From 5fc22b33c7b1b437f02fb69c3a833c59d4c58f8d Mon Sep 17 00:00:00 2001 From: inghamn Date: Mon, 30 Apr 2018 15:17:57 -0400 Subject: [PATCH] Only look up users by username Fixes #159 --- .../migrations/1.1-1.2/databaseChanges.sql | 5 ++++- scripts/mysql.sql | 2 +- src/Controllers/LoginController.php | 18 +++++++++++------ src/Models/Person.php | 20 ++++++++++++++++++- 4 files changed, 36 insertions(+), 9 deletions(-) diff --git a/scripts/migrations/1.1-1.2/databaseChanges.sql b/scripts/migrations/1.1-1.2/databaseChanges.sql index 445faf0..59741cb 100644 --- a/scripts/migrations/1.1-1.2/databaseChanges.sql +++ b/scripts/migrations/1.1-1.2/databaseChanges.sql @@ -1,3 +1,6 @@ -alter table eventTypes add cifsType varchar(128); +delete from people where firstname=''; + alter table events add foreign key (eventType_id) references eventTypes(id); +alter table eventTypes add cifsType varchar(128); alter table people add notifications boolean; +alter table people modify email varchar(255) unique; diff --git a/scripts/mysql.sql b/scripts/mysql.sql index ecf1aca..fc2aa43 100644 --- a/scripts/mysql.sql +++ b/scripts/mysql.sql @@ -12,7 +12,7 @@ create table people ( department_id int unsigned, firstname varchar(128) not null, lastname varchar(128) not null, - email varchar(255) not null, + email varchar(255) unique, phone varchar(16), username varchar(40) unique, password varchar(40), diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php index b7afa33..e76f5d5 100644 --- a/src/Controllers/LoginController.php +++ b/src/Controllers/LoginController.php @@ -78,9 +78,11 @@ public function index() { if (isset($_POST['username'])) { try { - $person = new Person($_POST['username']); - if ($person->authenticate($_POST['password'])) { - $_SESSION['USER'] = $person; + $user = Person::findByUsername($_POST['username']); + if (!$user) { throw new \Exception(Person::ERROR_UNKNOWN_PERSON); } + + if ($user->authenticate($_POST['password'])) { + $_SESSION['USER'] = $user; header('Location: '.$this->return_url); exit(); } @@ -110,9 +112,13 @@ public function logout() private function registerUser(string $username) { try { - $_SESSION['USER'] = new Person($username); - header("Location: {$this->return_url}"); - exit(); + $user = Person::findByUsername($username); + if ($user) { + $_SESSION['USER'] = $user; + header("Location: {$this->return_url}"); + exit(); + } + throw new \Exception(Person::ERROR_UNKNOWN_PERSON); } catch (\Exception $e) { $_SESSION['errorMessages'][] = $e; diff --git a/src/Models/Person.php b/src/Models/Person.php index 6904bd4..af0fae1 100644 --- a/src/Models/Person.php +++ b/src/Models/Person.php @@ -14,6 +14,24 @@ class Person extends ActiveRecord protected $department; + const ERROR_UNKNOWN_PERSON = 'person/unknown'; + + /** + * Returns the matching Person object or null if not found + * + * @return Person + */ + public static function findByUsername(string $username) + { + $zend_db = Database::getConnection(); + $sql = 'select * from people where username=?'; + + $result = $zend_db->createStatement($sql)->execute([$username]); + if (count($result)) { + return new Person($result->current()); + } + } + /** * Populates the object with data * @@ -48,7 +66,7 @@ public function __construct($id=null) $this->exchangeArray($result->current()); } else { - throw new \Exception('person/unknown'); + throw new \Exception(self::ERROR_UNKNOWN_PERSON); } } }