From 9c86d2c475d1ce1b36a37fee4dea641896d0a011 Mon Sep 17 00:00:00 2001
From: Aaron van Geffen <aaron@aaronweb.net>
Date: Tue, 5 Nov 2024 16:44:54 +0100
Subject: [PATCH] Authentication: replace getUserId with
 Member::fromEmailAddress

---
 controllers/Login.php         |  4 +++-
 controllers/ResetPassword.php | 16 ++++++++--------
 models/Authentication.php     | 16 ----------------
 models/Member.php             | 11 ++++++++++-
 4 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/controllers/Login.php b/controllers/Login.php
index d91785d..62373ba 100644
--- a/controllers/Login.php
+++ b/controllers/Login.php
@@ -24,7 +24,9 @@ class Login extends HTMLController
 			if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
 			{
 				parent::__construct('Login');
-				$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
+
+				$user = Member::fromEmailAddress($_POST['emailaddress']);
+				$_SESSION['user_id'] = $user->getUserId();
 
 				if (isset($_POST['redirect_url']))
 					header('Location: ' . base64_decode($_POST['redirect_url']));
diff --git a/controllers/ResetPassword.php b/controllers/ResetPassword.php
index 24fa7b6..2a6f500 100644
--- a/controllers/ResetPassword.php
+++ b/controllers/ResetPassword.php
@@ -18,12 +18,12 @@ class ResetPassword extends HTMLController
 		if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
 		{
 			$email = rawurldecode($_GET['email']);
-			$id_user = Authentication::getUserid($email);
-			if ($id_user === false)
+			$user = Member::fromEmailAddress($email);
+			if (!$user)
 				throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
 
 			$key = $_GET['key'];
-			if (!Authentication::checkResetKey($id_user, $key))
+			if (!Authentication::checkResetKey($user->getUserId(), $key))
 				throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
 
 			parent::__construct('Reset password - ' . SITE_TITLE);
@@ -42,7 +42,7 @@ class ResetPassword extends HTMLController
 				// So, are we good to go?
 				if (empty($missing))
 				{
-					Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
+					Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
 					$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
 					header('Location: ' . BASEURL . '/login/');
 					exit;
@@ -60,15 +60,15 @@ class ResetPassword extends HTMLController
 			// Have they submitted an email address yet?
 			if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
 			{
-				$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
-				if ($id_user === false)
+				$user = Member::fromEmailAddress($_POST['emailaddress']);
+				if (!$user)
 				{
 					$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
 					return;
 				}
 
-				Authentication::setResetKey($id_user);
-				Email::resetMail($id_user);
+				Authentication::setResetKey($user->getUserId());
+				Email::resetMail($user->getUserId());
 
 				// Show the success message
 				$this->page->clear();
diff --git a/models/Authentication.php b/models/Authentication.php
index 60c5af0..c92f9af 100644
--- a/models/Authentication.php
+++ b/models/Authentication.php
@@ -73,22 +73,6 @@ class Authentication
 		return $hash;
 	}
 
-	/**
-	 * Finds the user id belonging to a certain emailaddress.
-	 */
-	public static function getUserId($emailaddress)
-	{
-		$res = Registry::get('db')->queryValue('
-			SELECT id_user
-			FROM users
-			WHERE emailaddress = {string:emailaddress}',
-			[
-				'emailaddress' => $emailaddress,
-			]);
-
-		return empty($res) ? false : $res;
-	}
-
 	/**
 	 * Verifies whether the user is currently logged in.
 	 */
diff --git a/models/Member.php b/models/Member.php
index 84912a4..d276313 100644
--- a/models/Member.php
+++ b/models/Member.php
@@ -8,7 +8,7 @@
 
 class Member extends User
 {
-	private function __construct($data)
+	private function __construct($data = [])
 	{
 		foreach ($data as $key => $value)
 			$this->$key = $value;
@@ -18,6 +18,15 @@ class Member extends User
 		$this->is_admin = $this->is_admin == 1;
 	}
 
+	public static function fromEmailAddress($email_address)
+	{
+		return Registry::get('db')->queryObject(static::class, '
+			SELECT *
+			FROM users
+			WHERE emailaddress = {string:email_address}',
+			['email_address' => $email_address]);
+	}
+
 	public static function fromId($id_user)
 	{
 		$row = Registry::get('db')->queryAssoc('