appen-isen/site-interpromos
1
0
Fork 0
mirror of https://github.com/appen-isen/site-interpromos.git synced 2026-01-18 16:37:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ajout de l'authentification de l'utilisateur (#6)

Browse Source
This commit is contained in:
Youn Mélois
2022-10-11 16:49:32 +02:00
committed by GitHub
parent 728c22fb48
commit a4a84cf46d
6 changed files with 254 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
login.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
/**
* PHP version 8.1.11
*
* @author Youn Mélois <youn@melois.dev>
*/
require_once 'resources/config.php';
require_once 'resources/database.php';
require_once LIBRARY_PATH . '/redirect.php';
require_once LIBRARY_PATH . '/exceptions.php';
$db = new Database();
// redirect to the user page if the user is already logged in
if (isset($_COOKIE[ACCESS_TOKEN_NAME])) {
$access_token = $_COOKIE[ACCESS_TOKEN_NAME];
$success = $db->verifyUserAccessToken($access_token);
if ($success) {
redirect('user.php');
}
}
if (isset($_POST['login'])) {
$email = $_POST['email'];
$password = $_POST['password'];
try {
$success = $db->connectUser($email, $password);
if ($success) {
redirect('user.php');
}
} catch (AuthenticationException $e) {
// pass
}
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8" />
<title>Interpromos - Connexion</title>
</head>
<body>
<h1>Connexion</h1>
<form action="login.php" method="POST">
<label for="email">Email</label>
<input type="email" name="email" id="email" required />
<label for="password">Mot de passe</label>
<input type="password" name="password" id="password" required />
<input type="submit" name="login" value="Se connecter" />
</form>
<a href="register.php">Créer un compte</a>
</body>
</html>

55
register.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/**
* PHP version 8.1.11
*
* @author Youn Mélois <youn@melois.dev>
*/
require_once 'resources/config.php';
require_once 'resources/database.php';
require_once LIBRARY_PATH . '/redirect.php';
require_once LIBRARY_PATH . '/exceptions.php';
$db = new Database();
if (isset($_POST['register'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
try {
$success = $db->createUser($name, $email, $password);
if ($success) {
redirect('user.php');
}
} catch (AuthenticationException $e) {
// pass
} catch (DuplicateEmailException $e) {
// pass
}
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8" />
<title>Interpromos - Inscription</title>
</head>
<body>
<h1>Inscription</h1>
<form action="register.php" method="POST">
<label for="name">Nom</label>
<input type="text" name="name" id="name" required />
<label for="email">Email</label>
<input type="email" name="email" id="email" required />
<label for="password">Mot de passe</label>
<input type="password" name="password" id="password" required />
<input type="submit" name="register" value="S'inscrire" />
</form>
</body>
</html>

11
resources/config.php
View File

@@ -1,11 +1,15 @@
<?php
/**
* PHP version 8.1.0
* PHP version 8.1.11
*
* @author Youn Mélois <youn@melois.dev>
*/
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// Basice parameters to connect to the database
const DB_SERVER = '127.0.0.1';
const DB_PORT = '5432';
@@ -13,9 +17,12 @@ const DB_NAME = 'interpromos';
const DB_USER = 'postgres';
const DB_PASSWORD = '';
// Some constants to use in the application
const ACCESS_TOKEN_NAME = 'interpromos_session';
/*
Creating constants for heavily used paths makes things a lot easier.
ex. require_once(LIBRARY_PATH . "Paginator.php")
*/
defined("LIBRARY_PATH")
or define("LIBRARY_PATH", realpath(dirname(__FILE__) . '/library'));
or define("LIBRARY_PATH", realpath(dirname(__FILE__) . '/library'));

109
resources/database.php
View File

@@ -1,7 +1,7 @@
<?php
/**
* PHP version 8.1.0
* PHP version 8.1.11
*
* @author Youn Mélois <youn@melois.dev>
*/
@@ -75,6 +75,28 @@ class Database
password_verify($password, $password_hash);
}
/**
* Verifies the user access token.
*
* @param string $access_token
*
* @return bool
*/
public function verifyUserAccessToken(
string $access_token
): bool {
$request = 'SELECT * FROM users
WHERE access_token = :access_token';
$statement = $this->PDO->prepare($request);
$statement->bindParam(':access_token', $access_token);
$statement->execute();
$result = $statement->fetch(PDO::FETCH_OBJ);
return !empty($result);
}
/**
* Create an user in the database and return a bool to result.
*
@@ -137,4 +159,89 @@ class Database
$statement->bindParam(':email', $email);
return $statement->execute();
}
/**
* Connects the user by returning its unique id if the
* credentials are valid.
*
* @param string $email
* @param string $password
* @param int $session_expire (optional) The lifetime of the session cookie in seconds.
*
* @throws AuthenticationException If the authentication failed.
*/
public function connectUser(
string $email,
string $password,
int $session_expire = 0
): bool {
// test if the credentials are correct
if (!$this->verifyUserCredentials($email, $password)) {
throw new AuthenticationException();
}
// make email lowercase in case the user used uppercase letters
$email = strtolower($email);
// create a unique token used to identify the user
$access_token = hash('sha256', $email . $password . microtime(true));
// Set session hash on the user
$request = 'UPDATE users SET access_token = :access_token
WHERE email = :email';
$statement = $this->PDO->prepare($request);
$statement->bindParam(':email', $email);
$statement->bindParam(':access_token', $access_token);
$success = $statement->execute();
// Throw an exception if the update failed
if (!$success) {
throw new Exception('Failed to connect user.');
}
if ($session_expire > 0) {
$session_expire = time() + $session_expire;
}
// set the session cookie
return setcookie(
ACCESS_TOKEN_NAME,
$access_token,
$session_expire
);
}
/**
* Disconnects the user by deleting the access token.
*
* @throws AuthenticationException If the access token is invalid.
*/
public function disconnectUser(): bool
{
if (!isset($_COOKIE[ACCESS_TOKEN_NAME])) {
return false;
}
$access_token = $_COOKIE[ACCESS_TOKEN_NAME];
if (!$this->verifyUserAccessToken($access_token)) {
throw new AuthenticationException();
}
// remove access token from the user
$request = 'UPDATE users SET access_token = NULL
WHERE access_token = :access_token';
$statement = $this->PDO->prepare($request);
$statement->bindParam(':access_token', $access_token);
$success = $statement->execute();
// delete the session cookie
return $success && setcookie(
ACCESS_TOKEN_NAME,
'',
time() - 3600
);
}
}

4
resources/library/exceptions.php
View File

@@ -1,10 +1,8 @@
<?php
/**
* PHP version 8.1.0
* PHP version 8.1.11
*
* @author Maël Grellier Neau <mael.grelneau@gmail.com>
* @author Maxence Laurent <nano0@duck.com>
* @author Youn Mélois <youn@melois.dev>
*/

21
resources/library/redirect.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**
* PHP version 8.1.11
*
* @author Youn Mélois <youn@melois.dev>
*/
/**
* Redirects to a new page.
*
* @param string $page The requested page.
*/
function redirect(string $page): void
{
$scheme = $_SERVER['REQUEST_SCHEME'];
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
header("Location: $scheme://$host$uri/$page");
exit;
}