diff --git a/assets/php/dao.php b/assets/php/dao.php index f5e9108..840c91a 100644 --- a/assets/php/dao.php +++ b/assets/php/dao.php @@ -14,8 +14,8 @@ public function __construct($bd_name){ try{ if (!$this->mysqli) { - $this->mysqli = new mysqli("localhost", "sw", - "_admin_", $bd_name); + $this->mysqli = new mysqli(self::_SERVERNAME, self::_USERNAME, + self::_PASSWORD, $bd_name); } // echo "Conexión a la BD, satisfactoria."; } catch (Exception $e){ diff --git a/assets/php/user_dao.php b/assets/php/user_dao.php index 04b64d7..7fba88d 100644 --- a/assets/php/user_dao.php +++ b/assets/php/user_dao.php @@ -18,54 +18,66 @@ //Methods: - //Encrypt password with SHA254 + //Encrypt password with SHA254. private function encryptPass($password){ - $password = hash('sha256', $password); + //$password = hash('sha256', $password); + $password = password_hash($password, PASSWORD_DEFAULT); return $password; } - //Create a new User: + //Returns true if the password and hash match, or false otherwise. + public function verifyPass($password, $passwd){ + return password_verify($password, $passwd); + } + + //Create a new User. public function createUser($id, $username, $email, $password, $rol){ $password = $this->encryptPass($password); + $sql = sprintf( "INSERT INTO users( id, username, email, passwd, rol) VALUES ( '%s', '%s', '%s', '%s', '%s')", $id, $username, $email, $password, $rol ); return $sql; - } - //Returns a query to check if the user name exists: + //Returns a query to check if the user name exists. public function selectUser($username){ + $username = $this->mysqli->real_escape_string($username); + $sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username ); + $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); - //return $sql; - return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + return $resul; } - //Returns a query to check if the user pass matches: - public function selectPass($password){ - //$sql = sprintf( "SELECT * FROM users WHERE passwd = '%s'", $password ); - $sql = sprintf( "SELECT * FROM users WHERE user = '%s' AND pass = '%s'", $username, $password); + //Returns a query to check if the user pass matches. + public function selectPass($username, $password){ + $username = $this->mysqli->real_escape_string($username); + $password = $this->mysqli->real_escape_string($password); + $password = $this->encryptPass($password); - //return $sql; - return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + $sql = sprintf( "SELECT * FROM users WHERE username = '%s' AND passwd = '%s'", $username, $password); + $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + + //return $this->mysqli->query($sql); + return $resul; } - //Returns a query to get the user's data: + //Returns a query to get the user's data. public function userData($id){ $sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id ); + $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); - //return $sql; - return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + return $resul; } - //Create a new User Data Transfer Object: + //Create a new User Data Transfer Object. public function loadUser($id, $username, $email, $password, $rol){ return new UserDTO($id, $username, $email, $password, $rol); } } -?> +?> \ No newline at end of file