Fixes bugs and cleans up the code
parent
e0eee38726
commit
6ec0981b0a
|
@ -9,12 +9,51 @@ class User {
|
||||||
|
|
||||||
// registration
|
// registration
|
||||||
public function register($username, $password) {
|
public function register($username, $password) {
|
||||||
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
try {
|
||||||
$query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
|
// we have two inserts, start a transaction
|
||||||
$query->bindParam(':username', $username);
|
$this->db->beginTransaction();
|
||||||
$query->bindParam(':password', $hashedPassword);
|
|
||||||
|
|
||||||
return $query->execute();
|
// hash the password, don't store it plain
|
||||||
|
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
|
||||||
|
|
||||||
|
// insert into users table
|
||||||
|
$sql = 'INSERT
|
||||||
|
INTO users (username, password)
|
||||||
|
VALUES (:username, :password)';
|
||||||
|
$query = $this->db->prepare($sql);
|
||||||
|
$query->bindValue(':username', $username);
|
||||||
|
$query->bindValue(':password', $hashedPassword);
|
||||||
|
|
||||||
|
// execute the first query
|
||||||
|
if (!$query->execute()) {
|
||||||
|
// rollback on error
|
||||||
|
$this->db->rollBack();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// insert the last user id into users_meta table
|
||||||
|
$sql2 = 'INSERT
|
||||||
|
INTO users_meta (user_id)
|
||||||
|
VALUES (:user_id)';
|
||||||
|
$query2 = $this->db->prepare($sql2);
|
||||||
|
$query2->bindValue(':user_id', $this->db->lastInsertId());
|
||||||
|
|
||||||
|
// execute the second query
|
||||||
|
if (!$query2->execute()) {
|
||||||
|
// rollback on error
|
||||||
|
$this->db->rollBack();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// if all is OK, commit the transaction
|
||||||
|
$this->db->commit();
|
||||||
|
return true;
|
||||||
|
|
||||||
|
} catch (Exception $e) {
|
||||||
|
// rollback on any error
|
||||||
|
$this->db->rollBack();
|
||||||
|
return $e->getMessage();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// login
|
// login
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../app/classes/user.php';
|
|
||||||
|
|
||||||
// clear the global error var before login
|
// clear the global error var before login
|
||||||
unset($error);
|
unset($error);
|
||||||
|
|
||||||
|
@ -10,6 +8,7 @@ try {
|
||||||
// connect to database
|
// connect to database
|
||||||
$dbWeb = connectDB($config);
|
$dbWeb = connectDB($config);
|
||||||
|
|
||||||
|
require '../app/classes/user.php';
|
||||||
$userObject = new User($dbWeb);
|
$userObject = new User($dbWeb);
|
||||||
|
|
||||||
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
||||||
|
|
|
@ -17,20 +17,23 @@ if ($config['registration_enabled'] === true) {
|
||||||
$username = $_POST['username'];
|
$username = $_POST['username'];
|
||||||
$password = $_POST['password'];
|
$password = $_POST['password'];
|
||||||
|
|
||||||
|
// registering
|
||||||
|
$result = $userObject->register($username, $password);
|
||||||
|
|
||||||
// redirect to login
|
// redirect to login
|
||||||
if ( $userObject->register($username, $password) ) {
|
if ($result === true) {
|
||||||
$_SESSION['notice'] = "Registration successful.<br />You can log in now.";
|
$_SESSION['notice'] = "Registration successful.<br />You can log in now.";
|
||||||
header('Location: index.php');
|
header('Location: index.php');
|
||||||
exit();
|
exit();
|
||||||
// registration fail, redirect to login
|
// registration fail, redirect to login
|
||||||
} else {
|
} else {
|
||||||
$_SESSION['error'] = "Registration failed.";
|
$_SESSION['error'] = "Registration failed. $result";
|
||||||
header('Location: index.php');
|
header('Location: index.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$error = getError('There was an unexpected error. Please try again.', $e->getMessage());
|
$error = $e->getMessage();
|
||||||
}
|
}
|
||||||
|
|
||||||
include '../app/templates/block-message.php';
|
include '../app/templates/block-message.php';
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<h2 class="card-header">Register</h2>
|
<h2 class="card-header">Register</h2>
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
<p class="card-text">Enter credentials for registration:</p>
|
<p class="card-text">Enter credentials for registration:</p>
|
||||||
<form method="POST" action="<?php= $app_root ?>?page=register">
|
<form method="POST" action="<?= $app_root ?>?page=register">
|
||||||
<input type="text" name="username" placeholder="Username" required autofocus />
|
<input type="text" name="username" placeholder="Username" required autofocus />
|
||||||
<br />
|
<br />
|
||||||
<input type="password" name="password" placeholder="Password" required />
|
<input type="password" name="password" placeholder="Password" required />
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
|
|
||||||
<ul class="menu-right">
|
<ul class="menu-right">
|
||||||
<?php if ( isset($_SESSION['username']) ) { ?>
|
<?php if ( isset($_SESSION['username']) ) { ?>
|
||||||
<li><a href="<?= $app_root ?>?page=profile"><?= $user ?></a></li>
|
<li><a href="<?= $app_root ?>?page=profile"><?= $currentUser ?></a></li>
|
||||||
<li><a href="<?= $app_root ?>?page=logout">logout</a></li>
|
<li><a href="<?= $app_root ?>?page=logout">logout</a></li>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
<li><a href="<?= $app_root ?>?page=login">login</a></li>
|
<li><a href="<?= $app_root ?>?page=login">login</a></li>
|
||||||
|
|
|
@ -131,14 +131,15 @@ if ($page == 'logout') {
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// if user is logged in, we need user details and rights
|
// if user is logged in, we need user details and rights
|
||||||
|
if (isset($currentUser)) {
|
||||||
require '../app/classes/user.php';
|
require '../app/classes/user.php';
|
||||||
include '../app/helpers/profile.php';
|
include '../app/helpers/profile.php';
|
||||||
$userObject = new User($dbWeb);
|
$userObject = new User($dbWeb);
|
||||||
$user = $currentUser;
|
$user_id = $userObject->getUserId($currentUser)[0]['id'];
|
||||||
$user_id = $userObject->getUserId($user)[0]['id'];
|
|
||||||
$userDetails = $userObject->getUserDetails($user_id);
|
$userDetails = $userObject->getUserDetails($user_id);
|
||||||
$userRights = $userObject->getUserRights($user_id);
|
$userRights = $userObject->getUserRights($user_id);
|
||||||
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
|
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
|
||||||
|
}
|
||||||
|
|
||||||
// page building
|
// page building
|
||||||
if (in_array($page, $allowed_urls)) {
|
if (in_array($page, $allowed_urls)) {
|
||||||
|
@ -147,7 +148,7 @@ if ($page == 'logout') {
|
||||||
include '../app/templates/page-header.php';
|
include '../app/templates/page-header.php';
|
||||||
include '../app/templates/page-menu.php';
|
include '../app/templates/page-menu.php';
|
||||||
include '../app/templates/block-message.php';
|
include '../app/templates/block-message.php';
|
||||||
if (isset($user)) {
|
if (isset($currentUser)) {
|
||||||
include '../app/templates/page-sidebar.php';
|
include '../app/templates/page-sidebar.php';
|
||||||
}
|
}
|
||||||
include "../app/pages/{$page}.php";
|
include "../app/pages/{$page}.php";
|
||||||
|
@ -159,7 +160,7 @@ if ($page == 'logout') {
|
||||||
include '../app/templates/page-header.php';
|
include '../app/templates/page-header.php';
|
||||||
include '../app/templates/page-menu.php';
|
include '../app/templates/page-menu.php';
|
||||||
include '../app/templates/block-message.php';
|
include '../app/templates/block-message.php';
|
||||||
if (isset($user)) {
|
if (isset($currentUser)) {
|
||||||
include '../app/templates/page-sidebar.php';
|
include '../app/templates/page-sidebar.php';
|
||||||
}
|
}
|
||||||
include '../app/pages/front.php';
|
include '../app/pages/front.php';
|
||||||
|
|
Loading…
Reference in New Issue