mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-03 14:47:30 +02:00
Code Issues Releases Wiki Activity

Read status from 'users' table and provide read access in session

Browse Source
This commit is contained in:
Marco
2017-02-26 13:03:52 +01:00
parent 0839beefcb
commit a05d277a2c
1 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/Auth.php
View File

@@ -24,6 +24,7 @@ final class Auth extends UserManager {
const SESSION_FIELD_USER_ID = 'auth_user_id'; const SESSION_FIELD_USER_ID = 'auth_user_id';
const SESSION_FIELD_EMAIL = 'auth_email'; const SESSION_FIELD_EMAIL = 'auth_email';
const SESSION_FIELD_USERNAME = 'auth_username'; const SESSION_FIELD_USERNAME = 'auth_username';
const SESSION_FIELD_STATUS = 'auth_status';
const SESSION_FIELD_REMEMBERED = 'auth_remembered'; const SESSION_FIELD_REMEMBERED = 'auth_remembered';
const COOKIE_CONTENT_SEPARATOR = '~'; const COOKIE_CONTENT_SEPARATOR = '~';
const COOKIE_NAME_REMEMBER = 'auth_remember'; const COOKIE_NAME_REMEMBER = 'auth_remember';
@@ -111,7 +112,7 @@ final class Auth extends UserManager {
if (isset($parts[0]) && isset($parts[1])) { if (isset($parts[0]) && isset($parts[1])) {
try { try {
$rememberData = $this->db->selectRow( $rememberData = $this->db->selectRow(
'SELECT a.user, a.token, a.expires, b.email, b.username FROM users_remembered AS a JOIN users AS b ON a.user = b.id WHERE a.selector = ?', 'SELECT a.user, a.token, a.expires, b.email, b.username, b.status FROM users_remembered AS a JOIN users AS b ON a.user = b.id WHERE a.selector = ?',
[ $parts[0] ] [ $parts[0] ]
); );
} }
@@ -122,7 +123,7 @@ final class Auth extends UserManager {
if (!empty($rememberData)) { if (!empty($rememberData)) {
if ($rememberData['expires'] >= time()) { if ($rememberData['expires'] >= time()) {
if (password_verify($parts[1], $rememberData['token'])) { if (password_verify($parts[1], $rememberData['token'])) {
$this->onLoginSuccessful($rememberData['user'], $rememberData['email'], $rememberData['username'], true); $this->onLoginSuccessful($rememberData['user'], $rememberData['email'], $rememberData['username'], $rememberData['status'], true);
} }
} }
} }
@@ -326,10 +327,11 @@ final class Auth extends UserManager {
* @param int $userId the ID of the user who has just logged in * @param int $userId the ID of the user who has just logged in
* @param string $email the email address of the user who has just logged in * @param string $email the email address of the user who has just logged in
* @param string $username the username (if any) * @param string $username the username (if any)
* @param int $status the status as one of the constants from the {@see Status} class
* @param bool $remembered whether the user was remembered ("remember me") or logged in actively * @param bool $remembered whether the user was remembered ("remember me") or logged in actively
* @throws AuthError if an internal problem occurred (do *not* catch) * @throws AuthError if an internal problem occurred (do *not* catch)
*/ */
private function onLoginSuccessful($userId, $email, $username, $remembered) { private function onLoginSuccessful($userId, $email, $username, $status, $remembered) {
try { try {
$this->db->update( $this->db->update(
'users', 'users',
@@ -349,6 +351,7 @@ final class Auth extends UserManager {
$this->setUserId($userId); $this->setUserId($userId);
$this->setEmail($email); $this->setEmail($email);
$this->setUsername($username); $this->setUsername($username);
$this->setStatus($status);
$this->setRemembered($remembered); $this->setRemembered($remembered);
} }
@@ -617,7 +620,7 @@ final class Auth extends UserManager {
try { try {
$userData = $this->getUserDataByEmailAddress( $userData = $this->getUserDataByEmailAddress(
$email, $email,
[ 'id', 'email', 'password', 'verified', 'username' ] [ 'id', 'email', 'password', 'verified', 'username', 'status' ]
); );
} }
// if there is no user with the specified email address // if there is no user with the specified email address
@@ -637,7 +640,7 @@ final class Auth extends UserManager {
try { try {
$userData = $this->getUserDataByUsername( $userData = $this->getUserDataByUsername(
$username, $username,
[ 'id', 'email', 'password', 'verified', 'username' ] [ 'id', 'email', 'password', 'verified', 'username', 'status' ]
); );
} }
// if there is no user with the specified username // if there is no user with the specified username
@@ -675,7 +678,7 @@ final class Auth extends UserManager {
} }
if ($userData['verified'] === 1) { if ($userData['verified'] === 1) {
$this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], false); $this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], $userData['status'], false);
// continue to support the old parameter format // continue to support the old parameter format
if ($rememberDuration === true) { if ($rememberDuration === true) {
@@ -1011,6 +1014,29 @@ final class Auth extends UserManager {
} }
} }
/**
* Sets the currently signed-in user's status and updates the session
*
* @param int $status the status as one of the constants from the {@see Status} class
*/
private function setStatus($status) {
$_SESSION[self::SESSION_FIELD_STATUS] = (int) $status;
}
/**
* Returns the currently signed-in user's status by reading from the session
*
* @return int the status as one of the constants from the {@see Status} class
*/
public function getStatus() {
if (isset($_SESSION) && isset($_SESSION[self::SESSION_FIELD_STATUS])) {
return $_SESSION[self::SESSION_FIELD_STATUS];
}
else {
return null;
}
}
/** /**
* Sets whether the currently signed-in user has been remembered by a long-lived cookie * Sets whether the currently signed-in user has been remembered by a long-lived cookie
* *