Merge pull request #46 from mluzarow/enh-session_password_validation_38

User Accounts - Added password validation
mluzarow · Jul 7, 2018 · ff91b80 · ff91b80
2 parents 156c72b + 10f3790
commit ff91b80
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 9 deletions.
diff --git a/app/Core/AJAXProcessor.php b/app/Core/AJAXProcessor.php
@@ -23,6 +23,8 @@ public function __construct (array $segments) {
 
 	/**
 	 * Constructs the class and method call with the path given by the segments.
+	 * 
+	 * @return mixed return value of the called AJAX method
 	 */
 	public function fireTargetMethod () {
 		// Construct the method call.
@@ -34,7 +36,9 @@ public function fireTargetMethod () {
 
 		$method = $this->getURLSegments ()[$i];
 
-		(new $namespace)->$method ();
+		$result = (new $namespace)->$method ();
+
+		return ($result);
 	}
 
 	/**

diff --git a/app/Core/SessionManager.php b/app/Core/SessionManager.php
@@ -5,5 +5,38 @@
  * Controller managing user session data and logins.
  */
 class SessionManager {
-
+	/**
+	 * AJAX method validates the given username / password given via the login
+	 * form.
+	 * 
+	 * @return int login success status
+	 */
+	public function ajaxValidateLogin () {
+		if (
+			empty ($_POST['username']) ||
+			empty ($_POST['password'])
+		) {
+			// Missing POST data
+			return (0);
+		}
+
+		// Get saved value
+		$q = '
+			SELECT `username`, `password` FROM `users`
+			WHERE `username` = "'.\Core\Database::sanitize ($_POST['username']).'"';
+		$r = \Core\Database::query ($q);
+
+		if (empty ($r)) {
+			// No matching username found
+			return (0);
+		}
+
+		$pass_valid = password_verify($_POST['password'], $r[0]['password'];);
+
+		if ($pass_valid === true) {
+			return (1);
+		} else {
+			return (0);
+		}
+	}
 }
diff --git a/app/ViewItems/JS/Login.js b/app/ViewItems/JS/Login.js
@@ -1,10 +1,18 @@
 $(window).ready (function () {
 	$("#login_btn").click (function () {
-		let login = {
-			'username' : $("#username_field").val (),
-			'password' : $("#password_field").val ()
-		};
-
-		$(".login_box .warning").toggle (true);
+		$.ajax ({
+			url: "ajax/Core/SessionManager/ajaxValidateLogin",
+			method: "POST",
+			data: {
+				username: $("#username_field").val (),
+				password: $("#password_field").val ()
+			}
+		}).done (function (response) {
+			if (response === "1") {
+				window.location = "/";
+			} else {
+				$(".login_box .warning").toggle (true);
+			}
+		});
 	});
 });
diff --git a/app/index.php b/app/index.php
@@ -104,7 +104,10 @@
 		$current_segs = array_values ($current_segs);
 
 		$ajax = new AJAXProcessor ($current_segs);
-		$ajax->fireTargetMethod ();
+		$result = $ajax->fireTargetMethod ();
+
+		echo $result;
+		return;
 	} else if ($current_segs[0] === 'db') {
 		// Use the DBViewer files
 		$namespace = '\DBViewer\PageControllers';