Add files via upload

login/includes/formLogin.php

@@ -0,0 +1,94 @@
+<?php
+
+include_once('user_dao.php');
+include_once($prefix.'assets/php/form.php');
+
+class FormLogin extends Form {
+    //Constants:
+    const HTML5_EMAIL_REGEXP = '^[a-zA-Z0-9.!#$%&\'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$'; 
+
+    //Atributes:
+    private $user;  // User who is going to log-in.
+    private $reply; // Validation response
+
+    //Constructor:
+    public function __construct() {
+        parent::__construct('formLogin');
+        $this->reply = array();
+    }
+
+    //Methods:
+
+    //Returns validation response:
+    public function getReply() {
+        
+        if(isset($_SESSION["login"])){
+            $name = strtoupper($_SESSION['nombre']);
+            $this->reply = "<h1>Bienvenido {$_SESSION['nombre']}</h1><hr />
+                        <p>{$name}, has iniciado sesión correctamente.</p>
+                        <p>Usa los botones para navegar</p>
+                        <a href='../'><button>Inicio</button></a>
+                        <a href='../../panel_{$_SESSION["rol"]}'><button>Mi Panel</button></a>\n";
+        }   
+        else if(!isset($_SESSION["login"])){
+            $this->reply = "<h1>ERROR</h1><hr />".
+                        "<p>El usuario o contraseña no son válidos.</p>
+                        <p>Vuelve a intetarlo o regístrate si no lo habías hecho previamente.</p>
+                        <a href='./'><button>Iniciar Sesión</button></a>
+                        <form method='post' action='./'><button name='register' id='register'>Registro</button></form>\n";
+        }
+
+        return $this->reply;
+    }
+
+    //Process form:
+    public function processesForm($name, $pass) {
+        $login = true;
+        $name = $this->test_input($name); 
+        $pass = $this->test_input($pass);
+
+        $username = isset($name) ? $name : null ;
+        if (!$username) {
+          $login = false;
+        }
+        
+        /*
+        $email = isset($mail) ? $mail : null ;
+        if (!$email || !mb_ereg_match(self::HTML5_EMAIL_REGEXP, $email)) {
+          $login = false;
+        }
+        */
+    
+        $password = isset($pass) ? $pass : null ;
+        if (!$password || mb_strlen($password) < 4) {
+          $login = false;
+        }
+        
+        if ($login) {
+            $bd = new UserDAO('complucine');
+            if($bd){
+                $this->user = $bd->selectUser($username, $password);
+
+                try{
+                    if ($this->user) {
+                        //$_SESSION["user"] = $this->user; //¿? No funcionan los getters con el objeto.
+                        $_SESSION["nombre"] = $this->user->getName();
+                        $_SESSION["rol"] = $this->user->getRol();
+                        $_SESSION["login"] = $login;
+                    }
+                }
+                catch (Exception $e){
+                    $_SESSION["login"] = $login;
+                }
+            }
+
+        }
+
+    }
+
+    protected function test_input($input){
+        return htmlspecialchars(trim(strip_tags($input)));
+    }
+
+}
+?>

login/includes/user_dao.php

@@ -0,0 +1,95 @@
+<?php
+	require_once('../assets/php/dao.php');
+	include_once('user_dto.php');
+
+    class UserDAO extends DAO {
+		
+		//Constants:
+		private const _USER = "user";
+		private const _MANAGER = "manager";
+		private const _ADMIN = "admin";
+
+        //Attributes:
+
+		//Constructor:
+        function __construct($bd_name){
+			parent::__construct($bd_name);
+        }
+
+		//Methods:
+
+        //Encrypt password with SHA254.
+		private function encryptPass($password){
+			//$password = hash('sha256', $password);
+			$password = password_hash($password, PASSWORD_DEFAULT);
+
+			return $password;
+		}
+
+		//Returns true if the password and hash match, or false otherwise.
+		public function verifyPass($password, $passwd){
+			return password_verify($password, $passwd);
+		}
+
+        //Create a new User.
+		public function createUser($id, $username, $email, $password, $rol){
+			$password = $this->encryptPass($password);
+
+			$sql = sprintf( "INSERT INTO users( id, username, email, passwd, rol) 
+								VALUES ( '%s', '%s', '%s', '%s', '%s')", 
+									$id, $username, $email, $password, $rol );
+			
+			$resul = mysqli_query($this->mysqli, $sql) /*or die ('Error into query database')*/;
+
+			return $resul;
+		}
+
+		//Returns a query to check if the user name exists.
+		public function selectUser($username, $password){
+			$username = $this->mysqli->real_escape_string($username);
+
+			$sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username );
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+			$resul->data_seek(0);
+			while ($fila = $resul->fetch_assoc()) {
+				if($username === $fila['username'] && $this->verifyPass($password, $fila['passwd'])){
+					$user = $this->loadUser($fila['id'], $fila['username'], $fila['email'], $fila['passwd'], $fila['rol']);
+				}
+			}
+
+			//mysqli_free_result($selectUser);
+			$resul->free();
+
+			return $user;
+		}
+
+		//Returns a query to check if the user pass matches.
+		public function selectPass($username, $password){
+			$username = $this->mysqli->real_escape_string($username);
+			$password = $this->mysqli->real_escape_string($password);
+			$password = $this->encryptPass($password);
+
+			$sql = sprintf( "SELECT * FROM users WHERE username = '%s' AND passwd = '%s'", $username, $password);
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+			//return $this->mysqli->query($sql);
+			return $resul;
+		}
+
+		//Returns a query to get the user's data.
+		public function userData($id){
+			$sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id );
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+			return $resul;
+		}
+
+		//Create a new User Data Transfer Object.
+		public function loadUser($id, $username, $email, $password, $rol){
+			return new UserDTO($id, $username, $email, $password, $rol);
+		}
+
+    }
+
+?>

login/includes/user_dto.php

@@ -0,0 +1,37 @@
+<?php
+    include_once('users_dto_interface.php');
+    
+    class UserDTO implements UsersInterface {
+
+        //Attributes:
+        private $_id;           //User Id.
+        private $_username;     //User name.
+        private $_email;        //User email.
+        private $_password;     //User password.
+        private $_rol;          //Type of user: user | manager | admin. --> Será eliminado en la siguiente práctica para usar el modelo relacional de nuestra BD.
+
+		//Constructor:
+        function __construct($id, $username, $email, $password, $rol){
+            $this->_id = $id;
+            $this->_username = $username;
+            $this->_email = $email;
+            $this->_password = $password;
+            $this->_rol = $rol;
+        }
+        
+		//Methods:
+
+		//Getters && Setters:
+        public function setId($id){	$this->_id = $id; }
+		public function getId(){ return $this->_id; }
+		public function setName($username){ $this->_username = $username; }
+		public function getName(){ return $this->_username; }
+        public function setEmail($email){ $this->_email = $email; }
+		public function getEmail(){ return $this->_email; }
+		public function setPass($passwd){	$this->_password = $passwd; }
+		public function getPass(){ return $this->_password; }
+        public function setRol($rol){ $this->_rol = $rol; }
+		public function getRol(){ return $this->_rol; }
+
+    }
+?>

login/includes/users_dto_interface.php

@@ -0,0 +1,14 @@
+<?php
+    interface UsersInterface {
+        public function setId($id);
+		public function getId();
+		public function setName($username);
+		public function getName();
+        public function setEmail($email);
+		public function getEmail();
+		public function setPass($passwd);
+		public function getPass();
+        public function setRol($rol);
+		public function getRol();
+    }
+?>