lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

Fixes bugs and cleans up the code

main
Yasen Pramatarov 2024-09-13 13:49:17 +03:00
parent e0eee38726
commit 6ec0981b0a
6 changed files with 64 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
app/classes/user.php
View File

@ -9,12 +9,51 @@ class User {
// registration
public function register($username, $password) {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$query = $this->db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
$query->bindParam(':username', $username);
$query->bindParam(':password', $hashedPassword);
try {
// we have two inserts, start a transaction
$this->db->beginTransaction();
return $query->execute();
// hash the password, don't store it plain
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
// insert into users table
$sql = 'INSERT
INTO users (username, password)
VALUES (:username, :password)';
$query = $this->db->prepare($sql);
$query->bindValue(':username', $username);
$query->bindValue(':password', $hashedPassword);
// execute the first query
if (!$query->execute()) {
// rollback on error
$this->db->rollBack();
return false;
}
// insert the last user id into users_meta table
$sql2 = 'INSERT
INTO users_meta (user_id)
VALUES (:user_id)';
$query2 = $this->db->prepare($sql2);
$query2->bindValue(':user_id', $this->db->lastInsertId());
// execute the second query
if (!$query2->execute()) {
// rollback on error
$this->db->rollBack();
return false;
}
// if all is OK, commit the transaction
$this->db->commit();
return true;
} catch (Exception $e) {
// rollback on any error
$this->db->rollBack();
return $e->getMessage();
}
}
// login

3
app/pages/login.php
View File

@ -1,7 +1,5 @@
<?php
require '../app/classes/user.php';
// clear the global error var before login
unset($error);
@ -10,6 +8,7 @@ try {
// connect to database
$dbWeb = connectDB($config);
require '../app/classes/user.php';
$userObject = new User($dbWeb);
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

9
app/pages/register.php
View File

@ -17,20 +17,23 @@ if ($config['registration_enabled'] === true) {
$username = $_POST['username'];
$password = $_POST['password'];
// registering
$result = $userObject->register($username, $password);
// redirect to login
if ( $userObject->register($username, $password) ) {
if ($result === true) {
$_SESSION['notice'] = "Registration successful.<br />You can log in now.";
header('Location: index.php');
exit();
// registration fail, redirect to login
} else {
$_SESSION['error'] = "Registration failed.";
$_SESSION['error'] = "Registration failed. $result";
header('Location: index.php');
exit();
}
}
} catch (Exception $e) {
$error = getError('There was an unexpected error. Please try again.', $e->getMessage());
$error = $e->getMessage();
}
include '../app/templates/block-message.php';

2
app/templates/form-register.php
View File

@ -3,7 +3,7 @@
<h2 class="card-header">Register</h2>
<div class="card-body">
<p class="card-text">Enter credentials for registration:</p>
<form method="POST" action="<?php= $app_root ?>?page=register">
<form method="POST" action="<?= $app_root ?>?page=register">
<input type="text" name="username" placeholder="Username" required autofocus />
<br />
<input type="password" name="password" placeholder="Password" required />

2
app/templates/page-menu.php
View File

@ -25,7 +25,7 @@
<ul class="menu-right">
<?php if ( isset($_SESSION['username']) ) { ?>
<li><a href="<?= $app_root ?>?page=profile"><?= $user ?></a></li>
<li><a href="<?= $app_root ?>?page=profile"><?= $currentUser ?></a></li>
<li><a href="<?= $app_root ?>?page=logout">logout</a></li>
<?php } else { ?>
<li><a href="<?= $app_root ?>?page=login">login</a></li>

21
public_html/index.php
View File

@ -131,14 +131,15 @@ if ($page == 'logout') {
} else {
// if user is logged in, we need user details and rights
require '../app/classes/user.php';
include '../app/helpers/profile.php';
$userObject = new User($dbWeb);
$user = $currentUser;
$user_id = $userObject->getUserId($user)[0]['id'];
$userDetails = $userObject->getUserDetails($user_id);
$userRights = $userObject->getUserRights($user_id);
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
if (isset($currentUser)) {
require '../app/classes/user.php';
include '../app/helpers/profile.php';
$userObject = new User($dbWeb);
$user_id = $userObject->getUserId($currentUser)[0]['id'];
$userDetails = $userObject->getUserDetails($user_id);
$userRights = $userObject->getUserRights($user_id);
$userTimezone = isset($userDetails[0]['timezone']) ? $userDetails[0]['timezone'] : 'UTC'; // Default to UTC if no timezone is set
}
// page building
if (in_array($page, $allowed_urls)) {
@ -147,7 +148,7 @@ if ($page == 'logout') {
include '../app/templates/page-header.php';
include '../app/templates/page-menu.php';
include '../app/templates/block-message.php';
if (isset($user)) {
if (isset($currentUser)) {
include '../app/templates/page-sidebar.php';
}
include "../app/pages/{$page}.php";
@ -159,7 +160,7 @@ if ($page == 'logout') {
include '../app/templates/page-header.php';
include '../app/templates/page-menu.php';
include '../app/templates/block-message.php';
if (isset($user)) {
if (isset($currentUser)) {
include '../app/templates/page-sidebar.php';
}
include '../app/pages/front.php';