Created the JWT authentication for the editor so that it's more secure and can potentially be used to create a desktop app in the future. Used Tuupola's JWT auth middleware implementation to help with the auth part. Used Firebase's JWT method to create the token
Signed-off-by: rodude123 <rodude123@gmail.com>
This commit is contained in:
Vendored
+46
-7
@@ -1,5 +1,6 @@
|
||||
<?php
|
||||
namespace api;
|
||||
use Firebase\JWT\JWT;
|
||||
use PDO;
|
||||
|
||||
require_once "./config.php";
|
||||
@@ -10,7 +11,13 @@ require_once "./config.php";
|
||||
*/
|
||||
class user
|
||||
{
|
||||
function checkUser($username, $password): bool
|
||||
/**
|
||||
* Check if user exists and can be logged in
|
||||
* @param $username string - Username
|
||||
* @param $password string - Password
|
||||
* @return bool - True if logged in, false if not
|
||||
*/
|
||||
function checkUser(string $username, string $password): bool
|
||||
{
|
||||
$conn = dbConn();
|
||||
$stmt = $conn->prepare("SELECT * FROM users WHERE username = :username");
|
||||
@@ -31,12 +38,31 @@ class user
|
||||
return false;
|
||||
}
|
||||
|
||||
function createToken(): string
|
||||
/**
|
||||
* Create a JWT token
|
||||
* @param $username string - Username
|
||||
* @return string - JWT token
|
||||
*/
|
||||
function createToken(string $username): string
|
||||
{
|
||||
return uniqid("rpe-");
|
||||
$now = time();
|
||||
$future = strtotime('+6 hour',$now);
|
||||
$secretKey = getSecretKey();
|
||||
$payload = [
|
||||
"jti"=>$username,
|
||||
"iat"=>$now,
|
||||
"exp"=>$future
|
||||
];
|
||||
|
||||
return JWT::encode($payload,$secretKey,"HS256");
|
||||
}
|
||||
|
||||
function checkEmail($email): bool
|
||||
/**
|
||||
* Check if email is already in use
|
||||
* @param string $email - Email to check
|
||||
* @return bool - True if email exists, false if not
|
||||
*/
|
||||
function checkEmail(string $email): bool
|
||||
{
|
||||
$conn = dbConn();
|
||||
$stmt = $conn->prepare("SELECT * FROM users WHERE email = :email");
|
||||
@@ -52,11 +78,16 @@ class user
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Send a verification email to the user
|
||||
* @param $email - email address of the user
|
||||
* @return string - verification code
|
||||
*/
|
||||
function sendResetEmail($email): string
|
||||
{
|
||||
//generate a random token and email the address
|
||||
$token = $this->createToken();
|
||||
$token = uniqid("rpe-");
|
||||
$headers1 = "From: noreply@rohitpai.co.uk\r\n";
|
||||
$headers1 .= "MIME-Version: 1.0\r\n";
|
||||
$headers1 .= "Content-Type: text/html; charset=UTF-8\r\n";
|
||||
@@ -82,7 +113,13 @@ class user
|
||||
return $token;
|
||||
}
|
||||
|
||||
function changePassword($email, $password): bool
|
||||
/**
|
||||
* Change password for an email with new password
|
||||
* @param $email string Email
|
||||
* @param $password string Password
|
||||
* @return bool - true if the password was changed, false if not
|
||||
*/
|
||||
function changePassword(string $email, string $password): bool
|
||||
{
|
||||
$conn = dbConn();
|
||||
$stmt = $conn->prepare("UPDATE users SET password = :password WHERE email = :email");
|
||||
@@ -96,4 +133,6 @@ class user
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user