Can check user password in $_POST request

This commit is contained in:
Pierre 2018-04-18 18:49:29 +02:00
parent c5c3076c67
commit fd86f954c4
2 changed files with 49 additions and 3 deletions

View File

@ -198,6 +198,32 @@ class AccountComponent {
return CS::get()->db->addLine(self::USER_TABLE, $values); return CS::get()->db->addLine(self::USER_TABLE, $values);
} }
/**
* Check if a password is valid for a user
*
* @param int $userID Target user ID : The ID of the user to check
* @param string $password The password to check
* @return bool TRUE if the password is valid / FALSE else
*/
public function checkUserPassword(int $userID, string $password){
//Crypt password
$password = $this->cryptPassword($password);
//Prepare request over the database
$conditions = array(
"ID" => $userID,
"password" => $password
);
$data = CS::get()->db->splitConditionsArray($conditions);
$sql_conds = "WHERE ".$data[0];
$values = $data[1];
//Perform request and return result
return CS::get()->db->count(self::USER_TABLE, $sql_conds, $values) > 0;
}
/** /**
* Crypt user password * Crypt user password
* *

View File

@ -9,9 +9,9 @@
* A function that check login information are specified, * A function that check login information are specified,
* else it quit the scripts because of missing login * else it quit the scripts because of missing login
* *
* @return Boolean True for a success * @return bool True for a success
*/ */
function user_login_required() : bool{ function user_login_required() : bool {
if(!user_signed_in()){ if(!user_signed_in()){
Rest_fatal_error(401, "This function requires user to be logged in!"); Rest_fatal_error(401, "This function requires user to be logged in!");
} }
@ -23,7 +23,7 @@ function user_login_required() : bool{
/** /**
* Check wether the user is signed in or not * Check wether the user is signed in or not
* *
* @return TRUE if user is signed in / FALSE else * @return bool TRUE if user is signed in / FALSE else
*/ */
function user_signed_in() : bool { function user_signed_in() : bool {
@ -38,4 +38,24 @@ function user_signed_in() : bool {
//User seems to be signed in //User seems to be signed in
return true; return true;
}
/**
* Check the validity of a password provided in a $_POST request
*
* @param int $userID The ID of the user to check
* @param string $name The name of the POST field containing the password
* @return bool TRUE in case of success / (stop by default in case of failure)
*/
function check_post_password(int $userID, string $name) : bool {
//Get POST field
$password = postString($name, 2);
//Check the password
if(!components()->account->checkUserPassword($userID, $password))
Rest_fatal_error(401, "The password is invalid!");
//Else the password seems to be valid
return TRUE;
} }