Can check user password in $_POST request

2025-11-04 04:04:20 +00:00 · 2018-04-18 18:49:29 +02:00
parent c5c3076c67
commit fd86f954c4
2 changed files with 49 additions and 3 deletions
--- a/classes/components/AccountComponent.php
+++ b/classes/components/AccountComponent.php
@@ -198,6 +198,32 @@ class AccountComponent {
 		return CS::get()->db->addLine(self::USER_TABLE, $values);
 	}

+	/**
+	 * Check if a password is valid for a user
+	 * 
+	 * @param int $userID Target user ID : The ID of the user to check
+	 * @param string $password The password to check
+	 * @return bool TRUE if the password is valid / FALSE else
+	 */
+	public function checkUserPassword(int $userID, string $password){
+
+		//Crypt password
+		$password = $this->cryptPassword($password);
+
+		//Prepare request over the database
+		$conditions = array(
+			"ID" => $userID,
+			"password" => $password
+		);
+
+		$data = CS::get()->db->splitConditionsArray($conditions);
+		$sql_conds = "WHERE ".$data[0];
+		$values = $data[1];
+
+		//Perform request and return result
+		return CS::get()->db->count(self::USER_TABLE, $sql_conds, $values) > 0;
+	}
+
 	/**
 	 * Crypt user password
 	 *
--- a/functions/user.php
+++ b/functions/user.php
@@ -9,7 +9,7 @@
 * A function that check login information are specified,
 * else it quit the scripts because of missing login
 *
- * @return Boolean True for a success
+ * @return bool True for a success
 */
 function user_login_required() : bool {
    if(!user_signed_in()){
@@ -23,7 +23,7 @@ function user_login_required() : bool{
 /**
 * Check wether the user is signed in or not
 *
- * @return TRUE if user is signed in / FALSE else
+ * @return bool TRUE if user is signed in / FALSE else
 */
 function user_signed_in() : bool {

@@ -39,3 +39,23 @@ function user_signed_in() : bool {
    return true;

 }
+
+/**
+ * Check the validity of a password provided in a $_POST request
+ * 
+ * @param int $userID The ID of the user to check
+ * @param string $name The name of the POST field containing the password
+ * @return bool TRUE in case of success / (stop by default in case of failure)
+ */
+function check_post_password(int $userID, string $name) : bool {
+
+    //Get POST field
+    $password = postString($name, 2);
+
+    //Check the password
+    if(!components()->account->checkUserPassword($userID, $password))
+        Rest_fatal_error(401, "The password is invalid!");
+    
+    //Else the password seems to be valid
+    return TRUE;
+}