Add time-out to password resets; prevent repeated mails #50

Open
Aaron wants to merge 7 commits from password-reset into master
Showing only changes of commit 084658820e - Show all commits

View File

@ -12,22 +12,6 @@
*/
class Authentication
{
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
/**
* Checks a password for a given username against the database.
*/
@ -78,8 +62,18 @@ class Authentication
*/
public static function isLoggedIn()
{
// A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
if (!isset($_SESSION['user_id']))
return false;
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
return false;
}
}
/**