diff options
| author | Horus3 | 2014-09-21 23:41:43 +0200 |
|---|---|---|
| committer | Horus3 | 2014-09-21 23:41:43 +0200 |
| commit | 2eea1457e674e7ebb8a82bf6fd1a079f76a7632f (patch) | |
| tree | 404b5666e3de94eff30589e5ab3f8b89ded7e15f /public_html/class/vfsuser.php | |
| parent | 2e3b69609088e37f5a716cfc8ad752f5ff0e7a90 (diff) | |
| download | vfs-2eea1457e674e7ebb8a82bf6fd1a079f76a7632f.tar.gz | |
using WordPress escape() function in the database layer now
Diffstat (limited to 'public_html/class/vfsuser.php')
| -rw-r--r-- | public_html/class/vfsuser.php | 108 |
1 files changed, 93 insertions, 15 deletions
diff --git a/public_html/class/vfsuser.php b/public_html/class/vfsuser.php index 931c53c..e3767b8 100644 --- a/public_html/class/vfsuser.php +++ b/public_html/class/vfsuser.php @@ -3,21 +3,18 @@ class vfsuser { public $username; - public $login = false; + public $login = false; private $pepper; - private $query = false; + private $query = false; public function __construct($name){ $this->username = $name; if ( isset($_SESSION["loggedin"]) ) $this->login = $_SESSION["loggedin"]; - - if ( PEPPER_IS_FILE ) - $this->pepper=file_get_contents(PEPPER); - else - $this->pepper=PEPPER; + + $this->_setPepper(); $this->_setQuery(); } @@ -26,11 +23,19 @@ class vfsuser { private function _setQuery(){ global $vfsdb; - $db_db = $vfsdb->doQuery("SELECT * FROM " . DBPREFIX . "user WHERE name='" . $this->username . "';"); + $sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username); + $db_db = $vfsdb->doQuery($sql); if ( is_bool($db_db) ) - $this->query=false; + $this->query = false; + else + $this->query = $db_db->fetch_array(MYSQLI_ASSOC); + } + + private function _setPepper(){ + if ( PEPPER_IS_FILE ) + $this->pepper = file_get_contents(PEPPER); else - $this->query=$db_db->fetch_array(MYSQLI_ASSOC); + $this->pepper = PEPPER; } public function getUser(){ @@ -69,17 +74,21 @@ class vfsuser { return $this->query['inviter']; } + # check if valid user + publlic function isValidUser(){ + if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) ) + return false + + return true; + } + # check if current user is authenticated public function isLoggedIn(){ return $this->login; } - public function login($password, $second_password){ + public function login($password){ - # check if both passwords the same - if ( $password != $second_password) - return false; - # get hashed password from the database $hashed_password = $this->getPassword(); @@ -117,4 +126,73 @@ class vfsuser { return true; } + + public function register($name, $password, $email){ + global $vfsdb; + + $sql = $vfsdb->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name=%s;", $name); + $double_db = $vfsdb->doQuery($sql); + $double_ar = $double_db->fetch_array(MYSQLI_NUM); + if ( $double_ar[0] == 1 ) + return false; + + $sql = $vfsdb->prepare("SELECT id FROM " . DBPREFIX . "user WHERE email=%s;", $email); + $id_db = $vfsdb->doQuery($sql); + $id_ar = $id_db->fetch_array(MYSQLI_ASSOC); + $id = $id_ar['id']; + + $password = $password . PEPPER; + $hash = password_hash($password, PASSWORD_DEFAULT); + + $sql = $vfsdb->prepare(" + UPDATE user SET + name=%s, + password=%s, + invites=%d', + status=1, + register=%d, + color_folder='DEFAULT', + color_file='DEFAULT' + WHERE id=%d; + + INSERT INTO files ( + files_id, + parent, + owner, + name, + type, + mime, + size, + visibility, + hash ) + VALUES ( + NULL, + 0, + %d, + '/', + 'DIRECTORY', + NULL, + NULL, + 'PUBLIC', + '' + );", $name, $hash, INVITES_DEFAULT, time(), $id, $id); + + if ( ! $vfsdb->execMultipleQueries($sql) ) + return false; + + # the user is successfull registered, thus already logged in + $this->username = $name; + + # redefine the class attributes + $this->_setPepper(); + $this->_setQuery(); + + $this->login($password); + + return true; + } + + public function __destruct(){ + return true; + } } |