Compare commits

..

No commits in common. "6c74b2a7192e0025d05a121332f2313a4d374088" and "dbf5b0a54c5548e47de4b05e7c66f5bbaae648ee" have entirely different histories.

2 changed files with 15 additions and 100 deletions

View file

@ -3,7 +3,6 @@
namespace EesyPHP\Auth;
use EesyPHP\App;
use EesyPHP\Cli;
use EesyPHP\Log;
use Exception;
@ -53,7 +52,6 @@ class Db extends Backend {
'users_table' => 'users',
'username_field' => 'username',
'password_field' => 'password',
'password_hash_algo' => 'default',
'exposed_fields' => array('name', 'mail'),
)
);
@ -69,9 +67,6 @@ class Db extends Backend {
self :: $username_field = App::get('auth.db.username_field', null, 'string');
self :: $password_field = App::get('auth.db.password_field', null, 'string');
self :: $exposed_fields = App::get('auth.db.exposed_fields', null, 'array');
if (App :: get('cli.enabled'))
Cli :: add_command('add_user', ['\\EesyPHP\\Auth\\Db', 'cli_add_user'], 'Add user');
return true;
}
@ -91,11 +86,13 @@ class Db extends Backend {
public static function get_user($username) {
self :: connect();
try {
$info = self :: $class :: get_one(
self :: $users_table,
[self :: $username_field => $username],
self :: $exposed_fields
);
$query = self :: $class :: $fpdo -> from(self :: $users_table)
-> select(null)
-> select(self :: $exposed_fields)
-> where(self :: $username_field, $username);
$result = $query -> execute();
$info = $result -> fetch();
if ($info === false)
return null;
return new User($username, '\\EesyPHP\\Auth\\Db', $info);
@ -115,78 +112,20 @@ class Db extends Backend {
public static function check_password($user, $password) {
self :: connect();
try {
$info = self :: $class :: get_one(
self :: $users_table,
[self :: $username_field => $user->username],
[self :: $password_field]
);
$query = self :: $class :: $fpdo -> from(self :: $users_table)
-> select(null)
-> select(self :: $password_field)
-> where(self :: $username_field, $user->username);
$result = $query -> execute();
$info = $result -> fetch();
if ($info === false)
return false;
return password_verify($password, $info[self :: $password_field]);
return password_verify($password, $info['password']);
}
catch (Exception $e) {
Log :: error("Error retrieving user %s password from database: %s", $user, $e->getMessage());
}
return false;
}
/**
* Add user in database
* @param array $info User info with at least username, password (clear) and all required exposed
* fields
* @return bool
*/
public static function add_user($info) {
$values = [
App::get('auth.db.username_field') => $info['username'],
App::get('auth.db.password_field') => password_hash(
$info['password'],
constant('PASSWORD_'.strtoupper(App::get('auth.db.password_hash_algo')))
),
];
foreach($info as $field => $value) {
if (!$value) {
Log :: error("add_user: field %s is missing", $field);
return false;
}
}
foreach(App :: get('auth.db.exposed_fields') as $field)
if (isset($info[$field]) && $info[$field])
$values[$field] = $info[$field];
if (self :: $class :: insert(self :: $users_table, $values)) {
Log :: info('add_user(%s): user added', $values['username']);
return true;
}
Log :: error('add_user(%s): error adding user', $values['username']);
return false;
}
/**
* CLI command to add user
* @param array $command_args Command arguments
* @return bool
*/
public static function cli_add_user($command_args) {
$info = ['username' => null, 'password' => null];
foreach($info as $field => $value) {
while(!$value) {
$value = Cli::ask_user("Please enter user $field: ", $field == 'password');
if (empty($value))
print("Invalid value\n");
}
$info[$field] = $value;
}
foreach(self :: $exposed_fields as $field) {
$value = readline("Please enter user $field: ");
if (empty($value))
continue;
$info[$field] = $value;
}
if (self :: add_user($info)) {
printf("User %s added\n", $info['username']);
return true;
}
Log :: fatal("Error occurred adding user %s", $info['username']);
}
}

View file

@ -444,28 +444,4 @@ Additional parameters:
exit(1);
}
/**
* Helper method to ask user to enter value from STDIN
* @param string $prompt Prompt message
* @param boolean $password Set to true if you ask for a password (value not displayed)
* @param array $extra_args Extra arguments used to compute prompt message
* @return string User input
*/
public static function ask_user($prompt, $password=false, ...$extra_args) {
if ($extra_args)
$prompt = call_user_func_array(
'sprintf',
array_merge(array($prompt), $extra_args)
);
if ($password) {
print($prompt);
system('stty -echo');
$password = trim(fgets(STDIN));
system('stty echo');
print("\n");
return $password;
}
return readline($prompt);
}
}