From ea5257c4785e6627c970daad1dadaff6d1793522 Mon Sep 17 00:00:00 2001 From: Pierre Date: Wed, 11 Apr 2018 10:45:22 +0200 Subject: [PATCH] Created account component --- RestControllers/userController.php | 4 +- classes/components/account.php | 172 +++++++++++++++++++++++++++++ classes/components/user.php | 167 ++-------------------------- classes/comunicAPI.php | 2 +- index.php | 2 +- 5 files changed, 185 insertions(+), 162 deletions(-) create mode 100644 classes/components/account.php diff --git a/RestControllers/userController.php b/RestControllers/userController.php index b38743c..0d79ad9 100644 --- a/RestControllers/userController.php +++ b/RestControllers/userController.php @@ -28,7 +28,7 @@ class userController $userPassword = $_POST['userPassword']; //Try to perform login - $loginTokens = CS::get()->components->user->generateUserLoginTokens($userMail, $userPassword, APIServiceID, $db); + $loginTokens = CS::get()->components->account->generateUserLoginTokens($userMail, $userPassword, APIServiceID, $db); if(count($loginTokens) == 0) throw new RestException(401, "Invalid e-mail address / password !"); @@ -53,7 +53,7 @@ class userController user_login_required(); //Try to delete token - if(!CS::get()->components->user->deleteUserLoginToken(userID, APIServiceID)) + if(!CS::get()->components->account->deleteUserLoginToken(userID, APIServiceID)) throw new RestException(500, "Something went wrong while trying to logout user !"); //Everything is ok diff --git a/classes/components/account.php b/classes/components/account.php new file mode 100644 index 0000000..6e8c567 --- /dev/null +++ b/classes/components/account.php @@ -0,0 +1,172 @@ +userLoginAPItable = CS::get()->config->get("dbprefix")."API_userLoginToken"; + } + + /** + * Try to login user with returning a service token + * + * @param string $email The e-mail address of the user + * @param string $password The password of the user + * @param int $serviceID The ID of the service + * @return array Tokens if success, false if fails + */ + public function generateUserLoginTokens(string $email, string $password, int $serviceID) : array{ + //Try to find user ID in the database + $conditions = "WHERE mail = ? AND password = ?"; + $values = array( + $email, + $this->cryptPassword($password) + ); + $userInfos = CS::get()->db->select(Account::USER_TABLE, $conditions, $values); + + //Check if there is anything + if(count($userInfos) == 0) + return array(); //Not any account was found + + //Extract first value ID + $userID = $userInfos[0]['ID']; + + //Check if any other token already exists + $existingTokens = $this->getUserLoginTokenByIDs($userID, $serviceID, CS::get()->db); + + if(is_array($existingTokens)){ + //Return result + return $existingTokens; + } + + //Generate random tokens + $token1 = random_str(75); + $token2 = random_str(75); + + //Insert token in the database + $tableName = $this->userLoginAPItable; + $insertValues = array( + "ID_utilisateurs" => $userID, + "ID_".CS::get()->config->get("dbprefix")."API_ServicesToken" => $serviceID, + "token1" => $token1, + "token2" => $token2 + ); + if(!CS::get()->db->addLine($tableName, $insertValues)) + return array(); //Something went wrong + + //We can return tokens + return array($token1, $token2); + } + + /** + * Get token with the help of userID and serviceID + * + * @param int $userID The ID of the user + * @param int $serviceID The ID of the service + * @return FALSE if it fails, or tokens if success + */ + private function getUserLoginTokenByIDs(int $userID, int $serviceID) { + //Prepare database request + $conditions = "WHERE ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?"; + $values = array( + $userID, + $serviceID + ); + $tokenInfos = CS::get()->db->select($this->userLoginAPItable, $conditions, $values); + + if(count($tokenInfos) == 0) + return false; //There is nobody at this address + else { + //Return tokens + $token1 = $tokenInfos[0]['token1']; + $token2 = $tokenInfos[0]['token2']; + return array($token1, $token2); + } + } + + /** + * Delete token from given informations + * + * @param int $userID The ID of the user to delete + * @param string $serviceID The service ID + * @return bool False if it fails + */ + public function deleteUserLoginToken(int $userID, string $serviceID) : bool { + + //Prepare database request + $condition = "ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?"; + $values = array( + $userID, + $serviceID + ); + + //Try to perform request + if(!CS::get()->db->deleteEntry($this->userLoginAPItable, $condition, $values)) + return false; //Something went wrong during the request + + //Everything is ok + return true; + } + + /** + * Get User ID from token + * + * @param int $serviceID The ID of the service + * @param array $tokens The user login tokens + * @return int User ID (0 for a failure) + */ + public function getUserIDfromToken(int $serviceID, array $tokens) : int { + //Check token number + if(count($tokens) != 2) + return 0; + + //Prepare database request + $tablesName = $this->userLoginAPItable; + $conditions = "WHERE ".$this->userLoginAPItable.".ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ? AND ".$this->userLoginAPItable.".token1 = ? AND ".$this->userLoginAPItable.".token2 = ?"; + $conditionsValues = array( + $serviceID, + $tokens[0], + $tokens[1] + ); + + //Perform request + $userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues); + + //Check if result is correct or not + if(count($userInfos) == 0) + return 0; //No result + + //Return ID + return $userInfos[0]["ID_utilisateurs"]; + } + + /** + * Crypt user password + * + * @param string $userPassword The password to crypt + * @return string The encrypted password + */ + public function cryptPassword(string $userPassword) : string { + return crypt(sha1($userPassword), sha1($userPassword)); + } +} + +//Register class +Components::register("account", new Account()); \ No newline at end of file diff --git a/classes/components/user.php b/classes/components/user.php index 3ed8719..ada7faf 100644 --- a/classes/components/user.php +++ b/classes/components/user.php @@ -10,12 +10,7 @@ class User{ /** * @var String $userTable The name of the user table */ - private $userTable = "utilisateurs"; - - /** - * @var String $userLoginAPItable The name of the table that contains logins performed on the API - */ - private $userLoginAPItable = ""; + const USER_TABLE = "utilisateurs"; /** * Pages visiblity levels @@ -29,143 +24,9 @@ class User{ * Public constructor */ public function __construct(){ - $this->userLoginAPItable = CS::get()->config->get("dbprefix")."API_userLoginToken"; - } - - /** - * Try to login user with returning a service token - * - * @param string $email The e-mail address of the user - * @param string $password The password of the user - * @param int $serviceID The ID of the service - * @return array Tokens if success, false if fails - */ - public function generateUserLoginTokens(string $email, string $password, int $serviceID) : array{ - //Try to find user ID in the database - $conditions = "WHERE mail = ? AND password = ?"; - $values = array( - $email, - $this->cryptPassword($password) - ); - $userInfos = CS::get()->db->select($this->userTable, $conditions, $values); - - //Check if there is anything - if(count($userInfos) == 0) - return array(); //Not any account was found - //Extract first value ID - $userID = $userInfos[0]['ID']; - - //Check if any other token already exists - $existingTokens = $this->getUserLoginTokenByIDs($userID, $serviceID, CS::get()->db); - - if(is_array($existingTokens)){ - //Return result - return $existingTokens; - } - - //Generate random tokens - $token1 = random_str(75); - $token2 = random_str(75); - - //Insert token in the database - $tableName = $this->userLoginAPItable; - $insertValues = array( - "ID_utilisateurs" => $userID, - "ID_".CS::get()->config->get("dbprefix")."API_ServicesToken" => $serviceID, - "token1" => $token1, - "token2" => $token2 - ); - if(!CS::get()->db->addLine($tableName, $insertValues)) - return array(); //Something went wrong - - //We can return tokens - return array($token1, $token2); - } - - /** - * Get token with the help of userID and serviceID - * - * @param int $userID The ID of the user - * @param int $serviceID The ID of the service - * @return FALSE if it fails, or tokens if success - */ - private function getUserLoginTokenByIDs(int $userID, int $serviceID) { - //Prepare database request - $conditions = "WHERE ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?"; - $values = array( - $userID, - $serviceID - ); - $tokenInfos = CS::get()->db->select($this->userLoginAPItable, $conditions, $values); - - if(count($tokenInfos) == 0) - return false; //There is nobody at this address - else { - //Return tokens - $token1 = $tokenInfos[0]['token1']; - $token2 = $tokenInfos[0]['token2']; - return array($token1, $token2); - } - } - - /** - * Delete token from given informations - * - * @param int $userID The ID of the user to delete - * @param string $serviceID The service ID - * @return bool False if it fails - */ - public function deleteUserLoginToken(int $userID, string $serviceID) : bool { - - //Prepare database request - $condition = "ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?"; - $values = array( - $userID, - $serviceID - ); - - //Try to perform request - if(!CS::get()->db->deleteEntry($this->userLoginAPItable, $condition, $values)) - return false; //Something went wrong during the request - - //Everything is ok - return true; - } - - /** - * Get User ID from token - * - * @param int $serviceID The ID of the service - * @param array $tokens The user login tokens - * @return int User ID (0 for a failure) - */ - public function getUserIDfromToken(int $serviceID, array $tokens) : int { - //Check token number - if(count($tokens) != 2) - return 0; - - //Prepare database request - $tablesName = $this->userLoginAPItable; - $conditions = "WHERE ".$this->userLoginAPItable.".ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ? AND ".$this->userLoginAPItable.".token1 = ? AND ".$this->userLoginAPItable.".token2 = ?"; - $conditionsValues = array( - $serviceID, - $tokens[0], - $tokens[1] - ); - - //Perform request - $userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues); - - //Check if result is correct or not - if(count($userInfos) == 0) - return 0; //No result - - //Return ID - return $userInfos[0]["ID_utilisateurs"]; } - /** * Get Single User Infos * @@ -175,7 +36,7 @@ class User{ */ public function getUserInfos(int $userID, bool $advanced = false) : array { //Prepare database request - $tablesName = $this->userTable; + $tablesName = self::USER_TABLE; $conditions = "WHERE utilisateurs.ID = ?"; $conditionsValues = array( $userID*1, @@ -200,7 +61,7 @@ class User{ */ public function getMultipleUserInfos(array $usersID) : array { //Prepare database request - $tablesName = $this->userTable; + $tablesName = self::USER_TABLE; $conditions = "WHERE (utilisateurs.ID < 0)"; $conditionsValues = array(); @@ -286,7 +147,7 @@ class User{ public function updateLastActivity(int $userID) : bool{ //Perform a request on the database - $tableName = $this->userTable; + $tableName = self::USER_TABLE; $conditions = "ID = ?"; $whereValues = array(userID); $modifs = array( @@ -308,7 +169,7 @@ class User{ */ public function exists(int $userID) : bool { //Perform a request on the database - $tableName = $this->userTable; + $tableName = self::USER_TABLE; $condition = "WHERE ID = ?"; $condValues = array($userID); $requiredFields = array("ID"); @@ -333,7 +194,7 @@ class User{ public function findByFolder(string $folder) : int { //Perform a request on the database - $tableName = $this->userTable; + $tableName = self::USER_TABLE; $condition = "WHERE sous_repertoire = ?"; $condValues = array($folder); $requiredFields = array("ID"); @@ -367,7 +228,7 @@ class User{ public function getVisibility(int $userID) : int { //Perform a request on the database - $tableName = $this->userTable; + $tableName = self::USER_TABLE; $condition = "WHERE ID = ?"; $condValues = array($userID); @@ -482,7 +343,7 @@ class User{ //Perform the request $result = CS::get()->db->select( - $this->userTable, + self::USER_TABLE, $conditions, $condValues, $fields @@ -511,7 +372,7 @@ class User{ //Perform the request $result = CS::get()->db->select( - $this->userTable, + self::USER_TABLE, $conditions, $condValues, $fields @@ -525,16 +386,6 @@ class User{ return $result[0]["liste_amis_publique"] == 1; } - /** - * Crypt user password - * - * @param string $userPassword The password to crypt - * @return string The encrypted password - */ - public function cryptPassword(string $userPassword) : string { - return crypt(sha1($userPassword), sha1($userPassword)); - } - } //Register class diff --git a/classes/comunicAPI.php b/classes/comunicAPI.php index 9a91116..db7c996 100644 --- a/classes/comunicAPI.php +++ b/classes/comunicAPI.php @@ -5,7 +5,7 @@ * @author Pierre HUBERT */ -class CS{ +class CS { /** * @var CS $instance Instance object copy diff --git a/index.php b/index.php index caf80d4..2b31f4a 100644 --- a/index.php +++ b/index.php @@ -53,7 +53,7 @@ else { //Check if login tokens where specified if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){ //Try to login user - $userID = $cs->components->user->getUserIDfromToken(APIServiceID, array( + $userID = $cs->components->account->getUserIDfromToken(APIServiceID, array( $_POST['userToken1'], $_POST['userToken2'] ));