standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-09 16:20:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add password login option for some users, and further refinements to artwork management system

Browse source
This commit is contained in:
Alex Cabal 2024-01-06 19:10:52 -06:00
parent 8a1b11b815
commit 5a1c05d8c5
22 changed files with 234 additions and 150 deletions
Download patch file Download diff file Expand all files Collapse all files

24
lib/User.php
View file

@ -12,6 +12,7 @@ class User extends PropertiesBase{
public $Email;
public $Created;
public $Uuid;
public $PasswordHash;
protected $_IsRegistered = null;
protected $_Payments = null;
protected $_Benefits = null;
@ -73,19 +74,25 @@ class User extends PropertiesBase{
// METHODS
// *******
public function Create(): void{
public function Create(?string $password = null): void{
$uuid = Uuid::uuid4();
$this->Uuid = $uuid->toString();
$this->Created = new DateTime();
$this->PasswordHash = null;
if($password !== null){
$this->PasswordHash = password_hash($password, PASSWORD_DEFAULT);
}
try{
Db::Query('
INSERT into Users (Email, Name, Uuid, Created)
INSERT into Users (Email, Name, Uuid, Created, PasswordHash)
values (?,
?,
?,
?,
?)
', [$this->Email, $this->Name, $this->Uuid, $this->Created]);
', [$this->Email, $this->Name, $this->Uuid, $this->Created, $this->PasswordHash]);
}
catch(PDOException $ex){
if(($ex->errorInfo[1] ?? 0) == 1062){
@ -137,7 +144,7 @@ class User extends PropertiesBase{
return $result[0];
}
public static function GetIfRegistered(?string $identifier): User{
public static function GetIfRegistered(?string $identifier, ?string $password = null): User{
// We consider a user "registered" if they have a row in the Benefits table.
// Emails without that row may only be signed up for the newsletter and thus are not "registered" users
// The identifier is either an email or a UUID (api key)
@ -157,6 +164,15 @@ class User extends PropertiesBase{
throw new Exceptions\InvalidUserException();
}
if($result[0]->PasswordHash !== null && $password === null){
// Indicate that a password is required before we log in
throw new Exceptions\PasswordRequiredException();
}
if($result[0]->PasswordHash !== null && !password_verify($password ?? '', $result[0]->PasswordHash)){
throw new Exceptions\InvalidUserException();
}
return $result[0];
}
}