make basic account view

2023-01-17 09:00:13 +01:00 · 2023-01-17 09:00:13 +01:00 · 7fae33a7b3
commit 7fae33a7b3
parent 65d96820a2
4 changed files with 46 additions and 13 deletions
--- a/Controllers/UserController.php
+++ b/Controllers/UserController.php
@ -1,5 +1,9 @@
 <?php

+$__SESSION_TIMEOUT = 2*60*60;
+ini_set("session.gc_maxlifetime", $__SESSION_TIMEOUT);
+ini_set("session.cookie_lifetime", $__SESSION_TIMEOUT);
+
 final class UserController
 {

@ -20,11 +24,23 @@ final class UserController
        $S_password = self::get_or_die($A_postParams, "password");

        $O_userModel = new UserModel();
-        if ($O_userModel->isPasswordValid($S_email, $S_password)) {
-            View::show("user/signin", array("success" => True));
-        } else {
-            View::show("user/signin", array("success" => False));
+        $A_user = $O_userModel->getUserByEmail($S_email);
+        if ($A_user == null) {
+            return View::show("user/signin", array("success" => False, "msg" => "No user with this email"));
        }
+        if (!password_verify($S_password, $A_user["PASS_HASH"])) {
+            return View::show("user/signin", array("success" => False, "msg" => "Invalid password"));
+        }
+        if ($A_user["DISABLED"]) {
+            return View::show("user/signin", array("success" => False, "msg" => "This account is disabled"));
+        }
+
+        session_start();
+        $_SESSION["ID"] = $A_user["ID"];
+        $_SESSION["EMAIL"] = $A_user["EMAIL"];
+        $_SESSION["NAME"] = $A_user["NAME"];
+        $_SESSION["ADMIN"] = $A_user["ADMIN"];
+        View::show("user/signin", array("success" => True));
    }

    public function signUpAction(Array $A_urlParams = null, Array $A_postParams = null)
@ -52,7 +68,23 @@ final class UserController
        $S_password_hash = password_hash($S_password, PASSWORD_DEFAULT);

        $O_userModel->createUser($S_email, $S_username, $S_password_hash);
-        return View::show("user/signup", array("success" => True));
+        return View::show("user/signup", array("success" => True));   
+    }
+
+
+    public function viewAction(Array $A_urlParams = null, Array $A_postParams = null)
+    {
+        if(count($A_urlParams)!=0){
+            return View::show("errors/404");
+        }
+
+        session_start();
        
+        if(!isset($_SESSION)){
+            echo "301 NOT LOGIN";
+            return;
+        }
+
+        return View::show("user/view", $_SESSION);
    }
 }
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@ -24,17 +24,15 @@ final class UserModel
    }


-    public function isPasswordValid($S_email, $S_password){
+    public function getUserByEmail($S_email){
        $O_model = Model::get();
-        $stmt = $O_model->prepare("SELECT PASS_HASH FROM USER WHERE EMAIL=:email");
+        $stmt = $O_model->prepare("SELECT * FROM USER WHERE email=:email");
        $stmt->bindParam("email", $S_email);
        $stmt->execute();
        
-        if($stmt->rowCount()==1){
-            $row = $stmt->fetch();
-            return password_verify($S_password, $row["PASS_HASH"]);
-        }
-        return False;
+        $row = $stmt->fetch();
+        if ($row === false) return null;
+        return $row;
    }

    public function getNameByID($I_id)
--- a/Views/user/signin.php
+++ b/Views/user/signin.php
@ -3,7 +3,7 @@
    if ($A_view["success"]) {
        echo "Authentifié avec succès !";
    } else {
-        echo "Authentification échouée";
+        echo "Authentification échouée. Raison : ".$A_view["msg"];
    }
    ?>
 </p>
--- a/Views/user/view.php
+++ b/Views/user/view.php
@ -0,0 +1,3 @@
+<p> Your account : </p>
+<p> Email : <?= $A_view["EMAIL"] ?> </p>
+<p> Name : <?= $A_view["NAME"] ?> </p>