Work on login, and exception on database-error
parent
2f394e530f
commit
b5fb90d290
|
@ -43,7 +43,8 @@ class Auth {
|
|||
$expire = $stayLoggedIn?30:0; // if "stay logged in", stay logged in for 30 days.
|
||||
|
||||
$updateUserSQL = "INSERT INTO user_login (user_id, ckey, ctime, expire, agent) VALUES (?, ?, ?, ?, ?);";
|
||||
if(DB::query($updateUserSQL, $dbUserId, $userKey, time(), $expire, $md5agent)){
|
||||
try {
|
||||
DB::query($updateUserSQL, $dbUserId, $userKey, time(), $expire, $md5agent);
|
||||
$_SESSION['user_id'] = $dbUserId;
|
||||
$_SESSION['user_name'] = $dbUserName;
|
||||
$_SESSION['user_agent'] = $md5agent;
|
||||
|
@ -54,8 +55,8 @@ class Auth {
|
|||
}
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
$err[] = "Failed to login.\n".$db->error;
|
||||
catch(DatabaseException $e){
|
||||
$err[] = "Failed to login.\n".$e;
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -25,18 +25,35 @@ class DB {
|
|||
return self::$instance;
|
||||
}
|
||||
|
||||
public static function escape($input): string {
|
||||
return DB::getInstance()->db->real_escape_string($input);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseException
|
||||
*/
|
||||
public static function query($sql, ...$params){
|
||||
return self::doQuery(0, $sql, ...$params);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseException
|
||||
*/
|
||||
public static function queryTest($sql, ...$params){
|
||||
return self::doQuery(1, $sql, ...$params);
|
||||
}
|
||||
|
||||
/**
|
||||
* Never @throws DatabaseException
|
||||
*/
|
||||
|
||||
public static function queryPreview($sql, ...$params){
|
||||
return self::doQuery(2, $sql, ...$params);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws DatabaseException
|
||||
*/
|
||||
private static function doQuery($mode, $sql, ...$params){
|
||||
/*
|
||||
Modes:
|
||||
|
@ -74,9 +91,20 @@ class DB {
|
|||
}
|
||||
|
||||
$stmt = $db->db->prepare($sql);
|
||||
$stmt->bind_param($types, ...$params);
|
||||
$stmt->execute();
|
||||
if(
|
||||
$stmt === false ||
|
||||
$stmt->bind_param($types, ...$params) === false ||
|
||||
$stmt->execute() === false
|
||||
){
|
||||
throw new DatabaseException($db->db->error);
|
||||
}
|
||||
|
||||
return $stmt->get_result();
|
||||
}
|
||||
}
|
||||
|
||||
class DatabaseException extends Exception {
|
||||
public function __construct($message = "", $code = 0, Throwable $previous = null){
|
||||
parent::__construct($message, $code, $previous);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
<?php
|
||||
|
||||
class Utils {
|
||||
|
||||
public static function filter($input){
|
||||
|
||||
if(gettype($input) !== "array"){
|
||||
$input = trim(htmlentities(strip_tags($input)));
|
||||
|
||||
return DB::escape($input);
|
||||
}
|
||||
else {
|
||||
foreach($input as $key => $value){
|
||||
$input[$key] = filter($value);
|
||||
}
|
||||
|
||||
return $input;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -12,6 +12,8 @@ class WebPage {
|
|||
public $navbar;
|
||||
public $loggedIn = false;
|
||||
public $pr = ""; // project root
|
||||
public $err = array();
|
||||
public $msg = array();
|
||||
|
||||
|
||||
public function __construct(){
|
||||
|
|
|
@ -5,16 +5,13 @@ require_once '../Router.php';
|
|||
class LoginPage extends WebPage {
|
||||
public $pagekey = "login";
|
||||
public $title = "PaperBag - Plan & Execute Your Shopping";
|
||||
public $returnToPage = "/";
|
||||
|
||||
function load(){
|
||||
$returnToPage = $_POST['referrerPage'] ?? $_SESSION['pre-auth'] ?? explode($_SERVER['HTTP_HOST'], $_SERVER['HTTP_REFERER'])[1];
|
||||
|
||||
// TODO: check if returntopage is an auth-changing page (e.g: login / register, and if so don't redirect there!
|
||||
|
||||
$this->msg[] = $returnToPage;
|
||||
$this->findReturnPage();
|
||||
|
||||
if(Auth::checkLogin(true)){
|
||||
header("Location: ".$returnToPage);
|
||||
header("Location: ".$this->returnToPage);
|
||||
}
|
||||
|
||||
if(isset($_GET['thank'])){
|
||||
|
@ -22,53 +19,43 @@ class LoginPage extends WebPage {
|
|||
}
|
||||
|
||||
if(isset($_POST) && !empty($_POST)){
|
||||
$data = [];
|
||||
$this->doPost();
|
||||
}
|
||||
}
|
||||
|
||||
foreach($_POST as $key => $value){
|
||||
if(($data[$key] = filter($value)) === false){
|
||||
print_r($value);
|
||||
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
|
||||
}
|
||||
}
|
||||
private function findReturnPage(){
|
||||
if(isset($_POST['referrerPage'])){
|
||||
$this->returnToPage = $_POST['referrerPage'];
|
||||
}
|
||||
elseif(isset($_SESSION['pre-auth'])){
|
||||
$this->returnToPage = $_SESSION['pre-auth'];
|
||||
}
|
||||
elseif(isset($_SERVER['HTTP_REFERER'])){
|
||||
$this->returnToPage = explode($_SERVER['HTTP_HOST'], $_SERVER['HTTP_REFERER'])[1];
|
||||
}
|
||||
|
||||
$stayLoggedIn = isset($_POST['stayLoggedIn']);
|
||||
$err = Auth::loginWithCredentials($data['loginEmail'], $data['loginPwd'], $stayLoggedIn);
|
||||
if($err === true){
|
||||
header("Location: ".$returnToPage);
|
||||
die();
|
||||
if(in_array($this->returnToPage, array("login", "logout", "register"))){
|
||||
$this->returnToPage = $this->pr."/";
|
||||
}
|
||||
}
|
||||
|
||||
private function doPost(){
|
||||
$data = [];
|
||||
|
||||
foreach($_POST as $key => $value){
|
||||
if(($data[$key] = Utils::filter($value)) === false){
|
||||
echo "Failed to sanitize: `".$key."`: ".$value." \t-\t type: ".gettype($value)."\n";
|
||||
}
|
||||
}
|
||||
|
||||
$stayLoggedIn = isset($_POST['stayLoggedIn']);
|
||||
$err = Auth::loginWithCredentials($data['loginEmail'], $data['loginPwd'], $stayLoggedIn);
|
||||
if($err === true){
|
||||
header("Location: ".$this->returnToPage);
|
||||
die();
|
||||
}
|
||||
$this->err = $err;
|
||||
}
|
||||
}
|
||||
|
||||
$a = new LoginPage();
|
||||
|
||||
|
||||
|
||||
|
||||
//require 'webdata/init.php';
|
||||
|
||||
/*$returnToPage = "./";
|
||||
if(isset($_GET['return'])){
|
||||
$returnToPage = $_GET['return'];
|
||||
}
|
||||
elseif(isset($_POST['referrerPage'])){
|
||||
$returnToPage = $_POST['referrerPage'];
|
||||
}
|
||||
elseif(isset($_SERVER['HTTP_REFERER'])){
|
||||
$returnToPage = explode($_SERVER['HTTP_HOST'], $_SERVER['HTTP_REFERER'])[1];
|
||||
}*/
|
||||
|
||||
|
||||
/*if(stristr($returnToPage, "login.php") || stristr($returnToPage, "register.php")){
|
||||
$returnToPage = "./";
|
||||
} else {
|
||||
$returnToPage = str_ireplace('index.php', '', $returnToPage);
|
||||
}*/
|
||||
|
||||
/*if( checkLogin() ){
|
||||
header("Location: ".$returnToPage);
|
||||
}*/
|
||||
|
||||
|
||||
|
|
|
@ -77,7 +77,7 @@ function getHtmlHeaders($prepend = ""){
|
|||
\n";
|
||||
}
|
||||
|
||||
function loginUser($email, $pass, $stayLoggedIn = false) {
|
||||
/*function loginUser($email, $pass, $stayLoggedIn = false) {
|
||||
global $db;
|
||||
|
||||
|
||||
|
@ -129,9 +129,9 @@ function loginUser($email, $pass, $stayLoggedIn = false) {
|
|||
}
|
||||
|
||||
return $err;
|
||||
}
|
||||
}*/
|
||||
|
||||
function loginFromAuth($auth): bool {
|
||||
/*function loginFromAuth($auth): bool {
|
||||
global $db;
|
||||
$db = $db ?? database();
|
||||
|
||||
|
@ -160,7 +160,7 @@ function loginFromAuth($auth): bool {
|
|||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}*/
|
||||
|
||||
function logoutUser($everywhere = false){
|
||||
if(checkLogin()){
|
||||
|
@ -217,7 +217,7 @@ function GenKey($length = 21): string{
|
|||
return $password;
|
||||
}*/
|
||||
|
||||
function checkLogin(): bool {
|
||||
/*function checkLogin(): bool {
|
||||
global $db, $_SESSION, $_COOKIE;
|
||||
|
||||
if($db == null){
|
||||
|
@ -263,9 +263,9 @@ function requireLogin(): bool{
|
|||
|
||||
header("Location: ".$config["general"]["projectRoot"]."/login.php?return=".str_ireplace('index.php', '', $_SERVER['PHP_SELF']));
|
||||
return false;
|
||||
}
|
||||
}*/
|
||||
|
||||
function checkLoginSimple(): bool {
|
||||
/*function checkLoginSimple(): bool {
|
||||
global $_SESSION;
|
||||
|
||||
if(!isset($_SESSION)){
|
||||
|
@ -279,3 +279,4 @@ function checkLoginSimple(): bool {
|
|||
|
||||
return false;
|
||||
}
|
||||
*/
|
Loading…
Reference in New Issue