LoginLogout

exam/classes/Auth/Auth.php

@@ -2,8 +2,10 @@
 
 namespace Khofmann\Auth;
 
+use Exception;
 use Pecee\Http\Middleware\IMiddleware;
 use Pecee\Http\Request;
+use Khofmann\Models\User\User;
 
 class Auth implements IMiddleware
 {
@@ -11,10 +13,15 @@ class Auth implements IMiddleware
   {
     $token = $request->getHeader("token");
 
-    //TODO: Auth user with token
+    // No token
+    if ($token === null) {
+      response()->httpCode(401)->json(["message" => "Not Authorized"]);
+    }
 
-    // If authentication failed
-    if ($request->token === null) {
+    try {
+      User::getByToken($token);
+    } catch (Exception $err) {
+      // No user with this token exists
       response()->httpCode(401)->json(["message" => "Not Authorized"]);
     }
   }

exam/classes/Database/Database.php

@@ -2,9 +2,9 @@
 
 namespace Khofmann\Database;
 
-use \PDO;
+use PDO;
 
-class Database extends
+class Database extends PDO
 {
   private static array $instances = [];
 
@@ -17,7 +17,7 @@ class Database extends
   {
     $cls = static::class;
     if (!isset(self::$instances[$cls])) {
-      $dataAccess = Config\Config::getDatabase();
+      $dataAccess = \Config\Config::getDatabase();
       self::$instances[$cls] = new static(
         "mysql:host={$dataAccess["host"]};dbname={$dataAccess["database"]};charset={$dataAccess["charset"]}",
         $dataAccess["user"],

exam/classes/Input/Input.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Khofmann\Input;
+
+class Input
+{
+  private static function input($index = null, $defaultValue = null, ...$methods)
+  {
+    if ($index !== null) {
+      return request()->getInputHandler()->value($index, $defaultValue, ...$methods);
+    }
+
+    return request()->getInputHandler();
+  }
+
+  public static function post($index, $defaultValue = null)
+  {
+    return input()->post($index, $defaultValue);
+  }
+}

exam/classes/Models/User/User.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace Khofmann\Models\User;
+
+use Exception;
+use PDO;
+use Khofmann\Database\Database;
+use JsonSerializable;
+
+class User implements JsonSerializable
+{
+  private int $id;
+  private string $username;
+  private int $status;
+  private string $email;
+  private ?string $image;
+  private bool $isAdmin;
+
+  protected function __construct(int $id, string $username, int $status, string $email, string $image = null, bool $isAdmin = false)
+  {
+    $this->id = $id;
+    $this->username = $username;
+    $this->status = $status;
+    $this->email = $email;
+    $this->image = $image;
+    $this->isAdmin = $isAdmin;
+  }
+
+  /*
+  * Statics
+  */
+
+  public static function getByID(int $id): User
+  {
+    $db = Database::getInstance();
+    $stmt = $db->prepare(
+      "SELECT benutzer, status, email, image, isadmin FROM egb_benutzer WHERE id = :ID"
+    );
+    $stmt->bindValue(":ID", $id);
+    $stmt->execute();
+    $data = $stmt->fetch();
+
+    if (!$data)
+      throw new Exception("No user found");
+
+    return new User($id, $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
+  }
+
+  public static function getByEmail(string $email): User
+  {
+    $db = Database::getInstance();
+    $stmt = $db->prepare(
+      "SELECT id, benutzer, status, image, isadmin FROM egb_benutzer WHERE email = :EMAIL"
+    );
+    $stmt->bindValue(":EMAIL", $email);
+    $stmt->execute();
+    $data = $stmt->fetch();
+
+    if (!$data)
+      throw new Exception("No user found");
+
+    return new User($data["id"], $data["benutzer"], $data["status"], $email, $data["image"], $data["isadmin"] === 1);
+  }
+
+  public static function getByToken(string $token): User
+  {
+    $db = Database::getInstance();
+    $stmt = $db->prepare(
+      "SELECT id, benutzer, status, email, image, isadmin FROM egb_benutzer WHERE token = :TOKEN"
+    );
+    $stmt->bindValue(":TOKEN", $token);
+    $stmt->execute();
+    $data = $stmt->fetch();
+
+    if (!$data)
+      throw new Exception("No user found");
+
+    return new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
+  }
+
+  public static function logIn(string $email, string $password): array
+  {
+    $db = Database::getInstance();
+    // Get user data
+    $stmt = $db->prepare("SELECT * FROM egb_benutzer WHERE email LIKE :EMAIL AND status = 1");
+    $stmt->bindValue(":EMAIL", $email);
+    $stmt->execute();
+    $data = $stmt->fetch();
+
+    if ($data) {
+      $user = new User($data["id"], $data["benutzer"], $data["status"], $email, $data["image"], $data["isadmin"] === 1);
+      if (password_verify($password, $data["passwort"])) {
+        // REHASH for safety should it somehow change
+        if (password_needs_rehash($data["passwort"], PASSWORD_DEFAULT)) {
+          $newHash = password_hash($password, PASSWORD_DEFAULT);
+          $stmt = $db->prepare("UPDATE egb_benutzer SET passwort = :PAS WHERE id = :ID");
+          $stmt->bindValue(":PAS", $newHash);
+          $stmt->bindValue(":ID", $user->getID());
+          $stmt->execute();
+        }
+        // Generate token
+        $stmt = $db->prepare("UPDATE egb_benutzer SET token = UUID() WHERE id = :ID");
+        $stmt->bindValue(":ID", $user->getID());
+        $stmt->execute();
+        // Get token
+        $stmt = $db->prepare("SELECT token FROM egb_benutzer WHERE id = :ID");
+        $stmt->bindValue(":ID", $user->getID());
+        $stmt->execute();
+        $token = $stmt->fetch(PDO::FETCH_COLUMN, 0);
+        // Return user and token
+        if ($token) {
+          return ["user" => $user, "token" => $token];
+        }
+        // Token generation failed
+        throw new Exception("Failed");
+      } else {
+        // PW wrong
+        throw new Exception("Invalid");
+      }
+    } else {
+      // User does not exist
+      throw new Exception("NotFound");
+    }
+  }
+
+  /*
+  * Members
+  */
+
+  public function logOut(string $token): bool
+  {
+    $db = Database::getInstance();
+    // Get user data
+    $stmt = $db->prepare("UPDATE egb_benutzer SET token = NULL WHERE id = :ID");
+    $stmt->bindValue(":ID", $this->id);
+    return $stmt->execute();
+  }
+
+  /*
+  * Getters
+  */
+
+  public function getID(): int
+  {
+    return $this->id;
+  }
+
+  public function getUsername(): string
+  {
+    return $this->username;
+  }
+
+  public function getStatus(): int
+  {
+    return $this->status;
+  }
+
+  public function getEmail(): string
+  {
+    return $this->email;
+  }
+
+  public function getImage(): string
+  {
+    return $this->image;
+  }
+
+  public function getIsAdmin(): bool
+  {
+    return $this->isAdmin;
+  }
+
+  /*
+  * JSON
+  */
+
+  public function jsonSerialize(): array
+  {
+    return [
+      'id' => $this->getId(),
+      'username' => $this->getUsername(),
+      'status' => $this->getStatus(),
+      'email' => $this->getEmail(),
+      'image' => $this->getImage(),
+      'isAdmin' => $this->getIsAdmin()
+    ];
+  }
+}