Fixes bugs and cleans up the code

main
Yasen Pramatarov 2024-09-13 13:49:17 +03:00
parent e0eee38726
commit 6ec0981b0a
6 changed files with 64 additions and 22 deletions

View File

@ -9,12 +9,51 @@ class User {
// registration // registration
public function register($username, $password) { public function register($username, $password) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT); try {
$query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)"); // we have two inserts, start a transaction
$query->bindParam(':username', $username); $this->db->beginTransaction();
$query->bindParam(':password', $hashedPassword);
return $query->execute(); // hash the password, don't store it plain
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// insert into users table
$sql = 'INSERT
INTO users (username, password)
VALUES (:username, :password)';
$query = $this->db->prepare($sql);
$query->bindValue(':username', $username);
$query->bindValue(':password', $hashedPassword);
// execute the first query
if (!$query->execute()) {
// rollback on error
$this->db->rollBack();
return false;
}
// insert the last user id into users_meta table
$sql2 = 'INSERT
INTO users_meta (user_id)
VALUES (:user_id)';
$query2 = $this->db->prepare($sql2);
$query2->bindValue(':user_id', $this->db->lastInsertId());
// execute the second query
if (!$query2->execute()) {
// rollback on error
$this->db->rollBack();
return false;
}
// if all is OK, commit the transaction
$this->db->commit();
return true;
} catch (Exception $e) {
// rollback on any error
$this->db->rollBack();
return $e->getMessage();
}
} }
// login // login

View File

@ -1,7 +1,5 @@
<?php <?php
require '../app/classes/user.php';
// clear the global error var before login // clear the global error var before login
unset($error); unset($error);
@ -10,6 +8,7 @@ try {
// connect to database // connect to database
$dbWeb = connectDB($config); $dbWeb = connectDB($config);
require '../app/classes/user.php';
$userObject = new User($dbWeb); $userObject = new User($dbWeb);
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) { if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

View File

@ -17,20 +17,23 @@ if ($config['registration_enabled'] === true) {
$username = $_POST['username']; $username = $_POST['username'];
$password = $_POST['password']; $password = $_POST['password'];
// registering
$result = $userObject->register($username, $password);
// redirect to login // redirect to login
if ( $userObject->register($username, $password) ) { if ($result === true) {
$_SESSION['notice'] = "Registration successful.<br />You can log in now."; $_SESSION['notice'] = "Registration successful.<br />You can log in now.";
header('Location: index.php'); header('Location: index.php');
exit(); exit();
// registration fail, redirect to login // registration fail, redirect to login
} else { } else {
$_SESSION['error'] = "Registration failed."; $_SESSION['error'] = "Registration failed. $result";
header('Location: index.php'); header('Location: index.php');
exit(); exit();
} }
} }
} catch (Exception $e) { } catch (Exception $e) {
$error = getError('There was an unexpected error. Please try again.', $e->getMessage()); $error = $e->getMessage();
} }
include '../app/templates/block-message.php'; include '../app/templates/block-message.php';

View File

@ -3,7 +3,7 @@
<h2 class="card-header">Register</h2> <h2 class="card-header">Register</h2>
<div class="card-body"> <div class="card-body">
<p class="card-text">Enter credentials for registration:</p> <p class="card-text">Enter credentials for registration:</p>
<form method="POST" action="<?php= $app_root ?>?page=register"> <form method="POST" action="<?= $app_root ?>?page=register">
<input type="text" name="username" placeholder="Username" required autofocus /> <input type="text" name="username" placeholder="Username" required autofocus />
<br /> <br />
<input type="password" name="password" placeholder="Password" required /> <input type="password" name="password" placeholder="Password" required />

View File

@ -25,7 +25,7 @@
<ul class="menu-right"> <ul class="menu-right">
<?php if ( isset($_SESSION['username']) ) { ?> <?php if ( isset($_SESSION['username']) ) { ?>
<li><a href="<?= $app_root ?>?page=profile"><?= $user ?></a></li> <li><a href="<?= $app_root ?>?page=profile"><?= $currentUser ?></a></li>
<li><a href="<?= $app_root ?>?page=logout">logout</a></li> <li><a href="<?= $app_root ?>?page=logout">logout</a></li>
<?php } else { ?> <?php } else { ?>
<li><a href="<?= $app_root ?>?page=login">login</a></li> <li><a href="<?= $app_root ?>?page=login">login</a></li>

View File

@ -131,14 +131,15 @@ if ($page == 'logout') {
} else { } else {
// if user is logged in, we need user details and rights // if user is logged in, we need user details and rights
if (isset($currentUser)) {
require '../app/classes/user.php'; require '../app/classes/user.php';
include '../app/helpers/profile.php'; include '../app/helpers/profile.php';
$userObject = new User($dbWeb); $userObject = new User($dbWeb);
$user = $currentUser; $user_id = $userObject->getUserId($currentUser)[0]['id'];
$user_id = $userObject->getUserId($user)[0]['id'];
$userDetails = $userObject->getUserDetails($user_id); $userDetails = $userObject->getUserDetails($user_id);
$userRights = $userObject->getUserRights($user_id); $userRights = $userObject->getUserRights($user_id);
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set $userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
}
// page building // page building
if (in_array($page, $allowed_urls)) { if (in_array($page, $allowed_urls)) {
@ -147,7 +148,7 @@ if ($page == 'logout') {
include '../app/templates/page-header.php'; include '../app/templates/page-header.php';
include '../app/templates/page-menu.php'; include '../app/templates/page-menu.php';
include '../app/templates/block-message.php'; include '../app/templates/block-message.php';
if (isset($user)) { if (isset($currentUser)) {
include '../app/templates/page-sidebar.php'; include '../app/templates/page-sidebar.php';
} }
include "../app/pages/{$page}.php"; include "../app/pages/{$page}.php";
@ -159,7 +160,7 @@ if ($page == 'logout') {
include '../app/templates/page-header.php'; include '../app/templates/page-header.php';
include '../app/templates/page-menu.php'; include '../app/templates/page-menu.php';
include '../app/templates/block-message.php'; include '../app/templates/block-message.php';
if (isset($user)) { if (isset($currentUser)) {
include '../app/templates/page-sidebar.php'; include '../app/templates/page-sidebar.php';
} }
include '../app/pages/front.php'; include '../app/pages/front.php';