diff --git a/controllers/Login.php b/controllers/Login.php index d91785d..62373ba 100644 --- a/controllers/Login.php +++ b/controllers/Login.php @@ -24,7 +24,9 @@ class Login extends HTMLController if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password'])) { parent::__construct('Login'); - $_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']); + + $user = Member::fromEmailAddress($_POST['emailaddress']); + $_SESSION['user_id'] = $user->getUserId(); if (isset($_POST['redirect_url'])) header('Location: ' . base64_decode($_POST['redirect_url'])); diff --git a/controllers/ResetPassword.php b/controllers/ResetPassword.php index 24fa7b6..2a6f500 100644 --- a/controllers/ResetPassword.php +++ b/controllers/ResetPassword.php @@ -18,12 +18,12 @@ class ResetPassword extends HTMLController if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2) { $email = rawurldecode($_GET['email']); - $id_user = Authentication::getUserid($email); - if ($id_user === false) + $user = Member::fromEmailAddress($email); + if (!$user) throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.'); $key = $_GET['key']; - if (!Authentication::checkResetKey($id_user, $key)) + if (!Authentication::checkResetKey($user->getUserId(), $key)) throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.'); parent::__construct('Reset password - ' . SITE_TITLE); @@ -42,7 +42,7 @@ class ResetPassword extends HTMLController // So, are we good to go? if (empty($missing)) { - Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1'])); + Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1'])); $_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success']; header('Location: ' . BASEURL . '/login/'); exit; @@ -60,15 +60,15 @@ class ResetPassword extends HTMLController // Have they submitted an email address yet? if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress']))) { - $id_user = Authentication::getUserid(trim($_POST['emailaddress'])); - if ($id_user === false) + $user = Member::fromEmailAddress($_POST['emailaddress']); + if (!$user) { $form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger')); return; } - Authentication::setResetKey($id_user); - Email::resetMail($id_user); + Authentication::setResetKey($user->getUserId()); + Email::resetMail($user->getUserId()); // Show the success message $this->page->clear(); diff --git a/models/Authentication.php b/models/Authentication.php index 60c5af0..c92f9af 100644 --- a/models/Authentication.php +++ b/models/Authentication.php @@ -73,22 +73,6 @@ class Authentication return $hash; } - /** - * Finds the user id belonging to a certain emailaddress. - */ - public static function getUserId($emailaddress) - { - $res = Registry::get('db')->queryValue(' - SELECT id_user - FROM users - WHERE emailaddress = {string:emailaddress}', - [ - 'emailaddress' => $emailaddress, - ]); - - return empty($res) ? false : $res; - } - /** * Verifies whether the user is currently logged in. */ diff --git a/models/Member.php b/models/Member.php index 84912a4..d276313 100644 --- a/models/Member.php +++ b/models/Member.php @@ -8,7 +8,7 @@ class Member extends User { - private function __construct($data) + private function __construct($data = []) { foreach ($data as $key => $value) $this->$key = $value; @@ -18,6 +18,15 @@ class Member extends User $this->is_admin = $this->is_admin == 1; } + public static function fromEmailAddress($email_address) + { + return Registry::get('db')->queryObject(static::class, ' + SELECT * + FROM users + WHERE emailaddress = {string:email_address}', + ['email_address' => $email_address]); + } + public static function fromId($id_user) { $row = Registry::get('db')->queryAssoc('