Ferreteria/v2/usage/login: Difference between revisions
(key functions used at login time) |
m (7 revisions imported: moving this project here) |
||
(5 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
This uses essentially the same tables as [[VbzCart/tables#Users]] -- documentation to be moved here eventually. | This uses essentially the same tables as [[VbzCart/tables#Users]] -- documentation to be moved here eventually. | ||
==Code== | ==Code== | ||
clsPageLogin (see {{l/same|pages}}): | ===log in with existing user/password=== | ||
'''clsPageLogin''' (see {{l/same|pages}}): | |||
<php> | <php> | ||
protected function DoLoginCheck() { | protected function DoLoginCheck() { | ||
Line 8: | Line 9: | ||
} | } | ||
</php> | </php> | ||
clsUserSession: | '''clsUserSession''': | ||
<php> | <php> | ||
/*---- | /*---- | ||
Line 20: | Line 21: | ||
} | } | ||
</php> | </php> | ||
clsUserAccts: | '''clsUserAccts''': | ||
<php> | <php> | ||
/*---- | /*---- | ||
Line 30: | Line 31: | ||
// username not found | // username not found | ||
$oUser = NULL; | $oUser = NULL; | ||
} elseif ($rc-> | } elseif ($rc->PassMatches($iPass)) { | ||
$oUser = $rc; | $oUser = $rc; | ||
} else { | } else { | ||
Line 37: | Line 38: | ||
} | } | ||
return $oUser; | return $oUser; | ||
} | |||
</php> | |||
'''clsUserAcct''': | |||
<php> | |||
public function PassMatches($iPass) { | |||
// get salt for this user | |||
$sSalt = $this->Value('PassSalt'); | |||
// hash [stored salt]+[given pass] | |||
$sThisHashed = $this->Table()->HashPass($sSalt,$iPass); | |||
// get stored hash | |||
$sSavedHash = $this->Value('PassHash'); | |||
// see if they match | |||
$ok = ($sThisHashed == $sSavedHash); | |||
return $ok; | |||
} | |||
</php> | |||
===detect whether user is logged in=== | |||
'''clsPageLogin''': | |||
<php> | |||
protected function IsLoggedIn() { | |||
return $this->App()->Session()->HasUser(); | |||
} | |||
</php> | |||
'''clsUserSession''': | |||
<php> | |||
public function HasUser() { | |||
return !is_null($this->UserID()); | |||
} | |||
</php> | |||
===reset password for existing user=== | |||
'''clsPageLogin''' -- '''RenderUserAccess()''' calls '''UserAccess_ResetRequest()'''; application must call '''RenderUserAccess()''' after calling '''ParseInput_Login()''': | |||
<php> | |||
protected function RenderUserAccess() { | |||
$oSkin = $this->Skin(); | |||
$ht = $this->SectionHeader($this->TitleString()); | |||
$oEmAuth = $this->Data()->EmailAuth(); | |||
$this->doShowLogin = TRUE; // By default, we'll still show the login form if not logged in | |||
$isEmailAuth = FALSE; // Assume this page is not an email authorization link... | |||
$ht = NULL; | |||
$ok = FALSE; // set false initially so we do one iteration | |||
while (!$ok) { | |||
$ok = TRUE; // assume success | |||
// check auth link and display form if it checks out | |||
if ($this->IsAuthLink()) { | |||
// this is an AUTH link, so ignore any other stuff | |||
$ar = $this->CheckAuth(); // check token | |||
$ht = $this->UserAccess_ProcessAuth($ar); | |||
if ($this->IsCreateRequest()) { | |||
$ht .= $this->UserAccess_CreateRequest($ar); | |||
} elseif ($this->IsResetRequest()) { // password change request submitted | |||
$ht .= $this->UserAccess_ResetRequest(); | |||
} | |||
} elseif($this->doEmail) { | |||
// REQUEST AUTH LINK form has been submitted | |||
$ht .= $this->SendPassReset_forAddr( | |||
$this->EmailAddress(), | |||
$this->LoginName() | |||
); | |||
// END do email | |||
} elseif($this->isLogin) { | |||
if ($this->IsLoggedIn()) { | |||
die('LOGGED IN'); | |||
} else { | |||
die('LOGIN FAILED'); | |||
} | |||
// LOGIN FAILED: login was tried, but we're still here (not logged in), so it must have failed: | |||
$ht .= $oSkin->ErrorMessage('Sorry, the given username/password combination was not valid.'); | |||
$ht .= $oSkin->HLine(); | |||
// END is login | |||
} else { | |||
// TODO : log as possible illicit hacking attempt | |||
} | |||
if ($this->doShowLogin) { | |||
$ht .= "\n<b>If you already have a user account on this site</b>, you can log in now:<br>" | |||
.$this->RenderLogin($this->LoginName()) | |||
.$oSkin->HLine(); | |||
} | |||
if ($this->IsAuthLink()) { | |||
$htMsgPre = 'You can request another authorization email here'; | |||
$htMsgPost = NULL; | |||
} else { | |||
$htMsgPre = '<b>If you have forgotten your password or have not set up an account</b>'; | |||
$htMsgPost = '<br>This will email you a link to set or reset your password.'; | |||
} | |||
$ht .= "\n$htMsgPre:<br>" | |||
.$oSkin->RenderForm_Email_RequestReset($this->EmailAddress()) | |||
."\n$htMsgPost"; | |||
} | |||
return $ht; | |||
} | |||
/*---- | |||
PURPOSE: process User Access forms when a password-reset request has been received | |||
*/ | |||
protected function UserAccess_ResetRequest() { | |||
$ht = NULL; | |||
// check token, but don't display messages | |||
$this->CheckAuth(); | |||
if ($this->Success()) { | |||
// auth token checks out | |||
// check for duplicate username | |||
$tblUsers = $this->App()->Users(); | |||
$sUser = $this->LoginName(); | |||
$ht .= $this->ChangePassword($this->EmailAddress(),$this->sPass,$this->sPassX); | |||
if (!$this->Success()) { // if that didn't work... | |||
$ok = FALSE; | |||
$this->IsAuthLink(TRUE); // display form again | |||
} | |||
} // END authorized | |||
return $ht; | |||
} | } | ||
</php> | </php> |
Latest revision as of 16:46, 22 May 2022
Data
This uses essentially the same tables as VbzCart/tables#Users -- documentation to be moved here eventually.
Code
log in with existing user/password
clsPageLogin (see pages): <php>
protected function DoLoginCheck() {
$this->App()->Session()->UserLogin($this->LoginName(),$this->sPass);
}
</php> clsUserSession: <php>
/*---- ACTION: Attempts to log the user in with the given credentials. RETURNS: user object if successful, NULL otherwise. */ public function UserLogin($iUser,$iPass) {
$tUsers = $this->UserTable(); $oUser = $tUsers->Login($iUser,$iPass); $this->SetUserRecord($oUser); // set user for this session
}
</php> clsUserAccts: <php>
/*---- RETURNS: user object if login successful, NULL otherwise */ public function Login($iUser,$iPass) {
$rc = $this->FindUser($iUser); if (is_null($rc)) { // username not found $oUser = NULL; } elseif ($rc->PassMatches($iPass)) { $oUser = $rc; } else { // username found, password wrong $oUser = NULL; } return $oUser;
}
</php> clsUserAcct: <php>
public function PassMatches($iPass) {
// get salt for this user $sSalt = $this->Value('PassSalt');
// hash [stored salt]+[given pass] $sThisHashed = $this->Table()->HashPass($sSalt,$iPass); // get stored hash $sSavedHash = $this->Value('PassHash');
// see if they match $ok = ($sThisHashed == $sSavedHash); return $ok;
}
</php>
detect whether user is logged in
clsPageLogin: <php>
protected function IsLoggedIn() {
return $this->App()->Session()->HasUser();
}
</php> clsUserSession: <php>
public function HasUser() {
return !is_null($this->UserID());
}
</php>
reset password for existing user
clsPageLogin -- RenderUserAccess() calls UserAccess_ResetRequest(); application must call RenderUserAccess() after calling ParseInput_Login(): <php>
protected function RenderUserAccess() {
$oSkin = $this->Skin(); $ht = $this->SectionHeader($this->TitleString()); $oEmAuth = $this->Data()->EmailAuth(); $this->doShowLogin = TRUE; // By default, we'll still show the login form if not logged in $isEmailAuth = FALSE; // Assume this page is not an email authorization link...
$ht = NULL; $ok = FALSE; // set false initially so we do one iteration while (!$ok) { $ok = TRUE; // assume success
// check auth link and display form if it checks out if ($this->IsAuthLink()) {
// this is an AUTH link, so ignore any other stuff
$ar = $this->CheckAuth(); // check token $ht = $this->UserAccess_ProcessAuth($ar);
if ($this->IsCreateRequest()) { $ht .= $this->UserAccess_CreateRequest($ar); } elseif ($this->IsResetRequest()) { // password change request submitted $ht .= $this->UserAccess_ResetRequest(); }
} elseif($this->doEmail) {
// REQUEST AUTH LINK form has been submitted
$ht .= $this->SendPassReset_forAddr( $this->EmailAddress(), $this->LoginName() ); // END do email } elseif($this->isLogin) { if ($this->IsLoggedIn()) { die('LOGGED IN'); } else { die('LOGIN FAILED'); }
// LOGIN FAILED: login was tried, but we're still here (not logged in), so it must have failed:
$ht .= $oSkin->ErrorMessage('Sorry, the given username/password combination was not valid.'); $ht .= $oSkin->HLine(); // END is login } else { // TODO : log as possible illicit hacking attempt }
if ($this->doShowLogin) {
$ht .= "\nIf you already have a user account on this site, you can log in now:
"
.$this->RenderLogin($this->LoginName())
.$oSkin->HLine();
}
if ($this->IsAuthLink()) {
$htMsgPre = 'You can request another authorization email here';
$htMsgPost = NULL;
} else {
$htMsgPre = 'If you have forgotten your password or have not set up an account';
$htMsgPost = '
This will email you a link to set or reset your password.';
}
$ht .= "\n$htMsgPre:
"
.$oSkin->RenderForm_Email_RequestReset($this->EmailAddress())
."\n$htMsgPost";
}
return $ht;
}
/*---- PURPOSE: process User Access forms when a password-reset request has been received */ protected function UserAccess_ResetRequest() {
$ht = NULL; // check token, but don't display messages $this->CheckAuth(); if ($this->Success()) { // auth token checks out // check for duplicate username $tblUsers = $this->App()->Users(); $sUser = $this->LoginName(); $ht .= $this->ChangePassword($this->EmailAddress(),$this->sPass,$this->sPassX); if (!$this->Success()) { // if that didn't work... $ok = FALSE; $this->IsAuthLink(TRUE); // display form again }
} // END authorized return $ht;
}
</php>