Añadida LOGIN a través de BASE DE DATOS

Se ha creado la base de datos de usuarios y toda la lógica para iniciar sesión mediante ella.
2021-04-07 19:56:06 +02:00 · 2021-04-07 19:56:06 +02:00 · 7e2ef23349
commit 7e2ef23349
parent 0e27827b5d
2 changed files with 32 additions and 20 deletions
--- a/assets/php/dao.php
+++ b/assets/php/dao.php
@ -14,8 +14,8 @@
        public function __construct($bd_name){
            try{
                if (!$this->mysqli) {
-                    $this->mysqli = new mysqli("localhost", "sw", 
-                                                "_admin_", $bd_name);
+                    $this->mysqli = new mysqli(self::_SERVERNAME, self::_USERNAME, 
+                                                self::_PASSWORD, $bd_name);
                }
                // echo "Conexión a la BD, satisfactoria.";
            } catch (Exception $e){
--- a/assets/php/user_dao.php
+++ b/assets/php/user_dao.php
@ -18,54 +18,66 @@

 		//Methods:

-        //Encrypt password with SHA254
+        //Encrypt password with SHA254.
 		private function encryptPass($password){
-			$password = hash('sha256', $password);
+			//$password = hash('sha256', $password);
+			$password = password_hash($password, PASSWORD_DEFAULT);

 			return $password;
 		}

-        //Create a new User:
+		//Returns true if the password and hash match, or false otherwise.
+		public function verifyPass($password, $passwd){
+			return password_verify($password, $passwd);
+		}
+
+        //Create a new User.
 		public function createUser($id, $username, $email, $password, $rol){
 			$password = $this->encryptPass($password);
+
 			$sql = sprintf( "INSERT INTO users( id, username, email, passwd, rol) 
 								VALUES ( '%s', '%s', '%s', '%s', '%s')", 
 									$id, $username, $email, $password, $rol );

 			return $sql;
-
 		}

-		//Returns a query to check if the user name exists:
+		//Returns a query to check if the user name exists.
 		public function selectUser($username){
+			$username = $this->mysqli->real_escape_string($username);
+
 			$sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username );
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');

-			//return $sql;
-			return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+			return $resul;
 		}

-		//Returns a query to check if the user pass matches:
-		public function selectPass($password){
-			//$sql = sprintf( "SELECT * FROM users WHERE passwd = '%s'", $password );
-			$sql = sprintf( "SELECT * FROM users WHERE user = '%s' AND pass = '%s'", $username, $password);
+		//Returns a query to check if the user pass matches.
+		public function selectPass($username, $password){
+			$username = $this->mysqli->real_escape_string($username);
+			$password = $this->mysqli->real_escape_string($password);
+			$password = $this->encryptPass($password);

-			//return $sql;
-			return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+			$sql = sprintf( "SELECT * FROM users WHERE username = '%s' AND passwd = '%s'", $username, $password);
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+
+			//return $this->mysqli->query($sql);
+			return $resul;
 		}

-		//Returns a query to get the user's data:
+		//Returns a query to get the user's data.
 		public function userData($id){
 			$sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id );
+			$resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database');

-			//return $sql;
-			return $result = mysqli_query($this->mysqli, $sql) or die ('Error into query database');
+			return $resul;
 		}

-		//Create a new User Data Transfer Object:
+		//Create a new User Data Transfer Object.
 		public function loadUser($id, $username, $email, $password, $rol){
 			return new UserDTO($id, $username, $email, $password, $rol);
 		}

    }

-?>
+?>