Changed user login strategy

RestControllers/userController.php

@@ -71,15 +71,10 @@ class userController
 	 * @return array The result
 	 */
 	public function getCurrentUserInfosWithTokens() : array{
-		//Check variables sent in request (for login)
-		if(!isset($_POST['token1']) OR !isset($_POST['token2']))
-			throw new RestException(401, "Missing tokens !");
-
-		//Preparing data
-		$tokens = array($_POST['token1'], $_POST['token2']);
+		user_login_required();
 
 		//Try to get user infos from token
-		$userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID);
+		$userInfos = CS::get()->user->getUserInfos(userID);
 		
 		//Check if response is empty
 		if(count($userInfos) == 0)
@@ -95,10 +90,9 @@ class userController
 	 * @url POST /user/getCurrentUserID
 	 */
 	public function getCurrentUserIDUsingTokens(){
-		  //Get user infos
-		  $userInfos = $this->getCurrentUserInfosWithTokens();
+		user_login_required();
 
 		//Return userID
-		  return array("userID" => $userInfos[0]["userID"]);
+		return array("userID" => userID);
 	}
 }

classes/tokens.php

@@ -8,16 +8,16 @@
 class Tokens{
 	
 	/**
-	 * Check request tokens
+	 * Check request client tokens
 	 *
 	 * @return Boolean Depends of the validity of the tokens
 	 */
-	public function checkRequestTokens(){
+	public function checkClientRequestTokens(){
 		if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
 			return false; //No token specified
 		
 		//Check tokens
-		if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken']))
+		if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken']))
 			return false;
 
 		//Save service ID in a constant
@@ -28,13 +28,13 @@ class Tokens{
 	}
 
 	/**
-	 * Check API credentials (tokens)
+	 * Check client API credentials (tokens)
 	 *
 	 * @param 	String 	    $serviceName 	The name of the service
 	 * @param 	String  	$token 		 	The service's token
 	 * @return 	Boolean 			    	False or Tokens ID / Depending of validity of credentials
 	 */
-	private function validateTokens($serviceName, $token){
+	private function validateClientTokens($serviceName, $token){
 		//Prepare DataBase request
 		$tableName = "API_ServicesToken";
 		$conditions = "WHERE serviceName = ? AND token = ?";

classes/user.php

@@ -64,7 +64,7 @@ class User{
 	 * @param Integer $serviceID The ID of the service
 	 * @return False if it fails, or tokens if success
 	 */
-	function getUserLoginTokenByIDs($userID, $serviceID){
+	public function getUserLoginTokenByIDs($userID, $serviceID){
 		//Prepare database request
 		$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
 		$values = array(
@@ -90,7 +90,7 @@ class User{
 	 * @param String $serviceID The service ID
 	 * @return Boolean False if it fails
 	 */
-	function deleteUserLoginToken(array $tokens, $serviceID){
+	public function deleteUserLoginToken(array $tokens, $serviceID){
 		//Check the number of given tokens
 		if(count($tokens) != 2)
 			return false;
@@ -112,20 +112,20 @@ class User{
 	}
 
 	/**
-	 * Get User Infos from token
+	 * Get User ID from token
 	 *
 	 * @param Array $tokens The user login tokens
 	 * @param String $serviceID The ID of the service
-	 * @return Array The result of the function (empty one if it fails)
+	 * @return Integer User ID (0 for a failure)
 	 */
-	function getUserInfosFromToken(array $tokens, $serviceID): array {
+	public function getUserIDfromToken($serviceID, array $tokens){
 		//Check token number
 		if(count($tokens) != 2)
-			return array();
+			return 0;
 		
 		//Prepare database request
-		$tablesName = "utilisateurs, API_userLoginToken";
-		$conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
+		$tablesName = "API_userLoginToken";
+		$conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
 		$conditionsValues = array(
 			$serviceID,
 			$tokens[0],
@@ -135,24 +135,53 @@ class User{
 		//Perform request
 		$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
 		
+		//Check if result is correct or not
+		if(count($userInfos) == 0)
+			return 0; //No result
+
+		//Return ID
+		return $userInfos[0]["ID_utilisateurs"];
+	}
+	
+
+	/**
+	 * Get User Infos
+	 *
+	 * @param Integer $userID The user ID
+	 * @return Array The result of the function (user informations) (empty one if it fails)
+	 */
+	public function getUserInfos($userID): array {
+		//Prepare database request
+		$tablesName = "utilisateurs";
+		$conditions = "WHERE utilisateurs.ID = ?";
+		$conditionsValues = array(
+			$userID*1,
+		);
+		
+		//Perform request
+		$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
+		
 		//Check if result is correct or not
 		if(count($userInfos) == 0)
 			return array(); //No result
 		
 		//Prepare return
 		$return = array();
-		$return['userID'] = $userInfos[0]['ID_utilisateurs'];
+		$return['userID'] = $userInfos[0]['ID'];
 		$return['firstName'] = $userInfos[0]['nom'];
 		$return['lastName'] = $userInfos[0]['prenom'];
-		$return['mailAdress'] = $userInfos[0]['mail'];
 		$return['accountCreationDate'] = $userInfos[0]['date_creation'];
 		$return['publicPage'] = $userInfos[0]['public'];
 		$return['openPage'] = $userInfos[0]['pageouverte'];
-		$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
 		$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
+		$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
 		$return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
 		$return['personnalWebsite'] = $userInfos[0]['site_web'];
-		$return['publicFriendList'] = $userInfos[0]['liste_amis_publique'];
+		$return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique'];
+
+		//Only the user may get its mail address
+		if(userID === $userID)
+			$return['mailAdress'] = $userInfos[0]['mail'];
 
 		//Return result
 		return $return;

functions/user.php

@@ -0,0 +1,21 @@
+<?php
+/**
+ * User functions
+ *
+ * @author Pierre HUBERT
+ */
+
+/**
+ * A function that check login information are specified,
+ * else it quit the scripts because of missing login
+ *
+ * @return Boolean True for a success
+ */
+function user_login_required(){
+    if(!defined("userID")){
+        Rest_fatal_error(401, "This function requires user to be logged in!");
+    }
+
+    //User logged in
+    return true;
+}

index.php

@@ -27,13 +27,29 @@ header("Access-Control-Allow-Origin: *");
 if(!isset($_GET["format"]))
 	$_GET['format'] = "json";
 
-//Check tokens
+//Check client tokens
 if($cs->config->get("site_mode") == "debug"){
 	$_POST['serviceName'] = "testService";
 	$_POST['serviceToken'] = "testPasswd";
 }
-if(!$cs->tokens->checkRequestTokens())
-	Rest_fatal_error(401, "Please check your tokens!");
+if(!$cs->tokens->checkClientRequestTokens())
+	Rest_fatal_error(401, "Please check your client tokens!");
+
+//Check if login tokens where specified
+if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
+	//Try to login user
+	$userID = $cs->user->getUserIDfromToken(APIServiceID, array(
+		$_POST['userToken1'],
+		$_POST['userToken2']
+	));
+
+	if($userID < 1){
+		Rest_fatal_error(401, "Please check your login tokens!");
+	}
+
+	//Else save userID
+	define("userID", $userID);
+}
 
 /**
  * Handle Rest requests