From 6ec0981b0a1b64c06172d89fca3205cd3e069bde Mon Sep 17 00:00:00 2001
From: Yasen Pramatarov <yasen@lindeas.com>
Date: Fri, 13 Sep 2024 13:49:17 +0300
Subject: [PATCH] Fixes bugs and cleans up the code

---
 app/classes/user.php            | 49 +++++++++++++++++++++++++++++----
 app/pages/login.php             |  3 +-
 app/pages/register.php          |  9 ++++--
 app/templates/form-register.php |  2 +-
 app/templates/page-menu.php     |  2 +-
 public_html/index.php           | 21 +++++++-------
 6 files changed, 64 insertions(+), 22 deletions(-)

diff --git a/app/classes/user.php b/app/classes/user.php
index 9c2e11e..9d0333e 100644
--- a/app/classes/user.php
+++ b/app/classes/user.php
@@ -9,12 +9,51 @@ class User {
 
     // registration
     public function register($username, $password) {
-        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-        $query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
-        $query->bindParam(':username', $username);
-        $query->bindParam(':password', $hashedPassword);
+        try {
+            // we have two inserts, start a transaction
+            $this->db->beginTransaction();
 
-        return $query->execute();
+            // hash the password, don't store it plain
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+            // insert into users table
+            $sql = 'INSERT
+                        INTO users (username, password)
+                        VALUES (:username, :password)';
+            $query = $this->db->prepare($sql);
+            $query->bindValue(':username', $username);
+            $query->bindValue(':password', $hashedPassword);
+
+            // execute the first query
+            if (!$query->execute()) {
+                // rollback on error
+                $this->db->rollBack();
+                return false;
+            }
+
+            // insert the last user id into users_meta table
+            $sql2 = 'INSERT
+                        INTO users_meta (user_id)
+                        VALUES (:user_id)';
+            $query2 = $this->db->prepare($sql2);
+            $query2->bindValue(':user_id', $this->db->lastInsertId());
+
+            // execute the second query
+            if (!$query2->execute()) {
+                // rollback on error
+                $this->db->rollBack();
+                return false;
+            }
+
+            // if all is OK, commit the transaction
+            $this->db->commit();
+            return true;
+
+        } catch (Exception $e) {
+            // rollback on any error
+            $this->db->rollBack();
+            return $e->getMessage();
+        }
     }
 
     // login
diff --git a/app/pages/login.php b/app/pages/login.php
index ebb34f0..2694cbb 100644
--- a/app/pages/login.php
+++ b/app/pages/login.php
@@ -1,7 +1,5 @@
 <?php
 
-require '../app/classes/user.php';
-
 // clear the global error var before login
 unset($error);
 
@@ -10,6 +8,7 @@ try {
     // connect to database
     $dbWeb = connectDB($config);
 
+    require '../app/classes/user.php';
     $userObject = new User($dbWeb);
 
     if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
diff --git a/app/pages/register.php b/app/pages/register.php
index a07575b..e23345b 100644
--- a/app/pages/register.php
+++ b/app/pages/register.php
@@ -17,20 +17,23 @@ if ($config['registration_enabled'] === true) {
             $username = $_POST['username'];
             $password = $_POST['password'];
 
+            // registering
+            $result = $userObject->register($username, $password);
+
             // redirect to login
-            if ( $userObject->register($username, $password) ) {
+            if ($result === true) {
                 $_SESSION['notice'] = "Registration successful.<br />You can log in now.";
                 header('Location: index.php');
                 exit();
             // registration fail, redirect to login
             } else {
-                $_SESSION['error'] = "Registration failed.";
+                $_SESSION['error'] = "Registration failed. $result";
                 header('Location: index.php');
                 exit();
             }
         }
     } catch (Exception $e) {
-        $error = getError('There was an unexpected error. Please try again.', $e->getMessage());
+        $error = $e->getMessage();
     }
 
     include '../app/templates/block-message.php';
diff --git a/app/templates/form-register.php b/app/templates/form-register.php
index 5a72c16..f95a36d 100644
--- a/app/templates/form-register.php
+++ b/app/templates/form-register.php
@@ -3,7 +3,7 @@
             <h2 class="card-header">Register</h2>
             <div class="card-body">
                 <p class="card-text">Enter credentials for registration:</p>
-                <form method="POST" action="<?php= $app_root ?>?page=register">
+                <form method="POST" action="<?= $app_root ?>?page=register">
                     <input type="text" name="username" placeholder="Username" required autofocus />
                     <br />
                     <input type="password" name="password" placeholder="Password" required />
diff --git a/app/templates/page-menu.php b/app/templates/page-menu.php
index 0b8b18f..ae5b45d 100644
--- a/app/templates/page-menu.php
+++ b/app/templates/page-menu.php
@@ -25,7 +25,7 @@
 
             <ul class="menu-right">
 <?php if ( isset($_SESSION['username']) ) { ?>
-                <li><a href="<?= $app_root ?>?page=profile"><?= $user ?></a></li>
+                <li><a href="<?= $app_root ?>?page=profile"><?= $currentUser ?></a></li>
                 <li><a href="<?= $app_root ?>?page=logout">logout</a></li>
 <?php } else { ?>
                 <li><a href="<?= $app_root ?>?page=login">login</a></li>
diff --git a/public_html/index.php b/public_html/index.php
index c35d815..1995186 100644
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -131,14 +131,15 @@ if ($page == 'logout') {
 } else {
 
     // if user is logged in, we need user details and rights
-    require '../app/classes/user.php';
-    include '../app/helpers/profile.php';
-    $userObject = new User($dbWeb);
-    $user = $currentUser;
-    $user_id = $userObject->getUserId($user)[0]['id'];
-    $userDetails = $userObject->getUserDetails($user_id);
-    $userRights = $userObject->getUserRights($user_id);
-    $userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
+    if (isset($currentUser)) {
+        require '../app/classes/user.php';
+        include '../app/helpers/profile.php';
+        $userObject = new User($dbWeb);
+        $user_id = $userObject->getUserId($currentUser)[0]['id'];
+        $userDetails = $userObject->getUserDetails($user_id);
+        $userRights = $userObject->getUserRights($user_id);
+        $userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
+    }
 
     // page building
     if (in_array($page, $allowed_urls)) {
@@ -147,7 +148,7 @@ if ($page == 'logout') {
         include '../app/templates/page-header.php';
         include '../app/templates/page-menu.php';
         include '../app/templates/block-message.php';
-        if (isset($user)) {
+        if (isset($currentUser)) {
             include '../app/templates/page-sidebar.php';
         }
         include "../app/pages/{$page}.php";
@@ -159,7 +160,7 @@ if ($page == 'logout') {
         include '../app/templates/page-header.php';
         include '../app/templates/page-menu.php';
         include '../app/templates/block-message.php';
-        if (isset($user)) {
+        if (isset($currentUser)) {
             include '../app/templates/page-sidebar.php';
         }
         include '../app/pages/front.php';