Add time-out to password resets; prevent repeated mails #50

Open
Aaron wants to merge 7 commits from password-reset into master
Showing only changes of commit 084658820e - Show all commits

View File

@ -12,22 +12,6 @@
*/ */
class Authentication class Authentication
{ {
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
/** /**
* Checks a password for a given username against the database. * Checks a password for a given username against the database.
*/ */
@ -78,8 +62,18 @@ class Authentication
*/ */
public static function isLoggedIn() public static function isLoggedIn()
{ {
// A user is logged in if a user id exists in the session and this id is (still) in the database. if (!isset($_SESSION['user_id']))
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']); return false;
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
return false;
}
} }
/** /**