diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2020-04-09 20:19:37 +0200 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2020-04-09 20:19:37 +0200 |
| commit | f29bb8688c02325196d7d5bd03fc528414f3055f (patch) | |
| tree | 0043a0b21e69432010f2e907abf9034dee458076 /app/class | |
| parent | 0e66e1d890ca775b50b43990a4d92c035c1eb5b2 (diff) | |
| download | wcms-f29bb8688c02325196d7d5bd03fc528414f3055f.tar.gz wcms-f29bb8688c02325196d7d5bd03fc528414f3055f.zip | |
connect using user and password close #70
Diffstat (limited to 'app/class')
| -rw-r--r-- | app/class/Controllerconnect.php | 4 | ||||
| -rw-r--r-- | app/class/Controlleruser.php | 4 | ||||
| -rw-r--r-- | app/class/Modeluser.php | 27 |
3 files changed, 10 insertions, 25 deletions
diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index e9af86a..8555e92 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -36,8 +36,8 @@ class Controllerconnect extends Controller public function login($route, $id = null) { - if (isset($_POST['pass'])) { - $this->user = $this->usermanager->passwordcheck($_POST['pass']); + if (!empty($_POST['pass']) && !empty($_POST['user'])) { + $this->user = $this->usermanager->passwordcheck($_POST['user'], $_POST['pass']); if ($this->user != false) { if ($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) { $this->user->connectcounter(); diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php index 0ec8092..b148f5b 100644 --- a/app/class/Controlleruser.php +++ b/app/class/Controlleruser.php @@ -50,7 +50,7 @@ class Controlleruser extends Controller $user = new User($_POST); if(empty($user->id()) || $this->usermanager->get($user)) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password()) || !$user->validpassword()) { + } elseif(empty($user->password()) || !$user->validpassword()) { $this->routedirectget('user', ['error' => 'change_password']); } else { if($user->passwordhashed()) { @@ -102,7 +102,7 @@ class Controlleruser extends Controller $userupdate->hydrate($_POST); if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()) || !$userupdate->validpassword())) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || !$userupdate->validpassword())) { $this->routedirectget('user', ['error' => 'password_unvalid']); } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php index 9ee04ba..3f459b2 100644 --- a/app/class/Modeluser.php +++ b/app/class/Modeluser.php @@ -126,14 +126,15 @@ class Modeluser extends Modeldb /** * Check if the password is used, and return by who * + * @param string $userid user ID * @param string $pass password clear * - * @return mixed User or false + * @return User|bool User or false */ - public function passwordcheck(string $pass) + public function passwordcheck(string $userid, string $pass) { - $userdatalist = $this->getlister(); - foreach ($userdatalist as $user) { + $user = $this->get($userid); + if ($user !== false) { if ($user->passwordhashed()) { if (password_verify($pass, $user->password())) { return $user; @@ -141,29 +142,13 @@ class Modeluser extends Modeldb } else { if ($user->password() === $pass) { return $user; - } + } } } return false; } /** - * Return information if the password is already used or not - * - * @param string $pass password clear - * - * @return bool password exist or not - */ - public function passwordexist(string $pass) : bool - { - if ($this->passwordcheck($pass) !== false) { - return true; - } else { - return false; - } - } - - /** * @param User $user * * @return bool depending on success |