Only look up users by username

Fixes #159
City-of-Bloomington · Apr 30, 2018 · 5fc22b3 · 5fc22b3
1 parent 9a2c382
commit 5fc22b3
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 9 deletions.
diff --git a/scripts/migrations/1.1-1.2/databaseChanges.sql b/scripts/migrations/1.1-1.2/databaseChanges.sql
@@ -1,3 +1,6 @@
-alter table eventTypes add cifsType varchar(128);
+delete from people where firstname='';
+
 alter table events     add foreign key (eventType_id) references eventTypes(id);
+alter table eventTypes add cifsType      varchar(128);
 alter table people     add notifications boolean;
+alter table people  modify email         varchar(255) unique;
diff --git a/scripts/mysql.sql b/scripts/mysql.sql
@@ -12,7 +12,7 @@ create table people (
 	department_id        int unsigned,
 	firstname            varchar(128) not null,
 	lastname             varchar(128) not null,
-	email                varchar(255) not null,
+	email                varchar(255) unique,
 	phone                varchar(16),
 	username             varchar(40) unique,
 	password             varchar(40),

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
@@ -78,9 +78,11 @@ public function index()
 	{
 		if (isset($_POST['username'])) {
 			try {
-				$person = new Person($_POST['username']);
-				if ($person->authenticate($_POST['password'])) {
-					$_SESSION['USER'] = $person;
+				$user = Person::findByUsername($_POST['username']);
+				if (!$user) { throw new \Exception(Person::ERROR_UNKNOWN_PERSON); }
+
+				if ($user->authenticate($_POST['password'])) {
+					$_SESSION['USER'] = $user;
 					header('Location: '.$this->return_url);
 					exit();
 				}
@@ -110,9 +112,13 @@ public function logout()
 	private function registerUser(string $username)
 	{
         try {
-            $_SESSION['USER'] = new Person($username);
-            header("Location: {$this->return_url}");
-            exit();
+            $user = Person::findByUsername($username);
+            if ($user) {
+                $_SESSION['USER'] = $user;
+                header("Location: {$this->return_url}");
+                exit();
+            }
+            throw new \Exception(Person::ERROR_UNKNOWN_PERSON);
         }
         catch (\Exception $e) {
             $_SESSION['errorMessages'][] = $e;

diff --git a/src/Models/Person.php b/src/Models/Person.php
@@ -14,6 +14,24 @@ class Person extends ActiveRecord
 
 	protected $department;
 
+	const ERROR_UNKNOWN_PERSON = 'person/unknown';
+
+	/**
+	 * Returns the matching Person object or null if not found
+	 *
+	 * @return Person
+	 */
+	public static function findByUsername(string $username)
+	{
+        $zend_db = Database::getConnection();
+        $sql = 'select * from people where username=?';
+
+        $result = $zend_db->createStatement($sql)->execute([$username]);
+        if (count($result)) {
+            return new Person($result->current());
+        }
+	}
+
 	/**
 	 * Populates the object with data
 	 *
@@ -48,7 +66,7 @@ public function __construct($id=null)
 					$this->exchangeArray($result->current());
 				}
 				else {
-					throw new \Exception('person/unknown');
+					throw new \Exception(self::ERROR_UNKNOWN_PERSON);
 				}
 			}
 		}