{
public $id = NULL;
public $username = NULL;
- public $passhash = NULL;
+ protected $passhash = NULL;
public $first_name = NULL;
public $last_name = NULL;
- function __construct(string $name)
+ /**
+ * Find a user in the database by name or ID
+ * @param string $name
+ * @param mixed $id
+ */
+ function __construct(string $name, $id = NULL)
{
$conn = sqlnew();
- $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
- $prep->execute(["name" => strtolower($name)]);
+
+ if ($id)
+ {
+ $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE user_id = :id LIMIT 1");
+ $prep->execute(["id" => strtolower($id)]);
+ }
+ elseif ($name)
+ {
+ $prep = $conn->prepare("SELECT * FROM " . SQL_PREFIX . "users WHERE LOWER(user_name) = :name LIMIT 1");
+ $prep->execute(["name" => strtolower($name)]);
+ }
$data = $prep->fetchAll();
if ($data = $data[0])
{
$this->first_name = $data['first_name'] ?? NULL;
$this->last_name = $data['last_name'] ?? NULL;
}
-
}
+ function password_verify(string $input)
+ {
+ if (password_verify($input, $this->passhash))
+ return true;
+ return false;
+ }
+
+}
+
+
+function get_current_user() : SQLA_User|bool
+{
+ session_start();
+ if (isset($_SESSION['id']))
+ {
+ $user = new SQLA_User()
+ }
+ return false;
}
\ No newline at end of file
/* not being too informative with the login error in case of attackers */
if (!$user->id)
{
- $failmsg = "Incorrect username";
+ $failmsg = "Incorrect login";
}
- else if (password_verify($_POST['password'], $user->passhash))
+ else if ($user->password_verify($_POST['password']))
{
- $_SESSION['id'] = $user->id;
- header('Location: ' . BASE_URL);
+ $_SESSION['id'] = $user->id;
+ header('Location: ' . BASE_URL);
}
else
{
- $failmsg = "Incorrect pass";
+ $failmsg = "Incorrect login";
}
}
$link = "error.php?errno=1";
}
$label = ($notifs) ? "<span class=\"position-absolute top-0 start-100 translate-middle badge rounded-pill bg-danger\">$notifs</span>" : "";
- $pages["SQL Auth$label"] = "plugins/sql_auth/$link";
+ $pages["Panel Access$label"] = "plugins/sql_auth/$link";
if ($_SESSION['id'])
{
$pages["Logout"] = "plugins/sql_auth/login.php?logout=true";