From 9f206183a320674a9b2d577800f7d3f83f6e57af Mon Sep 17 00:00:00 2001 From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com> Date: Mon, 16 Jan 2023 23:47:12 +0100 Subject: [PATCH] Use email instead of username for authentication --- Controllers/UserController.php | 20 +++++++++----------- Models/UserModel.php | 17 +++++++++-------- 2 files changed, 18 insertions(+), 19 deletions(-) diff --git a/Controllers/UserController.php b/Controllers/UserController.php index b74b73f..35fa480 100644 --- a/Controllers/UserController.php +++ b/Controllers/UserController.php @@ -16,11 +16,11 @@ final class UserController public function signInAction(Array $A_urlParams = null, Array $A_postParams = null) { - $S_username = self::get_or_die($A_postParams, "username"); + $S_email = self::get_or_die($A_postParams, "email"); $S_password = self::get_or_die($A_postParams, "password"); $O_userModel = new UserModel(); - if ($O_userModel->isPasswordValid($S_username, $S_password)) { + if ($O_userModel->isPasswordValid($S_email, $S_password)) { View::show("user/signin", array("success" => True)); } else { View::show("user/signin", array("success" => False)); @@ -29,21 +29,20 @@ final class UserController public function signUpAction(Array $A_urlParams = null, Array $A_postParams = null) { + $S_email = self::get_or_die($A_postParams, "email"); $S_username = self::get_or_die($A_postParams, "username"); $S_password = self::get_or_die($A_postParams, "password"); - if ( strlen($S_username) < 4 || strlen($S_username) > 16 ) { - $S_errmsg = "username must be between 4 and 16 characters"; - } else if(!ctype_alnum($S_username)) { - $S_errmsg = "username must be alphanumeric"; - } else if( strlen($S_password) < 8 || strlen($S_username) > 150 ) { + if (!filter_var($S_email, FILTER_VALIDATE_EMAIL)) { + $S_errmsg = "invalid email"; + } else if( strlen($S_password) < 8 || strlen($S_password) > 150 ) { $S_errmsg = "password must be between 8 and 150 characters"; } $O_userModel = new UserModel(); - if($O_userModel->isUserInDatabase($S_username)){ - $S_errmsg = "An user with this name is already registered"; + if($O_userModel->isEmailInDatabase($S_email)){ + $S_errmsg = "An user with this email is already registered"; } if(isset($S_errmsg)){ @@ -52,9 +51,8 @@ final class UserController $S_password_hash = password_hash($S_password, PASSWORD_DEFAULT); - $O_userModel->createUser($S_username, $S_password_hash); + $O_userModel->createUser($S_email, $S_username, $S_password_hash); return View::show("user/signup", array("success" => True)); - } } diff --git a/Models/UserModel.php b/Models/UserModel.php index 753f6bb..499fe17 100644 --- a/Models/UserModel.php +++ b/Models/UserModel.php @@ -3,29 +3,30 @@ final class UserModel { - public function createUser($S_name, $S_password_hash){ + public function createUser($S_email, $S_username, $S_password_hash){ $O_model = Model::get(); - $stmt = $O_model->prepare("INSERT INTO USER (NAME, PASS_HASH) VALUES(:name, :password_hash)"); + $stmt = $O_model->prepare("INSERT INTO USER (EMAIL, NAME, PASS_HASH) VALUES(:email, :name, :password_hash)"); + $stmt->bindParam("email", $S_email); $stmt->bindParam("name", $S_name); $stmt->bindParam("password_hash", $S_password_hash); $stmt->execute(); } - public function isUserInDatabase($S_name){ + public function isEmailInDatabase($S_email){ $O_model = Model::get(); - $stmt = $O_model->prepare("SELECT count(*) FROM USER WHERE NAME=:name"); - $stmt->bindParam("name", $S_name); + $stmt = $O_model->prepare("SELECT count(*) FROM USER WHERE EMAIL=:email"); + $stmt->bindParam("email", $S_email); $stmt->execute(); return $stmt->fetch()[0] !== 0; } - public function isPasswordValid($S_name, $S_password){ + public function isPasswordValid($S_email, $S_password){ $O_model = Model::get(); - $stmt = $O_model->prepare("SELECT PASS_HASH FROM USER WHERE NAME=:name"); - $stmt->bindParam("name", $S_name); + $stmt = $O_model->prepare("SELECT PASS_HASH FROM USER WHERE EMAIL=:email"); + $stmt->bindParam("email", $S_email); $stmt->execute(); if($stmt->rowCount()==1){