From 7fae33a7b37181b8f829ce9a2ae89b07990e454c Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 09:00:13 +0100
Subject: [PATCH 1/4] make basic account view

---
 Controllers/UserController.php | 42 ++++++++++++++++++++++++++++++----
 Models/UserModel.php           | 12 ++++------
 Views/user/signin.php          |  2 +-
 Views/user/view.php            |  3 +++
 4 files changed, 46 insertions(+), 13 deletions(-)
 create mode 100644 Views/user/view.php

diff --git a/Controllers/UserController.php b/Controllers/UserController.php
index 35fa480..fde956a 100644
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@@ -1,5 +1,9 @@
 <?php
 
+$__SESSION_TIMEOUT = 2*60*60;
+ini_set("session.gc_maxlifetime", $__SESSION_TIMEOUT);
+ini_set("session.cookie_lifetime", $__SESSION_TIMEOUT);
+
 final class UserController
 {
 
@@ -20,11 +24,23 @@ final class UserController
         $S_password = self::get_or_die($A_postParams, "password");
 
         $O_userModel = new UserModel();
-        if ($O_userModel->isPasswordValid($S_email, $S_password)) {
-            View::show("user/signin", array("success" => True));
-        } else {
-            View::show("user/signin", array("success" => False));
+        $A_user = $O_userModel->getUserByEmail($S_email);
+        if ($A_user == null) {
+            return View::show("user/signin", array("success" => False, "msg" => "No user with this email"));
         }
+        if (!password_verify($S_password, $A_user["PASS_HASH"])) {
+            return View::show("user/signin", array("success" => False, "msg" => "Invalid password"));
+        }
+        if ($A_user["DISABLED"]) {
+            return View::show("user/signin", array("success" => False, "msg" => "This account is disabled"));
+        }
+
+        session_start();
+        $_SESSION["ID"] = $A_user["ID"];
+        $_SESSION["EMAIL"] = $A_user["EMAIL"];
+        $_SESSION["NAME"] = $A_user["NAME"];
+        $_SESSION["ADMIN"] = $A_user["ADMIN"];
+        View::show("user/signin", array("success" => True));
     }
 
     public function signUpAction(Array $A_urlParams = null, Array $A_postParams = null)
@@ -52,7 +68,23 @@ final class UserController
         $S_password_hash = password_hash($S_password, PASSWORD_DEFAULT);
 
         $O_userModel->createUser($S_email, $S_username, $S_password_hash);
-        return View::show("user/signup", array("success" => True));
+        return View::show("user/signup", array("success" => True));   
+    }
+
+
+    public function viewAction(Array $A_urlParams = null, Array $A_postParams = null)
+    {
+        if(count($A_urlParams)!=0){
+            return View::show("errors/404");
+        }
+
+        session_start();
         
+        if(!isset($_SESSION)){
+            echo "301 NOT LOGIN";
+            return;
+        }
+
+        return View::show("user/view", $_SESSION);
     }
 }
diff --git a/Models/UserModel.php b/Models/UserModel.php
index 7c0215b..f9eb26d 100644
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@@ -24,17 +24,15 @@ final class UserModel
     }
 
 
-    public function isPasswordValid($S_email, $S_password){
+    public function getUserByEmail($S_email){
         $O_model = Model::get();
-        $stmt = $O_model->prepare("SELECT PASS_HASH FROM USER WHERE EMAIL=:email");
+        $stmt = $O_model->prepare("SELECT * FROM USER WHERE email=:email");
         $stmt->bindParam("email", $S_email);
         $stmt->execute();
         
-        if($stmt->rowCount()==1){
-            $row = $stmt->fetch();
-            return password_verify($S_password, $row["PASS_HASH"]);
-        }
-        return False;
+        $row = $stmt->fetch();
+        if ($row === false) return null;
+        return $row;
     }
 
     public function getNameByID($I_id)
diff --git a/Views/user/signin.php b/Views/user/signin.php
index 2731b9a..3e6e633 100644
--- a/Views/user/signin.php
+++ b/Views/user/signin.php
@@ -3,7 +3,7 @@
     if ($A_view["success"]) {
         echo "Authentifié avec succès !";
     } else {
-        echo "Authentification échouée";
+        echo "Authentification échouée. Raison : ".$A_view["msg"];
     }
     ?>
 </p>
\ No newline at end of file
diff --git a/Views/user/view.php b/Views/user/view.php
new file mode 100644
index 0000000..8ba69ad
--- /dev/null
+++ b/Views/user/view.php
@@ -0,0 +1,3 @@
+<p> Your account : </p>
+<p> Email : <?= $A_view["EMAIL"] ?> </p>
+<p> Name : <?= $A_view["NAME"] ?> </p>
\ No newline at end of file

From 78bf8554b82ab4845baae84e7e4d87a04096d320 Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 09:25:10 +0100
Subject: [PATCH 2/4] change DB field 'NAME' into 'USERNAME'

---
 Controllers/UserController.php | 2 +-
 Models/UserModel.php           | 6 +++---
 Views/user/view.php            | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Controllers/UserController.php b/Controllers/UserController.php
index fde956a..36e9921 100644
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@@ -38,7 +38,7 @@ final class UserController
         session_start();
         $_SESSION["ID"] = $A_user["ID"];
         $_SESSION["EMAIL"] = $A_user["EMAIL"];
-        $_SESSION["NAME"] = $A_user["NAME"];
+        $_SESSION["USERNAME"] = $A_user["USERNAME"];
         $_SESSION["ADMIN"] = $A_user["ADMIN"];
         View::show("user/signin", array("success" => True));
     }
diff --git a/Models/UserModel.php b/Models/UserModel.php
index f9eb26d..722e5e2 100644
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@@ -5,9 +5,9 @@ final class UserModel
 
     public function createUser($S_email, $S_username, $S_password_hash){
         $O_model = Model::get();
-        $stmt = $O_model->prepare("INSERT INTO USER (EMAIL, NAME, PASS_HASH) VALUES(:email, :name, :password_hash)");
+        $stmt = $O_model->prepare("INSERT INTO USER (EMAIL, USERNAME, PASS_HASH) VALUES(:email, :username, :password_hash)");
         $stmt->bindParam("email", $S_email);
-        $stmt->bindParam("name", $S_name);
+        $stmt->bindParam("username", $S_username);
         $stmt->bindParam("password_hash", $S_password_hash);
         $stmt->execute();
     }
@@ -44,6 +44,6 @@ final class UserModel
         
         $row = $stmt->fetch();
         if ($row === false) return null;
-        return $row["NAME"];
+        return $row["USERNAME"];
     }
 }
diff --git a/Views/user/view.php b/Views/user/view.php
index 8ba69ad..7236277 100644
--- a/Views/user/view.php
+++ b/Views/user/view.php
@@ -1,3 +1,3 @@
 <p> Your account : </p>
 <p> Email : <?= $A_view["EMAIL"] ?> </p>
-<p> Name : <?= $A_view["NAME"] ?> </p>
\ No newline at end of file
+<p> Name : <?= $A_view["USERNAME"] ?> </p>
\ No newline at end of file

From 4b3a7a2f38808e9942d046a5449d825b73d8f6df Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 09:25:47 +0100
Subject: [PATCH 3/4] Check if login properly

---
 Controllers/UserController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Controllers/UserController.php b/Controllers/UserController.php
index 36e9921..6104cec 100644
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@@ -80,7 +80,7 @@ final class UserController
 
         session_start();
         
-        if(!isset($_SESSION)){
+        if(!isset($_SESSION) || !isset($_SESSION["USERNAME"])){
             echo "301 NOT LOGIN";
             return;
         }

From 4481803e601f05234ac909e223c0b585c8f909cb Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 09:36:06 +0100
Subject: [PATCH 4/4] Only store ID and sessionand get other information
 dynamically

---
 Controllers/UserController.php | 15 ++++++++++-----
 Models/UserModel.php           | 11 +++++++++++
 Views/user/view.php            |  3 ++-
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/Controllers/UserController.php b/Controllers/UserController.php
index 6104cec..761d798 100644
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@@ -37,9 +37,6 @@ final class UserController
 
         session_start();
         $_SESSION["ID"] = $A_user["ID"];
-        $_SESSION["EMAIL"] = $A_user["EMAIL"];
-        $_SESSION["USERNAME"] = $A_user["USERNAME"];
-        $_SESSION["ADMIN"] = $A_user["ADMIN"];
         View::show("user/signin", array("success" => True));
     }
 
@@ -80,11 +77,19 @@ final class UserController
 
         session_start();
         
-        if(!isset($_SESSION) || !isset($_SESSION["USERNAME"])){
+        if(!isset($_SESSION) || !isset($_SESSION["ID"])){
             echo "301 NOT LOGIN";
             return;
         }
 
-        return View::show("user/view", $_SESSION);
+        $O_userModel = new UserModel();
+        $A_user = $O_userModel->getUserByID($_SESSION["ID"]);
+        if ($A_user == null){
+            // User has been deleted ?!
+            echo "Error loading your profile ?";
+            return;
+        }
+
+        return View::show("user/view", $A_user);
     }
 }
diff --git a/Models/UserModel.php b/Models/UserModel.php
index 722e5e2..f0cc10a 100644
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@@ -24,6 +24,17 @@ final class UserModel
     }
 
 
+    public function getUserByID($I_id){
+        $O_model = Model::get();
+        $stmt = $O_model->prepare("SELECT * FROM USER WHERE ID=:id");
+        $stmt->bindParam("id", $I_id);
+        $stmt->execute();
+        
+        $row = $stmt->fetch();
+        if ($row === false) return null;
+        return $row;
+    }
+
     public function getUserByEmail($S_email){
         $O_model = Model::get();
         $stmt = $O_model->prepare("SELECT * FROM USER WHERE email=:email");
diff --git a/Views/user/view.php b/Views/user/view.php
index 7236277..9d35810 100644
--- a/Views/user/view.php
+++ b/Views/user/view.php
@@ -1,3 +1,4 @@
 <p> Your account : </p>
 <p> Email : <?= $A_view["EMAIL"] ?> </p>
-<p> Name : <?= $A_view["USERNAME"] ?> </p>
\ No newline at end of file
+<p> Name : <?= $A_view["USERNAME"] ?> </p>
+<p> Admin status : <?= $A_view["ADMIN"] ? "yes" : "no" ?> </p>
\ No newline at end of file