diff options
Diffstat (limited to 'includes/sys_auth.php')
-rw-r--r-- | includes/sys_auth.php | 65 |
1 files changed, 21 insertions, 44 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 91edca77..5d2fa8be 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,31 +1,25 @@ <?php +use Carbon\Carbon; use Engelsystem\Database\DB; +use Engelsystem\Models\User\User; /** * Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien */ function load_auth() { - global $user, $privileges; - - $user = null; + global $privileges; $session = session(); if ($session->has('uid')) { - $user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$session->get('uid')]); - if (!empty($user)) { - // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten - DB::update(' - UPDATE `User` - SET `lastLogIn` = ? - WHERE `UID` = ? - LIMIT 1 - ', [ - time(), - $session->get('uid'), - ]); - $privileges = privileges_for_user($user['UID']); + $user = auth()->user(); + + if ($user) { + $user->last_login_at = new Carbon(); + $user->save(); + + $privileges = privileges_for_user($user->id); return; } @@ -60,18 +54,9 @@ function generate_salt($length = 16) */ function set_password($uid, $password) { - DB::update(' - UPDATE `User` - SET `Passwort` = ?, - `password_recovery_token`=NULL - WHERE `UID` = ? - LIMIT 1 - ', - [ - crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$'), - $uid - ] - ); + $user = User::find($uid); + $user->password = crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$'); + $user->save(); } /** @@ -103,19 +88,11 @@ function verify_password($password, $salt, $uid = null) // let's update it! // we duplicate the query from the above set_password() function to have the extra safety of checking // the old hash - DB::update(' - UPDATE `User` - SET `Passwort` = ? - WHERE `UID` = ? - AND `Passwort` = ? - LIMIT 1 - ', - [ - crypt($password, $crypt_alg . '$' . generate_salt() . '$'), - $uid, - $salt, - ] - ); + $user = User::find($uid); + if ($user->password == $salt) { + $user->password = crypt($password, $crypt_alg . '$' . generate_salt() . '$'); + $user->save(); + } } return $correct; } @@ -129,11 +106,11 @@ function privileges_for_user($user_id) $privileges = []; $user_privileges = DB::select(' SELECT `Privileges`.`name` - FROM `User` - JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) + FROM `users` + JOIN `UserGroups` ON (`users`.`id` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) - WHERE `User`.`UID`=? + WHERE `users`.`id`=? ', [$user_id]); foreach ($user_privileges as $user_privilege) { $privileges[] = $user_privilege['name']; |