diff --git a/models/Authentication.php b/models/Authentication.php index 55f9dc3..60c5af0 100644 --- a/models/Authentication.php +++ b/models/Authentication.php @@ -29,31 +29,24 @@ class Authentication } /** - * Finds the user id belonging to a certain emailaddress. + * Checks a password for a given username against the database. */ - public static function getUserId($emailaddress) + public static function checkPassword($emailaddress, $password) { - $res = Registry::get('db')->queryValue(' - SELECT id_user + // Retrieve password hash for user matching the provided emailaddress. + $password_hash = Registry::get('db')->queryValue(' + SELECT password_hash FROM users WHERE emailaddress = {string:emailaddress}', [ 'emailaddress' => $emailaddress, ]); - return empty($res) ? false : $res; - } + // If there's no hash, the user likely does not exist. + if (!$password_hash) + return false; - public static function setResetKey($id_user) - { - return Registry::get('db')->query(' - UPDATE users - SET reset_key = {string:key} - WHERE id_user = {int:id}', - [ - 'id' => $id_user, - 'key' => self::newActivationKey(), - ]); + return password_verify($password, $password_hash); } public static function checkResetKey($id_user, $reset_key) @@ -69,6 +62,33 @@ class Authentication return $key == $reset_key; } + /** + * Computes a password hash. + */ + public static function computeHash($password) + { + $hash = password_hash($password, PASSWORD_DEFAULT); + if (!$hash) + throw new Exception('Hash creation failed!'); + return $hash; + } + + /** + * Finds the user id belonging to a certain emailaddress. + */ + public static function getUserId($emailaddress) + { + $res = Registry::get('db')->queryValue(' + SELECT id_user + FROM users + WHERE emailaddress = {string:emailaddress}', + [ + 'emailaddress' => $emailaddress, + ]); + + return empty($res) ? false : $res; + } + /** * Verifies whether the user is currently logged in. */ @@ -99,36 +119,16 @@ class Authentication return $string; } - /** - * Checks a password for a given username against the database. - */ - public static function checkPassword($emailaddress, $password) + public static function setResetKey($id_user) { - // Retrieve password hash for user matching the provided emailaddress. - $password_hash = Registry::get('db')->queryValue(' - SELECT password_hash - FROM users - WHERE emailaddress = {string:emailaddress}', + return Registry::get('db')->query(' + UPDATE users + SET reset_key = {string:key} + WHERE id_user = {int:id}', [ - 'emailaddress' => $emailaddress, + 'id' => $id_user, + 'key' => self::newActivationKey(), ]); - - // If there's no hash, the user likely does not exist. - if (!$password_hash) - return false; - - return password_verify($password, $password_hash); - } - - /** - * Computes a password hash. - */ - public static function computeHash($password) - { - $hash = password_hash($password, PASSWORD_DEFAULT); - if (!$hash) - throw new Exception('Hash creation failed!'); - return $hash; } /**