mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 13:59:29 +00:00
Created account component
This commit is contained in:
parent
32f2d6bb0f
commit
ea5257c478
@ -28,7 +28,7 @@ class userController
|
|||||||
$userPassword = $_POST['userPassword'];
|
$userPassword = $_POST['userPassword'];
|
||||||
|
|
||||||
//Try to perform login
|
//Try to perform login
|
||||||
$loginTokens = CS::get()->components->user->generateUserLoginTokens($userMail, $userPassword, APIServiceID, $db);
|
$loginTokens = CS::get()->components->account->generateUserLoginTokens($userMail, $userPassword, APIServiceID, $db);
|
||||||
|
|
||||||
if(count($loginTokens) == 0)
|
if(count($loginTokens) == 0)
|
||||||
throw new RestException(401, "Invalid e-mail address / password !");
|
throw new RestException(401, "Invalid e-mail address / password !");
|
||||||
@ -53,7 +53,7 @@ class userController
|
|||||||
user_login_required();
|
user_login_required();
|
||||||
|
|
||||||
//Try to delete token
|
//Try to delete token
|
||||||
if(!CS::get()->components->user->deleteUserLoginToken(userID, APIServiceID))
|
if(!CS::get()->components->account->deleteUserLoginToken(userID, APIServiceID))
|
||||||
throw new RestException(500, "Something went wrong while trying to logout user !");
|
throw new RestException(500, "Something went wrong while trying to logout user !");
|
||||||
|
|
||||||
//Everything is ok
|
//Everything is ok
|
||||||
|
172
classes/components/account.php
Normal file
172
classes/components/account.php
Normal file
@ -0,0 +1,172 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* User account class
|
||||||
|
*
|
||||||
|
* @author Pierre HUBERT
|
||||||
|
*/
|
||||||
|
|
||||||
|
class Account {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var String $userTable The name of the user table
|
||||||
|
*/
|
||||||
|
const USER_TABLE = "utilisateurs";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var String $userLoginAPItable The name of the table that contains logins performed on the API
|
||||||
|
*/
|
||||||
|
private $userLoginAPItable = "";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Public constructor
|
||||||
|
*/
|
||||||
|
public function __construct(){
|
||||||
|
$this->userLoginAPItable = CS::get()->config->get("dbprefix")."API_userLoginToken";
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Try to login user with returning a service token
|
||||||
|
*
|
||||||
|
* @param string $email The e-mail address of the user
|
||||||
|
* @param string $password The password of the user
|
||||||
|
* @param int $serviceID The ID of the service
|
||||||
|
* @return array Tokens if success, false if fails
|
||||||
|
*/
|
||||||
|
public function generateUserLoginTokens(string $email, string $password, int $serviceID) : array{
|
||||||
|
//Try to find user ID in the database
|
||||||
|
$conditions = "WHERE mail = ? AND password = ?";
|
||||||
|
$values = array(
|
||||||
|
$email,
|
||||||
|
$this->cryptPassword($password)
|
||||||
|
);
|
||||||
|
$userInfos = CS::get()->db->select(Account::USER_TABLE, $conditions, $values);
|
||||||
|
|
||||||
|
//Check if there is anything
|
||||||
|
if(count($userInfos) == 0)
|
||||||
|
return array(); //Not any account was found
|
||||||
|
|
||||||
|
//Extract first value ID
|
||||||
|
$userID = $userInfos[0]['ID'];
|
||||||
|
|
||||||
|
//Check if any other token already exists
|
||||||
|
$existingTokens = $this->getUserLoginTokenByIDs($userID, $serviceID, CS::get()->db);
|
||||||
|
|
||||||
|
if(is_array($existingTokens)){
|
||||||
|
//Return result
|
||||||
|
return $existingTokens;
|
||||||
|
}
|
||||||
|
|
||||||
|
//Generate random tokens
|
||||||
|
$token1 = random_str(75);
|
||||||
|
$token2 = random_str(75);
|
||||||
|
|
||||||
|
//Insert token in the database
|
||||||
|
$tableName = $this->userLoginAPItable;
|
||||||
|
$insertValues = array(
|
||||||
|
"ID_utilisateurs" => $userID,
|
||||||
|
"ID_".CS::get()->config->get("dbprefix")."API_ServicesToken" => $serviceID,
|
||||||
|
"token1" => $token1,
|
||||||
|
"token2" => $token2
|
||||||
|
);
|
||||||
|
if(!CS::get()->db->addLine($tableName, $insertValues))
|
||||||
|
return array(); //Something went wrong
|
||||||
|
|
||||||
|
//We can return tokens
|
||||||
|
return array($token1, $token2);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get token with the help of userID and serviceID
|
||||||
|
*
|
||||||
|
* @param int $userID The ID of the user
|
||||||
|
* @param int $serviceID The ID of the service
|
||||||
|
* @return FALSE if it fails, or tokens if success
|
||||||
|
*/
|
||||||
|
private function getUserLoginTokenByIDs(int $userID, int $serviceID) {
|
||||||
|
//Prepare database request
|
||||||
|
$conditions = "WHERE ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?";
|
||||||
|
$values = array(
|
||||||
|
$userID,
|
||||||
|
$serviceID
|
||||||
|
);
|
||||||
|
$tokenInfos = CS::get()->db->select($this->userLoginAPItable, $conditions, $values);
|
||||||
|
|
||||||
|
if(count($tokenInfos) == 0)
|
||||||
|
return false; //There is nobody at this address
|
||||||
|
else {
|
||||||
|
//Return tokens
|
||||||
|
$token1 = $tokenInfos[0]['token1'];
|
||||||
|
$token2 = $tokenInfos[0]['token2'];
|
||||||
|
return array($token1, $token2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Delete token from given informations
|
||||||
|
*
|
||||||
|
* @param int $userID The ID of the user to delete
|
||||||
|
* @param string $serviceID The service ID
|
||||||
|
* @return bool False if it fails
|
||||||
|
*/
|
||||||
|
public function deleteUserLoginToken(int $userID, string $serviceID) : bool {
|
||||||
|
|
||||||
|
//Prepare database request
|
||||||
|
$condition = "ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?";
|
||||||
|
$values = array(
|
||||||
|
$userID,
|
||||||
|
$serviceID
|
||||||
|
);
|
||||||
|
|
||||||
|
//Try to perform request
|
||||||
|
if(!CS::get()->db->deleteEntry($this->userLoginAPItable, $condition, $values))
|
||||||
|
return false; //Something went wrong during the request
|
||||||
|
|
||||||
|
//Everything is ok
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get User ID from token
|
||||||
|
*
|
||||||
|
* @param int $serviceID The ID of the service
|
||||||
|
* @param array $tokens The user login tokens
|
||||||
|
* @return int User ID (0 for a failure)
|
||||||
|
*/
|
||||||
|
public function getUserIDfromToken(int $serviceID, array $tokens) : int {
|
||||||
|
//Check token number
|
||||||
|
if(count($tokens) != 2)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
//Prepare database request
|
||||||
|
$tablesName = $this->userLoginAPItable;
|
||||||
|
$conditions = "WHERE ".$this->userLoginAPItable.".ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ? AND ".$this->userLoginAPItable.".token1 = ? AND ".$this->userLoginAPItable.".token2 = ?";
|
||||||
|
$conditionsValues = array(
|
||||||
|
$serviceID,
|
||||||
|
$tokens[0],
|
||||||
|
$tokens[1]
|
||||||
|
);
|
||||||
|
|
||||||
|
//Perform request
|
||||||
|
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
||||||
|
|
||||||
|
//Check if result is correct or not
|
||||||
|
if(count($userInfos) == 0)
|
||||||
|
return 0; //No result
|
||||||
|
|
||||||
|
//Return ID
|
||||||
|
return $userInfos[0]["ID_utilisateurs"];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Crypt user password
|
||||||
|
*
|
||||||
|
* @param string $userPassword The password to crypt
|
||||||
|
* @return string The encrypted password
|
||||||
|
*/
|
||||||
|
public function cryptPassword(string $userPassword) : string {
|
||||||
|
return crypt(sha1($userPassword), sha1($userPassword));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
//Register class
|
||||||
|
Components::register("account", new Account());
|
@ -10,12 +10,7 @@ class User{
|
|||||||
/**
|
/**
|
||||||
* @var String $userTable The name of the user table
|
* @var String $userTable The name of the user table
|
||||||
*/
|
*/
|
||||||
private $userTable = "utilisateurs";
|
const USER_TABLE = "utilisateurs";
|
||||||
|
|
||||||
/**
|
|
||||||
* @var String $userLoginAPItable The name of the table that contains logins performed on the API
|
|
||||||
*/
|
|
||||||
private $userLoginAPItable = "";
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pages visiblity levels
|
* Pages visiblity levels
|
||||||
@ -29,143 +24,9 @@ class User{
|
|||||||
* Public constructor
|
* Public constructor
|
||||||
*/
|
*/
|
||||||
public function __construct(){
|
public function __construct(){
|
||||||
$this->userLoginAPItable = CS::get()->config->get("dbprefix")."API_userLoginToken";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Try to login user with returning a service token
|
|
||||||
*
|
|
||||||
* @param string $email The e-mail address of the user
|
|
||||||
* @param string $password The password of the user
|
|
||||||
* @param int $serviceID The ID of the service
|
|
||||||
* @return array Tokens if success, false if fails
|
|
||||||
*/
|
|
||||||
public function generateUserLoginTokens(string $email, string $password, int $serviceID) : array{
|
|
||||||
//Try to find user ID in the database
|
|
||||||
$conditions = "WHERE mail = ? AND password = ?";
|
|
||||||
$values = array(
|
|
||||||
$email,
|
|
||||||
$this->cryptPassword($password)
|
|
||||||
);
|
|
||||||
$userInfos = CS::get()->db->select($this->userTable, $conditions, $values);
|
|
||||||
|
|
||||||
//Check if there is anything
|
|
||||||
if(count($userInfos) == 0)
|
|
||||||
return array(); //Not any account was found
|
|
||||||
|
|
||||||
//Extract first value ID
|
|
||||||
$userID = $userInfos[0]['ID'];
|
|
||||||
|
|
||||||
//Check if any other token already exists
|
|
||||||
$existingTokens = $this->getUserLoginTokenByIDs($userID, $serviceID, CS::get()->db);
|
|
||||||
|
|
||||||
if(is_array($existingTokens)){
|
|
||||||
//Return result
|
|
||||||
return $existingTokens;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generate random tokens
|
|
||||||
$token1 = random_str(75);
|
|
||||||
$token2 = random_str(75);
|
|
||||||
|
|
||||||
//Insert token in the database
|
|
||||||
$tableName = $this->userLoginAPItable;
|
|
||||||
$insertValues = array(
|
|
||||||
"ID_utilisateurs" => $userID,
|
|
||||||
"ID_".CS::get()->config->get("dbprefix")."API_ServicesToken" => $serviceID,
|
|
||||||
"token1" => $token1,
|
|
||||||
"token2" => $token2
|
|
||||||
);
|
|
||||||
if(!CS::get()->db->addLine($tableName, $insertValues))
|
|
||||||
return array(); //Something went wrong
|
|
||||||
|
|
||||||
//We can return tokens
|
|
||||||
return array($token1, $token2);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get token with the help of userID and serviceID
|
|
||||||
*
|
|
||||||
* @param int $userID The ID of the user
|
|
||||||
* @param int $serviceID The ID of the service
|
|
||||||
* @return FALSE if it fails, or tokens if success
|
|
||||||
*/
|
|
||||||
private function getUserLoginTokenByIDs(int $userID, int $serviceID) {
|
|
||||||
//Prepare database request
|
|
||||||
$conditions = "WHERE ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?";
|
|
||||||
$values = array(
|
|
||||||
$userID,
|
|
||||||
$serviceID
|
|
||||||
);
|
|
||||||
$tokenInfos = CS::get()->db->select($this->userLoginAPItable, $conditions, $values);
|
|
||||||
|
|
||||||
if(count($tokenInfos) == 0)
|
|
||||||
return false; //There is nobody at this address
|
|
||||||
else {
|
|
||||||
//Return tokens
|
|
||||||
$token1 = $tokenInfos[0]['token1'];
|
|
||||||
$token2 = $tokenInfos[0]['token2'];
|
|
||||||
return array($token1, $token2);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Delete token from given informations
|
|
||||||
*
|
|
||||||
* @param int $userID The ID of the user to delete
|
|
||||||
* @param string $serviceID The service ID
|
|
||||||
* @return bool False if it fails
|
|
||||||
*/
|
|
||||||
public function deleteUserLoginToken(int $userID, string $serviceID) : bool {
|
|
||||||
|
|
||||||
//Prepare database request
|
|
||||||
$condition = "ID_utilisateurs = ? AND ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ?";
|
|
||||||
$values = array(
|
|
||||||
$userID,
|
|
||||||
$serviceID
|
|
||||||
);
|
|
||||||
|
|
||||||
//Try to perform request
|
|
||||||
if(!CS::get()->db->deleteEntry($this->userLoginAPItable, $condition, $values))
|
|
||||||
return false; //Something went wrong during the request
|
|
||||||
|
|
||||||
//Everything is ok
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get User ID from token
|
|
||||||
*
|
|
||||||
* @param int $serviceID The ID of the service
|
|
||||||
* @param array $tokens The user login tokens
|
|
||||||
* @return int User ID (0 for a failure)
|
|
||||||
*/
|
|
||||||
public function getUserIDfromToken(int $serviceID, array $tokens) : int {
|
|
||||||
//Check token number
|
|
||||||
if(count($tokens) != 2)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
//Prepare database request
|
|
||||||
$tablesName = $this->userLoginAPItable;
|
|
||||||
$conditions = "WHERE ".$this->userLoginAPItable.".ID_".CS::get()->config->get("dbprefix")."API_ServicesToken = ? AND ".$this->userLoginAPItable.".token1 = ? AND ".$this->userLoginAPItable.".token2 = ?";
|
|
||||||
$conditionsValues = array(
|
|
||||||
$serviceID,
|
|
||||||
$tokens[0],
|
|
||||||
$tokens[1]
|
|
||||||
);
|
|
||||||
|
|
||||||
//Perform request
|
|
||||||
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
|
||||||
|
|
||||||
//Check if result is correct or not
|
|
||||||
if(count($userInfos) == 0)
|
|
||||||
return 0; //No result
|
|
||||||
|
|
||||||
//Return ID
|
|
||||||
return $userInfos[0]["ID_utilisateurs"];
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get Single User Infos
|
* Get Single User Infos
|
||||||
*
|
*
|
||||||
@ -175,7 +36,7 @@ class User{
|
|||||||
*/
|
*/
|
||||||
public function getUserInfos(int $userID, bool $advanced = false) : array {
|
public function getUserInfos(int $userID, bool $advanced = false) : array {
|
||||||
//Prepare database request
|
//Prepare database request
|
||||||
$tablesName = $this->userTable;
|
$tablesName = self::USER_TABLE;
|
||||||
$conditions = "WHERE utilisateurs.ID = ?";
|
$conditions = "WHERE utilisateurs.ID = ?";
|
||||||
$conditionsValues = array(
|
$conditionsValues = array(
|
||||||
$userID*1,
|
$userID*1,
|
||||||
@ -200,7 +61,7 @@ class User{
|
|||||||
*/
|
*/
|
||||||
public function getMultipleUserInfos(array $usersID) : array {
|
public function getMultipleUserInfos(array $usersID) : array {
|
||||||
//Prepare database request
|
//Prepare database request
|
||||||
$tablesName = $this->userTable;
|
$tablesName = self::USER_TABLE;
|
||||||
$conditions = "WHERE (utilisateurs.ID < 0)";
|
$conditions = "WHERE (utilisateurs.ID < 0)";
|
||||||
$conditionsValues = array();
|
$conditionsValues = array();
|
||||||
|
|
||||||
@ -286,7 +147,7 @@ class User{
|
|||||||
public function updateLastActivity(int $userID) : bool{
|
public function updateLastActivity(int $userID) : bool{
|
||||||
|
|
||||||
//Perform a request on the database
|
//Perform a request on the database
|
||||||
$tableName = $this->userTable;
|
$tableName = self::USER_TABLE;
|
||||||
$conditions = "ID = ?";
|
$conditions = "ID = ?";
|
||||||
$whereValues = array(userID);
|
$whereValues = array(userID);
|
||||||
$modifs = array(
|
$modifs = array(
|
||||||
@ -308,7 +169,7 @@ class User{
|
|||||||
*/
|
*/
|
||||||
public function exists(int $userID) : bool {
|
public function exists(int $userID) : bool {
|
||||||
//Perform a request on the database
|
//Perform a request on the database
|
||||||
$tableName = $this->userTable;
|
$tableName = self::USER_TABLE;
|
||||||
$condition = "WHERE ID = ?";
|
$condition = "WHERE ID = ?";
|
||||||
$condValues = array($userID);
|
$condValues = array($userID);
|
||||||
$requiredFields = array("ID");
|
$requiredFields = array("ID");
|
||||||
@ -333,7 +194,7 @@ class User{
|
|||||||
public function findByFolder(string $folder) : int {
|
public function findByFolder(string $folder) : int {
|
||||||
|
|
||||||
//Perform a request on the database
|
//Perform a request on the database
|
||||||
$tableName = $this->userTable;
|
$tableName = self::USER_TABLE;
|
||||||
$condition = "WHERE sous_repertoire = ?";
|
$condition = "WHERE sous_repertoire = ?";
|
||||||
$condValues = array($folder);
|
$condValues = array($folder);
|
||||||
$requiredFields = array("ID");
|
$requiredFields = array("ID");
|
||||||
@ -367,7 +228,7 @@ class User{
|
|||||||
public function getVisibility(int $userID) : int {
|
public function getVisibility(int $userID) : int {
|
||||||
|
|
||||||
//Perform a request on the database
|
//Perform a request on the database
|
||||||
$tableName = $this->userTable;
|
$tableName = self::USER_TABLE;
|
||||||
$condition = "WHERE ID = ?";
|
$condition = "WHERE ID = ?";
|
||||||
$condValues = array($userID);
|
$condValues = array($userID);
|
||||||
|
|
||||||
@ -482,7 +343,7 @@ class User{
|
|||||||
|
|
||||||
//Perform the request
|
//Perform the request
|
||||||
$result = CS::get()->db->select(
|
$result = CS::get()->db->select(
|
||||||
$this->userTable,
|
self::USER_TABLE,
|
||||||
$conditions,
|
$conditions,
|
||||||
$condValues,
|
$condValues,
|
||||||
$fields
|
$fields
|
||||||
@ -511,7 +372,7 @@ class User{
|
|||||||
|
|
||||||
//Perform the request
|
//Perform the request
|
||||||
$result = CS::get()->db->select(
|
$result = CS::get()->db->select(
|
||||||
$this->userTable,
|
self::USER_TABLE,
|
||||||
$conditions,
|
$conditions,
|
||||||
$condValues,
|
$condValues,
|
||||||
$fields
|
$fields
|
||||||
@ -525,16 +386,6 @@ class User{
|
|||||||
return $result[0]["liste_amis_publique"] == 1;
|
return $result[0]["liste_amis_publique"] == 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Crypt user password
|
|
||||||
*
|
|
||||||
* @param string $userPassword The password to crypt
|
|
||||||
* @return string The encrypted password
|
|
||||||
*/
|
|
||||||
public function cryptPassword(string $userPassword) : string {
|
|
||||||
return crypt(sha1($userPassword), sha1($userPassword));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//Register class
|
//Register class
|
||||||
|
@ -53,7 +53,7 @@ else {
|
|||||||
//Check if login tokens where specified
|
//Check if login tokens where specified
|
||||||
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
|
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
|
||||||
//Try to login user
|
//Try to login user
|
||||||
$userID = $cs->components->user->getUserIDfromToken(APIServiceID, array(
|
$userID = $cs->components->account->getUserIDfromToken(APIServiceID, array(
|
||||||
$_POST['userToken1'],
|
$_POST['userToken1'],
|
||||||
$_POST['userToken2']
|
$_POST['userToken2']
|
||||||
));
|
));
|
||||||
|
Loading…
Reference in New Issue
Block a user