Skip to content

Commit

Permalink
Merge pull request #152 from devplanete/patch-2
Browse files Browse the repository at this point in the history 
Update Login.php
  • Loading branch information
@panique
panique committed Aug 17, 2013
2 parents c01371f + 9deca3d commit 0cd7d52
Showing 1 changed file with 46 additions and 75 deletions.
121 changes: 46 additions & 75 deletions 2-advanced/classes/Login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,25 @@ public function __construct() {
}

}


private function databaseConnection() {
// connection already opened
if ($this->db_connection != null)
return true;
else {
// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno)
return true;
// otherwise, database connection failed
else {
$this->errors[] = "Database connection problem.";
return false;
}
}
}

private function loginWithSessionData() {

Expand All @@ -144,11 +162,8 @@ private function loginWithPostData() {
// if POST data (from login form) contains non-empty user_name and non-empty user_password
if (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {

// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// escape the POST stuff
$this->user_name = $this->db_connection->real_escape_string($_POST['user_name']);
Expand Down Expand Up @@ -225,11 +240,8 @@ private function loginWithPostData() {
$this->errors[] = "This user does not exist.";
}

} else {

$this->errors[] = "Database connection problem.";
}

} elseif (empty($_POST['user_name'])) {

$this->errors[] = "Username field was empty.";
Expand Down Expand Up @@ -278,11 +290,8 @@ public function editUserName() {
// TODO: maybe this pattern should also be implemented in Registration.php (or other way round)
elseif (!empty($_POST['user_name']) && preg_match("/^(?=.{2,64}$)[a-zA-Z][a-zA-Z0-9]*(?: [a-zA-Z0-9]+)*$/", $_POST['user_name'])) {

// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// escapin' this
$this->user_name = $this->db_connection->real_escape_string(htmlentities($_POST['user_name'], ENT_QUOTES));
Expand Down Expand Up @@ -314,12 +323,8 @@ public function editUserName() {

}

} else {

$this->errors[] = "Sorry, no database connection.";

}

} else {

$this->errors[] = "Sorry, your chosen username does not fit into the naming pattern.";
Expand All @@ -342,12 +347,8 @@ public function editUserEmail() {
// user mail cannot be empty and must be in email format
elseif (!empty($_POST['user_email']) && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {


// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// escapin' this
$this->user_email = $this->db_connection->real_escape_string(htmlentities($_POST['user_email'], ENT_QUOTES));
Expand All @@ -370,12 +371,8 @@ public function editUserEmail() {

}

} else {

$this->errors[] = "Sorry, no database connection.";

}

} else {

$this->errors[] = "Sorry, your chosen email does not fit into the naming pattern.";
Expand Down Expand Up @@ -406,12 +403,9 @@ public function editUserPassword() {
&& !empty($_POST['user_password_repeat'])
&& ($_POST['user_password_new'] === $_POST['user_password_repeat'])) {

// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// if database connection opened
if ($this->databaseConnection()) {

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {

// database query, getting hash of currently logged in user (to check with just provided password)
$check_for_right_password = $this->db_connection->query("SELECT user_password_hash FROM users WHERE user_id = '".$_SESSION['user_id']."';");

Expand Down Expand Up @@ -459,11 +453,8 @@ public function editUserPassword() {
$this->errors[] = "This user does not exist.";
}

} else {

$this->errors[] = "Database connection problem.";
}

}

}

}
Expand Down Expand Up @@ -500,13 +491,10 @@ public function setPasswordResetDatabaseToken() {

// generate random hash for email password reset verification (40 char string)
$this->user_password_reset_hash = sha1(uniqid(mt_rand(), true));

// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// TODO: this is not totally clean, as this is just the form provided username
$this->user_name = $this->db_connection->real_escape_string(htmlentities($_POST['user_name'], ENT_QUOTES));
$query_get_user_data = $this->db_connection->query("SELECT user_id, user_email FROM users WHERE user_name = '".$this->user_name."';");
Expand Down Expand Up @@ -543,11 +531,8 @@ public function setPasswordResetDatabaseToken() {

}

} else {

$this->errors[] = "Database connection problem.";
}

}

}

// return false (this method only returns true when the database entry has been set successfully)
Expand Down Expand Up @@ -614,13 +599,10 @@ public function sendPasswordResetMail() {
public function checkIfEmailVerificationCodeIsValid() {

if (!empty($_GET["user_name"]) && !empty($_GET["verification_code"])) {

// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// TODO: this is not totally clean, as this is just the form provided username
$this->user_name = $this->db_connection->real_escape_string(htmlentities($_GET['user_name'], ENT_QUOTES));
$this->user_password_reset_hash = $this->db_connection->real_escape_string(htmlentities($_GET['verification_code'], ENT_QUOTES));
Expand Down Expand Up @@ -654,12 +636,9 @@ public function checkIfEmailVerificationCodeIsValid() {
$this->errors[] = "This username does not exist.";

}

} else {

$this->errors[] = "Database connection problem.";
}


}

} else {

$this->errors[] = "Empty link parameter data.";
Expand All @@ -684,11 +663,8 @@ public function editNewPassword() {

if (strlen($_POST['user_password_new']) >= 6) {

// creating a database connection
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// if database connection opened
if ($this->databaseConnection()) {

// escapin' this, additionally removing everything that could be (html/javascript-) code
$this->user_name = $this->db_connection->real_escape_string(htmlentities($_POST['user_name'], ENT_QUOTES));
Expand Down Expand Up @@ -727,13 +703,8 @@ public function editNewPassword() {

}


} else {

$this->errors[] = "Sorry, no database connection.";

}

} else {

$this->errors[] = "Password too short, please request a new password reset.";
Expand Down

0 comments on commit 0cd7d52

Please sign in to comment.