serializes

5 years ago · 3b593a8490
parent 07d17b0a4d
commit 3b593a8490
3 changed files with 33 additions and 29 deletions
--- a/User.php
+++ b/User.php
@ -11,6 +11,10 @@ class User
    protected $db;
    public function __sleep(){
        return array('is_connected','external_id','id','display_name','auth_method','groups');
    }
    public function get_id()
    {
        if($this->is_connected){
@ -36,14 +40,12 @@ class User
    }
    public function set_db(PDO $db){
-        $this->$db = $db;
+        
        $this->db = $db;
    }
    public function __construct(PDO $db){
        $this->db = $db;
    }
 }
--- a/User_Manager.php
+++ b/User_Manager.php
@ -105,7 +105,7 @@ class User_Manager
            }
        }
-        $user = new User();
+        $user = new User($db);
        return $user;
    }
--- a/User_Sql.php
+++ b/User_Sql.php
@ -18,9 +18,11 @@ class User_Sql extends User {
            $stmt->bindParam(':admin', $adminInt);
            $stmt->bindParam(':active', $activeInt);
            $hashed_password = password_hash($password, PASSWORD_BCRYPT);
            $adminInt = $admin? 1 : 0;
-            $activeInt = $activeInt? 1 : 0;
+            $activeInt = $active? 1 : 0;
            $stmt->execute();
            return $db->lastInsertId(); 
@ -29,30 +31,30 @@ class User_Sql extends User {
        public function authentificate($login,$password)
        {
-            $sql =  
+            $stmt = $this->db->prepare(
-            "SELECT id,display_name,
+                "SELECT id,display_name,password
-            FROM users 
+                FROM users 
-            WHERE login='". mysqli_real_escape_string($this->db,$login) . "'
+                WHERE login=:login 
-            AND password=SHA2('". mysqli_real_escape_string($this->db,$password) . "',512)
+                AND active=1
-            AND auth_method='local';";
+                AND auth_method='local'"
-    
+            );
            $rs = $this->db->query($sql);
            if($r = $rs->fetch_array(MYSQLI_ASSOC)){
                $this->is_connected = true;
                $this->display_name = $r["display_name"];
                $this->id = $r['id'];
                $this->auth_method = 'sql';
-                return $this;
+            $stmt->bindParam(':login', $login);
            $stmt->execute();
            if($r = $stmt->fetch()){
-            }else{
+                    //check password
-                $this->is_connected = false;
+                if(password_verify($password,$r["password"])){
-                return false;
+                    $this->is_connected = true;
                    $this->display_name = $r["display_name"];
                    $this->id = $r['id'];
                    $this->auth_method = 'sql';
                    return $this;
                }
            }
-
+            $this->is_connected = false;
-            return false;
+            return $this;
        }
 }