From f29bb8688c02325196d7d5bd03fc528414f3055f Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Thu, 9 Apr 2020 20:19:37 +0200
Subject: connect using user and password close #70

---
 app/class/Controllerconnect.php |  4 ++--
 app/class/Controlleruser.php    |  4 ++--
 app/class/Modeluser.php         | 27 ++++++---------------------
 3 files changed, 10 insertions(+), 25 deletions(-)

(limited to 'app/class')

diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php
index e9af86a..8555e92 100644
--- a/app/class/Controllerconnect.php
+++ b/app/class/Controllerconnect.php
@@ -36,8 +36,8 @@ class Controllerconnect extends Controller
 
     public function login($route, $id = null)
     {
-        if (isset($_POST['pass'])) {
-            $this->user = $this->usermanager->passwordcheck($_POST['pass']);
+        if (!empty($_POST['pass']) && !empty($_POST['user'])) {
+            $this->user = $this->usermanager->passwordcheck($_POST['user'], $_POST['pass']);
             if ($this->user != false) {
                 if ($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) {
                     $this->user->connectcounter();
diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index 0ec8092..b148f5b 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -50,7 +50,7 @@ class Controlleruser extends Controller
             $user = new User($_POST);
             if(empty($user->id()) || $this->usermanager->get($user)) {
                 $this->routedirectget('user', ['error' => 'wrong_id']);
-            } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password()) || !$user->validpassword()) {
+            } elseif(empty($user->password()) || !$user->validpassword()) {
                 $this->routedirectget('user', ['error' => 'change_password']);
             } else {
                 if($user->passwordhashed()) {
@@ -102,7 +102,7 @@ class Controlleruser extends Controller
                     $userupdate->hydrate($_POST);
                     if(empty($userupdate->id())) {
                         $this->routedirectget('user', ['error' => 'wrong_id']);
-                    } elseif (!empty($_POST['password']) && (empty($userupdate->password())  || $this->usermanager->passwordexist($userupdate->password()) || !$userupdate->validpassword())) {
+                    } elseif (!empty($_POST['password']) && (empty($userupdate->password())  || !$userupdate->validpassword())) {
                         $this->routedirectget('user', ['error' => 'password_unvalid']);
                     } elseif (empty($userupdate->level())) {
                         $this->routedirectget('user', ['error' => 'wrong_level']);
diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php
index 9ee04ba..3f459b2 100644
--- a/app/class/Modeluser.php
+++ b/app/class/Modeluser.php
@@ -126,14 +126,15 @@ class Modeluser extends Modeldb
     /**
      * Check if the password is used, and return by who
      * 
+     * @param string $userid user ID
      * @param string $pass password clear
      * 
-     * @return mixed User or false
+     * @return User|bool User or false
      */
-    public function passwordcheck(string $pass)
+    public function passwordcheck(string $userid, string $pass)
     {
-        $userdatalist = $this->getlister();
-        foreach ($userdatalist as $user) {
+        $user = $this->get($userid);
+        if ($user !== false) {
             if ($user->passwordhashed()) {
                 if (password_verify($pass, $user->password())) {
                     return $user;
@@ -141,28 +142,12 @@ class Modeluser extends Modeldb
             } else {
                 if ($user->password() === $pass) {
                     return $user;
-                }
+                }        
             }
         }
         return false;
     }
 
-    /**
-     * Return information if the password is already used or not
-     * 
-     * @param string $pass password clear
-     * 
-     * @return bool password exist or not
-     */
-    public function passwordexist(string $pass) : bool
-    {
-        if ($this->passwordcheck($pass) !== false) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
     /**
      * @param User $user
      * 
-- 
cgit v1.2.3


From c63a0228333e18fe2b1b84c29ab70af82698bdab Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Fri, 10 Apr 2020 15:33:21 +0200
Subject: user manage password close #69 users can change their passwords
 themself

---
 app/class/Application.php    |  2 +-
 app/class/Controlleruser.php |  3 +++
 app/class/Model.php          |  1 -
 app/class/User.php           | 18 ++++++++++++++----
 app/view/templates/user.php  | 21 ++++++++++++++++-----
 5 files changed, 34 insertions(+), 11 deletions(-)

(limited to 'app/class')

diff --git a/app/class/Application.php b/app/class/Application.php
index 4ddf37e..48d898c 100644
--- a/app/class/Application.php
+++ b/app/class/Application.php
@@ -129,7 +129,7 @@ class Application
         <h2>
         <label for="password">Your password</label>
         </h2>
-        <input type="password" name="userinit[password]" id="password" minlength="4" maxlength="64" required>
+        <input type="password" name="userinit[password]" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" required>
         <p><i>Your user passworder as first administrator.</i></p>
         </div>
         <input type="submit" value="set">
diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php
index b148f5b..1586679 100644
--- a/app/class/Controlleruser.php
+++ b/app/class/Controlleruser.php
@@ -33,6 +33,9 @@ class Controlleruser extends Controller
         if($this->user->iseditor()) {
             $user = $this->usermanager->get($this->user);
             $user->hydrate($_POST);
+            if ($_POST['passwordhash']) {
+                $user->hashpassword();
+            }
             $this->usermanager->add($user);
             $this->routedirect('user');
         } else {
diff --git a/app/class/Model.php b/app/class/Model.php
index 6a8f111..1d8d27a 100644
--- a/app/class/Model.php
+++ b/app/class/Model.php
@@ -88,7 +88,6 @@ abstract class Model
 	const TEXT_ELEMENTS = ['header', 'nav', 'main', 'aside', 'footer'];
 
 	const MAX_ID_LENGTH = 64;
-	const PASSWORD_HASH = true;
 	const PASSWORD_MIN_LENGTH = 4;
 	const PASSWORD_MAX_LENGTH = 32;
 
diff --git a/app/class/User.php b/app/class/User.php
index b735309..518b096 100644
--- a/app/class/User.php
+++ b/app/class/User.php
@@ -208,11 +208,21 @@ class User extends Item
 
 
 
-
-    public function hashpassword()
+    /**
+     * Hash the password and set `$passwordhashed` to true.
+     * 
+     * @return bool true in cas of success, otherwise false.
+     */
+    public function hashpassword() : bool
     {
-        $this->password = password_hash($this->password, PASSWORD_DEFAULT);
-        $this->passwordhashed = true;
+        $hashedpassword = password_hash($this->password, PASSWORD_DEFAULT);
+        if (!empty($hashedpassword)) {
+            $this->password = $hashedpassword;
+            $this->passwordhashed = true;
+            return true;
+        } else {
+            return false;
+        }
     }
 
     public function validpassword()
diff --git a/app/view/templates/user.php b/app/view/templates/user.php
index ca944fd..f77699d 100644
--- a/app/view/templates/user.php
+++ b/app/view/templates/user.php
@@ -1,4 +1,8 @@
-<?php $this->layout('layout', ['title' => 'user', 'stylesheets' => [$css . 'home.css']]) ?>
+<?php
+
+use Wcms\Model;
+
+$this->layout('layout', ['title' => 'user', 'stylesheets' => [$css . 'home.css']]) ?>
 
 
 <?php $this->start('page') ?>
@@ -37,7 +41,14 @@
                     <input type="number" name="cookie" value="<?= $getuser->cookie() ?>" id="cookie" min="0" max="365">
                     <label for="cookie">Cookie conservation time <i>(In days)</i></label>
                     <p>When you tick the <em>remember-me</em> checkbox during login, you can choose how much time <strong>W</strong> will remember you.</p>
-                    <input type="submit" value="submit">
+
+                    <input type="password" name="password" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>">
+                    <label for="password">New password</label>
+                    
+                    <input type="hidden" name="passwordhash" value="1">
+
+                    </br>
+                    <input type="submit" value="update">
                 </p>
                     
                 </form>
@@ -91,10 +102,10 @@
                 <tr>
                     <form action="<?= $this->url('useradd') ?>" method="post">
                     <td>
-                            <input type="text" name="id" maxlength="128" required>
+                            <input type="text" name="id" maxlength="<?= Wcms\Model::MAX_ID_LENGTH ?>" required>
                     </td>
                     <td>
-                        <input type="password" name="password" minlength="4" maxlength="64" required>
+                        <input type="password" name="password" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" required>
                     </td>
 
                     <td>
@@ -140,7 +151,7 @@
                     </td>
 
                     <td>
-                    <input type="password" name="password" minlength="4" maxlength="64" >
+                    <input type="password" name="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" >
                     </td>
 
                     <td>
-- 
cgit v1.2.3