nathan
/
tournamite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2d951f0546'
${ noResults }
tournamite/repository/userRepository.php

92 lines
2.0 KiB
PHP
Raw Blame History

<?php
require_once 'include/db_connect.inc.php';
function isUserCorrect($conn, $username, $password){
try{
// Check if user exists in DB
$sql = "
SELECT
`unique_id`, `password`
FROM user
WHERE
username = ?
LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$user = array();
if ($result = $stmt->get_result()){
while ($obj = $result->fetch_assoc()){
$user = [
'password' => $obj['password'],
'unique_id' => $obj['unique_id'],
];
}
}
if ($user and password_verify($password, $user['password'])){
return $user['unique_id'];
}
return false;
} catch(Throwable $t) {
# Could be Error/Exception classes, that are both Throwable
$errorMessage = "Throwable: ".$t->getCode().": ".$t->getMessage()."\n".
"Line number ".$t->getLine()." in file ".$t->getFile()."\n".
"Stack Trace: ". $t->getTrace()."\n".
date('Y-m-d h:i:s A');
error_log($errorMessage, 0);
# Email to the admin
return NULL;
}
}
function registerUser($conn, $username, $password, $password_repeat){
// Both passwords must match
if ($password !== $password_repeat){
return false;
}
// First check if the username is taken.
$sql = "SELECT 1 FROM user WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){ return false; }
// Hash and Secure password with a salt.
// https://www.php.net/manual/en/function.password-hash.php
$password = password_hash($password, PASSWORD_BCRYPT, ['cost' => 10]);
// needs a unique id also for cookies, uniqID, with a hash appended
$uniqueId = generateUniqueId();
// Now add the user details to the DB
$sql = "INSERT INTO user (username, password, unique_id) VALUES (?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('sss', $username, $password, $uniqueId);
if ($stmt->execute()){
return $uniqueId;
}
return false;
}
function generateUniqueId(){
return uniqid() . '_' . md5(mt_rand());
}
Reference in New Issue View Git Blame Copy Permalink