Joost/pics
1
0
Fork 0
forked from Public/pics
Code Issues Pull Requests Projects Releases Wiki Activity

Authentication: replace getUserId with Member::fromEmailAddress

Browse Source
This commit is contained in:
Aaron van Geffen
2024-11-05 16:44:54 +01:00
parent 3de4e9391c
commit 9c86d2c475
4 changed files with 21 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
controllers/Login.php
View File

@@ -24,7 +24,9 @@ class Login extends HTMLController
if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
{
parent::__construct('Login');
$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
$user = Member::fromEmailAddress($_POST['emailaddress']);
$_SESSION['user_id'] = $user->getUserId();
if (isset($_POST['redirect_url']))
header('Location: ' . base64_decode($_POST['redirect_url']));

16
controllers/ResetPassword.php
View File

@@ -18,12 +18,12 @@ class ResetPassword extends HTMLController
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
{
$email = rawurldecode($_GET['email']);
$id_user = Authentication::getUserid($email);
if ($id_user === false)
$user = Member::fromEmailAddress($email);
if (!$user)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($id_user, $key))
if (!Authentication::checkResetKey($user->getUserId(), $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
@@ -42,7 +42,7 @@ class ResetPassword extends HTMLController
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
@@ -60,15 +60,15 @@ class ResetPassword extends HTMLController
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
if ($id_user === false)
$user = Member::fromEmailAddress($_POST['emailaddress']);
if (!$user)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
Authentication::setResetKey($id_user);
Email::resetMail($id_user);
Authentication::setResetKey($user->getUserId());
Email::resetMail($user->getUserId());
// Show the success message
$this->page->clear();