
|
|
||||||
$email = Controller::request('email');
|
$email = Controller::request('email');
|
||||||
$password = Controller::request('password');
|
$password = Controller::request('password');
|
||||||
|
|
||||||
if ($userInstance = User::getUser($email, 'email')) {
|
if ($session->sessionExists()) {
|
||||||
$pass = $userInstance->password;
|
Response::respondError(ERRORS::SESSION_EXISTS);
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
|
$userInstance = User::authenticate($email, $password);
|
||||||
|
|
||||||
|
if (!$userInstance) {
|
||||||
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($userInstance->password === $password) {
|
$session->createSession($userInstance->id);
|
||||||
Response::respondSuccess();
|
|
||||||
}
|
Response::respondSuccess(array(
|
||||||
else {
|
'userId' => $userInstance->id,
|
||||||
Response::respondError(ERRORS::INVALID_CREDENTIALS);
|
'userEmail' => $userInstance->email,
|
||||||
}
|
'userIsAdmin' => $userInstance->admin,
|
||||||
|
'token' => $session->getToken()
|
||||||
|
));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
class ERRORS {
|
class ERRORS {
|
||||||
const INVALID_CREDENTIALS = 'User or password is not defined';
|
const INVALID_CREDENTIALS = 'User or password is not defined';
|
||||||
|
const SESSION_EXISTS = 'User is already logged in';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
class Session {
|
class Session {
|
||||||
private $instance = null;
|
private $instance = null;
|
||||||
|
|
||||||
private function __construct() {}
|
private function __construct() {}
|
||||||
|
|
||||||
public function initSession() {
|
public function initSession() {
|
||||||
session_start();
|
session_start();
|
||||||
@ -22,7 +22,7 @@ class Session {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function createSession($userId) {
|
public function createSession($userId) {
|
||||||
$this->store('userid', $userId);
|
$this->store('userId', $userId);
|
||||||
$this->store('token', $this->generateToken());
|
$this->store('token', $this->generateToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -30,17 +30,25 @@ class Session {
|
|||||||
return $this->getStoredData('token');
|
return $this->getStoredData('token');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function sessionExists() {
|
||||||
|
return !!$this->getToken();
|
||||||
|
}
|
||||||
|
|
||||||
public function checkAuthentication($data) {
|
public function checkAuthentication($data) {
|
||||||
return $this->getStoredData('user_id') === $data['user_id'] &&
|
return $this->getStoredData('userId') === $data['userId'] &&
|
||||||
$this->getStoredData('token') === $data['token'];
|
$this->getStoredData('token') === $data['token'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isLoggedWithId($userId) {
|
||||||
|
return ($this->getStoredData('userId') === $userId);
|
||||||
|
}
|
||||||
|
|
||||||
private function store($key, $value) {
|
private function store($key, $value) {
|
||||||
$_SESSION[$key] = $value;
|
$_SESSION[$key] = $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getStoredData($key) {
|
private function getStoredData($key) {
|
||||||
return $_SESSION[$key];
|
return $_SESSION[$key] || null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function generateToken() {
|
private function generateToken() {
|
||||||
|
|||||||
@ -3,6 +3,20 @@
|
|||||||
class User extends DataStore {
|
class User extends DataStore {
|
||||||
const TABLE = 'users';
|
const TABLE = 'users';
|
||||||
|
|
||||||
|
public static function hashPassword($password) {
|
||||||
|
return password_hash($password);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function verifyPassword($password, $hash) {
|
||||||
|
return password_verify($password, $hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function authenticate($userEmail, $userPassword) {
|
||||||
|
$user = static::getUser($userEmail, 'email');
|
||||||
|
|
||||||
|
return ($user && static::verifyPassword($userPassword, $user->password)) ? $user : null;
|
||||||
|
}
|
||||||
|
|
||||||
public static function getProps() {
|
public static function getProps() {
|
||||||
return array(
|
return array(
|
||||||
'email',
|
'email',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user