From 9cab0d0ed64f4e5289a0c979cae10a92508c391b Mon Sep 17 00:00:00 2001 From: adam Date: Thu, 28 Jan 2021 18:16:41 +0200 Subject: initial registering stuff --- php/database.php | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 php/database.php (limited to 'php/database.php') diff --git a/php/database.php b/php/database.php new file mode 100644 index 0000000..934aafa --- /dev/null +++ b/php/database.php @@ -0,0 +1,111 @@ +pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password); + }catch(PDOException $e) + { + error_log("Could not get database {$database_name} from {$database_location}, {$e} "); + die("The cow bought the farm"); + } + } + + /*returns false if this isn't a user, otherwise returns the userid*/ + function get_user(string $user) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username"); + $prep->bindParam(':username',$user); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/ + function authenticate(string $user, string $password) + { + $ret=new User; + global $password_hash_algo; + + + + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + if($hold) + { + $ret->user_id=hold["user_id"]; + $ret->username=hold["username"]; + $ret->email_address["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if username is taken, email is not checked here*/ + function register_user(string $user,string $password,string $email) : bool + { + $hold=$this->get_user($user); + global $domain_name; + global $has_email_verification; + global $password_hash_algo; + + + if($hold) + { + return false; + }else + { + if($has_email_verification) + { + generate_email_verification_link(); + }else + { + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + $prep->bindParam(':email',$email); + $prep->execute(); + } + return true; + } + } + } + + +?> -- cgit v1.2.3 From 472e170f408e3d8d1db2eb066d445153aad55d73 Mon Sep 17 00:00:00 2001 From: adam Date: Fri, 29 Jan 2021 03:26:28 +0200 Subject: register and login looks ok --- php/database.php | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'php/database.php') diff --git a/php/database.php b/php/database.php index 934aafa..ef2b825 100644 --- a/php/database.php +++ b/php/database.php @@ -26,7 +26,7 @@ require_once "misc.php"; } } - /*returns false if this isn't a user, otherwise returns the userid*/ + /*returns false if this isn't a user, otherwise returns the user*/ function get_user(string $user) { $ret=new User; @@ -53,24 +53,25 @@ require_once "misc.php"; function authenticate(string $user, string $password) { $ret=new User; - global $password_hash_algo; - - - $hashed_pass=password_hash($password,$password_hash_algo); - $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password"); + $prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username"); $prep->bindParam(':username',$user); - $prep->bindParam(':password',$hashed_pass); - $prep->execute(); $hold=$prep->fetch(PDO::FETCH_ASSOC); + if($hold) { - $ret->user_id=hold["user_id"]; - $ret->username=hold["username"]; - $ret->email_address["email"]; - return $ret; + if(password_verify($password,$hold["password"])) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } }else { return false; -- cgit v1.2.3