Move some code around, add lookup by ID and get_current_user()

diff --git a/plugins/sql_auth/SQL/user.php b/plugins/sql_auth/SQL/user.php
index cdf10a05656cc7f1981bf2a819a63bc7a4c7fd78..0c08fed0816a3023b55f60c5b17b89b77bd4373c 100644 (file)
--- a/plugins/sql_auth/SQL/user.php
+++ b/plugins/sql_auth/SQL/user.php
@@ -4,15 +4,29 @@ class SQLA_User
 {
     public $id = NULL;
     public $username = NULL;
-    public $passhash = NULL;
+    protected $passhash = NULL;
     public $first_name = NULL;
     public $last_name = NULL;
 
-    function __construct(string $name)
+    /**
+     * Find a user in the database by name or ID
+     * @param string $name
+     * @param mixed $id
+     */
+    function __construct(string $name, $id = NULL)
     {
         $conn = sqlnew();
-        $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
-        $prep->execute(["name" => strtolower($name)]);
+
+        if ($id)
+        {
+            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
+            $prep->execute(["id" => strtolower($id)]);
+        }
+        elseif ($name)
+        {
+            $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
+            $prep->execute(["name" => strtolower($name)]);
+        }
         $data = $prep->fetchAll();
         if ($data = $data[0])
         {
@@ -22,7 +36,24 @@ class SQLA_User
             $this->first_name = $data['first_name'] ?? NULL;
             $this->last_name = $data['last_name'] ?? NULL;
         }
-        
     }
 
+    function password_verify(string $input)
+    {
+        if (password_verify($input, $this->passhash))
+            return true;
+        return false;
+    }
+
+}
+
+
+function get_current_user() : SQLA_User|bool
+{
+    session_start();
+    if (isset($_SESSION['id']))
+    {
+        $user = new SQLA_User()
+    }
+    return false;
 }
\ No newline at end of file

diff --git a/plugins/sql_auth/login.php b/plugins/sql_auth/login.php
index 294bafec78299f9ce4cd525e944a6bce879c418e..b0b0aa45735268c6f892e87c97a03177cc069ed6 100644 (file)
--- a/plugins/sql_auth/login.php
+++ b/plugins/sql_auth/login.php
@@ -25,16 +25,16 @@ if (!empty($_POST))
       /* not being too informative with the login error in case of attackers */
       if (!$user->id)
       {
-          $failmsg = "Incorrect username";
+          $failmsg = "Incorrect login";
       }
-      else if (password_verify($_POST['password'], $user->passhash))
+      else if ($user->password_verify($_POST['password']))
       {
-        $_SESSION['id'] = $user->id;
-        header('Location: ' . BASE_URL);
+          $_SESSION['id'] = $user->id;
+          header('Location: ' . BASE_URL);
       }
       else
       {
-          $failmsg = "Incorrect pass";
+          $failmsg = "Incorrect login";
       }
 
   }

diff --git a/plugins/sql_auth/sql_auth.php b/plugins/sql_auth/sql_auth.php
index 83b1e6fc2d0a3bcc3b03ee172c57f297db00de93..d45d0e43ea994f2722b9ec9dbcf18841c8eb16b9 100644 (file)
--- a/plugins/sql_auth/sql_auth.php
+++ b/plugins/sql_auth/sql_auth.php
@@ -31,7 +31,7 @@ class sql_auth
                        $link = "error.php?errno=1";
                }
                $label = ($notifs) ? "<span class=\"position-absolute top-0 start-100 translate-middle badge rounded-pill bg-danger\">$notifs</span>" : "";
-               $pages["SQL Auth$label"] = "plugins/sql_auth/$link";
+               $pages["Panel Access$label"] = "plugins/sql_auth/$link";
                if ($_SESSION['id'])
                {
                        $pages["Logout"] = "plugins/sql_auth/login.php?logout=true";